Hello community,
here is the log from the commit of package libsndfile for openSUSE:Factory
checked in at 2015-11-08 11:25:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libsndfile (Old)
and /work/SRC/openSUSE:Factory/.libsndfile.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsndfile"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes 2015-03-27
09:39:04.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libsndfile.new/libsndfile.changes
2015-11-08 11:25:42.000000000 +0100
@@ -1,0 +2,16 @@
+Wed Nov 4 16:43:39 CET 2015 - ti...@suse.de
+
+- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
+ libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+ libsndfile-fix-header-read-CVE-2015-7805.patch
+- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
+ libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
+
+-------------------------------------------------------------------
+Wed Nov 4 11:38:16 CET 2015 - ti...@suse.de
+
+- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
+ libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+
+-------------------------------------------------------------------
New:
----
libsndfile-fix-header-read-CVE-2015-7805.patch
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libsndfile.spec ++++++
--- /var/tmp/diff_new_pack.mOraYf/_old 2015-11-08 11:25:43.000000000 +0100
+++ /var/tmp/diff_new_pack.mOraYf/_new 2015-11-08 11:25:43.000000000 +0100
@@ -37,6 +37,14 @@
Patch3: sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
# PATCH-FIX-UPSTREAM CVE-2014-9496 bnc#911796
Patch4: sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+# PATCH-FIX-UPSTREAM CVE-2014-9756 bsc#953521
+Patch5: libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+# PATCH-FIX-UPSTREAM CVE-2015-7805 bsc#953516
+Patch6: libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+# PATCH-FIX-SUSE CVE-2015-7805 bsc#953516
+Patch7: libsndfile-fix-header-read-CVE-2015-7805.patch
+# PATCH-FIX-SUSE CVE-2015-8075 bsc#953519
+Patch8: libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
BuildRequires: alsa-devel
BuildRequires: flac-devel
BuildRequires: gcc-c++
@@ -87,9 +95,16 @@
%patch2
%patch3 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%build
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith
-Wno-unused-parameter
+%if %suse_version < 1200
+sed -i -e'/^AM_SILENT_RULES/d' configure.ac
+%endif
autoreconf --force --install
CFLAGS="%{optflags} %{warn_flags}"
export CFLAGS
++++++ libsndfile-fix-header-read-CVE-2015-7805.patch ++++++
---
src/common.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/src/common.c
+++ b/src/common.c
@@ -800,9 +800,10 @@ header_read (SF_PRIVATE *psf, void *ptr,
if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
{ int most ;
- most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
+ most = SIGNED_SIZEOF (psf->header) - psf->headend ;
psf_fread (psf->header + psf->headend, 1, most, psf) ;
- memcpy (ptr, psf->header + psf->headend, most) ;
+ most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
+ memcpy (ptr, psf->header + psf->headindex, most) ;
psf->headend = psf->headindex += most ;
psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
return bytes ;
++++++ libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch ++++++
---
src/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/common.c
+++ b/src/common.c
@@ -1332,7 +1332,7 @@ psf_strlcpy_crlf (char *dest, const char
char * destend = dest + destmax - 2 ;
const char * srcend = src + srcmax ;
- while (dest < destend && src < srcend)
+ while (*src && dest < destend && src < srcend)
{ if ((src [0] == '\r' && src [1] == '\n') || (src [0] == '\n' &&
src [1] == '\r'))
{ *dest++ = '\r' ;
*dest++ = '\n' ;
++++++ libsndfile-src-common.c-Fix-a-header-parsing-bug.patch ++++++
>From d2a87385c1ca1d72918e9a2875d24f202a5093e8 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <er...@mega-nerd.com>
Date: Sat, 7 Feb 2015 15:45:10 +1100
Subject: [PATCH] src/common.c : Fix a header parsing bug.
When the file header is bigger that SF_HEADER_LEN, the code would seek
instead of reading causing file parse errors.
The current header parsing and writing code *badly* needs a re-write.
---
src/common.c | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
--- a/src/common.c
+++ b/src/common.c
@@ -795,21 +795,16 @@ header_read (SF_PRIVATE *psf, void *ptr,
{ int count = 0 ;
if (psf->headindex >= SIGNED_SIZEOF (psf->header))
- { memset (ptr, 0, SIGNED_SIZEOF (psf->header) - psf->headindex) ;
-
- /* This is the best that we can do. */
- psf_fseek (psf, bytes, SEEK_CUR) ;
- return bytes ;
- } ;
+ return psf_fread (ptr, 1, bytes, psf) ;
if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
{ int most ;
most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
psf_fread (psf->header + psf->headend, 1, most, psf) ;
- memset ((char *) ptr + most, 0, bytes - most) ;
-
- psf_fseek (psf, bytes - most, SEEK_CUR) ;
+ memcpy (ptr, psf->header + psf->headend, most) ;
+ psf->headend = psf->headindex += most ;
+ psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
return bytes ;
} ;
@@ -817,7 +812,7 @@ header_read (SF_PRIVATE *psf, void *ptr,
{ count = psf_fread (psf->header + psf->headend, 1, bytes -
(psf->headend - psf->headindex), psf) ;
if (count != bytes - (int) (psf->headend - psf->headindex))
{ psf_log_printf (psf, "Error : psf_fread returned short
count.\n") ;
- return 0 ;
+ return count ;
} ;
psf->headend += count ;
} ;
@@ -831,7 +826,6 @@ header_read (SF_PRIVATE *psf, void *ptr,
static void
header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
{
-
switch (whence)
{ case SEEK_SET :
if (position > SIGNED_SIZEOF (psf->header))
@@ -880,8 +874,7 @@ header_seek (SF_PRIVATE *psf, sf_count_t
static int
header_gets (SF_PRIVATE *psf, char *ptr, int bufsize)
-{
- int k ;
+{ int k ;
for (k = 0 ; k < bufsize - 1 ; k++)
{ if (psf->headindex < psf->headend)
@@ -1068,8 +1061,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'j' :
/* Get the seek position first. */
count = va_arg (argptr, size_t) ;
- header_seek (psf, count, SEEK_CUR) ;
- byte_count += count ;
+ if (count)
+ { header_seek (psf, count,
SEEK_CUR) ;
+ byte_count += count ;
+ } ;
break ;
default :
++++++ libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch ++++++
>From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <er...@mega-nerd.com>
Date: Wed, 24 Dec 2014 21:02:35 +1100
Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
Closes: https://github.com/erikd/libsndfile/issues/92
---
src/file_io.c | 3 +++
1 file changed, 3 insertions(+)
--- a/src/file_io.c
+++ b/src/file_io.c
@@ -358,6 +358,9 @@ psf_fwrite (const void *ptr, sf_count_t
{ sf_count_t total = 0 ;
ssize_t count ;
+ if (bytes == 0 || items == 0)
+ return 0 ;
+
if (psf->virtual_io)
return psf->vio.write (ptr, bytes*items, psf->vio_user_data) /
bytes ;
