diff options
| author | alpine-mips-patches <info@mobile-stream.com> | 2019-03-07 15:14:20 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-03-08 07:16:02 +0000 |
| commit | eb0e8dee37539898fe7a4d9f95ff1353d3d69519 (patch) | |
| tree | 084b475d3f4d5d5b04e0906b22b926872a72a58e /main | |
| parent | 1e09ec69412d1c4c4630d74a03e238e7cbed4629 (diff) | |
| download | aports-eb0e8dee37539898fe7a4d9f95ff1353d3d69519.tar.bz2 aports-eb0e8dee37539898fe7a4d9f95ff1353d3d69519.tar.xz | |
main/libsndfile: update CVE-2018-19758 fix from upstream
The CVE-2018-19758.patch is now a merge of relevant bits from two upstream commits:
42132c543358cee9f7c3e9e9b15bb6c1063a608e
6d7ce94c020cc720a6b28719d1a7879181790008
Diffstat (limited to 'main')
| -rw-r--r-- | main/libsndfile/APKBUILD | 6 | ||||
| -rw-r--r-- | main/libsndfile/CVE-2018-19758.patch | 26 |
2 files changed, 12 insertions, 20 deletions
diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD index 930040c438..0677a9a9c3 100644 --- a/main/libsndfile/APKBUILD +++ b/main/libsndfile/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libsndfile pkgver=1.0.28 -pkgrel=7 +pkgrel=8 pkgdesc="A C library for reading and writing files containing sampled sound" url="http://www.mega-nerd.com/libsndfile" arch="all" @@ -24,6 +24,8 @@ source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz case $CARCH in arm*) options="!check";; esac # secfixes: +# 1.0.28-r8: +# - CVE-2018-19758 # 1.0.28-r7: # - CVE-2018-19758 # 1.0.28-r6: @@ -72,5 +74,5 @@ dfd4b5f1c7471fc416eed5c6040580a020543f145de9103751adaad6ce1c5c6a22abc1cf0ffd381a 814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e CVE-2017-12562.patch 33817e7c85180635fa239e4ea38973b18312878522639f43071188a995f0e1a35dbca6d133555fb0875292b4b609950ae38e747a6b1949f8ae840db9dc3a2805 CVE-2018-13139.patch ba3e5321713dbc118f45dac6f86049a15e6ba54fc788776eb267b1b165a0853bec278d8b066c71372cd243c852faa6781bef6a71d108e7cdbc64fb77fa3afc0a CVE-2017-17456_CVE-2017-17457_CVE-2018-19661_CVE-2018-19662.patch -0c363859399d7292b5e4c068b7c1e189b2169b0ea8e3ad4181f0a531382c4a94a43ad1e17f420bc0a77ffdd7bc439210c8a06a5bb7baec8709f0bbbabdb4c00e CVE-2018-19758.patch +ec90d652056166188ccc360d463d7b5549510aca7fcbbb439dd2d6086f759236ece6091c76d0c7074fb09e7b86df229c39ffdd8c8603b253c33d4d05c42615d2 CVE-2018-19758.patch 0b7ce6bd6c1ec825521974c36b8c6eb5edd17d3c57d5ae3de287fb34a6be7108bc9511abb497538eef36e5883b84f4137fad6fe9a1d150345111de9f068838f9 fix-rf64-varargs-bug.patch" diff --git a/main/libsndfile/CVE-2018-19758.patch b/main/libsndfile/CVE-2018-19758.patch index ead28f6fd2..7b4e9477bb 100644 --- a/main/libsndfile/CVE-2018-19758.patch +++ b/main/libsndfile/CVE-2018-19758.patch @@ -1,23 +1,13 @@ -commit 42132c543358cee9f7c3e9e9b15bb6c1063a608e -Author: Erik de Castro Lopo <erikd@mega-nerd.com> -Date: Tue Jan 1 20:11:46 2019 +1100 - - src/wav.c: Fix heap read overflow - - This is CVE-2018-19758. - - Closes: https://github.com/erikd/libsndfile/issues/435 - -diff --git a/src/wav.c b/src/wav.c -index 9d71aadb..5c825f2a 100644 ---- a/src/wav.c +--- a/src/wav.c.orig +++ b/src/wav.c -@@ -1146,6 +1146,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length) - psf_binheader_writef (psf, "44", BHW4 (0), BHW4 (0)) ; /* SMTPE format */ - psf_binheader_writef (psf, "44", BHW4 (psf->instrument->loop_count), BHW4 (0)) ; +@@ -1094,6 +1094,10 @@ + psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ + psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; -+ /* Loop count is signed 16 bit number so we limit it range to something sensible. */ -+ psf->instrument->loop_count &= 0x7fff ; ++ /* Make sure we don't read past the loops array end. */ ++ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops)) ++ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ; ++ for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) { int type ; |