Accepting request 663576 from multimedia:libs
OBS-URL: https://build.opensuse.org/request/show/663576 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wavpack?expand=0&rev=26
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
bb72a1aabf
28
CVE-2018-19840.patch
Normal file
28
CVE-2018-19840.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001
|
||||
From: David Bryant <david@wavpack.com>
|
||||
Date: Thu, 29 Nov 2018 21:00:42 -0800
|
||||
Subject: [PATCH] issue #53: error out on zero sample rate
|
||||
|
||||
---
|
||||
src/pack_utils.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/pack_utils.c b/src/pack_utils.c
|
||||
index 2253f0d..2a83497 100644
|
||||
--- a/src/pack_utils.c
|
||||
+++ b/src/pack_utils.c
|
||||
@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
|
||||
int num_chans = config->num_channels;
|
||||
int i;
|
||||
|
||||
+ if (!config->sample_rate) {
|
||||
+ strcpy (wpc->error_message, "sample rate cannot be zero!");
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
|
||||
|
||||
if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {
|
||||
--
|
||||
2.20.1
|
||||
|
||||
32
CVE-2018-19841.patch
Normal file
32
CVE-2018-19841.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
|
||||
From: David Bryant <david@wavpack.com>
|
||||
Date: Thu, 29 Nov 2018 21:53:51 -0800
|
||||
Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
|
||||
|
||||
---
|
||||
src/open_utils.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/open_utils.c b/src/open_utils.c
|
||||
index 80051fc..4fe0d67 100644
|
||||
--- a/src/open_utils.c
|
||||
+++ b/src/open_utils.c
|
||||
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
|
||||
#endif
|
||||
|
||||
if (meta_bc == 4) {
|
||||
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
|
||||
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
|
||||
return FALSE;
|
||||
}
|
||||
else {
|
||||
csum ^= csum >> 16;
|
||||
|
||||
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
|
||||
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 7 19:29:45 CET 2019 - sbrabec@suse.com
|
||||
|
||||
- Fix denial-of-service (resource exhaustion caused by an infinite
|
||||
loop; bsc#1120930, CVE-2018-19840, CVE-2018-19840.patch).
|
||||
- Fix denial-of-service (out-of-bounds read and application crash;
|
||||
bsc#1120929, CVE-2018-19841, CVE-2018-19841.patch).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 20 08:48:07 UTC 2018 - kbabioch@suse.com
|
||||
|
||||
|
||||
10
wavpack.spec
10
wavpack.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package wavpack
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -31,6 +31,10 @@ Source99: baselibs.conf
|
||||
Patch0: wavpack-CVE-2018-6767.patch
|
||||
Patch1: CVE-2018-7253.patch
|
||||
Patch2: CVE-2018-7254.patch
|
||||
# PATCH-FIX-SECURITY CVE-2018-19840.patch bsc1120930 CVE-2018-19840 sbrabec@suse.cz -- Fix denial-of-service (resource exhaustion caused by an infinite loop).
|
||||
Patch3: CVE-2018-19840.patch
|
||||
# PATCH-FIX-SECURITY CVE-2018-19841.patch bsc1120929 CVE-2018-19841 sbrabec@suse.cz -- Fix denial-of-service (out-of-bounds read and application crash).
|
||||
Patch4: CVE-2018-19841.patch
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
|
||||
@ -77,6 +81,8 @@ applications that want to make use of wavpack.
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
autoreconf -fiv
|
||||
|
||||
Loading…
Reference in New Issue
Block a user