Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=a751470e7699ed0e0caec21a1d7eb01847d9c720
commit a751470e7699ed0e0caec21a1d7eb01847d9c720
Author: VMiklos <[EMAIL PROTECTED]>
Date: Sun Sep 23 00:46:36 2007 +0200
libsndfile-1.0.17-3-i686
add CVE-2007-4974.diff
closes #2431
diff --git a/source/lib/libsndfile/CVE-2007-4974.diff
b/source/lib/libsndfile/CVE-2007-4974.diff
new file mode 100644
index 0000000..2ed559e
--- /dev/null
+++ b/source/lib/libsndfile/CVE-2007-4974.diff
@@ -0,0 +1,40 @@
+Index: libsndfile-1.0.17/src/flac.c
+===================================================================
+--- libsndfile-1.0.17.orig/src/flac.c
++++ libsndfile-1.0.17/src/flac.c
+@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf)
+ ** Private static functions.
+ */
+
+-#define ENC_BUFFER_SIZE 4096
++#define ENC_BUFFER_SIZE 8192
+
+ typedef enum
+ { PFLAC_PCM_SHORT = 0,
+@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ const FLAC__int32* const *buffer = pflac->wbuffer ;
+ unsigned i = 0, j, offset ;
+
++ /*
++ ** frame->header.blocksize is variable and we're using a constant
blocksize
++ ** of FLAC__MAX_BLOCK_SIZE.
++ ** Check our assumptions here.
++ */
++ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
++ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) >
FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize,
FLAC__MAX_BLOCK_SIZE) ;
++ psf->error = SFE_INTERNAL ;
++ return 0 ;
++ } ;
++
+ if (pflac->ptr == NULL)
+ { /*
+ ** Not sure why this code is here and not elsewhere.
+@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ pflac->bufferbackup = SF_TRUE ;
+ for (i = 0 ; i < frame->header.channels ; i++)
+ { if (pflac->rbuffer [i] == NULL)
+- pflac->rbuffer [i] = calloc
(frame->header.blocksize, sizeof (FLAC__int32)) ;
++ pflac->rbuffer [i] = calloc
(FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
+ memcpy (pflac->rbuffer [i], buffer [i],
frame->header.blocksize * sizeof (FLAC__int32)) ;
+ } ;
+ pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;
diff --git a/source/lib/libsndfile/FrugalBuild
b/source/lib/libsndfile/FrugalBuild
index 67fbedb..5c5227b 100644
--- a/source/lib/libsndfile/FrugalBuild
+++ b/source/lib/libsndfile/FrugalBuild
@@ -3,7 +3,7 @@
pkgname=libsndfile
pkgver=1.0.17
-pkgrel=2
+pkgrel=3
pkgdesc="Libsndfile is a C library for reading and writing files containing
sampled sound"
url="http://www.mega-nerd.com/libsndfile";
groups=('lib')
@@ -11,17 +11,18 @@ archs=('i686' 'x86_64')
depends=('flac>=1.1.3' 'sqlite3' 'alsa-lib')
up2date="lynx -dump 'http://www.mega-nerd.com/libsndfile/'|grep Version|tail -n
1|tr -s ' '|cut -d ' ' -f 4"
source=(http://www.mega-nerd.com/libsndfile/$pkgname-$pkgver.tar.gz \
- libsndfile-fixhtmldocsdir.patch libsndfile-flac113.patch)
+ libsndfile-fixhtmldocsdir.patch libsndfile-flac113.patch \
+ CVE-2007-4974.diff)
+sha1sums=('2f66798d596a15491fbd1191ded8125ed71ef411' \
+ '7c61fe6d99ebe664647ce5a1eaf0dce13a183c17' \
+ '4813db22f1dee9f8b3affccbf3783e53160366a1' \
+ 'aaa818fdfa35002af77b84b19398dae5c3f53744')
build() {
- Fcd
Fpatchall
Fautoreconf
Fmake
Fmakeinstall
}
-sha1sums=('2f66798d596a15491fbd1191ded8125ed71ef411'\
- '7c61fe6d99ebe664647ce5a1eaf0dce13a183c17'\
- '4813db22f1dee9f8b3affccbf3783e53160366a1')
# optimization OK
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
