import libsndfile-1.0.28-10.el8

This commit is contained in:
CentOS Sources 2020-01-21 18:06:39 -05:00 committed by Andrew Lukoshko
commit b7b5e8e3a6
13 changed files with 918 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/libsndfile-1.0.28.tar.gz

1
.libsndfile.metadata Normal file
View File

@ -0,0 +1 @@
85aa967e19f6b9bf975601d79669025e5f8bc77d SOURCES/libsndfile-1.0.28.tar.gz

View File

@ -0,0 +1,56 @@
diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c
--- libsndfile-1.0.28/src/gsm610.c.systemgsm 2016-09-10 10:08:27.000000000 +0200
+++ libsndfile-1.0.28/src/gsm610.c 2017-04-11 10:47:40.437162489 +0200
@@ -27,7 +27,7 @@
#include "sfendian.h"
#include "common.h"
#include "wavlike.h"
-#include "GSM610/gsm.h"
+#include <gsm.h>
#define GSM610_BLOCKSIZE 33
#define GSM610_SAMPLES 160
@@ -391,7 +391,8 @@ gsm610_seek (SF_PRIVATE *psf, int UNUSED
psf_fseek (psf, psf->dataoffset, SEEK_SET) ;
pgsm610->blockcount = 0 ;
- gsm_init (pgsm610->gsm_data) ;
+ gsm_destroy (pgsm610->gsm_data) ;
+ pgsm610->gsm_data = gsm_create () ;
if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am
--- libsndfile-1.0.28/src/Makefile.am.systemgsm 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/Makefile.am 2017-04-11 10:48:43.855620172 +0200
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
include_HEADERS = sndfile.hh
nodist_include_HEADERS = sndfile.h
-noinst_LTLIBRARIES = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la libcommon.la
+noinst_LTLIBRARIES = G72x/libg72x.la ALAC/libalac.la libcommon.la
SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR
libsndfile_la_LDFLAGS = -no-undefined -version-info $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
-libsndfile_la_LIBADD = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la \
+libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io.
#======================================================================
# Subdir libraries.
-GSM610_libgsm_la_SOURCES = GSM610/config.h GSM610/gsm.h GSM610/gsm610_priv.h \
- GSM610/add.c GSM610/code.c GSM610/decode.c GSM610/gsm_create.c \
- GSM610/gsm_decode.c GSM610/gsm_destroy.c GSM610/gsm_encode.c \
- GSM610/gsm_option.c GSM610/long_term.c GSM610/lpc.c GSM610/preprocess.c \
- GSM610/rpe.c GSM610/short_term.c GSM610/table.c
-
G72x_libg72x_la_SOURCES = G72x/g72x.h G72x/g72x_priv.h \
G72x/g721.c G72x/g723_16.c G72x/g723_24.c G72x/g723_40.c G72x/g72x.c

View File

@ -0,0 +1,25 @@
From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 24 Dec 2014 21:02:35 +1100
Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
Closes: https://github.com/erikd/libsndfile/issues/92
---
src/file_io.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/file_io.c b/src/file_io.c
index 26d3d6d..6ccab78 100644
--- a/src/file_io.c
+++ b/src/file_io.c
@@ -1322,6 +1322,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
{ sf_count_t total = 0 ;
ssize_t count ;
+ if (bytes == 0 || items == 0)
+ return 0 ;
+
if (psf->virtual_io)
return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;

View File

@ -0,0 +1,31 @@
From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001
From: "Brett T. Warden" <brett.t.warden@intel.com>
Date: Tue, 28 Aug 2018 12:01:17 -0700
Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
Allocated buffer has space for only 16 channels. Verify that input file
meets this limit.
Fixes #397
---
programs/sndfile-deinterleave.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index 53660310..225b4d54 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,13 @@ main (int argc, char **argv)
exit (1) ;
} ;
+ if (sfinfo.channels > MAX_CHANNELS)
+ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
+ argv [1], sfinfo.channels, MAX_CHANNELS) ;
+ exit (1) ;
+ } ;
+
+
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;

View File

@ -0,0 +1,88 @@
From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
Date: Wed, 14 Jun 2017 12:25:40 +0200
Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
in binheader
Fixes the following problems:
1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
big switch statement by an amount (16 bytes) which is enough for all cases
where only a single value gets added. Cases 's', 'S', 'p' however
additionally write an arbitrary length block of data and again enlarge the
buffer to the required amount. However, the required space calculation does
not take into account the size of the length field which gets output before
the data.
3. Buffer size requirement calculation in case 'S' does not account for the
padding byte ("size += (size & 1) ;" happens after the calculation which
uses "size").
4. Case 'S' can overrun the header buffer by 1 byte when no padding is
involved
("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
the buffer is only guaranteed to have "size" space available).
5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
beyond the space which is guaranteed to be allocated in the header buffer.
6. Case 's' can overrun the provided source string by 1 byte if padding is
involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
plus optionally another 1 which is padding and not guaranteed to be
readable via the source string pointer).
Closes: https://github.com/erikd/libsndfile/issues/292
---
src/common.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/common.c b/src/common.c
index 1a6204ca..6b2a2ee9 100644
--- a/src/common.c
+++ b/src/common.c
@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
/* Write a C string (guaranteed to have a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size + (size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size + (size & 1)) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
+ size += (size & 1) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1] = 0 ;
count += 4 + size ;
@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
*/
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
header_put_le_int (psf, size) ;
- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
size += (size & 1) ;
psf->header.indx += size ;
- psf->header.ptr [psf->header.indx] = 0 ;
count += 4 + size ;
break ;
@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
size = (size & 1) ? size : size + 1 ;
size = (size > 254) ? 254 : size ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
return count ;
header_put_byte (psf, size) ;

View File

@ -0,0 +1,91 @@
From 585cc28a93be27d6938f276af0011401b9f7c0ca Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@owl.eu.com>
Date: Mon, 24 Dec 2018 06:43:48 +0100
Subject: [PATCH] a/ulaw: fix multiple buffer overflows (#432)
i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN
properly, leading to buffer underflow. INT_MIN is a special value
since - INT_MIN cannot be represented as int.
In this case round - INT_MIN to INT_MAX and proceed as usual.
f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN
properly, leading to null pointer dereference.
In this case, arbitrarily set the buffer value to 0.
This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
fixes #344 (CVE-2017-17456 and CVE-2017-17457).
---
src/alaw.c | 9 +++++++--
src/ulaw.c | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/alaw.c b/src/alaw.c
index 063fd1a2..4220224c 100644
--- a/src/alaw.c
+++ b/src/alaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -326,7 +327,9 @@ s2alaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2alaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = alaw_encode [INT_MAX >> (16 + 4)] ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [ptr [count] >> (16 + 4)] ;
else
buffer [count] = 0x7F & alaw_encode [- ptr [count] >> (16 + 4)] ;
@@ -346,7 +349,9 @@ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
diff --git a/src/ulaw.c b/src/ulaw.c
index e50b4cb5..b6070ade 100644
--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -827,7 +828,9 @@ s2ulaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2ulaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = ulaw_encode [INT_MAX >> (16 + 2)] ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [ptr [count] >> (16 + 2)] ;
else
buffer [count] = 0x7F & ulaw_encode [-ptr [count] >> (16 + 2)] ;
@@ -847,7 +850,9 @@ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;

View File

@ -0,0 +1,11 @@
diff -up libsndfile-1.0.28/src/sndfile.c.fixfree libsndfile-1.0.28/src/sndfile.c
--- libsndfile-1.0.28/src/sndfile.c.fixfree 2018-10-15 14:24:26.521941046 +0200
+++ libsndfile-1.0.28/src/sndfile.c 2018-10-15 14:24:26.534940869 +0200
@@ -339,6 +339,7 @@ sf_open (const char *path, int mode, SF_
if (copy_filename (psf, path) != 0)
{ sf_errno = psf->error ;
+ free(psf);
return NULL ;
} ;

View File

@ -0,0 +1,64 @@
From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 12 Apr 2017 19:45:30 +1000
Subject: [PATCH] FLAC: Fix a buffer read overrun
Buffer read overrun occurs when reading a FLAC file that switches
from 2 channels to one channel mid-stream. Only option is to
abort the read.
Closes: https://github.com/erikd/libsndfile/issues/230
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
diff --git a/src/common.h b/src/common.h
index 0bd810c3..e2669b6a 100644
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
diff --git a/src/flac.c b/src/flac.c
index 84de0e26..986a7b8f 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+ "Nothing to be but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+ "Carrying on as if nothing happened.",
+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
psf->sf.frames = metadata->data.stream_info.total_samples ;
diff --git a/src/sndfile.c b/src/sndfile.c
index 41875610..e2a87be8 100644
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },

View File

@ -0,0 +1,114 @@
diff -up libsndfile-1.0.28/src/common.c.vafix libsndfile-1.0.28/src/common.c
--- libsndfile-1.0.28/src/common.c.vafix 2018-10-15 14:31:59.805758665 +0200
+++ libsndfile-1.0.28/src/common.c 2018-10-15 14:34:48.978445310 +0200
@@ -561,7 +561,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
while ((c = *format++))
{
if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
switch (c)
{ case ' ' : /* Do nothing. Just used to space out format string. */
@@ -677,7 +680,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = strlen (strptr) + 1 ;
if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size + (size & 1)) ;
@@ -698,7 +704,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
@@ -718,7 +727,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = (size > 254) ? 254 : size ;
if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
header_put_byte (psf, size) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
@@ -731,7 +743,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
memcpy (&(psf->header.ptr [psf->header.indx]), bindata, size) ;
psf->header.indx += size ;
@@ -742,7 +757,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
count += size ;
while (size)
@@ -763,7 +781,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
psf->header.indx += size ;
count += size ;
@@ -773,7 +794,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if ((sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
psf->header.indx = size ;
break ;
@@ -960,7 +984,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
while ((c = *format++))
{
if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
switch (c)
{ case 'e' : /* All conversions are now from LE to host. */
@@ -1087,7 +1114,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
memset (charptr, 0, count) ;
if (psf->header.indx + count >= psf->header.len && psf_bump_header_allocation (psf, count))
- return 0 ;
+ {
+ va_end (argptr) ;
+ return count ;
+ } ;
byte_count += header_gets (psf, charptr, count) ;
break ;

View File

@ -0,0 +1,25 @@
From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
Secunia Advisory SA76717.
Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/aiff.c b/src/aiff.c
index 5b5f9f53..45864b76 100644
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;

37
SOURCES/revert.patch Normal file
View File

@ -0,0 +1,37 @@
--- libsndfile-1.0.28/src/rf64.c 2017-04-02 09:43:22.000000000 +0200
+++ libsndfile-1.0.27/src/rf64.c 2016-04-01 23:08:53.000000000 +0200
@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int
#endif
- pad_size = psf->dataoffset - 16 - psf->header.indx ;
- if (pad_size >= 0)
- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
+ if (psf->header.indx + 8 < psf->dataoffset)
+ { /* Add PAD data if necessary. */
+ int k = psf->dataoffset - 16 - psf->header.indx ;
+ psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ;
+ } ;
if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
else
psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ;
- psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
+ psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
if (psf->error)
return psf->error ;
- if (has_data && psf->dataoffset != psf->header.indx)
- { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
+ if (has_data && psf->dataoffset != psf->header.indx)
+ { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
return psf->error = SFE_INTERNAL ;
} ;
- psf->dataoffset = psf->header.indx ;
+ psf->dataoffset = psf->header.indx ;
if (NOT (has_data))
psf_fseek (psf, psf->dataoffset, SEEK_SET) ;

374
SPECS/libsndfile.spec Normal file
View File

@ -0,0 +1,374 @@
Summary: Library for reading and writing sound files
Name: libsndfile
Version: 1.0.28
Release: 10%{?dist}
License: LGPLv2+ and GPLv2+ and BSD
Group: System Environment/Libraries
URL: http://www.mega-nerd.com/libsndfile/
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
Patch0: libsndfile-1.0.25-system-gsm.patch
Patch1: libsndfile-1.0.25-zerodivfix.patch
Patch2: revert.patch
Patch3: libsndfile-1.0.28-flacbufovfl.patch
Patch4: libsndfile-1.0.29-cve2017_6892.patch
#libsndfile-1.0.29-cve2017_6892.patch
# from upstream, for <= 1.0.28, rhbz#1483140
Patch5: libsndfile-1.0.28-cve2017_12562.patch
Patch6: libsndfile-1.0.28-fixfree.patch
Patch7: libsndfile-1.0.28-vafix.patch
Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
Patch9: libsndfile-1.0.28-cve_2018_19662.patch
BuildRequires: alsa-lib-devel
BuildRequires: flac-devel
BuildRequires: libogg-devel
BuildRequires: libvorbis-devel
BuildRequires: pkgconfig
BuildRequires: sqlite-devel
BuildRequires: gsm-devel
BuildRequires: libtool
%description
libsndfile is a C library for reading and writing sound files such as
AIFF, AU, WAV, and others through one standard interface. It can
currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and
64-bit floating point WAV files and a number of compressed formats. It
compiles and runs on *nix, MacOS, and Win32.
%package devel
Summary: Development files for libsndfile
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release} pkgconfig
%description devel
libsndfile is a C library for reading and writing sound files such as
AIFF, AU, WAV, and others through one standard interface.
This package contains files needed to develop with libsndfile.
%package utils
Summary: Command Line Utilities for libsndfile
Group: Applications/Multimedia
Requires: %{name} = %{version}-%{release}
%description utils
libsndfile is a C library for reading and writing sound files such as
AIFF, AU, WAV, and others through one standard interface.
This package contains command line utilities for libsndfile.
%prep
%setup -q
%patch0 -p1 -b .systemgsm
%patch1 -p1 -b .zerodivfix
%patch2 -p1 -b .revert
%patch3 -p1 -b .flacbufovfl
%patch4 -p1 -b .cve2017_6892
%patch5 -p1 -b .cve2017_12562
%patch6 -p1 -b .fixfree
%patch7 -p1 -b .vafix
%patch8 -p1 -b .CVE_2018_13139
%patch9 -p1 -b .cve_2018_19662
rm -r src/GSM610
%build
autoreconf -I M4 -fiv # for system-gsm patch
%configure \
--disable-dependency-tracking \
--enable-sqlite \
--enable-alsa \
--enable-largefile \
--disable-static
# Get rid of rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT
rm -rf __docs
mkdir __docs
cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs
rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}
find %{buildroot} -type f -name "*.la" -delete
# fix multilib issues
mv %{buildroot}%{_includedir}/sndfile.h \
%{buildroot}%{_includedir}/sndfile-%{__isa_bits}.h
cat > %{buildroot}%{_includedir}/sndfile.h <<EOF
#include <bits/wordsize.h>
#if __WORDSIZE == 32
# include "sndfile-32.h"
#elif __WORDSIZE == 64
# include "sndfile-64.h"
#else
# error "unexpected value for __WORDSIZE macro"
#endif
EOF
%if 0%{?rhel} != 0
rm -f %{buildroot}%{_bindir}/sndfile-jackplay
%endif
%check
LD_LIBRARY_PATH=$PWD/src/.libs make check
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc AUTHORS README NEWS
%{_libdir}/%{name}.so.*
%files utils
%{_bindir}/sndfile-cmp
%{_bindir}/sndfile-concat
%{_bindir}/sndfile-convert
%{_bindir}/sndfile-deinterleave
%{_bindir}/sndfile-info
%{_bindir}/sndfile-interleave
%{_bindir}/sndfile-metadata-get
%{_bindir}/sndfile-metadata-set
%{_bindir}/sndfile-play
%{_bindir}/sndfile-regtest
%{_bindir}/sndfile-salvage
%{_mandir}/man1/sndfile-cmp.1*
%{_mandir}/man1/sndfile-concat.1*
%{_mandir}/man1/sndfile-convert.1*
%{_mandir}/man1/sndfile-deinterleave.1*
%{_mandir}/man1/sndfile-info.1*
%{_mandir}/man1/sndfile-interleave.1*
%{_mandir}/man1/sndfile-metadata-get.1*
%{_mandir}/man1/sndfile-metadata-set.1*
%{_mandir}/man1/sndfile-play.1*
%{_mandir}/man1/sndfile-salvage.1*
%files devel
%doc __docs ChangeLog
%{_includedir}/sndfile.h
%{_includedir}/sndfile.hh
%{_includedir}/sndfile-%{__isa_bits}.h
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/sndfile.pc
%changelog
* Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
- fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function
i2alaw_array in alaw (#1673085)
* Wed Oct 30 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-9
- fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598482)
* Mon Oct 15 2018 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-8
- fix coverity scan found issues (#1602592)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 24 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-6
- heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Jun 21 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-3
- fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328)
* Mon Jun 05 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-2
- fix flac and pcm buffer overflows (CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365)
* Tue Apr 11 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-1
- updated to 1.0.28
- fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586)
- fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.27-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Nov 11 2016 Michal Hlavinka <mhlavink@redhat.com> - 1.0.27-1
- updated to 1.0.27
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.25-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-19
- fix incomplete patch for CVE-2015-7805
* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-18
- fix CVE-2015-7805: Heap overflow vulnerability when parsing specially
crafted AIFF header
* Thu Aug 27 2015 Marcin Juszkiewicz <mjuszkiewicz@redhat.com> - 1.0.25-17
- Use __isa_bits macro instead of list of 64-bit architectures
* Sun Jul 19 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.25-16
- Fix FTBFS
- Use %%license
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Jan 13 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-14
- fix CVE-2014-9496: 2 buffer overruns in sd2_parse_rsrc_fork (#1178840)
- division by zero leading to denial of service in psf_fwrite (#1177254)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug 02 2014 Kalev Lember <kalevlember@gmail.com> - 1.0.25-12
- Fix up previous commit
* Sat Aug 2 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.25-11
- Modernise spec
- Generic 32/64bit platform detection
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Jan 13 2014 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-9
- fix ppc64le build (#1051639)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 03 2013 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-7
- fix support for aarch64, another part (#969831)
* Wed Mar 27 2013 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-6
- fix support for aarch64 (#925887)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sat Nov 12 2011 Ville Skyttä <ville.skytta@iki.fi> - 1.0.25-2
- Patch to use system libgsm instead of a bundled copy.
- Make main package dep in -devel ISA qualified.
- Drop -octave Provides (not actually built with octave > 3.0).
- Don't build throwaway static lib.
- Run test suite during build.
* Thu Jul 14 2011 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-1
- Update to 1.0.25
- fixes integer overflow by processing certain PAF audio files (#721240)
* Sun Mar 27 2011 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.24-1
- Update to 1.0.24
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.23-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Oct 16 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.23-1
- Update to 10.0.23
* Tue Oct 05 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.22-1
- Update to 10.0.22
* Tue May 11 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.21-1
- Update to 10.0.21
- Do not include the static library in the package (RHBZ#556074)
- Remove BR on jack since sndfile-jackplay is not provided anymore
* Mon Feb 1 2010 Stepan Kasal <skasal@redhat.com> - 1.0.20-5
- Do not build against Jack on RHEL
- Fix the Source0: URL
- Fix the licence tag
* Sat Nov 14 2009 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.20-4
- Split utils into a subpackage
* Sat Nov 14 2009 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.20-3
- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel)
- Make build verbose
- Remove rpath
- Fix ChangeLog encoding
- Move the big Changelog to the devel package
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jun 06 2009 Lennart Poettering <lpoetter@redhat.com> - 1.0.20-1
- Updated to 1.0.20
* Tue Mar 03 2009 Robert Scheck <robert@fedoraproject.org> - 1.0.17-8
- Rebuilt against libtool 2.2
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sat Oct 25 2008 Andreas Thienemann <andreas@bawue.net> - 1.0.17-6
- Removed spurious #endif in the libsndfile.h wrapper. Thx to Edward
Sheldrake for finding it. Fixes #468508.
- Fix build for autoconf-2.63
* Thu Oct 23 2008 Andreas Thienemann <andreas@bawue.net> - 1.0.17-5
- Fixed multilib conflict. #342401
- Made flac support actually work correctly.
* Thu Aug 7 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.17-4
- fix license tag
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.17-3
- Autorebuild for GCC 4.3
* Thu Sep 20 2007 Andreas Thienemann <andreas@bawue.net> - 1.0.17-2
- Adding FLAC support to libsndfile courtesy of gentoo, #237575
- Fixing CVE-2007-4974. Thanks to the gentoo people for the patch, #296221
* Fri Sep 08 2006 Andreas Thienemann <andreas@bawue.net> - 1.0.17-1
- Updated to 1.0.17
* Sun Apr 30 2006 Andreas Thienemann <andreas@bawue.net> - 1.0.16-1
- Updated to 1.0.16
* Thu Mar 30 2006 Andreas Thienemann <andreas@bawue.net> - 1.0.15-1
- Updated to 1.0.15
* Thu Mar 16 2006 Dams <anvil[AT]livna.org> - 1.0.14-1.fc5
- Updated to 1.0.14
- Dropped patch0
* Thu May 12 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.0.11-3
- rebuilt
* Sat Mar 5 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.0.11-2
- Fix format string bug (#149863).
- Drop explicit Epoch 0.
* Sat Dec 4 2004 Ville Skyttä <ville.skytta@iki.fi> - 0:1.0.11-0.fdr.1
- Update to 1.0.11.
* Wed Oct 13 2004 Ville Skyttä <ville.skytta@iki.fi> - 0:1.0.10-0.fdr.1
- Update to 1.0.10, update URLs, include ALSA support.
- Disable dependency tracking to speed up the build.
- Add missing ldconfig invocations.
- Make -devel require pkgconfig.
- Include developer docs in -devel.
- Provide -octave in main package, own more related dirs.
- Bring specfile up to date with current spec templates.
* Sat Apr 12 2003 Dams <anvil[AT]livna.org>
- Initial build.