import wavpack-5.1.0-16.el8
This commit is contained in:
parent
426b7ed38f
commit
78d8bc2944
|
@ -0,0 +1,35 @@
|
||||||
|
commit 3915cf88c0cf2cf9806d7323071c9b856b6dc52b
|
||||||
|
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||||
|
Date: Tue May 17 18:11:33 2022 +0200
|
||||||
|
|
||||||
|
Fix CVE-2021-44269
|
||||||
|
|
||||||
|
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
|
||||||
|
index 62d8a0c..fa69e32 100644
|
||||||
|
--- a/cli/dsdiff.c
|
||||||
|
+++ b/cli/dsdiff.c
|
||||||
|
@@ -284,6 +284,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
||||||
|
return WAVPACK_SOFT_ERROR;
|
||||||
|
}
|
||||||
|
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
|
||||||
|
+
|
||||||
|
+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
|
||||||
|
+ error_line ("%s is not a valid .DFF file!", infilename);
|
||||||
|
+ return WAVPACK_SOFT_ERROR;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else { // just copy unknown chunks to output file
|
||||||
|
diff --git a/cli/dsf.c b/cli/dsf.c
|
||||||
|
index cd82ae9..fd6b2a5 100644
|
||||||
|
--- a/cli/dsf.c
|
||||||
|
+++ b/cli/dsf.c
|
||||||
|
@@ -121,6 +121,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
|
||||||
|
|
||||||
|
if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
|
||||||
|
format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
|
||||||
|
+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
|
||||||
|
(format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
|
||||||
|
format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
|
||||||
|
error_line ("%s is not a valid .DSF file!", infilename);
|
|
@ -1,7 +1,7 @@
|
||||||
Name: wavpack
|
Name: wavpack
|
||||||
Summary: A completely open audiocodec
|
Summary: A completely open audiocodec
|
||||||
Version: 5.1.0
|
Version: 5.1.0
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Multimedia
|
Group: Applications/Multimedia
|
||||||
Url: http://www.wavpack.com/
|
Url: http://www.wavpack.com/
|
||||||
|
@ -16,6 +16,8 @@ Patch7: wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch
|
||||||
Patch8: wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
|
Patch8: wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
|
||||||
Patch9: wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
|
Patch9: wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
|
||||||
Patch10: wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
|
Patch10: wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
|
||||||
|
Patch11: wavpack-0011-issue-110-sanitize-DSD-file-types.patch
|
||||||
|
|
||||||
# For autoreconf
|
# For autoreconf
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
|
@ -70,6 +72,10 @@ rm -f %{buildroot}/%{_libdir}/*.la
|
||||||
%doc ChangeLog README
|
%doc ChangeLog README
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 17 2022 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-16
|
||||||
|
- CVE-2021-44269 wavpack: heap Out-of-bounds Read
|
||||||
|
- Resolves: CVE-2021-44269
|
||||||
|
|
||||||
* Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
|
* Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
|
||||||
- fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
|
- fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
|
||||||
- CVE-2018-19841
|
- CVE-2018-19841
|
||||||
|
|
Loading…
Reference in New Issue