main/libsndfile: security fix (CVE-2018-13139)

Partially fixes #9236

2 files changed, 45 insertions, 10 deletions

diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index cbdd20d38d..e913e291cf 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libsndfile
 pkgver=1.0.28
-pkgrel=2
+pkgrel=3
 pkgdesc="A C library for reading and writing files containing sampled sound"
 url="http://www.mega-nerd.com/libsndfile"
 arch="all"
@@ -15,20 +15,23 @@ source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz
 	CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
 	CVE-2017-8362.patch
 	CVE-2017-12562.patch
+	CVE-2018-13139.patch
 	"
 
 # secfixes:
+#   1.0.28-r3:
+#     - CVE-2018-13139
 #   1.0.28-r2:
-#   - CVE-2017-12562
+#     - CVE-2017-12562
 #   1.0.28-r0:
-#   - CVE-2017-7585
-#   - CVE-2017-7741
-#   - CVE-2017-7742
+#     - CVE-2017-7585
+#     - CVE-2017-7741
+#     - CVE-2017-7742
 #   1.0.28-r1:
-#   - CVE-2017-8361
-#   - CVE-2017-8362
-#   - CVE-2017-8363
-#   - CVE-2017-8365
+#     - CVE-2017-8361
+#     - CVE-2017-8362
+#     - CVE-2017-8363
+#     - CVE-2017-8365
 
 _builddir="$srcdir/$pkgname-$pkgver"
 
@@ -60,4 +63,5 @@ c2d2665744b32facab093540bd0b0c28e72496dd03f8fd51e0aef42fb76d9631  CVE-2017-8361_
 sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f  libsndfile-1.0.28.tar.gz
 f98c40696fca3e7bca867df993de55bb4145c23428e65d1a669182eb2293046478ac727ae7f94bb77123ef0355c3c53be4f9d6a432665c90c74687d8d3afd9e3  CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
 dfd4b5f1c7471fc416eed5c6040580a020543f145de9103751adaad6ce1c5c6a22abc1cf0ffd381aed3072644cd5ee03ba3598265aa7d202d63167da251cb595  CVE-2017-8362.patch
-814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e  CVE-2017-12562.patch"
+814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e  CVE-2017-12562.patch
+33817e7c85180635fa239e4ea38973b18312878522639f43071188a995f0e1a35dbca6d133555fb0875292b4b609950ae38e747a6b1949f8ae840db9dc3a2805  CVE-2018-13139.patch"
diff --git a/main/libsndfile/CVE-2018-13139.patch b/main/libsndfile/CVE-2018-13139.patch
new file mode 100644
index 0000000000..f75843267b
--- /dev/null
+++ b/main/libsndfile/CVE-2018-13139.patch
@@ -0,0 +1,31 @@
+From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001
+From: "Brett T. Warden" <brett.t.warden@intel.com>
+Date: Tue, 28 Aug 2018 12:01:17 -0700
+Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
+
+Allocated buffer has space for only 16 channels. Verify that input file
+meets this limit.
+
+Fixes #397
+---
+ programs/sndfile-deinterleave.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
+index 53660310..225b4d54 100644
+--- a/programs/sndfile-deinterleave.c
++++ b/programs/sndfile-deinterleave.c
+@@ -89,6 +89,13 @@ main (int argc, char **argv)
+ 		exit (1) ;
+ 		} ;
+ 
++	if (sfinfo.channels > MAX_CHANNELS)
++	{	printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
++			argv [1], sfinfo.channels, MAX_CHANNELS) ;
++		exit (1) ;
++		} ;
++
++
+ 	state.channels = sfinfo.channels ;
+ 	sfinfo.channels = 1 ;
+