diff options
author | alpine-mips-patches <info@mobile-stream.com> | 2019-03-07 15:14:20 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-04-12 10:33:20 +0000 |
commit | afcf91b3195a7e0e88b3c570d405ddd1f4591460 (patch) | |
tree | 7996bdcd2e70d6febbff142c1b6ef2f1b61dff27 | |
parent | df783fb4ec118d2b2d6ad60ba87247d67895ed7d (diff) | |
download | aports-afcf91b3195a7e0e88b3c570d405ddd1f4591460.tar.bz2 aports-afcf91b3195a7e0e88b3c570d405ddd1f4591460.tar.xz |
main/libsndfile: update CVE-2018-19758 fix from upstream
The CVE-2018-19758.patch is now a merge of relevant bits from two upstream commits:
42132c543358cee9f7c3e9e9b15bb6c1063a608e
6d7ce94c020cc720a6b28719d1a7879181790008
Fixes #10108
-rw-r--r-- | main/libsndfile/APKBUILD | 5 | ||||
-rw-r--r-- | main/libsndfile/CVE-2018-19758.patch | 13 |
2 files changed, 17 insertions, 1 deletions
diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD index d8b9f06781..6cc76e7dd2 100644 --- a/main/libsndfile/APKBUILD +++ b/main/libsndfile/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libsndfile pkgver=1.0.28 -pkgrel=5 +pkgrel=6 pkgdesc="A C library for reading and writing files containing sampled sound" url="http://www.mega-nerd.com/libsndfile" arch="all" @@ -22,6 +22,9 @@ source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz [ "$CARCH" = "armhf" ] && options="!check" # secfixes: +# 1.0.28-r6: +# - CVE-2018-19758 +# - CVE-2019-3832 # 1.0.28-r5: # - CVE-2017-17456 # - CVE-2017-17457 diff --git a/main/libsndfile/CVE-2018-19758.patch b/main/libsndfile/CVE-2018-19758.patch new file mode 100644 index 0000000000..7b4e9477bb --- /dev/null +++ b/main/libsndfile/CVE-2018-19758.patch @@ -0,0 +1,13 @@ +--- a/src/wav.c.orig ++++ b/src/wav.c +@@ -1094,6 +1094,10 @@ + psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ + psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; + ++ /* Make sure we don't read past the loops array end. */ ++ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops)) ++ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ; ++ + for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) + { int type ; + |