Hello community, here is the log from the commit of package audiofile for openSUSE:Factory checked in at 2015-10-30 16:34:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/audiofile (Old) and /work/SRC/openSUSE:Factory/.audiofile.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "audiofile" Changes: -------- --- /work/SRC/openSUSE:Factory/audiofile/audiofile.changes 2014-08-20 17:53:51.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.audiofile.new/audiofile.changes 2015-10-30 16:34:32.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Oct 22 16:40:50 CEST 2015 - [email protected] + +- Fix overflow when changing both number of channels and sample + format (bsc#949399, CVE-2015-7747, + audiofile-CVE-2015-7747.patch). + +------------------------------------------------------------------- New: ---- audiofile-CVE-2015-7747.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ audiofile.spec ++++++ --- /var/tmp/diff_new_pack.7M28rW/_old 2015-10-30 16:34:33.000000000 +0100 +++ /var/tmp/diff_new_pack.7M28rW/_new 2015-10-30 16:34:33.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package audiofile # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,8 @@ Url: http://www.68k.org/~michael/audiofile/ Source: http://download.gnome.org/sources/audiofile/0.3/%{name}-%{version}.tar.xz Source2: baselibs.conf +# PATCH-FIX-SECURITY audiofile-CVE-2015-7747.patch bsc949399 CVE-2015-7747 [email protected] -- Fix overflow when changing both number of channels and sample format https://github.com/mpruett/audiofile/pull/25/files https://github.com/mpruett/audiofile/pull/25.patch +Patch: audiofile-CVE-2015-7747.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -93,6 +95,7 @@ %prep %setup -q +%patch -p1 %build autoreconf -fi ++++++ audiofile-CVE-2015-7747.patch ++++++ >From 4234a11442e673e4b96c4b0a9e707dcb15b01497 Mon Sep 17 00:00:00 2001 From: Fabrizio Gennari <[email protected]> Date: Thu, 1 Oct 2015 22:51:14 +0200 Subject: [PATCH 1/2] Do not corrupt files when changing both number of channels and sample format --- libaudiofile/modules/ModuleState.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp index f76c495..0c29d7a 100644 --- a/libaudiofile/modules/ModuleState.cpp +++ b/libaudiofile/modules/ModuleState.cpp @@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle file, Track *track) addModule(new Transform(outfc, in.pcm, out.pcm)); if (in.channelCount != out.channelCount) - addModule(new ApplyChannelMatrix(infc, isReading, + addModule(new ApplyChannelMatrix(outfc, isReading, in.channelCount, out.channelCount, in.pcm.minClip, in.pcm.maxClip, track->channelMatrix)); >From 1debf51f3a89d44c0bd46e7bc45c07342087dd7c Mon Sep 17 00:00:00 2001 From: Fabrizio Gennari <[email protected]> Date: Sun, 4 Oct 2015 01:14:00 +0200 Subject: [PATCH 2/2] Add a test case for conversion of both sample format and number of channels This patch contains the testcase backport to version 0.3.6. Author: Stanislav Brabec <[email protected]> https://bugzilla.novell.com/show_bug.cgi?id=949399#c7 --- test/Makefile.am | 2 + test/sixteen-stereo-to-eight-mono.c | 118 ++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 test/sixteen-stereo-to-eight-mono.c diff --git a/test/Makefile.am b/test/Makefile.am index 7bbf8e4..d311719 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -27,6 +27,7 @@ TESTS = \ VirtualFile \ floatto24 \ query2 \ + sixteen-stereo-to-eight-mono \ sixteen-to-eight \ testchannelmatrix \ testdouble \ @@ -143,6 +144,7 @@ printmarkers_SOURCES = printmarkers.c printmarkers_LDADD = $(LIBAUDIOFILE) -lm sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h +sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h diff --git a/test/sixteen-stereo-to-eight-mono.c b/test/sixteen-stereo-to-eight-mono.c new file mode 100644 index 0000000..0f14636 --- /dev/null +++ b/test/sixteen-stereo-to-eight-mono.c @@ -0,0 +1,117 @@ +/* + Audio File Library + + Copyright 2000, Silicon Graphics, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +/* + sixteen-stereo-to-eight-mono.c + + This program tests the conversion from 2-channel 16-bit integers to + 1-channel 8-bit integers. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <limits.h> + +#include <audiofile.h> + +#include "TestUtilities.h" + +int main (int argc, char **argv) +{ + AFfilehandle file; + AFfilesetup setup; + int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921}; + int8_t frames8[] = {28, 6, -2}; + int i, frameCount = 3; + int8_t byte; + AFframecount result; + + setup = afNewFileSetup(); + + afInitFileFormat(setup, AF_FILE_WAVE); + + afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16); + afInitChannels(setup, AF_DEFAULT_TRACK, 2); + + char testFileName[PATH_MAX]; + if (!createTemporaryFile("sixteen-to-eight", &testFileName)) + { + fprintf(stderr, "Could not create temporary file.\n"); + exit(EXIT_FAILURE); + } + + file = afOpenFile(testFileName, "w", setup); + if (file == AF_NULL_FILEHANDLE) + { + fprintf(stderr, "could not open file for writing\n"); + exit(EXIT_FAILURE); + } + + afFreeFileSetup(setup); + + afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount); + + afCloseFile(file); + + file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP); + if (file == AF_NULL_FILEHANDLE) + { + fprintf(stderr, "could not open file for reading\n"); + exit(EXIT_FAILURE); + } + + afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8); + afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1); + + for (i=0; i<frameCount; i++) + { + /* Read one frame. */ + result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1); + + if (result != 1) + break; + + /* Compare the byte read with its precalculated value. */ + if (memcmp(&byte, &frames8[i], 1) != 0) + { + printf("error\n"); + printf("expected %d, got %d\n", frames8[i], byte); + exit(EXIT_FAILURE); + } + else + { +#ifdef DEBUG + printf("got what was expected: %d\n", byte); +#endif + } + } + + afCloseFile(file); + unlink(testFileName); + + exit(EXIT_SUCCESS); +}
