From c6561c05e56cd66c410de9fce2c59a2b99bafbec76fb4d8efe447fffcd27a5d1 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 8 Jun 2018 13:05:50 +0000 Subject: [PATCH] Accepting request 615236 from home:tiwai:branches:multimedia:libs - Use license file tag - Fix potential overflow in d2alaw_array() (CVE-2017-17456, bsc#1071777): libsndfile-CVE-2017-17456-alaw-range-check.patch - Fix potential overflow in d2ulaw_array() (CVE-2017-17457, bsc#1071767): libsndfile-CVE-2017-17457-ulaw-range-check.patch OBS-URL: https://build.opensuse.org/request/show/615236 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=66 --- ...file-CVE-2017-17456-alaw-range-check.patch | 55 +++++++++++++++++++ ...file-CVE-2017-17457-ulaw-range-check.patch | 55 +++++++++++++++++++ libsndfile-progs.spec | 4 +- libsndfile.changes | 15 +++++ libsndfile.spec | 12 +++- 5 files changed, 136 insertions(+), 5 deletions(-) create mode 100644 libsndfile-CVE-2017-17456-alaw-range-check.patch create mode 100644 libsndfile-CVE-2017-17457-ulaw-range-check.patch diff --git a/libsndfile-CVE-2017-17456-alaw-range-check.patch b/libsndfile-CVE-2017-17456-alaw-range-check.patch new file mode 100644 index 0000000..2c6309b --- /dev/null +++ b/libsndfile-CVE-2017-17456-alaw-range-check.patch @@ -0,0 +1,55 @@ +--- + src/alaw.c | 36 ++++++++++++++++++++++++++++-------- + 1 file changed, 28 insertions(+), 8 deletions(-) + +--- a/src/alaw.c ++++ b/src/alaw.c +@@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count, + static inline void + f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact) + { while (--count >= 0) +- { if (ptr [count] >= 0) +- buffer [count] = alaw_encode [lrintf (normfact * ptr [count])] ; +- else +- buffer [count] = 0x7F & alaw_encode [- lrintf (normfact * ptr [count])] ; ++ { int idx; ++ if (isnan (ptr [count])) { ++ buffer [count] = alaw_encode [0] ; ++ } else if (ptr [count] >= 0) { ++ idx = lrintf (normfact * ptr [count]) ; ++ if (idx > 2048) ++ idx = 2048; ++ buffer [count] = alaw_encode [idx] ; ++ } else { ++ idx = -lrintf (normfact * ptr [count]) ; ++ if (idx > 2048) ++ idx = 2048 ; ++ buffer [count] = 0x7F & alaw_encode [idx] ; ++ } + } ; + } /* f2alaw_array */ + + static inline void + d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact) + { while (--count >= 0) +- { if (ptr [count] >= 0) +- buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ; +- else +- buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ; ++ { int idx; ++ if (isnan (ptr [count])) { ++ buffer [count] = alaw_encode [0] ; ++ } else if (ptr [count] >= 0) { ++ idx = lrintf (normfact * ptr [count]) ; ++ if (idx > 2048) ++ idx = 2048; ++ buffer [count] = alaw_encode [idx] ; ++ } else { ++ idx = -lrintf (normfact * ptr [count]) ; ++ if (idx > 2048) ++ idx = 2048 ; ++ buffer [count] = 0x7F & alaw_encode [idx] ; ++ } + } ; + } /* d2alaw_array */ + diff --git a/libsndfile-CVE-2017-17457-ulaw-range-check.patch b/libsndfile-CVE-2017-17457-ulaw-range-check.patch new file mode 100644 index 0000000..9e9e8ac --- /dev/null +++ b/libsndfile-CVE-2017-17457-ulaw-range-check.patch @@ -0,0 +1,55 @@ +--- + src/ulaw.c | 36 ++++++++++++++++++++++++++++-------- + 1 file changed, 28 insertions(+), 8 deletions(-) + +--- a/src/ulaw.c ++++ b/src/ulaw.c +@@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count, + static inline void + f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact) + { while (--count >= 0) +- { if (ptr [count] >= 0) +- buffer [count] = ulaw_encode [lrintf (normfact * ptr [count])] ; +- else +- buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact * ptr [count])] ; ++ { int idx; ++ if (isnan (ptr [count])) { ++ buffer [count] = ulaw_encode [0]; ++ } else if (ptr [count] >= 0) { ++ idx = lrint (normfact * ptr [count]); ++ if (idx > 8192) ++ idx = 8192; ++ buffer [count] = ulaw_encode [idx] ; ++ } else { ++ idx = -lrint (normfact * ptr [count]) ; ++ if (idx > 8192) ++ idx = 8192; ++ buffer [count] = 0x7F & ulaw_encode [idx] ; ++ } + } ; + } /* f2ulaw_array */ + + static inline void + d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact) + { while (--count >= 0) +- { if (ptr [count] >= 0) +- buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ; +- else +- buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ; ++ { int idx; ++ if (isnan (ptr [count])) { ++ buffer [count] = ulaw_encode [0]; ++ } else if (ptr [count] >= 0) { ++ idx = lrint (normfact * ptr [count]); ++ if (idx > 8192) ++ idx = 8192; ++ buffer [count] = ulaw_encode [idx] ; ++ } else { ++ idx = -lrint (normfact * ptr [count]) ; ++ if (idx > 8192) ++ idx = 8192; ++ buffer [count] = 0x7F & ulaw_encode [idx] ; ++ } + } ; + } /* d2ulaw_array */ + diff --git a/libsndfile-progs.spec b/libsndfile-progs.spec index c6909f3..08073ed 100644 --- a/libsndfile-progs.spec +++ b/libsndfile-progs.spec @@ -1,7 +1,7 @@ # # spec file for package libsndfile-progs # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: libsndfile-progs Version: 1.0.28 Release: 0 Summary: Example Programs for libsndfile -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Url: http://www.mega-nerd.com/libsndfile/ Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz diff --git a/libsndfile.changes b/libsndfile.changes index 39c1fd2..2d6bbb1 100644 --- a/libsndfile.changes +++ b/libsndfile.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Jun 8 14:49:18 CEST 2018 - tiwai@suse.de + +- Use license file tag + +------------------------------------------------------------------- +Fri Jun 8 14:46:54 CEST 2018 - tiwai@suse.de + +- Fix potential overflow in d2alaw_array() (CVE-2017-17456, + bsc#1071777): + libsndfile-CVE-2017-17456-alaw-range-check.patch +- Fix potential overflow in d2ulaw_array() (CVE-2017-17457, + bsc#1071767): + libsndfile-CVE-2017-17457-ulaw-range-check.patch + ------------------------------------------------------------------- Tue Dec 19 15:57:19 CET 2017 - tiwai@suse.de diff --git a/libsndfile.spec b/libsndfile.spec index 5748129..421038b 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,7 +1,7 @@ # # spec file for package libsndfile # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: libsndfile Version: 1.0.28 Release: 0 Summary: Development/Libraries/C and C++ -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Url: http://www.mega-nerd.com/libsndfile Source0: http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz @@ -36,6 +36,9 @@ Patch20: 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch # not yet upstreamed, https://github.com/erikd/libsndfile/issues/317 Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch +# not yet upstreamed +Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch +Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel @@ -89,6 +92,8 @@ libsndfile library. %patch20 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 +%patch33 -p1 %patch100 -p1 %build @@ -133,8 +138,9 @@ popd %files devel %defattr(-, root, root) -%doc AUTHORS COPYING ChangeLog NEWS README +%doc AUTHORS ChangeLog NEWS README %doc doc/*.html doc/*.jpg doc/*.css doc/*.HOWTO +%license COPYING %{_libdir}/libsndfile.so %{_includedir}/sndfile.h %{_includedir}/sndfile.hh