Accepting request 1119225 from home:tiwai:branches:multimedia:libs
- Update to 1.2.1: * Various bug fixes (issue #908, #907, #934, #950, #930) - Update to 1.2.2: * Fixed invalid regex in src/create_symbols_file.py * Fixed passing null pointer to printf %s in tests - Fix signed integers overflows in au_read_header() (bsc#121345, CVE-2022-33065): libsndfile-CVE-2022-33065.patch - Update to 1.2.1: * Various bug fixes (issue #908, #907, #934, #950, #930) - Update to 1.2.2: * Fixed invalid regex in src/create_symbols_file.py * Fixed passing null pointer to printf %s in tests - Fix signed integers overflows in au_read_header() (bsc#121345, CVE-2022-33065): libsndfile-CVE-2022-33065.patch OBS-URL: https://build.opensuse.org/request/show/1119225 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=90
This commit is contained in:
parent
7e7cf25ede
commit
af79db2713
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0e30e7072f83dc84863e2e55f299175c7e04a5902ae79cfb99d4249ee8f6d60a
|
||||
size 730268
|
Binary file not shown.
BIN
libsndfile-1.2.2.tar.xz
(Stored with Git LFS)
Normal file
BIN
libsndfile-1.2.2.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
libsndfile-1.2.2.tar.xz.asc
Normal file
BIN
libsndfile-1.2.2.tar.xz.asc
Normal file
Binary file not shown.
40
libsndfile-CVE-2022-33065.patch
Normal file
40
libsndfile-CVE-2022-33065.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001
|
||||
From: Alex Stewart <alex.stewart@ni.com>
|
||||
Date: Tue, 10 Oct 2023 16:10:34 -0400
|
||||
Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
|
||||
|
||||
The clang sanitizer warns of a possible signed integer overflow when
|
||||
calculating the `dataend` value in `mat4_read_header()`.
|
||||
|
||||
```
|
||||
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
|
||||
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
|
||||
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
|
||||
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
|
||||
```
|
||||
|
||||
Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
|
||||
`dataend` before performing the calculation, to avoid the issue.
|
||||
|
||||
CVE: CVE-2022-33065
|
||||
Fixes: https://github.com/libsndfile/libsndfile/issues/789
|
||||
Fixes: https://github.com/libsndfile/libsndfile/issues/833
|
||||
|
||||
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
|
||||
---
|
||||
src/mat4.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/mat4.c b/src/mat4.c
|
||||
index 0b1b414b4..575683ba1 100644
|
||||
--- a/src/mat4.c
|
||||
+++ b/src/mat4.c
|
||||
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
|
||||
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
|
||||
}
|
||||
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
|
||||
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
|
||||
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
|
||||
|
||||
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <tiwai@suse.com>
|
||||
|
||||
- Update to 1.2.1:
|
||||
* Various bug fixes (issue #908, #907, #934, #950, #930)
|
||||
- Update to 1.2.2:
|
||||
* Fixed invalid regex in src/create_symbols_file.py
|
||||
* Fixed passing null pointer to printf %s in tests
|
||||
- Fix signed integers overflows in au_read_header()
|
||||
(bsc#121345, CVE-2022-33065):
|
||||
libsndfile-CVE-2022-33065.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 21 10:14:43 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: libsndfile-progs
|
||||
Version: 1.2.0
|
||||
Version: 1.2.2
|
||||
Release: 0
|
||||
Summary: Example Programs for libsndfile
|
||||
License: LGPL-2.1-or-later
|
||||
@ -26,6 +26,7 @@ URL: https://libsndfile.github.io/libsndfile/
|
||||
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
|
||||
Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
|
||||
Source2: libsndfile.keyring
|
||||
Patch1: libsndfile-CVE-2022-33065.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch100: sndfile-ocloexec.patch
|
||||
BuildRequires: alsa-devel
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <tiwai@suse.com>
|
||||
|
||||
- Update to 1.2.1:
|
||||
* Various bug fixes (issue #908, #907, #934, #950, #930)
|
||||
- Update to 1.2.2:
|
||||
* Fixed invalid regex in src/create_symbols_file.py
|
||||
* Fixed passing null pointer to printf %s in tests
|
||||
- Fix signed integers overflows in au_read_header()
|
||||
(bsc#121345, CVE-2022-33065):
|
||||
libsndfile-CVE-2022-33065.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 24 11:42:18 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
||||
|
||||
%define lname %{name}1
|
||||
Name: libsndfile
|
||||
Version: 1.2.0
|
||||
Version: 1.2.2
|
||||
Release: 0
|
||||
Summary: Development/Libraries/C and C++
|
||||
License: LGPL-2.1-or-later
|
||||
@ -28,6 +28,7 @@ Source0: https://github.com/libsndfile/libsndfile/releases/download/%{ver
|
||||
Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
|
||||
Source2: libsndfile.keyring
|
||||
Source3: baselibs.conf
|
||||
Patch1: libsndfile-CVE-2022-33065.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch100: sndfile-ocloexec.patch
|
||||
BuildRequires: cmake
|
||||
|
Loading…
Reference in New Issue
Block a user