Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libsndfile.16825 for
openSUSE:Leap:15.2:Update checked in at 2021-08-19 17:21:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/libsndfile.16825 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.libsndfile.16825.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsndfile.16825"
Thu Aug 19 17:21:35 2021 rev:1 rq:912779 version:1.0.28
Changes:
--------
New Changes file:
--- /dev/null 2021-07-22 10:06:18.349420535 +0200
+++
/work/SRC/openSUSE:Leap:15.2:Update/.libsndfile.16825.new.1899/libsndfile-progs.changes
2021-08-19 17:21:36.708715616 +0200
@@ -0,0 +1,433 @@
+-------------------------------------------------------------------
+Fri Jul 6 14:11:47 CEST 2018 - ti...@suse.de
+
+- Fix buffer overflow in sndfile-deinterleave, which isn't really a
+ security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
+ CVE-2018-19432):
+ (Apply all the rest as well to sync with libsndfile.spec)
+ 0001-FLAC-Fix-a-buffer-read-overrun.patch
+ 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+ 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+ 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
+ 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
+ 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
+ libsndfile-CVE-2017-17456-alaw-range-check.patch
+ libsndfile-CVE-2017-17457-ulaw-range-check.patch
+ sndfile-deinterlace-channels-check.patch
+ sndfile-ocloexec.patch
+
+-------------------------------------------------------------------
+Mon Apr 10 10:47:58 CEST 2017 - ti...@suse.de
+
+- Update to version 1.0.27:
+ * Fix a seek regression in 1.0.26
+ * Add metadata read/write for CAF and RF64
+ * FIx PAF endian-ness issue
+- Update to version 1.0.28
+ * Fix buffer overruns in FLAC and ID3 handling code
+ (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
+ * Reduce default header memory requirements
+ * Fix detection of Large File Support for 32 bit systems.
+- Obsoleted patch:
+ libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+
+-------------------------------------------------------------------
+Tue Nov 24 08:31:31 UTC 2015 - idon...@suse.com
+
+- Remove documentation, it belongs to the libsndfile package.
+
+-------------------------------------------------------------------
+Mon Nov 23 17:22:41 CET 2015 - ti...@suse.de
+
+- Update to version 1.0.26:
+ * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
+ * Add ALAC/CAF support. Minor bug fixes and improvements.
+- Drop libsndfile-example-fix.diff
+
+-------------------------------------------------------------------
+Sat Mar 21 08:14:38 UTC 2015 - mplus...@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Add gpg signature
+
+-------------------------------------------------------------------
+Mon Apr 15 14:00:22 UTC 2013 - mmeis...@suse.com
+
+- Added url as source.
+ Please see http://en.opensuse.org/SourceUrls
+
+-------------------------------------------------------------------
+Mon Nov 21 17:30:11 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+
+-------------------------------------------------------------------
+Fri Jul 29 14:48:03 CEST 2011 - ti...@suse.de
+
+- Fix zero-division in PAF parser (bnc#708988)
+
+-------------------------------------------------------------------
+Mon Jul 18 17:23:30 CEST 2011 - ti...@suse.de
+
+- updated to version 1.0.25:
+ Fix for Secunia Advisory SA45125 (CVE-2011-2696, bnc#705681)
+ Minor bug fixes and improvements
+
+-------------------------------------------------------------------
+Wed Mar 23 13:01:06 UTC 2011 - oliver.be...@opensuse.org
+
+- Update to version 1.0.24
+- Upstream changes :
+ * WAV files are now written with an 18 byte u-law and A-law fmt chunk
+ * A document on virtual I/O functionality was added
+ * Two new methods were added in sndfile.hh
+ * A fix was made for a non-zero SSND offset values on AIFF
+ * Minor bug fixes and improvements were done
+
+-------------------------------------------------------------------
+Mon Oct 11 16:20:37 UTC 2010 - oliver.be...@opensuse.org
+
+- Update to version 1.0.23:
+- Upstream changes :
+ * configure.ac src/version-metadata.rc.in src/Makefile.am
+ Add version string resources to the windows DLL.
+ * doc/api.html
+ Update to add missing SF_FORMAT_* values. Closed Debian bug #545257.
+ * NEWS README configure.ac doc/*.html
+ Updates for 1.0.23 release.
+ * Other minor bug fixes
+
+-------------------------------------------------------------------
+Fri Oct 8 06:50:36 UTC 2010 - davejpla...@gmail.com
+
+- Update to version 1.0.22
+- Upstream changes :
+ * Bunch of minor bug fixes.
+
+-------------------------------------------------------------------
+Mon Aug 16 12:44:02 CEST 2010 - ti...@suse.de
+
+- updated to version 1.0.21:
+ * Bunch of minor bug fixes.
+ * including VUL-1 divide-by-zero fix (bnc#631379)
+
+-------------------------------------------------------------------
+Wed Jun 3 00:13:56 CEST 2009 - dmuel...@suse.de
+
+- explicitely enable sqlite support to avoid random flipping
+
+-------------------------------------------------------------------
+Fri May 15 14:38:13 CEST 2009 - ti...@suse.de
+
+- updated to version 1.0.20:
+ * Fix for potential heap overflow
+- enable ogg/vorbis support
+
+-------------------------------------------------------------------
+Mon Apr 27 01:06:17 CEST 2009 - r...@suse.de
+
+- buildfix: tar basedir is libsndfile not libsndfile-progs
+
+-------------------------------------------------------------------
+Fri Apr 24 14:50:32 CEST 2009 - ti...@suse.de
+
+- built progs subpackage from an individual spec file to cut the
+ circular dependency with jack.
+
+-------------------------------------------------------------------
+Wed Mar 4 09:40:59 CET 2009 - ti...@suse.de
+
+- updated to version 1.0.19:
+ * Fix for CVE-2009-0186 (bnc#481769 - VUL-0: libsndfile CAF
+ Processing Integer Overflow Vulnerability)
+ * Huge number of minor fixes as a result of static analysis
+- remove INSTALL file from filelist
+
+-------------------------------------------------------------------
+Mon Feb 9 12:40:43 CET 2009 - ti...@suse.de
+
+- updated to version 1.0.18
+ * Add Ogg/Vorbis support (disabled right now due to vorbis
+ version mismatch; SVN version is required)
+ * Remove captive FLAC library.
+ * Many new features and bug fixes.
+ * Generate Win32 and Win64 pre-compiled binaries.
+- Dropped libsndfile-octave subpackage (as octave itself is
+ dropped from FACTORY)
+
+-------------------------------------------------------------------
+Wed Jan 7 12:34:56 CET 2009 - o...@suse.de
+
+- obsolete old -XXbit packages (bnc#437293)
+
+-------------------------------------------------------------------
+Tue Oct 14 17:53:37 CEST 2008 - meiss...@suse.de
+
+- prototype for memset
+
+-------------------------------------------------------------------
+Tue May 6 15:10:55 CEST 2008 - ti...@suse.de
+
+- fix missing initializations in demo programs (bnc#351128)
+
+-------------------------------------------------------------------
+Tue Apr 15 17:39:20 CEST 2008 - sch...@suse.de
+
+- Fix configure script.
+
+-------------------------------------------------------------------
+Thu Apr 10 12:54:45 CEST 2008 - r...@suse.de
+
+- added baselibs.conf file to build xxbit packages
+ for multilib support
+
+-------------------------------------------------------------------
+Mon Mar 10 18:42:43 CET 2008 - crrodrig...@suse.de
+
+- remove explicit-lib-dependencies
+- fix -devel package dependencies
+
+-------------------------------------------------------------------
+Thu Sep 20 15:22:45 CEST 2007 - ti...@suse.de
+
+- VUL-0: Heap-based buffer overflow in flac.c (#326070,
+ CVE-2007-4974)
+
+-------------------------------------------------------------------
+Mon Apr 16 13:56:20 CEST 2007 - ti...@suse.de
++++ 236 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.libsndfile.16825.new.1899/libsndfile-progs.changes
New Changes file:
--- /dev/null 2021-07-22 10:06:18.349420535 +0200
+++
/work/SRC/openSUSE:Leap:15.2:Update/.libsndfile.16825.new.1899/libsndfile.changes
2021-08-19 17:21:36.820715485 +0200
@@ -0,0 +1,556 @@
+-------------------------------------------------------------------
+Fri Jul 23 14:12:36 CEST 2021 - ti...@suse.de
+
+- Fix heap buffer overflow vulnerability in msadpcm_decode_block
+ (CVE-2021-3246, bsc#1188540):
+ ms_adpcm-Fix-and-extend-size-checks.patch
+
+-------------------------------------------------------------------
+Tue Dec 4 13:42:05 CET 2018 - ti...@suse.de
+
+- Fix segfault in wav conversion due to the invalid loop count
+ (CVE-2018-19758, bsc#1117954):
+ libsndfile-wav-loop-count-fix.patch
+
+-------------------------------------------------------------------
+Fri Jul 6 14:11:47 CEST 2018 - ti...@suse.de
+
+- Fix buffer overflow in sndfile-deinterleave, which isn't really a
+ security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
+ CVE-2018-19432):
+ sndfile-deinterlace-channels-check.patch
+
+-------------------------------------------------------------------
+Fri Jun 8 14:49:18 CEST 2018 - ti...@suse.de
+
+- Use license file tag
+
+-------------------------------------------------------------------
+Fri Jun 8 14:46:54 CEST 2018 - ti...@suse.de
+
+- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
+ bsc#1071777):
+ libsndfile-CVE-2017-17456-alaw-range-check.patch
+- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
+ bsc#1071767):
+ libsndfile-CVE-2017-17457-ulaw-range-check.patch
+
+-------------------------------------------------------------------
+Tue Dec 19 15:57:19 CET 2017 - ti...@suse.de
+
+- Fix VUL-0: divide-by-zero error exists in the function
+ double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
+ 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
+- Tentative fix for VUL-0: out of bounds read in the function
+ d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
+ VUL-0: out of bounds read in the function d2ulaw_array() in
+ ulaw.c (CVE-2017-14246, bsc#1059913):
+ 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
+
+-------------------------------------------------------------------
+Tue Aug 8 11:00:09 CEST 2017 - ti...@suse.de
+
+- Fix Heap-based Buffer Overflow in the psf_binheader_writef
+ (CVE-2017-12562, bsc#1052476):
+ 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
+
+-------------------------------------------------------------------
+Tue Jun 13 08:36:52 CEST 2017 - ti...@suse.de
+
+- Fix out-of-bounds read memory access in the aiff_read_chanmap()
+ (CVE-2017-6892, bsc#1043978):
+ 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+
+-------------------------------------------------------------------
+Tue May 2 14:06:40 CEST 2017 - ti...@suse.de
+
+- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
+ CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
+ bsc#1036943):
+ 0001-FLAC-Fix-a-buffer-read-overrun.patch
+ 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+
+-------------------------------------------------------------------
+Mon Apr 10 10:47:58 CEST 2017 - ti...@suse.de
+
+- Update to version 1.0.27:
+ * Fix a seek regression in 1.0.26
+ * Add metadata read/write for CAF and RF64
+ * FIx PAF endian-ness issue
+- Update to version 1.0.28
+ * Fix buffer overruns in FLAC and ID3 handling code
+ (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
+ * Reduce default header memory requirements
+ * Fix detection of Large File Support for 32 bit systems.
+- Obsoleted patch:
+ libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+
+-------------------------------------------------------------------
+Tue May 10 17:18:51 UTC 2016 - tom.m...@googlemail.com
+
+- Fix spec file to enable builds on non opensuse OS
+
+-------------------------------------------------------------------
+Mon Nov 23 17:20:09 CET 2015 - ti...@suse.de
+
+- Update to version 1.0.26:
+ * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
+ * Add ALAC/CAF support. Minor bug fixes and improvements.
+- Refreshed patches:
+ sndfile-ocloexec.patch
+ libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+- Removed obsoleted patches:
+ libsndfile-example-fix.diff
+ libsndfile-fix-header-read-CVE-2015-7805.patch
+ libsndfile-paf-zero-division-fix.diff
+ libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+ libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+ sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
+ sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+
+-------------------------------------------------------------------
+Wed Nov 4 16:43:39 CET 2015 - ti...@suse.de
+
+- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
+ libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+ libsndfile-fix-header-read-CVE-2015-7805.patch
+- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
+ libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
+
+-------------------------------------------------------------------
+Wed Nov 4 11:38:16 CET 2015 - ti...@suse.de
+
+- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
+ libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+
+-------------------------------------------------------------------
+Sat Mar 21 08:12:34 UTC 2015 - mplus...@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Add gpg signature
+- Remove old ppc provides/obsoletes
+
+-------------------------------------------------------------------
+Wed Jan 7 08:30:31 CET 2015 - ti...@suse.de
+
+- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork()
+ (CVE-2014-9496, bnc#911796): backported upstream fix patches
+ sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
+ sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+
+-------------------------------------------------------------------
+Mon Apr 15 13:57:35 UTC 2013 - mmeis...@suse.com
+
+- Added url as source.
+ Please see http://en.opensuse.org/SourceUrls
+
+-------------------------------------------------------------------
+Fri Dec 2 15:55:49 UTC 2011 - co...@suse.com
+
+- add libtool as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Thu Nov 24 11:02:11 CET 2011 - ti...@suse.de
+
+- add missing provides/obsoletes for libsndfile -> libsndfile1
+ rename (bnc#732565)
+
+-------------------------------------------------------------------
+Thu Nov 24 01:54:21 UTC 2011 - crrodrig...@opensuse.org
+
+- use O_CLOEXEC in library code.
+
+-------------------------------------------------------------------
+Tue Nov 22 19:04:31 UTC 2011 - co...@suse.com
+
+- fix devel dependency
+
+-------------------------------------------------------------------
+Mon Nov 21 17:30:02 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+
+-------------------------------------------------------------------
+Wed Aug 24 18:07:57 UTC 2011 - crrodrig...@opensuse.org
+
+- Enable speex support
+- run make check
+
+-------------------------------------------------------------------
+Fri Jul 29 14:48:03 CEST 2011 - ti...@suse.de
+
+- Fix zero-division in PAF parser (bnc#708988)
+
+-------------------------------------------------------------------
+Wed Jul 27 23:39:43 UTC 2011 - crrodrig...@opensuse.org
+
+- Remove -fno-strict-aliasing from cflags, no longer needed
+- disable automake silent rules.
+
+-------------------------------------------------------------------
+Mon Jul 18 17:23:30 CEST 2011 - ti...@suse.de
+
+- updated to version 1.0.25:
+ Fix for Secunia Advisory SA45125 (CVE-2011-2696, bnc#705681)
+ Minor bug fixes and improvements
+
++++ 359 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.libsndfile.16825.new.1899/libsndfile.changes
New:
----
0001-FLAC-Fix-a-buffer-read-overrun.patch
0002-src-flac.c-Fix-a-buffer-read-overflow.patch
0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
0031-sfe_copy_data_fp-check-value-of-max-variable.patch
baselibs.conf
libsndfile-1.0.28.tar.gz
libsndfile-1.0.28.tar.gz.asc
libsndfile-CVE-2017-17456-alaw-range-check.patch
libsndfile-CVE-2017-17457-ulaw-range-check.patch
libsndfile-progs.changes
libsndfile-progs.spec
libsndfile-wav-loop-count-fix.patch
libsndfile.changes
libsndfile.keyring
libsndfile.spec
ms_adpcm-Fix-and-extend-size-checks.patch
sndfile-deinterlace-channels-check.patch
sndfile-ocloexec.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libsndfile-progs.spec ++++++
#
# spec file for package libsndfile-progs
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: libsndfile-progs
Version: 1.0.28
Release: 0
Summary: Example Programs for libsndfile
License: LGPL-2.1-or-later
Group: System/Libraries
Url: http://www.mega-nerd.com/libsndfile/
Source0:
http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
Source1:
http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz.asc
Source2: libsndfile.keyring
# PATCH-FIX-UPSTREAM
Patch1: 0001-FLAC-Fix-a-buffer-read-overrun.patch
Patch2: 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
Patch10: 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
Patch20: 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317
Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
# not yet upstreamed
Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch
Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch
Patch34: sndfile-deinterlace-channels-check.patch
# PATCH-FIX-OPENSUSE
Patch100: sndfile-ocloexec.patch
BuildRequires: alsa-devel
BuildRequires: flac-devel
BuildRequires: gcc-c++
BuildRequires: libjack-devel
BuildRequires: libtool
BuildRequires: libvorbis-devel
BuildRequires: pkgconfig
BuildRequires: sqlite-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package includes the example programs for libsndfile.
%prep
%setup -q -n libsndfile-%{version}
%patch1 -p1
%patch2 -p1
%patch10 -p1
%patch20 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch100 -p1
%build
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith
-Wno-unused-parameter
# autoreconf --force --install
CFLAGS="%{optflags} %{warn_flags}"
export CFLAGS
%configure --disable-silent-rules \
--disable-static \
--enable-sqlite \
--with-pic
make %{?_smp_mflags}
%install
make DESTDIR=%{buildroot} install %{?_smp_mflags}
# remove unnecessary files
rm -rf %{buildroot}%{_datadir}/doc/libsndfile
rm -rf %{buildroot}%{_libdir}
rm -rf %{buildroot}%{_includedir}
rm -rf %{buildroot}%{_datadir}/doc/libsndfile1-dev
%files
%defattr(-, root, root)
%{_bindir}/*
%doc %{_mandir}/man?/*
%changelog
++++++ libsndfile.spec ++++++
#
# spec file for package libsndfile
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define lname %{name}1
Name: libsndfile
Version: 1.0.28
Release: 0
Summary: Development/Libraries/C and C++
License: LGPL-2.1-or-later
Group: System/Libraries
Url: http://www.mega-nerd.com/libsndfile
Source0: http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz
Source1:
http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz.asc
Source2: %{name}.keyring
Source3: baselibs.conf
# PATCH-FIX-UPSTREAM
Patch1: 0001-FLAC-Fix-a-buffer-read-overrun.patch
Patch2: 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
Patch10: 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
Patch20: 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317
Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
# not yet upstreamed
Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch
Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch
Patch34: sndfile-deinterlace-channels-check.patch
# not yet upstreamed, CVE-2018-19758, bsc#1117954
Patch40: libsndfile-wav-loop-count-fix.patch
# PATCH-FIX-UPSTREAM CVE-2021-3246 bsc#1188540
PATCH50: ms_adpcm-Fix-and-extend-size-checks.patch
# PATCH-FIX-OPENSUSE
Patch100: sndfile-ocloexec.patch
BuildRequires: alsa-devel
BuildRequires: flac-devel
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: libvorbis-devel
BuildRequires: pkg-config
BuildRequires: speex-devel
BuildRequires: sqlite-devel
Obsoletes: libsnd
Provides: libsnd
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Libsndfile is a C library for reading and writing sound files, such as
AIFF, AU, and WAV files, through one standard interface. It can
currently read and write 8, 16, 24, and 32-bit PCM files as well as
32-bit floating point WAV files and a number of compressed formats.
%package -n %{lname}
Summary: A Library to Handle Various Audio File Formats
Group: System/Libraries
Provides: %{name} = %{version}
Obsoletes: %{name} <= 1.0.25
%description -n %{lname}
Libsndfile is a C library for reading and writing sound files, such
as AIFF, AU, and WAV files, through one standard interface. It can
currently read and write 8, 16, 24, and 32-bit PCM files as well as
32-bit floating point WAV files and a number of compressed formats.
%package devel
Summary: Development package for the libsndfile library
Group: Development/Libraries/C and C++
Requires: %{lname} = %{version}
Requires: glibc-devel
Requires: libstdc++-devel
Obsoletes: libsndd
Provides: libsndd
%description devel
This package contains the files needed to compile programs that use the
libsndfile library.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch10 -p1
%patch20 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch40 -p1
%patch50 -p1
%patch100 -p1
%build
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith
-Wno-unused-parameter
%if 0%{?suse_version} < 1200
sed -i -e'/^AM_SILENT_RULES/d' configure.ac
%endif
autoreconf --force --install
CFLAGS="%{optflags} %{warn_flags}"
export CFLAGS
%configure \
--disable-silent-rules \
--disable-static \
--enable-sqlite \
--with-pic \
--enable-experimental
make %{?_smp_mflags}
%install
%make_install
# remove unnecessary files
find %{buildroot} -type f -name "*.la" -delete -print
# remove programs; built in another spec file
rm -rf %{buildroot}%{_bindir}
rm -rf %{buildroot}%{_mandir}/man1
# remove binaries from examples directory
make -C examples distclean
rm -rf %{buildroot}%{_datadir}/doc/libsndfile
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
%check
pushd src
make %{?_smp_mflags} check
popd
%files -n %{lname}
%defattr(-, root, root)
%{_libdir}/libsndfile.so.1*
%files devel
%defattr(-, root, root)
%doc AUTHORS ChangeLog NEWS README
%doc doc/*.html doc/*.jpg doc/*.css doc/*.HOWTO
%license COPYING
%{_libdir}/libsndfile.so
%{_includedir}/sndfile.h
%{_includedir}/sndfile.hh
%{_libdir}/pkgconfig/*.pc
%doc examples
%changelog
++++++ 0001-FLAC-Fix-a-buffer-read-overrun.patch ++++++
>From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <er...@mega-nerd.com>
Date: Wed, 12 Apr 2017 19:45:30 +1000
Subject: [PATCH] FLAC: Fix a buffer read overrun
References: CVE-2017-8361 CVE-2017-8363 CVE-2017-8365 bsc#1036944 bsc#1036945
bsc#1036946
Buffer read overrun occurs when reading a FLAC file that switches
from 2 channels to one channel mid-stream. Only option is to
abort the read.
Closes: https://github.com/erikd/libsndfile/issues/230
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
--- a/src/flac.c
+++ b/src/flac.c
@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int)
metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream
changed from %d to %d channels\n"
+
"Nothing to be but to error out.\n" ,
+
psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int)
metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream
changed sample rates from %d to %d.\n"
+
"Carrying on as if nothing happened.",
+
psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate =
metadata->data.stream_info.sample_rate ;
psf->sf.frames =
metadata->data.stream_info.total_samples ;
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization
of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost
sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this
sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed
mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac
decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },
++++++ 0002-src-flac.c-Fix-a-buffer-read-overflow.patch ++++++
>From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <er...@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH] src/flac.c: Fix a buffer read overflow
References: CVE-2017-8362 bsc#1036943
A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.
Closes: https://github.com/erikd/libsndfile/issues/231
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d
channels\n"
+
"Nothing to do but to error out.\n" ,
+
psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant
blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -437,7 +444,7 @@ sf_flac_meta_callback (const FLAC__Strea
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int)
metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream
changed from %d to %d channels\n"
-
"Nothing to be but to error out.\n" ,
+
"Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;
++++++ 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch ++++++
>From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <er...@mega-nerd.com>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
Secunia Advisory SA76717.
Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof
(psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag &
0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;
++++++ 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch ++++++
>From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osm...@problemloesungsmaschine.de>
Date: Wed, 14 Jun 2017 12:25:40 +0200
Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
in binheader
Fixes the following problems:
1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
big switch statement by an amount (16 bytes) which is enough for all cases
where only a single value gets added. Cases 's', 'S', 'p' however
additionally write an arbitrary length block of data and again enlarge the
buffer to the required amount. However, the required space calculation does
not take into account the size of the length field which gets output before
the data.
3. Buffer size requirement calculation in case 'S' does not account for the
padding byte ("size += (size & 1) ;" happens after the calculation which
uses "size").
4. Case 'S' can overrun the header buffer by 1 byte when no padding is
involved
("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
the buffer is only guaranteed to have "size" space available).
5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
beyond the space which is guaranteed to be allocated in the header buffer.
6. Case 's' can overrun the provided source string by 1 byte if padding is
involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
plus optionally another 1 which is padding and not guaranteed to be
readable via the source string pointer).
Closes: https://github.com/erikd/libsndfile/issues/292
---
src/common.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/src/common.c
+++ b/src/common.c
@@ -675,16 +675,16 @@ psf_binheader_writef (SF_PRIVATE *psf, c
/* Write a C string (guaranteed to have
a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t)
size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t)
size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation
(psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size +
(size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size +
(size & 1)) ;
memcpy (&(psf->header.ptr
[psf->header.indx]), strptr, size) ;
+ size += (size & 1) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1]
= 0 ;
count += 4 + size ;
@@ -697,16 +697,15 @@ psf_binheader_writef (SF_PRIVATE *psf, c
*/
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
- if (psf->header.indx + (sf_count_t)
size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 4 + (sf_count_t)
size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation
(psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
header_put_le_int (psf, size) ;
- memcpy (&(psf->header.ptr
[psf->header.indx]), strptr, size + 1) ;
+ memcpy (&(psf->header.ptr
[psf->header.indx]), strptr, size + (size & 1)) ;
size += (size & 1) ;
psf->header.indx += size ;
- psf->header.ptr [psf->header.indx] = 0 ;
count += 4 + size ;
break ;
@@ -718,7 +717,7 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = (size & 1) ? size : size + 1 ;
size = (size > 254) ? 254 : size ;
- if (psf->header.indx + (sf_count_t)
size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 1 + (sf_count_t)
size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
return count ;
header_put_byte (psf, size) ;
++++++ 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch ++++++
>From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
From: Fabian Greffrath <fab...@greffrath.com>
Date: Thu, 28 Sep 2017 12:15:04 +0200
Subject: [PATCH] double64_init: Check psf->sf.channels against upper bound
This prevents division by zero later in the code.
While the trivial case to catch this (i.e. sf.channels < 1) has already
been covered, a crafted file may report a number of channels that is
so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
miscalculated to zero (if this makes sense) in the determination of the
blockwidth. Since we only support a limited number of channels anyway,
make sure to check here as well.
CVE-2017-14634
Closes: https://github.com/erikd/libsndfile/issues/318
Signed-off-by: Erik de Castro Lopo <er...@mega-nerd.com>
---
src/double64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/double64.c
+++ b/src/double64.c
@@ -91,7 +91,7 @@ int
double64_init (SF_PRIVATE *psf)
{ static int double64_caps ;
- if (psf->sf.channels < 1)
+ if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
{ psf_log_printf (psf, "double64_init : internal error : channels
= %d\n", psf->sf.channels) ;
return SFE_INTERNAL ;
} ;
++++++ 0031-sfe_copy_data_fp-check-value-of-max-variable.patch ++++++
>From 2d54514a4f6437b67829717c05472d2e3300a258 Mon Sep 17 00:00:00 2001
From: Fabian Greffrath <fab...@greffrath.com>
Date: Wed, 27 Sep 2017 14:46:17 +0200
Subject: [PATCH] sfe_copy_data_fp: check value of "max" variable for being
normal
and check elements of the data[] array for being finite.
Both checks use functions provided by the <math.h> header as declared
by the C99 standard.
Fixes #317
CVE-2017-14245
CVE-2017-14246
---
programs/common.c | 20 ++++++++++++++++----
programs/common.h | 2 +-
programs/sndfile-convert.c | 6 +++++-
3 files changed, 22 insertions(+), 6 deletions(-)
--- a/programs/common.c
+++ b/programs/common.c
@@ -36,6 +36,7 @@
#include <string.h>
#include <ctype.h>
#include <stdint.h>
+#include <math.h>
#include <sndfile.h>
@@ -45,7 +46,7 @@
#define MIN(x, y) ((x) < (y) ? (x) : (y))
-void
+int
sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int
normalize)
{ static double data [BUFFER_LEN], max ;
int frames, readcount, k ;
@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDF
readcount = frames ;
sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ;
+ if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */
+ return 1 ;
if (!normalize && max < 1.0)
{ while (readcount > 0)
@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDF
while (readcount > 0)
{ readcount = sf_readf_double (infile, data, frames) ;
for (k = 0 ; k < readcount * channels ; k++)
- data [k] /= max ;
+ { data [k] /= max ;
+
+ if (!isfinite (data [k])) /* infinite or NaN */
+ return 1;
+ }
sf_writef_double (outfile, data, readcount) ;
} ;
} ;
- return ;
+ return 0 ;
} /* sfe_copy_data_fp */
void
@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char *
/* If the input file is not the same as the output file, copy
the data. */
if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor ==
SF_FORMAT_FLOAT))
- sfe_copy_data_fp (outfile, infile, sfinfo.channels,
SF_FALSE) ;
+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels,
SF_FALSE) != 0)
+ { printf ("Error : Not able to decode input file
'%s'\n", filenames [0]) ;
+ error_code = 1 ;
+ goto cleanup_exit ;
+ } ;
+ }
else
sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
} ;
--- a/programs/common.h
+++ b/programs/common.h
@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_
void sfe_apply_metadata_changes (const char * filenames [2], const
METADATA_INFO * info) ;
-void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int
normalize) ;
+int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int
normalize) ;
void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ;
--- a/programs/sndfile-convert.c
+++ b/programs/sndfile-convert.c
@@ -335,7 +335,11 @@ main (int argc, char * argv [])
|| (outfileminor == SF_FORMAT_DOUBLE) || (outfileminor
== SF_FORMAT_FLOAT)
|| (infileminor == SF_FORMAT_DOUBLE) || (infileminor ==
SF_FORMAT_FLOAT)
|| (infileminor == SF_FORMAT_VORBIS) || (outfileminor
== SF_FORMAT_VORBIS))
- sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) ;
+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels,
normalize) != 0)
+ { printf ("Error : Not able to decode input file %s.\n",
infilename) ;
+ return 1 ;
+ } ;
+ }
else
sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
++++++ baselibs.conf ++++++
libsndfile1
provides "libsndfile-<targettype> = <version>"
obsoletes "libsndfile-<targettype> <= 1.0.25"
++++++ libsndfile-CVE-2017-17456-alaw-range-check.patch ++++++
---
src/alaw.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
--- a/src/alaw.c
+++ b/src/alaw.c
@@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count,
static inline void
f2alaw_array (const float *ptr, int count, unsigned char *buffer, float
normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = alaw_encode [lrintf (normfact * ptr
[count])] ;
- else
- buffer [count] = 0x7F & alaw_encode [- lrintf (normfact
* ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = alaw_encode [0] ;
+ } else if (ptr [count] >= 0) {
+ idx = lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048;
+ buffer [count] = alaw_encode [idx] ;
+ } else {
+ idx = -lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048 ;
+ buffer [count] = 0x7F & alaw_encode [idx] ;
+ }
} ;
} /* f2alaw_array */
static inline void
d2alaw_array (const double *ptr, int count, unsigned char *buffer, double
normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = alaw_encode [lrint (normfact * ptr
[count])] ;
- else
- buffer [count] = 0x7F & alaw_encode [- lrint (normfact
* ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = alaw_encode [0] ;
+ } else if (ptr [count] >= 0) {
+ idx = lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048;
+ buffer [count] = alaw_encode [idx] ;
+ } else {
+ idx = -lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048 ;
+ buffer [count] = 0x7F & alaw_encode [idx] ;
+ }
} ;
} /* d2alaw_array */
++++++ libsndfile-CVE-2017-17457-ulaw-range-check.patch ++++++
---
src/ulaw.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count,
static inline void
f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float
normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = ulaw_encode [lrintf (normfact * ptr
[count])] ;
- else
- buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact
* ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = ulaw_encode [0];
+ } else if (ptr [count] >= 0) {
+ idx = lrint (normfact * ptr [count]);
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = ulaw_encode [idx] ;
+ } else {
+ idx = -lrint (normfact * ptr [count]) ;
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = 0x7F & ulaw_encode [idx] ;
+ }
} ;
} /* f2ulaw_array */
static inline void
d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double
normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = ulaw_encode [lrint (normfact * ptr
[count])] ;
- else
- buffer [count] = 0x7F & ulaw_encode [- lrint (normfact
* ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = ulaw_encode [0];
+ } else if (ptr [count] >= 0) {
+ idx = lrint (normfact * ptr [count]);
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = ulaw_encode [idx] ;
+ } else {
+ idx = -lrint (normfact * ptr [count]) ;
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = 0x7F & ulaw_encode [idx] ;
+ }
} ;
} /* d2ulaw_array */
++++++ libsndfile-wav-loop-count-fix.patch ++++++
From: Takashi Iwai <ti...@suse.de>
Subject: wav: Fix segfault due to invalid loop_count
References: CVE-2018-19758, bsc#1117954
The psf->instrument->loop_count can be over the actual loops array size,
and it leads to a segfault.
Just add the loop size fix to address it.
Signed-off-by: Takashi Iwai <ti...@suse.de>
---
src/wav.c | 3 +++
1 file changed, 3 insertions(+)
--- a/src/wav.c
+++ b/src/wav.c
@@ -1097,6 +1097,9 @@ wav_write_header (SF_PRIVATE *psf, int c
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
{ int type ;
+ if (tmp >= ARRAY_LEN (psf->instrument->loops))
+ break;
+
type = psf->instrument->loops [tmp].mode ;
type = (type == SF_LOOP_FORWARD ? 0 : type ==
SF_LOOP_BACKWARD ? 2 : type == SF_LOOP_ALTERNATING ? 1 : 32) ;
++++++ ms_adpcm-Fix-and-extend-size-checks.patch ++++++
>From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
From: bobsayshilol <bobsayshi...@live.co.uk>
Date: Thu, 18 Feb 2021 21:52:09 +0000
Subject: [PATCH] ms_adpcm: Fix and extend size checks
'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
---
src/ms_adpcm.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
index 5e8f1a316507..a21cb994105e 100644
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int
blockalign, int samplesperblock)
if (psf->file.mode == SFM_WRITE)
samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) /
psf->sf.channels ;
- if (blockalign < 7 * psf->sf.channels)
- { psf_log_printf (psf, "*** Error blockalign (%d) should be >
%d.\n", blockalign, 7 * psf->sf.channels) ;
+ /* There's 7 samples per channel in the preamble of each block */
+ if (samplesperblock < 7 * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be
>= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+
+ if (2 * blockalign < samplesperblock * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >=
%d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
return SFE_INTERNAL ;
} ;
--
2.26.2
++++++ sndfile-deinterlace-channels-check.patch ++++++
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index 5366031075ab..712cb96cda76 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,11 @@ main (int argc, char **argv)
exit (1) ;
} ;
+ if (sfinfo.channels > MAX_CHANNELS)
+ { printf ("\nError : Too many channels %d in input file '%s'.\n",
sfinfo.channels, argv[1]) ;
+ exit (1) ;
+ }
+
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;
++++++ sndfile-ocloexec.patch ++++++
---
src/file_io.c | 3 +++
1 file changed, 3 insertions(+)
--- a/src/file_io.c
+++ b/src/file_io.c
@@ -570,6 +570,9 @@ psf_open_fd (PSF_FILE * pfile)
return - SFE_BAD_OPEN_MODE ;
break ;
} ;
+#ifdef O_CLOEXEC
+ oflag |= O_CLOEXEC;
+#endif
if (mode == 0)
fd = open (pfile->path.c, oflag) ;
