Accepting request 651403 from multimedia:libs
- Fix buffer overflow in sndfile-deinterleave, which isn't really a security issue (bsc#1100167, CVE-2018-13139, bsc#1116993, CVE-2018-19432): (Apply all the rest as well to sync with libsndfile.spec) 0001-FLAC-Fix-a-buffer-read-overrun.patch 0002-src-flac.c-Fix-a-buffer-read-overflow.patch 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch 0031-sfe_copy_data_fp-check-value-of-max-variable.patch libsndfile-CVE-2017-17456-alaw-range-check.patch libsndfile-CVE-2017-17457-ulaw-range-check.patch sndfile-deinterlace-channels-check.patch sndfile-ocloexec.patch - Fix buffer overflow in sndfile-deinterleave, which isn't really a security issue (bsc#1100167, CVE-2018-13139, bsc#1116993, CVE-2018-19432): OBS-URL: https://build.opensuse.org/request/show/651403 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=56
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,21 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 6 14:11:47 CEST 2018 - tiwai@suse.de
|
||||
|
||||
- Fix buffer overflow in sndfile-deinterleave, which isn't really a
|
||||
security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
|
||||
CVE-2018-19432):
|
||||
(Apply all the rest as well to sync with libsndfile.spec)
|
||||
0001-FLAC-Fix-a-buffer-read-overrun.patch
|
||||
0002-src-flac.c-Fix-a-buffer-read-overflow.patch
|
||||
0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
|
||||
0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
|
||||
0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
|
||||
0031-sfe_copy_data_fp-check-value-of-max-variable.patch
|
||||
libsndfile-CVE-2017-17456-alaw-range-check.patch
|
||||
libsndfile-CVE-2017-17457-ulaw-range-check.patch
|
||||
sndfile-deinterlace-channels-check.patch
|
||||
sndfile-ocloexec.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 10 10:47:58 CEST 2017 - tiwai@suse.de
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@@ -26,6 +26,20 @@ Url: http://www.mega-nerd.com/libsndfile/
|
||||
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
|
||||
Source1: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz.asc
|
||||
Source2: libsndfile.keyring
|
||||
# PATCH-FIX-UPSTREAM
|
||||
Patch1: 0001-FLAC-Fix-a-buffer-read-overrun.patch
|
||||
Patch2: 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
|
||||
Patch10: 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
|
||||
Patch20: 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
|
||||
Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
|
||||
# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317
|
||||
Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
|
||||
# not yet upstreamed
|
||||
Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch
|
||||
Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch
|
||||
Patch34: sndfile-deinterlace-channels-check.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch100: sndfile-ocloexec.patch
|
||||
BuildRequires: alsa-devel
|
||||
BuildRequires: flac-devel
|
||||
BuildRequires: gcc-c++
|
||||
@@ -41,6 +55,16 @@ This package includes the example programs for libsndfile.
|
||||
|
||||
%prep
|
||||
%setup -q -n libsndfile-%{version}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch10 -p1
|
||||
%patch20 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch100 -p1
|
||||
|
||||
%build
|
||||
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 6 14:11:47 CEST 2018 - tiwai@suse.de
|
||||
|
||||
- Fix buffer overflow in sndfile-deinterlace, which isn't really a
|
||||
security issue (bsc#1100167, CVE-2018-13139):
|
||||
- Fix buffer overflow in sndfile-deinterleave, which isn't really a
|
||||
security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
|
||||
CVE-2018-19432):
|
||||
sndfile-deinterlace-channels-check.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user