Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package audiofile for openSUSE:Factory checked in at 2025-05-23 14:29:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/audiofile (Old) and /work/SRC/openSUSE:Factory/.audiofile.new.2732 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "audiofile" Fri May 23 14:29:14 2025 rev:43 rq:1277567 version:0.3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/audiofile/audiofile.changes 2025-05-03 20:58:09.043547249 +0200 +++ /work/SRC/openSUSE:Factory/.audiofile.new.2732/audiofile.changes 2025-05-23 14:30:39.028825461 +0200 @@ -1,0 +2,6 @@ +Wed May 14 02:41:16 UTC 2025 - Alynx Zhou <alynx.z...@suse.com> + +- Add audiofile-CVE-2019-13147.patch: Do not allow too many channel + to prevent NULL pointer dereference (bsc#1140031). + +------------------------------------------------------------------- New: ---- audiofile-CVE-2019-13147.patch BETA DEBUG BEGIN: New: - Add audiofile-CVE-2019-13147.patch: Do not allow too many channel to prevent NULL pointer dereference (bsc#1140031). BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ audiofile.spec ++++++ --- /var/tmp/diff_new_pack.qYjv9A/_old 2025-05-23 14:30:39.720854682 +0200 +++ /var/tmp/diff_new_pack.qYjv9A/_new 2025-05-23 14:30:39.720854682 +0200 @@ -49,6 +49,8 @@ Patch10: createTemporaryFile-argument-fix.patch # PATCH-FIX-UPSTREAM audiofile-CVE-2022-24599.patch bsc#1196487 alynx.z...@suse.com -- Clear buffer when allocating https://github.com/mpruett/audiofile/issues/60#issuecomment-1806866667 Patch11: audiofile-CVE-2022-24599.patch +# PATCH-FIX-UPSTREAM audiofile-CVE-2019-13147.patch bsc#1140031 alynx.z...@suse.com -- Prevent too many channel https://github.com/mpruett/audiofile/issues/54#issuecomment-1806876076 +Patch12: audiofile-CVE-2019-13147.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ ++++++ audiofile-CVE-2019-13147.patch ++++++ diff --unified --recursive --text --new-file --color audiofile-0.3.6/libaudiofile/NeXT.cpp audiofile-0.3.6.new/libaudiofile/NeXT.cpp --- audiofile-0.3.6/libaudiofile/NeXT.cpp 2013-03-06 13:30:03.000000000 +0800 +++ audiofile-0.3.6.new/libaudiofile/NeXT.cpp 2025-05-14 10:45:11.685700984 +0800 @@ -32,6 +32,7 @@ #include <stdint.h> #include <stdlib.h> #include <string.h> +#include <limits.h> #include "File.h" #include "Setup.h" @@ -122,6 +123,12 @@ _af_error(AF_BAD_CHANNELS, "invalid file with 0 channels"); return AF_FAIL; } + /* avoid overflow of INT for double size rate */ + if (channelCount > (INT32_MAX / (sizeof(double)))) + { + _af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount); + return AF_FAIL; + } Track *track = allocateTrack(); if (!track)
