Accepting request 342562 from multimedia:libs

1 OBS-URL: https://build.opensuse.org/request/show/342562 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=46
2015-11-08 10:25:41 +00:00 · 2015-11-08 10:25:41 +00:00 · 905f2c927f
commit 905f2c927f
parent 0482060072 1d554d55a6
6 changed files with 168 additions and 0 deletions
--- a/libsndfile-fix-header-read-CVE-2015-7805.patch
+++ b/libsndfile-fix-header-read-CVE-2015-7805.patch
@ -0,0 +1,19 @@
 ---
 src/common.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 --- a/src/common.c
 +++ b/src/common.c
@@ -800,9 +800,10 @@ header_read (SF_PRIVATE *psf, void *ptr,
 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
 	{	int most ;
 -		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
 +		most = SIGNED_SIZEOF (psf->header) - psf->headend ;
 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
 -		memcpy (ptr, psf->header + psf->headend, most) ;
 +		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
 +		memcpy (ptr, psf->header + psf->headindex, most) ;
 		psf->headend = psf->headindex += most ;
 		psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
 		return bytes ;
--- a/libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+++ b/libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
@ -0,0 +1,15 @@
 ---
 src/common.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- a/src/common.c
 +++ b/src/common.c
@@ -1332,7 +1332,7 @@ psf_strlcpy_crlf (char *dest, const char
 	char * destend = dest + destmax - 2 ;
 	const char * srcend = src + srcmax ;
 -	while (dest < destend && src < srcend)
 +	while (*src && dest < destend && src < srcend)
 	{	if ((src [0] == '\r' && src [1] == '\n') || (src [0] == '\n' && src [1] == '\r'))
 		{	*dest++ = '\r' ;
 			*dest++ = '\n' ;
--- a/libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+++ b/libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
@ -0,0 +1,81 @@
 From d2a87385c1ca1d72918e9a2875d24f202a5093e8 Mon Sep 17 00:00:00 2001
 From: Erik de Castro Lopo <erikd@mega-nerd.com>
 Date: Sat, 7 Feb 2015 15:45:10 +1100
 Subject: [PATCH] src/common.c : Fix a header parsing bug.
 When the file header is bigger that SF_HEADER_LEN, the code would seek
 instead of reading causing file parse errors.
 The current header parsing and writing code *badly* needs a re-write.
 ---
 src/common.c |   25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)
 --- a/src/common.c
 +++ b/src/common.c
@@ -795,21 +795,16 @@ header_read (SF_PRIVATE *psf, void *ptr,
 {	int count = 0 ;
 	if (psf->headindex >= SIGNED_SIZEOF (psf->header))
 -	{	memset (ptr, 0, SIGNED_SIZEOF (psf->header) - psf->headindex) ;
 -
 -		/* This is the best that we can do. */
 -		psf_fseek (psf, bytes, SEEK_CUR) ;
 -		return bytes ;
 -		} ;
 +		return psf_fread (ptr, 1, bytes, psf) ;
 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
 	{	int most ;
 		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
 -		memset ((char *) ptr + most, 0, bytes - most) ;
 -
 -		psf_fseek (psf, bytes - most, SEEK_CUR) ;
 +		memcpy (ptr, psf->header + psf->headend, most) ;
 +		psf->headend = psf->headindex += most ;
 +		psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
 		return bytes ;
 		} ;
@@ -817,7 +812,7 @@ header_read (SF_PRIVATE *psf, void *ptr,
 	{	count = psf_fread (psf->header + psf->headend, 1, bytes - (psf->headend - psf->headindex), psf) ;
 		if (count != bytes - (int) (psf->headend - psf->headindex))
 		{	psf_log_printf (psf, "Error : psf_fread returned short count.\n") ;
 -			return 0 ;
 +			return count ;
 			} ;
 		psf->headend += count ;
 		} ;
@@ -831,7 +826,6 @@ header_read (SF_PRIVATE *psf, void *ptr,
 static void
 header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
 {
 -
 	switch (whence)
 	{	case SEEK_SET :
 			if (position > SIGNED_SIZEOF (psf->header))
@@ -880,8 +874,7 @@ header_seek (SF_PRIVATE *psf, sf_count_t
 static int
 header_gets (SF_PRIVATE *psf, char *ptr, int bufsize)
 -{
 -	int		k ;
 +{	int		k ;
 	for (k = 0 ; k < bufsize - 1 ; k++)
 	{	if (psf->headindex < psf->headend)
@@ -1068,8 +1061,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
 			case 'j' :
 					/* Get the seek position first. */
 					count = va_arg (argptr, size_t) ;
 -					header_seek (psf, count, SEEK_CUR) ;
 -					byte_count += count ;
 +					if (count)
 +					{	header_seek (psf, count, SEEK_CUR) ;
 +						byte_count += count ;
 +						} ;
 					break ;
 			default :
--- a/libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+++ b/libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
@ -0,0 +1,22 @@
 From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
 From: Erik de Castro Lopo <erikd@mega-nerd.com>
 Date: Wed, 24 Dec 2014 21:02:35 +1100
 Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
 Closes: https://github.com/erikd/libsndfile/issues/92
 ---
 src/file_io.c |    3 +++
 1 file changed, 3 insertions(+)
 --- a/src/file_io.c
 +++ b/src/file_io.c
@@ -358,6 +358,9 @@ psf_fwrite (const void *ptr, sf_count_t
 {	sf_count_t total = 0 ;
 	ssize_t	count ;
 +	if (bytes == 0 || items == 0)
 +		return 0 ;
 +
 	if (psf->virtual_io)
 		return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
--- a/libsndfile.changes
+++ b/libsndfile.changes
@ -1,3 +1,19 @@
 -------------------------------------------------------------------
 Wed Nov  4 16:43:39 CET 2015 - tiwai@suse.de
 - VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
  libsndfile-fix-header-read-CVE-2015-7805.patch
 - VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
 - Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
 -------------------------------------------------------------------
 Wed Nov  4 11:38:16 CET 2015 - tiwai@suse.de
 - VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
 -------------------------------------------------------------------
 Sat Mar 21 08:12:34 UTC 2015 - mpluskal@suse.com
--- a/libsndfile.spec
+++ b/libsndfile.spec
@ -37,6 +37,14 @@ Patch2:         sndfile-ocloexec.patch
 Patch3:         sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
 # PATCH-FIX-UPSTREAM CVE-2014-9496 bnc#911796
 Patch4:         sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
 # PATCH-FIX-UPSTREAM CVE-2014-9756 bsc#953521
 Patch5:         libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
 # PATCH-FIX-UPSTREAM CVE-2015-7805 bsc#953516
 Patch6:         libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
 # PATCH-FIX-SUSE CVE-2015-7805 bsc#953516
 Patch7:         libsndfile-fix-header-read-CVE-2015-7805.patch
 # PATCH-FIX-SUSE CVE-2015-8075 bsc#953519
 Patch8:         libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
 BuildRequires:  alsa-devel
 BuildRequires:  flac-devel
 BuildRequires:  gcc-c++
@ -87,9 +95,16 @@ libsndfile library.
 %patch2
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %build
 %define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter
 %if %suse_version < 1200
 sed -i -e'/^AM_SILENT_RULES/d' configure.ac
 %endif
 autoreconf --force --install
 CFLAGS="%{optflags} %{warn_flags}"
 export CFLAGS