Thu Sep 9 12:03:10 2021 UTC ()
libsndfile: apply patch for CVE-2021-3246
(nia)
diff -r1.86 -r1.87 pkgsrc/audio/libsndfile/Makefile
diff -r1.49 -r1.50 pkgsrc/audio/libsndfile/distinfo
diff -r0 -r1.1 pkgsrc/audio/libsndfile/patches/patch-CVE-2021-3246
diff -r0 -r1.1 pkgsrc/audio/libsndfile/patches/patch-src_wavlike.c
--- pkgsrc/audio/libsndfile/Makefile 2021/01/24 14:50:25 1.86
+++ pkgsrc/audio/libsndfile/Makefile 2021/09/09 12:03:09 1.87
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.86 2021/01/24 14:50:25 nia Exp $ | | 1 | # $NetBSD: Makefile,v 1.87 2021/09/09 12:03:09 nia Exp $ |
2 | | | 2 | |
3 | DISTNAME= libsndfile-1.0.31 | | 3 | DISTNAME= libsndfile-1.0.31 |
| | | 4 | PKGREVISION= 1 |
4 | CATEGORIES= audio | | 5 | CATEGORIES= audio |
5 | MASTER_SITES= ${MASTER_SITE_GITHUB:=libsndfile/} | | 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=libsndfile/} |
6 | GITHUB_PROJECT= libsndfile | | 7 | GITHUB_PROJECT= libsndfile |
7 | GITHUB_RELEASE= ${PKGVERSION_NOREV} | | 8 | GITHUB_RELEASE= ${PKGVERSION_NOREV} |
8 | EXTRACT_SUFX= .tar.bz2 | | 9 | EXTRACT_SUFX= .tar.bz2 |
9 | | | 10 | |
10 | MAINTAINER= pkgsrc-users@NetBSD.org | | 11 | MAINTAINER= pkgsrc-users@NetBSD.org |
11 | HOMEPAGE= https://libsndfile.github.io/libsndfile/ | | 12 | HOMEPAGE= https://libsndfile.github.io/libsndfile/ |
12 | COMMENT= Library for reading and writing audio files | | 13 | COMMENT= Library for reading and writing audio files |
13 | LICENSE= gnu-lgpl-v2.1 | | 14 | LICENSE= gnu-lgpl-v2.1 |
14 | | | 15 | |
15 | USE_LANGUAGES= c c++ | | 16 | USE_LANGUAGES= c c++ |
16 | USE_LIBTOOL= yes | | 17 | USE_LIBTOOL= yes |
--- pkgsrc/audio/libsndfile/distinfo 2021/01/24 14:50:25 1.49
+++ pkgsrc/audio/libsndfile/distinfo 2021/09/09 12:03:09 1.50
| @@ -1,6 +1,8 @@ | | | @@ -1,6 +1,8 @@ |
1 | $NetBSD: distinfo,v 1.49 2021/01/24 14:50:25 nia Exp $ | | 1 | $NetBSD: distinfo,v 1.50 2021/09/09 12:03:09 nia Exp $ |
2 | | | 2 | |
3 | SHA1 (libsndfile-1.0.31.tar.bz2) = f16a88e7223baef7c4497536dc1b55b56811debc | | 3 | SHA1 (libsndfile-1.0.31.tar.bz2) = f16a88e7223baef7c4497536dc1b55b56811debc |
4 | RMD160 (libsndfile-1.0.31.tar.bz2) = ae3fc5bbcb10a034f3edc1240acacd9f1ec349a7 | | 4 | RMD160 (libsndfile-1.0.31.tar.bz2) = ae3fc5bbcb10a034f3edc1240acacd9f1ec349a7 |
5 | SHA512 (libsndfile-1.0.31.tar.bz2) = 62202092e5cac6346fd3c0a977380e9bf888fc59d08c9c9707dc254a8ef6ed6356da2ab0430bb970c7b06ba5bb1dafa5d7b0fe13898834c1fe4acb16f409f0e1 | | 5 | SHA512 (libsndfile-1.0.31.tar.bz2) = 62202092e5cac6346fd3c0a977380e9bf888fc59d08c9c9707dc254a8ef6ed6356da2ab0430bb970c7b06ba5bb1dafa5d7b0fe13898834c1fe4acb16f409f0e1 |
6 | Size (libsndfile-1.0.31.tar.bz2) = 875335 bytes | | 6 | Size (libsndfile-1.0.31.tar.bz2) = 875335 bytes |
| | | 7 | SHA1 (patch-CVE-2021-3246) = 08620e24b8a41afd7c164781bf6088028ffc97ed |
| | | 8 | SHA1 (patch-src_wavlike.c) = b2524c62d8dad9959ff7a50c412b0e85bf433f47 |
$NetBSD: patch-CVE-2021-3246,v 1.1 2021/09/09 12:03:10 nia Exp $
[PATCH] ms_adpcm: Fix and extend size checks
'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
https://github.com/libsndfile/libsndfile/pull/713
--- src/ms_adpcm.c.orig 2021-01-23 16:12:45.000000000 +0000
+++ src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, i
if (psf->file.mode == SFM_WRITE)
samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
- if (blockalign < 7 * psf->sf.channels)
- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+ /* There's 7 samples per channel in the preamble of each block */
+ if (samplesperblock < 7 * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+
+ if (2 * blockalign < samplesperblock * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
return SFE_INTERNAL ;
} ;
$NetBSD: patch-src_wavlike.c,v 1.1 2021/09/09 12:03:10 nia Exp $
[PATCH] wavlike: Fix incorrect size check
The SF_CART_INFO_16K struct has an additional 4 byte field to hold
the size of 'tag_text' which the file header doesn't, so don't
include it as part of the check when looking for the max length.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026
https://github.com/libsndfile/libsndfile/pull/713
--- src/wavlike.c.orig 2021-01-23 16:12:45.000000000 +0000
+++ src/wavlike.c
@@ -830,7 +830,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf
return 0 ;
} ;
- if (chunksize >= sizeof (SF_CART_INFO_16K))
+ /*
+ ** SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't part
+ ** of the chunk, so don't include it in the size check.
+ */
+ if (chunksize >= sizeof (SF_CART_INFO_16K) - 4)
{ psf_log_printf (psf, "cart : %u too big to be handled\n", chunksize) ;
psf_binheader_readf (psf, "j", chunksize) ;
return 0 ;