import wavpack-5.4.0-5.el9

2022-11-15 01:40:48 -05:00 · 2022-11-15 01:40:48 -05:00 · bc883d73e7
parent ab5de79723
commit bc883d73e7
2 changed files with 37 additions and 1 deletions
--- a/SOURCES/wavpack-5.4.0-CVE-2021-44269-heap-Out-of-bounds-Read.patch
+++ b/SOURCES/wavpack-5.4.0-CVE-2021-44269-heap-Out-of-bounds-Read.patch
@ -0,0 +1,30 @@
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index d7adb6a..5bdcae3 100644
+--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
+@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             }
+ 
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+
+            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index e1d7973..dddd488 100644
+--- a/cli/dsf.c
+++ b/cli/dsf.c
+@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
+
--- a/SPECS/wavpack.spec
+++ b/SPECS/wavpack.spec
@ -1,7 +1,7 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.4.0
-Release:	4%{?dist}
+Release:	5%{?dist}
 License:	BSD
 Url:		http://www.wavpack.com/
 Source:		http://www.wavpack.com/%{name}-%{version}.tar.bz2
@ -11,6 +11,8 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool

+Patch0: wavpack-5.4.0-CVE-2021-44269-heap-Out-of-bounds-Read.patch
+
 %description
 WavPack is a completely open audio compression format providing lossless,
 high-quality lossy, and a unique hybrid compression mode. Although the
@ -66,6 +68,10 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf

 %changelog
+* Tue May 17 2022 Tomas Korbar <tkorbar@redhat.com> - 5.4.0-5
+- CVE-2021-44269 wavpack: heap Out-of-bounds Read
+- Resolves: CVE-2021-44269
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.0-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688