Accepting request 615236 from home:tiwai:branches:multimedia:libs

- Use license file tag - Fix potential overflow in d2alaw_array() (CVE-2017-17456, bsc#1071777): libsndfile-CVE-2017-17456-alaw-range-check.patch - Fix potential overflow in d2ulaw_array() (CVE-2017-17457, bsc#1071767): libsndfile-CVE-2017-17457-ulaw-range-check.patch OBS-URL: https://build.opensuse.org/request/show/615236 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=66
2018-06-08 13:05:50 +00:00 · 2018-06-08 13:05:50 +00:00 · c6561c05e5
commit c6561c05e5
parent 593b609c4f
5 changed files with 136 additions and 5 deletions
--- a/libsndfile-CVE-2017-17456-alaw-range-check.patch
+++ b/libsndfile-CVE-2017-17456-alaw-range-check.patch
@ -0,0 +1,55 @@
+---
+ src/alaw.c |   36 ++++++++++++++++++++++++++++--------
+ 1 file changed, 28 insertions(+), 8 deletions(-)
+
+--- a/src/alaw.c
+++ b/src/alaw.c
+@@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count,
+ static inline void
+ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
+-			buffer [count] = alaw_encode [lrintf (normfact * ptr [count])] ;
+-		else
+-			buffer [count] = 0x7F & alaw_encode [- lrintf (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = alaw_encode [0] ;
+		} else if (ptr [count] >= 0) {
+			idx = lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048;
+			buffer [count] = alaw_encode [idx] ;
+		} else {
+			idx = -lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048 ;
+			buffer [count] = 0x7F & alaw_encode [idx] ;
+			}
+ 		} ;
+ } /* f2alaw_array */
+ 
+ static inline void
+ d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
+-			buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
+-		else
+-			buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = alaw_encode [0] ;
+		} else if (ptr [count] >= 0) {
+			idx = lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048;
+			buffer [count] = alaw_encode [idx] ;
+		} else {
+			idx = -lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048 ;
+			buffer [count] = 0x7F & alaw_encode [idx] ;
+			}
+ 		} ;
+ } /* d2alaw_array */
+ 
--- a/libsndfile-CVE-2017-17457-ulaw-range-check.patch
+++ b/libsndfile-CVE-2017-17457-ulaw-range-check.patch
@ -0,0 +1,55 @@
+---
+ src/ulaw.c |   36 ++++++++++++++++++++++++++++--------
+ 1 file changed, 28 insertions(+), 8 deletions(-)
+
+--- a/src/ulaw.c
+++ b/src/ulaw.c
+@@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count,
+ static inline void
+ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
+-			buffer [count] = ulaw_encode [lrintf (normfact * ptr [count])] ;
+-		else
+-			buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = ulaw_encode [0];
+		} else if (ptr [count] >= 0) {
+			idx = lrint (normfact * ptr [count]);
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = ulaw_encode [idx] ;
+		} else {
+			idx = -lrint (normfact * ptr [count]) ;
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = 0x7F & ulaw_encode [idx] ;
+			}
+ 		} ;
+ } /* f2ulaw_array */
+ 
+ static inline void
+ d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
+-			buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
+-		else
+-			buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = ulaw_encode [0];
+		} else if (ptr [count] >= 0) {
+			idx = lrint (normfact * ptr [count]);
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = ulaw_encode [idx] ;
+		} else {
+			idx = -lrint (normfact * ptr [count]) ;
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = 0x7F & ulaw_encode [idx] ;
+			}
+ 		} ;
+ } /* d2ulaw_array */
+ 
--- a/libsndfile-progs.spec
+++ b/libsndfile-progs.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsndfile-progs
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,7 +20,7 @@ Name:           libsndfile-progs
 Version:        1.0.28
 Release:        0
 Summary:        Example Programs for libsndfile
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          System/Libraries
 Url:            http://www.mega-nerd.com/libsndfile/
 Source0:        http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
--- a/libsndfile.changes
+++ b/libsndfile.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Jun  8 14:49:18 CEST 2018 - tiwai@suse.de
+
+- Use license file tag
+
+-------------------------------------------------------------------
+Fri Jun  8 14:46:54 CEST 2018 - tiwai@suse.de
+
+- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
+  bsc#1071777):
+  libsndfile-CVE-2017-17456-alaw-range-check.patch
+- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
+  bsc#1071767):
+  libsndfile-CVE-2017-17457-ulaw-range-check.patch
+
 -------------------------------------------------------------------
 Tue Dec 19 15:57:19 CET 2017 - tiwai@suse.de

--- a/libsndfile.spec
+++ b/libsndfile.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsndfile
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -21,7 +21,7 @@ Name:           libsndfile
 Version:        1.0.28
 Release:        0
 Summary:        Development/Libraries/C and C++
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          System/Libraries
 Url:            http://www.mega-nerd.com/libsndfile
 Source0:        http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz
@ -36,6 +36,9 @@ Patch20:        0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
 Patch30:        0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
 # not yet upstreamed, https://github.com/erikd/libsndfile/issues/317
 Patch31:        0031-sfe_copy_data_fp-check-value-of-max-variable.patch
+# not yet upstreamed
+Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
+Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@ -89,6 +92,8 @@ libsndfile library.
 %patch20 -p1
 %patch30 -p1
 %patch31 -p1
+%patch32 -p1
+%patch33 -p1
 %patch100 -p1

 %build
@ -133,8 +138,9 @@ popd

 %files devel
 %defattr(-, root, root)
-%doc AUTHORS COPYING ChangeLog NEWS README
+%doc AUTHORS ChangeLog NEWS README
 %doc doc/*.html doc/*.jpg doc/*.css doc/*.HOWTO
+%license COPYING
 %{_libdir}/libsndfile.so
 %{_includedir}/sndfile.h
 %{_includedir}/sndfile.hh