Thu Sep 9 12:03:10 2021 UTC ()
libsndfile: apply patch for CVE-2021-3246


(nia)
diff -r1.86 -r1.87 pkgsrc/audio/libsndfile/Makefile
diff -r1.49 -r1.50 pkgsrc/audio/libsndfile/distinfo
diff -r0 -r1.1 pkgsrc/audio/libsndfile/patches/patch-CVE-2021-3246
diff -r0 -r1.1 pkgsrc/audio/libsndfile/patches/patch-src_wavlike.c
cvs diff -r1.86 -r1.87 pkgsrc/audio/libsndfile/Makefile (expand / switch to unified diff)

--- pkgsrc/audio/libsndfile/Makefile 2021/01/24 14:50:25 1.86
+++ pkgsrc/audio/libsndfile/Makefile 2021/09/09 12:03:09 1.87
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1# $NetBSD: Makefile,v 1.86 2021/01/24 14:50:25 nia Exp $ 1# $NetBSD: Makefile,v 1.87 2021/09/09 12:03:09 nia Exp $
2 2
3DISTNAME= libsndfile-1.0.31 3DISTNAME= libsndfile-1.0.31
 4PKGREVISION= 1
4CATEGORIES= audio 5CATEGORIES= audio
5MASTER_SITES= ${MASTER_SITE_GITHUB:=libsndfile/} 6MASTER_SITES= ${MASTER_SITE_GITHUB:=libsndfile/}
6GITHUB_PROJECT= libsndfile 7GITHUB_PROJECT= libsndfile
7GITHUB_RELEASE= ${PKGVERSION_NOREV} 8GITHUB_RELEASE= ${PKGVERSION_NOREV}
8EXTRACT_SUFX= .tar.bz2 9EXTRACT_SUFX= .tar.bz2
9 10
10MAINTAINER= pkgsrc-users@NetBSD.org 11MAINTAINER= pkgsrc-users@NetBSD.org
11HOMEPAGE= https://libsndfile.github.io/libsndfile/ 12HOMEPAGE= https://libsndfile.github.io/libsndfile/
12COMMENT= Library for reading and writing audio files 13COMMENT= Library for reading and writing audio files
13LICENSE= gnu-lgpl-v2.1 14LICENSE= gnu-lgpl-v2.1
14 15
15USE_LANGUAGES= c c++ 16USE_LANGUAGES= c c++
16USE_LIBTOOL= yes 17USE_LIBTOOL= yes
cvs diff -r1.49 -r1.50 pkgsrc/audio/libsndfile/distinfo (expand / switch to unified diff)

--- pkgsrc/audio/libsndfile/distinfo 2021/01/24 14:50:25 1.49
+++ pkgsrc/audio/libsndfile/distinfo 2021/09/09 12:03:09 1.50
@@ -1,6 +1,8 @@ @@ -1,6 +1,8 @@
1$NetBSD: distinfo,v 1.49 2021/01/24 14:50:25 nia Exp $ 1$NetBSD: distinfo,v 1.50 2021/09/09 12:03:09 nia Exp $
2 2
3SHA1 (libsndfile-1.0.31.tar.bz2) = f16a88e7223baef7c4497536dc1b55b56811debc 3SHA1 (libsndfile-1.0.31.tar.bz2) = f16a88e7223baef7c4497536dc1b55b56811debc
4RMD160 (libsndfile-1.0.31.tar.bz2) = ae3fc5bbcb10a034f3edc1240acacd9f1ec349a7 4RMD160 (libsndfile-1.0.31.tar.bz2) = ae3fc5bbcb10a034f3edc1240acacd9f1ec349a7
5SHA512 (libsndfile-1.0.31.tar.bz2) = 62202092e5cac6346fd3c0a977380e9bf888fc59d08c9c9707dc254a8ef6ed6356da2ab0430bb970c7b06ba5bb1dafa5d7b0fe13898834c1fe4acb16f409f0e1 5SHA512 (libsndfile-1.0.31.tar.bz2) = 62202092e5cac6346fd3c0a977380e9bf888fc59d08c9c9707dc254a8ef6ed6356da2ab0430bb970c7b06ba5bb1dafa5d7b0fe13898834c1fe4acb16f409f0e1
6Size (libsndfile-1.0.31.tar.bz2) = 875335 bytes 6Size (libsndfile-1.0.31.tar.bz2) = 875335 bytes
 7SHA1 (patch-CVE-2021-3246) = 08620e24b8a41afd7c164781bf6088028ffc97ed
 8SHA1 (patch-src_wavlike.c) = b2524c62d8dad9959ff7a50c412b0e85bf433f47
File Added: pkgsrc/audio/libsndfile/patches/Attic/patch-CVE-2021-3246
$NetBSD: patch-CVE-2021-3246,v 1.1 2021/09/09 12:03:10 nia Exp $

[PATCH] ms_adpcm: Fix and extend size checks

'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
https://github.com/libsndfile/libsndfile/pull/713

--- src/ms_adpcm.c.orig	2021-01-23 16:12:45.000000000 +0000
+++ src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init	(SF_PRIVATE *psf, i
 	if (psf->file.mode == SFM_WRITE)
 		samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
 
-	if (blockalign < 7 * psf->sf.channels)
-	{	psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+	/* There's 7 samples per channel in the preamble of each block */
+	if (samplesperblock < 7 * psf->sf.channels)
+	{	psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+		return SFE_INTERNAL ;
+		} ;
+
+	if (2 * blockalign < samplesperblock * psf->sf.channels)
+	{	psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
 		return SFE_INTERNAL ;
 		} ;
File Added: pkgsrc/audio/libsndfile/patches/Attic/patch-src_wavlike.c
$NetBSD: patch-src_wavlike.c,v 1.1 2021/09/09 12:03:10 nia Exp $

[PATCH] wavlike: Fix incorrect size check

The SF_CART_INFO_16K struct has an additional 4 byte field to hold
the size of 'tag_text' which the file header doesn't, so don't
include it as part of the check when looking for the max length.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026
https://github.com/libsndfile/libsndfile/pull/713

--- src/wavlike.c.orig	2021-01-23 16:12:45.000000000 +0000
+++ src/wavlike.c
@@ -830,7 +830,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf
 		return 0 ;
 		} ;
 
-	if (chunksize >= sizeof (SF_CART_INFO_16K))
+	/*
+	**	SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't part
+	**	of the chunk, so don't include it in the size check.
+	*/
+	if (chunksize >= sizeof (SF_CART_INFO_16K) - 4)
 	{	psf_log_printf (psf, "cart : %u too big to be handled\n", chunksize) ;
 		psf_binheader_readf (psf, "j", chunksize) ;
 		return 0 ;