Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package wavpack for openSUSE:Factory checked in at 2022-03-18 16:41:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wavpack (Old) and /work/SRC/openSUSE:Factory/.wavpack.new.25692 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wavpack" Fri Mar 18 16:41:35 2022 rev:31 rq:962211 version:5.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/wavpack/wavpack.changes 2021-01-19 16:01:29.691316526 +0100 +++ /work/SRC/openSUSE:Factory/.wavpack.new.25692/wavpack.changes 2022-03-18 16:41:44.161164136 +0100 @@ -1,0 +2,8 @@ +Wed Mar 16 09:03:47 UTC 2022 - [email protected] + +- security update +- added patches + fix CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file + + wavpack-CVE-2021-44269.patch + +------------------------------------------------------------------- New: ---- wavpack-CVE-2021-44269.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wavpack.spec ++++++ --- /var/tmp/diff_new_pack.ElOiNK/_old 2022-03-18 16:41:44.581164437 +0100 +++ /var/tmp/diff_new_pack.ElOiNK/_new 2022-03-18 16:41:44.585164440 +0100 @@ -1,7 +1,7 @@ # # spec file for package wavpack # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,8 @@ URL: http://www.wavpack.com/ Source0: http://www.wavpack.com/%{name}-%{version}.tar.bz2 Source99: baselibs.conf +# CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file +Patch0: wavpack-CVE-2021-44269.patch BuildRequires: pkgconfig %description @@ -68,6 +70,7 @@ %prep %setup -q +%patch0 -p1 %build %configure --disable-static ++++++ wavpack-CVE-2021-44269.patch ++++++ diff --git a/cli/dsdiff.c b/cli/dsdiff.c index d7adb6a..5bdcae3 100644 --- a/cli/dsdiff.c +++ b/cli/dsdiff.c @@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa } total_samples = dff_chunk_header.ckDataSize / config->num_channels; + + if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) { + error_line ("%s is not a valid .DFF file!", infilename); + return WAVPACK_SOFT_ERROR; + } + break; } else { // just copy unknown chunks to output file diff --git a/cli/dsf.c b/cli/dsf.c index e1d7973..dddd488 100644 --- a/cli/dsf.c +++ b/cli/dsf.c @@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 || format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved || + format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 || (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) || format_chunk.numChannels < 1 || format_chunk.numChannels > 6 || format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
