import wavpack-5.1.0-16.el8

2022-11-08 01:40:58 -05:00 · 2022-11-08 01:40:58 -05:00 · 78d8bc2944
parent 426b7ed38f
commit 78d8bc2944
2 changed files with 42 additions and 1 deletions
--- a/SOURCES/wavpack-0011-issue-110-sanitize-DSD-file-types.patch
+++ b/SOURCES/wavpack-0011-issue-110-sanitize-DSD-file-types.patch
@ -0,0 +1,35 @@
+commit 3915cf88c0cf2cf9806d7323071c9b856b6dc52b
+Author: Tomas Korbar <tkorbar@redhat.com>
+Date:   Tue May 17 18:11:33 2022 +0200
+
+    Fix CVE-2021-44269
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index 62d8a0c..fa69e32 100644
+--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
+@@ -284,6 +284,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+                 return WAVPACK_SOFT_ERROR;
+             }
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+            
+            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index cd82ae9..fd6b2a5 100644
+--- a/cli/dsf.c
+++ b/cli/dsf.c
+@@ -121,6 +121,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
+             error_line ("%s is not a valid .DSF file!", infilename);
--- a/SPECS/wavpack.spec
+++ b/SPECS/wavpack.spec
@ -1,7 +1,7 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.1.0
-Release:	15%{?dist}
+Release:	16%{?dist}
 License:	BSD
 Group:		Applications/Multimedia
 Url:		http://www.wavpack.com/
@ -16,6 +16,8 @@ Patch7:		wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch
 Patch8:		wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
 Patch9:		wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
 Patch10:	wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
+Patch11:	wavpack-0011-issue-110-sanitize-DSD-file-types.patch
+
 # For autoreconf
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -70,6 +72,10 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog README

 %changelog
+* Tue May 17 2022 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-16
+- CVE-2021-44269 wavpack: heap Out-of-bounds Read
+- Resolves: CVE-2021-44269
+
 * Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
 - fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
 - CVE-2018-19841