diff --git a/libsndfile-1.2.0.tar.xz b/libsndfile-1.2.0.tar.xz deleted file mode 100644 index 48ef18d..0000000 --- a/libsndfile-1.2.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0e30e7072f83dc84863e2e55f299175c7e04a5902ae79cfb99d4249ee8f6d60a -size 730268 diff --git a/libsndfile-1.2.0.tar.xz.asc b/libsndfile-1.2.0.tar.xz.asc deleted file mode 100644 index 9ffab43..0000000 Binary files a/libsndfile-1.2.0.tar.xz.asc and /dev/null differ diff --git a/libsndfile-1.2.2.tar.xz b/libsndfile-1.2.2.tar.xz new file mode 100644 index 0000000..22bafa3 --- /dev/null +++ b/libsndfile-1.2.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3799ca9924d3125038880367bf1468e53a1b7e3686a934f098b7e1d286cdb80e +size 730760 diff --git a/libsndfile-1.2.2.tar.xz.asc b/libsndfile-1.2.2.tar.xz.asc new file mode 100644 index 0000000..74cf2ae Binary files /dev/null and b/libsndfile-1.2.2.tar.xz.asc differ diff --git a/libsndfile-CVE-2022-33065.patch b/libsndfile-CVE-2022-33065.patch new file mode 100644 index 0000000..9249814 --- /dev/null +++ b/libsndfile-CVE-2022-33065.patch @@ -0,0 +1,40 @@ +From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001 +From: Alex Stewart +Date: Tue, 10 Oct 2023 16:10:34 -0400 +Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation + +The clang sanitizer warns of a possible signed integer overflow when +calculating the `dataend` value in `mat4_read_header()`. + +``` +src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int' +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in +src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int' +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in +``` + +Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of +`dataend` before performing the calculation, to avoid the issue. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/789 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart +--- + src/mat4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mat4.c b/src/mat4.c +index 0b1b414b4..575683ba1 100644 +--- a/src/mat4.c ++++ b/src/mat4.c +@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf) + psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ; + } + else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth) +- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ; ++ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ; + + psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ; + diff --git a/libsndfile-progs.changes b/libsndfile-progs.changes index f2c2d9e..c564de7 100644 --- a/libsndfile-progs.changes +++ b/libsndfile-progs.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai + +- Update to 1.2.1: + * Various bug fixes (issue #908, #907, #934, #950, #930) +- Update to 1.2.2: + * Fixed invalid regex in src/create_symbols_file.py + * Fixed passing null pointer to printf %s in tests +- Fix signed integers overflows in au_read_header() + (bsc#121345, CVE-2022-33065): + libsndfile-CVE-2022-33065.patch + ------------------------------------------------------------------- Tue Feb 21 10:14:43 UTC 2023 - Paolo Stivanin diff --git a/libsndfile-progs.spec b/libsndfile-progs.spec index ca8a07c..01f3241 100644 --- a/libsndfile-progs.spec +++ b/libsndfile-progs.spec @@ -17,7 +17,7 @@ Name: libsndfile-progs -Version: 1.2.0 +Version: 1.2.2 Release: 0 Summary: Example Programs for libsndfile License: LGPL-2.1-or-later @@ -26,6 +26,7 @@ URL: https://libsndfile.github.io/libsndfile/ Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc Source2: libsndfile.keyring +Patch1: libsndfile-CVE-2022-33065.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel diff --git a/libsndfile.changes b/libsndfile.changes index 1a0180e..75748d2 100644 --- a/libsndfile.changes +++ b/libsndfile.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai + +- Update to 1.2.1: + * Various bug fixes (issue #908, #907, #934, #950, #930) +- Update to 1.2.2: + * Fixed invalid regex in src/create_symbols_file.py + * Fixed passing null pointer to printf %s in tests +- Fix signed integers overflows in au_read_header() + (bsc#121345, CVE-2022-33065): + libsndfile-CVE-2022-33065.patch + ------------------------------------------------------------------- Mon Apr 24 11:42:18 UTC 2023 - Dominique Leuenberger diff --git a/libsndfile.spec b/libsndfile.spec index 9eaea3b..0048650 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -18,7 +18,7 @@ %define lname %{name}1 Name: libsndfile -Version: 1.2.0 +Version: 1.2.2 Release: 0 Summary: Development/Libraries/C and C++ License: LGPL-2.1-or-later @@ -28,6 +28,7 @@ Source0: https://github.com/libsndfile/libsndfile/releases/download/%{ver Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc Source2: libsndfile.keyring Source3: baselibs.conf +Patch1: libsndfile-CVE-2022-33065.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: cmake