diff --git a/SOURCES/libsndfile-1.0.28-CVE_2018_13139.patch b/SOURCES/libsndfile-1.0.28-CVE_2018_13139.patch new file mode 100644 index 0000000..f758432 --- /dev/null +++ b/SOURCES/libsndfile-1.0.28-CVE_2018_13139.patch @@ -0,0 +1,31 @@ +From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001 +From: "Brett T. Warden" +Date: Tue, 28 Aug 2018 12:01:17 -0700 +Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave + +Allocated buffer has space for only 16 channels. Verify that input file +meets this limit. + +Fixes #397 +--- + programs/sndfile-deinterleave.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c +index 53660310..225b4d54 100644 +--- a/programs/sndfile-deinterleave.c ++++ b/programs/sndfile-deinterleave.c +@@ -89,6 +89,13 @@ main (int argc, char **argv) + exit (1) ; + } ; + ++ if (sfinfo.channels > MAX_CHANNELS) ++ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n", ++ argv [1], sfinfo.channels, MAX_CHANNELS) ; ++ exit (1) ; ++ } ; ++ ++ + state.channels = sfinfo.channels ; + sfinfo.channels = 1 ; + diff --git a/SPECS/libsndfile.spec b/SPECS/libsndfile.spec index f088591..7f21f64 100644 --- a/SPECS/libsndfile.spec +++ b/SPECS/libsndfile.spec @@ -1,12 +1,13 @@ Summary: Library for reading and writing sound files Name: libsndfile Version: 1.0.25 -Release: 10%{?dist} +Release: 11%{?dist} License: LGPLv2+ and GPLv2+ and BSD Group: System Environment/Libraries URL: http://www.mega-nerd.com/libsndfile/ Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz Patch0: %{name}-1.0.25-system-gsm.patch +Patch1: libsndfile-1.0.28-CVE_2018_13139.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: alsa-lib-devel @@ -55,6 +56,7 @@ This package contains command line utilities for libsndfile. %prep %setup -q %patch0 -p1 +%patch1 -p1 -b .CVE_2018_13139 rm -r src/GSM610 ; autoreconf -I M4 -fiv # for system-gsm patch #also for aarch64 support which requires autotools 2.69+ @@ -81,10 +83,10 @@ cp -pR $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev/html __docs rm -rf $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev # fix multilib issues -%if %{__isa_bits} == 64 -%define wordsize 64 -%else +%if 0%{?__isa_bits} == 32 %define wordsize 32 +%else +%define wordsize 64 %endif mv %{buildroot}%{_includedir}/sndfile.h \ @@ -161,6 +163,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Oct 29 2019 Michal Hlavinka - 1.0.25-11 +- fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598577) + * Sat Aug 2 2014 Peter Robinson 1.0.25-10 - Generic 32/64 bit platform detection - fix ppc64le build (#1126140)