Accepting request 615283 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/615283 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/aubio?expand=0&rev=24
2018-06-26 08:37:07 +00:00 · 2018-06-26 08:37:07 +00:00 · 447892a288
commit 447892a288
parent a78383fd16 93d5f1eecb
3 changed files with 46 additions and 1 deletions
--- a/aubio-resampler-NULL-deref-fix.patch
+++ b/aubio-resampler-NULL-deref-fix.patch
@ -0,0 +1,30 @@
+From: Takashi Iwai <tiwai@suse.de>
+Subject: Fix a NULl dereference in aubio_source_avcodec_readframe()
+References: bsc#1072317 CVE-2017-17554 
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ src/io/source_avcodec.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/src/io/source_avcodec.c
+++ b/src/io/source_avcodec.c
+@@ -420,6 +420,8 @@ void aubio_source_avcodec_readframe(aubi
+   }
+ 
+ #ifdef HAVE_AVRESAMPLE
+  if (!avr)
+      goto beach;
+   in_linesize = 0;
+   av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels,
+       avFrame->nb_samples, avCodecCtx->sample_fmt, 1);
+@@ -430,6 +432,8 @@ void aubio_source_avcodec_readframe(aubi
+         (uint8_t **)&output, out_linesize, max_out_samples,
+         (uint8_t **)avFrame->data, in_linesize, in_samples);
+ #elif defined(HAVE_SWRESAMPLE)
+  if (!avr)
+      goto beach;
+   in_samples = avFrame->nb_samples;
+   max_out_samples = AUBIO_AVCODEC_MAX_BUFFER_SIZE / avCodecCtx->channels;
+   out_samples = swr_convert( avr,
--- a/aubio.changes
+++ b/aubio.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Jun  8 16:19:05 CEST 2018 - tiwai@suse.de
+
+- Use license file tag
+
+-------------------------------------------------------------------
+Fri Jun  8 16:08:08 CEST 2018 - tiwai@suse.de
+
+- Fix segfault with malformed input file (CVE-2017-17554,
+  bsc#1072317):
+  aubio-resampler-NULL-deref-fix.patch
+
 -------------------------------------------------------------------
 Sat Apr 21 12:55:33 UTC 2018 - jengelh@inai.de

--- a/aubio.spec
+++ b/aubio.spec
@ -43,6 +43,7 @@ Source:         http://aubio.org/pub/%{name}-%{version}.tar.bz2
 Source1:        http://aubio.org/pub/%{name}-%{version}.tar.bz2.asc
 Source99:       baselibs.conf
 Patch1:         aubio-wavread-input-validation.patch
+Patch2:         aubio-resampler-NULL-deref-fix.patch
 Url:            http://aubio.org
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define debug_package_requires %{libpkgname} = %{version}-%{release}
@ -85,6 +86,7 @@ This package includes the example programs for aubio library.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 sed -e "s,/lib,/%_lib," src/wscript_build > src/wscript_build.new
 diff -u src/wscript_build src/wscript_build.new || :
 mv src/wscript_build.new src/wscript_build
@ -110,7 +112,8 @@ rm -f %{buildroot}%{_libdir}/libaubio.a

 %files -n libaubio-devel
 %defattr(-, root, root)
-%doc AUTHORS ChangeLog COPYING README.md
+%doc AUTHORS ChangeLog README.md
+%license COPYING
 %{_libdir}/lib*.so
 %{_libdir}/pkgconfig/*.pc
 %{_includedir}/aubio