packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:4de3a7422ee027bba0ee27cb84f08f0b48a98901
Branches Tags
packages:main
...
compare: packages:a8b414157effae6efa8e5ee8afb4e005f8ff1905
Branches Tags
packages:main

11 Commits
4de3a7422e ... a8b414157e

Author SHA1 Message Date
openeuler-ci-bot
a8b414157e
!57 Modify the wrong CVE number in Changelog 
From: @Higos997 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
 2024-11-05 03:38:19 +00:00
yinzeqiang
8eca88e212 Modify the wrong CVE number in Changelog 2024-11-04 11:13:20 +08:00
openeuler-ci-bot
145ba7d232
!46 [sync] PR-44: CVE-2023-33065 
From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
 2023-12-22 02:09:54 +00:00
xuyuchao
58b3297b9b * Thu Dec 21 2023 xuyuchao <xu.yuchao@xfusion.com> - 1.0.28-21 
- Type:CVE
- CVE:CVE-2023-33065
- DESC:fix CVE-2023-33065

(cherry picked from commit 6a3adc37c11305eb29cebd7780e12578ed813a89)
 2023-12-22 09:50:31 +08:00
openeuler-ci-bot
a4b25e793e
!20 [sync] PR-17: fix CVE-2021-4156 
From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
 2022-05-16 09:16:28 +00:00
zhouwenpei
591cd9dc08 fix CVE-2021-4156 
(cherry picked from commit 5c6a1881fcdff286e9a387c0437356092f7f7e40)
 2022-05-16 17:16:00 +08:00
openeuler-ci-bot
86c3c5fde3 !9 [sync] PR-8: fix CVE-2021-3246 
From: @openeuler-sync-bot
Reviewed-by: @liqingqing_1229
Signed-off-by: @liqingqing_1229
 2021-09-23 03:58:20 +00:00
zhouwenpei
3cbeee05d7 fix CVE-2021-3246 
(cherry picked from commit 59f688865439115c8192407429c3aa9ba8c36a77)
 2021-09-23 11:55:35 +08:00
openeuler-ci-bot
501334f8a0 !3 libsndfile CVE修复合入 
Merge pull request !3 from chenmaodong/master
 2020-02-03 20:42:12 +08:00
chenmaodong
23001acbe6 fix CVE-2017-8362 2020-02-03 20:21:25 +08:00
openeuler-ci-bot
ee594d5373 !2 libsndfile补丁整改 
Merge pull request !2 from chenmaodong/master
 2020-01-10 20:16:10 +08:00
5 changed files with 184 additions and 1 deletions
Show Stats Expand all files Collapse all files

38
backport-CVE-2021-3246.patch Normal file
View File

@ -0,0 +1,38 @@
From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
From: bobsayshilol <bobsayshilol@live.co.uk>
Date: Thu, 18 Feb 2021 21:52:09 +0000
Subject: [PATCH] ms_adpcm: Fix and extend size checks
'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
---
src/ms_adpcm.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
index 5e8f1a316..a21cb9941 100644
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock)
if (psf->file.mode == SFM_WRITE)
samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
- if (blockalign < 7 * psf->sf.channels)
- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+ /* There's 7 samples per channel in the preamble of each block */
+ if (samplesperblock < 7 * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+
+ if (2 * blockalign < samplesperblock * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
return SFE_INTERNAL ;
} ;

25
backport-CVE-2021-4156.patch Normal file
View File

@ -0,0 +1,25 @@
From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
From: yuan <ssspeed00@gmail.com>
Date: Tue, 20 Apr 2021 16:16:32 +0800
Subject: [PATCH] flac: Fix improper buffer reusing (#732)
---
src/flac.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/flac.c b/src/flac.c
index 64d0172e6..e33204505 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
/* Decode some more. */
while (pflac->pos < pflac->len)
{ if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
+ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
+ /* Current frame is busted, so NULL the pointer. */
+ pflac->frame = NULL ;
break ;
+ } ;
state = FLAC__stream_decoder_get_state (pflac->fsd) ;
if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
{ psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;

42
backport-CVE-2022-33065.patch Normal file
View File

@ -0,0 +1,42 @@
From da1fcb0199f6a5c883fd158a20896a0e9c085e02 Mon Sep 17 00:00:00 2001
From: Alex Stewart <alex.stewart@ni.com>
Date: Wed, 22 Nov 2023 17:15:12 +0800
Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
The clang sanitizer warns of a possible signed integer overflow when
calculating the `dataend` value in `mat4_read_header()`.
```
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
```
Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
`dataend` before performing the calculation, to avoid the issue.
CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/789
Fixes: https://github.com/libsndfile/libsndfile/issues/833
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
---
src/mat4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mat4.c b/src/mat4.c
index 3c73680..e2f98b7 100644
--- a/src/mat4.c
+++ b/src/mat4.c
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
}
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
--
2.27.0

54
libsndfile-1.0.28-CVE-2017-8362.patch Normal file
View File

@ -0,0 +1,54 @@
From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH 1/1] src/flac.c: Fix a buffer read overflow
A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.
Closes: https://github.com/erikd/libsndfile/issues/231
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/flac.c b/src/flac.c
index 5a4f8c2..e4f9aaa 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;
--
1.8.3.1

26
libsndfile.spec
View File

@ -1,6 +1,6 @@
Name: libsndfile
Version: 1.0.28
Release: 17
Release: 22
Summary: Library for reading and writing sound files
License: LGPLv2+ and GPLv2+ and BSD
URL: http://www.mega-nerd.com/libsndfile/
@ -20,6 +20,10 @@ Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch
Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch
Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch
Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch
Patch6007: backport-CVE-2021-3246.patch
Patch6008: backport-CVE-2021-4156.patch
Patch6009: backport-CVE-2022-33065.patch
%description
Libsndfile is a C library for reading and writing files containing
@ -126,6 +130,26 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1*
%changelog
* Mon Nov 4 2024 yinzeqiang <yinzeqiang@chinaredflag.cn> - 1.0.28-22
- Modify the wrong CVE number in Changelog
* Thu Dec 21 2023 xuyuchao <xu.yuchao@xfusion.com> - 1.0.28-21
- Type:CVE
- CVE:CVE-2022-33065
- DESC:fix CVE-2022-33065
* Mon May 16 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.0.28-20
- fix CVE-2021-4156
* Thu Sep 23 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.0.28-19
- fix CVE-2021-3246
* Mon Feb 03 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-18
- Type:cves
- ID:CVE-2017-8362
- SUG:NA
- DESC:fix CVE-2017-8362
* Fri Jan 10 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-17
- Type:enhancement
- ID:NA