Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package audiofile for openSUSE:Factory checked in at 2025-05-03 20:58:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/audiofile (Old) and /work/SRC/openSUSE:Factory/.audiofile.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "audiofile" Sat May 3 20:58:05 2025 rev:42 rq:1273942 version:0.3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/audiofile/audiofile.changes 2024-03-13 22:17:51.978699620 +0100 +++ /work/SRC/openSUSE:Factory/.audiofile.new.30101/audiofile.changes 2025-05-03 20:58:09.043547249 +0200 @@ -1,0 +2,6 @@ +Wed Apr 30 06:51:00 UTC 2025 - Alynx Zhou <alynx.z...@suse.com> + +- Add audiofile-CVE-2022-24599.patch: Clear buffer when allocating + (bsc#1196487). + +------------------------------------------------------------------- New: ---- audiofile-CVE-2022-24599.patch BETA DEBUG BEGIN: New: - Add audiofile-CVE-2022-24599.patch: Clear buffer when allocating (bsc#1196487). BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ audiofile.spec ++++++ --- /var/tmp/diff_new_pack.7fL2iR/_old 2025-05-03 20:58:11.643656850 +0200 +++ /var/tmp/diff_new_pack.7fL2iR/_new 2025-05-03 20:58:11.651657188 +0200 @@ -1,7 +1,7 @@ # # spec file for package audiofile # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -47,6 +47,8 @@ Patch9: 0007-set-the-output-chunk-to-the-amount-of-frames.patch # PATCH-FIX-OPENSUSE bsc#1221308 -- correction to audiofile-CVE-2015-7747.patch Patch10: createTemporaryFile-argument-fix.patch +# PATCH-FIX-UPSTREAM audiofile-CVE-2022-24599.patch bsc#1196487 alynx.z...@suse.com -- Clear buffer when allocating https://github.com/mpruett/audiofile/issues/60#issuecomment-1806866667 +Patch11: audiofile-CVE-2022-24599.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ ++++++ audiofile-CVE-2022-24599.patch ++++++ diff --unified --recursive --text --new-file --color audiofile-0.3.6.old/sfcommands/printinfo.c audiofile-0.3.6.new/sfcommands/printinfo.c --- audiofile-0.3.6.old/sfcommands/printinfo.c 2013-03-06 13:30:03.000000000 +0800 +++ audiofile-0.3.6.new/sfcommands/printinfo.c 2025-04-30 15:18:24.778177640 +0800 @@ -37,6 +37,7 @@ #include <stdint.h> #include <stdio.h> #include <stdlib.h> +#include <limits.h> static char *copyrightstring (AFfilehandle file); @@ -147,7 +148,11 @@ int i, misccount; misccount = afGetMiscIDs(file, NULL); - miscids = (int *) malloc(sizeof (int) * misccount); + if (!misccount) + return NULL; + miscids = (int *)calloc(misccount, sizeof(int)); + if (!miscids) + return NULL; afGetMiscIDs(file, miscids); for (i=0; i<misccount; i++) @@ -159,13 +164,16 @@ If this code executes, the miscellaneous chunk is a copyright chunk. */ - int datasize = afGetMiscSize(file, miscids[i]); - char *data = (char *) malloc(datasize); + size_t datasize = afGetMiscSize(file, miscids[i]); + if (datasize >= INT_MAX - 1) + goto error; + char *data = (char *)calloc(datasize + 1, sizeof(char)); afReadMisc(file, miscids[i], data, datasize); copyright = data; break; } +error: free(miscids); return copyright;
