From 50fda395388e84c7752be68e6900f9f0d9ee34e0 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 26 Jun 2022 23:07:59 +0200 Subject: [PATCH] package/libsndfile: security bump to version 1.1.0 Fix the following security issues: - Heap buffer overflow in wavlike_ima_decode_block() - Heap buffer overflow in msadpcm_decode_block() - Heap buffer overflow in psf_binheader_readf() - Index out of bounds in psf_nms_adpcm_decode_block() - Heap buffer overflow in flac_buffer_copy() - Heap buffer overflow in copyPredictorTo24() - Uninitialized variable in psf_binheader_readf() Drop patch (already in version) While at it, also drop mention of CVE-2018-13419 which is correctly tagged as only affecting version 1.0.28 in NVD NIST database: https://nvd.nist.gov/vuln/detail/CVE-2018-13419 https://github.com/libsndfile/libsndfile/releases/tag/1.1.0 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard (cherry picked from commit c59a9d12b7805f2ac08be81fe18a4ebc197d5cd9) Signed-off-by: Peter Korsgaard --- ...-ms_adpcm-Fix-and-extend-size-checks.patch | 40 ------------------- package/libsndfile/libsndfile.hash | 2 +- package/libsndfile/libsndfile.mk | 10 +---- 3 files changed, 3 insertions(+), 49 deletions(-) delete mode 100644 package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch diff --git a/package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch b/package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch deleted file mode 100644 index edacbda01a..0000000000 --- a/package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch +++ /dev/null @@ -1,40 +0,0 @@ -From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001 -From: bobsayshilol -Date: Thu, 18 Feb 2021 21:52:09 +0000 -Subject: [PATCH] ms_adpcm: Fix and extend size checks - -'blockalign' is the size of a block, and each block contains 7 samples -per channel as part of the preamble, so check against 'samplesperblock' -rather than 'blockalign'. Also add an additional check that the block -is big enough to hold the samples it claims to hold. - -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803 -Signed-off-by: Peter Korsgaard ---- - src/ms_adpcm.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c -index 5e8f1a31..a21cb994 100644 ---- a/src/ms_adpcm.c -+++ b/src/ms_adpcm.c -@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock) - if (psf->file.mode == SFM_WRITE) - samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ; - -- if (blockalign < 7 * psf->sf.channels) -- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ; -+ /* There's 7 samples per channel in the preamble of each block */ -+ if (samplesperblock < 7 * psf->sf.channels) -+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ; -+ return SFE_INTERNAL ; -+ } ; -+ -+ if (2 * blockalign < samplesperblock * psf->sf.channels) -+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ; - return SFE_INTERNAL ; - } ; - --- -2.20.1 - diff --git a/package/libsndfile/libsndfile.hash b/package/libsndfile/libsndfile.hash index 14dfe823f9..67d10d03c4 100644 --- a/package/libsndfile/libsndfile.hash +++ b/package/libsndfile/libsndfile.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -sha256 a8cfb1c09ea6e90eff4ca87322d4168cdbe5035cb48717b40bf77e751cc02163 libsndfile-1.0.31.tar.bz2 +sha256 0f98e101c0f7c850a71225fb5feaf33b106227b3d331333ddc9bacee190bcf41 libsndfile-1.1.0.tar.xz # Locally calculated sha256 ad01ea5cd2755f6048383c8d54c88459cd6fcb17757c5c8892f8c5ea060f6140 COPYING diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk index ed9e8e3d14..12a6601b6b 100644 --- a/package/libsndfile/libsndfile.mk +++ b/package/libsndfile/libsndfile.mk @@ -4,20 +4,14 @@ # ################################################################################ -LIBSNDFILE_VERSION = 1.0.31 -LIBSNDFILE_SOURCE = libsndfile-$(LIBSNDFILE_VERSION).tar.bz2 +LIBSNDFILE_VERSION = 1.1.0 +LIBSNDFILE_SOURCE = libsndfile-$(LIBSNDFILE_VERSION).tar.xz LIBSNDFILE_SITE = https://github.com/libsndfile/libsndfile/releases/download/$(LIBSNDFILE_VERSION) LIBSNDFILE_INSTALL_STAGING = YES LIBSNDFILE_LICENSE = LGPL-2.1+ LIBSNDFILE_LICENSE_FILES = COPYING LIBSNDFILE_CPE_ID_VENDOR = libsndfile_project -# 0001-ms_adpcm-Fix-and-extend-size-checks.patch -LIBSNDFILE_IGNORE_CVES += CVE-2021-3246 - -# disputed, https://github.com/erikd/libsndfile/issues/398 -LIBSNDFILE_IGNORE_CVES += CVE-2018-13419 - LIBSNDFILE_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99' LIBSNDFILE_CONF_OPTS = \ --disable-sqlite \