Accepting request 1119225 from home:tiwai:branches:multimedia:libs
- Update to 1.2.1: * Various bug fixes (issue #908, #907, #934, #950, #930) - Update to 1.2.2: * Fixed invalid regex in src/create_symbols_file.py * Fixed passing null pointer to printf %s in tests - Fix signed integers overflows in au_read_header() (bsc#121345, CVE-2022-33065): libsndfile-CVE-2022-33065.patch - Update to 1.2.1: * Various bug fixes (issue #908, #907, #934, #950, #930) - Update to 1.2.2: * Fixed invalid regex in src/create_symbols_file.py * Fixed passing null pointer to printf %s in tests - Fix signed integers overflows in au_read_header() (bsc#121345, CVE-2022-33065): libsndfile-CVE-2022-33065.patch OBS-URL: https://build.opensuse.org/request/show/1119225 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=90
This commit is contained in:
parent
7e7cf25ede
commit
af79db2713
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:0e30e7072f83dc84863e2e55f299175c7e04a5902ae79cfb99d4249ee8f6d60a
|
|
||||||
size 730268
|
|
Binary file not shown.
BIN
libsndfile-1.2.2.tar.xz
(Stored with Git LFS)
Normal file
BIN
libsndfile-1.2.2.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
libsndfile-1.2.2.tar.xz.asc
Normal file
BIN
libsndfile-1.2.2.tar.xz.asc
Normal file
Binary file not shown.
40
libsndfile-CVE-2022-33065.patch
Normal file
40
libsndfile-CVE-2022-33065.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Stewart <alex.stewart@ni.com>
|
||||||
|
Date: Tue, 10 Oct 2023 16:10:34 -0400
|
||||||
|
Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
|
||||||
|
|
||||||
|
The clang sanitizer warns of a possible signed integer overflow when
|
||||||
|
calculating the `dataend` value in `mat4_read_header()`.
|
||||||
|
|
||||||
|
```
|
||||||
|
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
|
||||||
|
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
|
||||||
|
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
|
||||||
|
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
|
||||||
|
```
|
||||||
|
|
||||||
|
Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
|
||||||
|
`dataend` before performing the calculation, to avoid the issue.
|
||||||
|
|
||||||
|
CVE: CVE-2022-33065
|
||||||
|
Fixes: https://github.com/libsndfile/libsndfile/issues/789
|
||||||
|
Fixes: https://github.com/libsndfile/libsndfile/issues/833
|
||||||
|
|
||||||
|
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
|
||||||
|
---
|
||||||
|
src/mat4.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/mat4.c b/src/mat4.c
|
||||||
|
index 0b1b414b4..575683ba1 100644
|
||||||
|
--- a/src/mat4.c
|
||||||
|
+++ b/src/mat4.c
|
||||||
|
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
|
||||||
|
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
|
||||||
|
}
|
||||||
|
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
|
||||||
|
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
|
||||||
|
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
|
||||||
|
|
||||||
|
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
|
||||||
|
|
@ -1,3 +1,15 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <tiwai@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.2.1:
|
||||||
|
* Various bug fixes (issue #908, #907, #934, #950, #930)
|
||||||
|
- Update to 1.2.2:
|
||||||
|
* Fixed invalid regex in src/create_symbols_file.py
|
||||||
|
* Fixed passing null pointer to printf %s in tests
|
||||||
|
- Fix signed integers overflows in au_read_header()
|
||||||
|
(bsc#121345, CVE-2022-33065):
|
||||||
|
libsndfile-CVE-2022-33065.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 21 10:14:43 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
|
Tue Feb 21 10:14:43 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: libsndfile-progs
|
Name: libsndfile-progs
|
||||||
Version: 1.2.0
|
Version: 1.2.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Example Programs for libsndfile
|
Summary: Example Programs for libsndfile
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
@ -26,6 +26,7 @@ URL: https://libsndfile.github.io/libsndfile/
|
|||||||
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
|
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
|
||||||
Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
|
Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
|
||||||
Source2: libsndfile.keyring
|
Source2: libsndfile.keyring
|
||||||
|
Patch1: libsndfile-CVE-2022-33065.patch
|
||||||
# PATCH-FIX-OPENSUSE
|
# PATCH-FIX-OPENSUSE
|
||||||
Patch100: sndfile-ocloexec.patch
|
Patch100: sndfile-ocloexec.patch
|
||||||
BuildRequires: alsa-devel
|
BuildRequires: alsa-devel
|
||||||
|
@ -1,3 +1,15 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <tiwai@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.2.1:
|
||||||
|
* Various bug fixes (issue #908, #907, #934, #950, #930)
|
||||||
|
- Update to 1.2.2:
|
||||||
|
* Fixed invalid regex in src/create_symbols_file.py
|
||||||
|
* Fixed passing null pointer to printf %s in tests
|
||||||
|
- Fix signed integers overflows in au_read_header()
|
||||||
|
(bsc#121345, CVE-2022-33065):
|
||||||
|
libsndfile-CVE-2022-33065.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 24 11:42:18 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
Mon Apr 24 11:42:18 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
|
|
||||||
%define lname %{name}1
|
%define lname %{name}1
|
||||||
Name: libsndfile
|
Name: libsndfile
|
||||||
Version: 1.2.0
|
Version: 1.2.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Development/Libraries/C and C++
|
Summary: Development/Libraries/C and C++
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
@ -28,6 +28,7 @@ Source0: https://github.com/libsndfile/libsndfile/releases/download/%{ver
|
|||||||
Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
|
Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
|
||||||
Source2: libsndfile.keyring
|
Source2: libsndfile.keyring
|
||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
|
Patch1: libsndfile-CVE-2022-33065.patch
|
||||||
# PATCH-FIX-OPENSUSE
|
# PATCH-FIX-OPENSUSE
|
||||||
Patch100: sndfile-ocloexec.patch
|
Patch100: sndfile-ocloexec.patch
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
|
Loading…
Reference in New Issue
Block a user