Hello community, here is the log from the commit of package libsndfile for openSUSE:11.4 checked in at Tue Jul 19 13:08:08 CEST 2011.
-------- --- old-versions/11.4/all/libsndfile/libsndfile.changes 2010-10-13 00:43:52.000000000 +0200 +++ 11.4/libsndfile/libsndfile.changes 2011-07-18 17:43:32.000000000 +0200 @@ -0,0 +1,6 @@ +------------------------------------------------------------------ +Mon Jul 18 17:36:03 CEST 2011 - ti...@suse.de + +- Fix VUL-0: libsndfile: Integer overflow by processing certain + PAF files (CVE-2011-2696, bnc#705681) + Package does not exist at destination yet. Using Fallback old-versions/11.4/all/libsndfile Destination is old-versions/11.4/UPDATES/all/libsndfile calling whatdependson for 11.4-i586 New: ---- libsndfile-CVE-2011-2696.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsndfile-progs.spec ++++++ --- /var/tmp/diff_new_pack.C0dCKV/_old 2011-07-19 13:07:21.000000000 +0200 +++ /var/tmp/diff_new_pack.C0dCKV/_new 2011-07-19 13:07:21.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libsndfile-progs (Version 1.0.23) +# spec file for package libsndfile-progs # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ BuildRequires: alsa-devel flac-devel gcc-c++ libjack-devel libvorbis-devel pkgconfig sqlite-devel Summary: Example Programs for libsndfile Version: 1.0.23 -Release: 1 +Release: 1.<RELEASE2> License: LGPLv2.1+ Group: System/Libraries Source: libsndfile-%{version}.tar.bz2 ++++++ libsndfile.spec ++++++ --- /var/tmp/diff_new_pack.C0dCKV/_old 2011-07-19 13:07:21.000000000 +0200 +++ /var/tmp/diff_new_pack.C0dCKV/_new 2011-07-19 13:07:21.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libsndfile (Version 1.0.23) +# spec file for package libsndfile # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ BuildRequires: alsa-devel flac-devel gcc-c++ libvorbis-devel pkg-config sqlite-devel Summary: A Library to Handle Various Audio File Formats Version: 1.0.23 -Release: 1 +Release: 3.<RELEASE4> License: LGPLv2.1+ Group: System/Libraries Obsoletes: libsnd @@ -34,6 +34,7 @@ Source: libsndfile-%{version}.tar.bz2 Source2: baselibs.conf Patch: libsndfile-example-fix.diff +Patch1: libsndfile-CVE-2011-2696.diff Url: http://www.mega-nerd.com/libsndfile/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -75,6 +76,7 @@ %prep %setup -q %patch +%patch1 -p1 %build %define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter ++++++ libsndfile-CVE-2011-2696.diff ++++++ === modified file 'ChangeLog' --- src/common.h | 1 + src/paf.c | 7 +++++-- src/sndfile.c | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) --- a/src/common.h +++ b/src/common.h @@ -557,6 +557,7 @@ SFE_PAF_VERSION, SFE_PAF_UNKNOWN_FORMAT, SFE_PAF_SHORT_HEADER, + SFE_PAF_BAD_CHANNELS, SFE_SVX_NO_FORM, SFE_SVX_NO_BODY, --- a/src/paf.c +++ b/src/paf.c @@ -163,6 +163,9 @@ { PAF_FMT paf_fmt ; int marker ; + if (psf->filelength < PAF_HEADER_LENGTH) + return SFE_PAF_SHORT_HEADER ; + memset (&paf_fmt, 0, sizeof (paf_fmt)) ; psf_binheader_readf (psf, "pm", 0, &marker) ; @@ -199,8 +202,8 @@ psf->endian = SF_ENDIAN_BIG ; } ; - if (psf->filelength < PAF_HEADER_LENGTH) - return SFE_PAF_SHORT_HEADER ; + if (paf_fmt.channels > SF_MAX_CHANNELS) + return SFE_PAF_BAD_CHANNELS ; psf->datalength = psf->filelength - psf->dataoffset ; --- a/src/sndfile.c +++ b/src/sndfile.c @@ -173,6 +173,7 @@ { SFE_PAF_VERSION , "Error in PAF file, bad version." }, { SFE_PAF_UNKNOWN_FORMAT , "Error in PAF file, unknown format." }, { SFE_PAF_SHORT_HEADER , "Error in PAF file. File shorter than minimal header." }, + { SFE_PAF_BAD_CHANNELS , "Error in PAF file. Bad channel count." }, { SFE_SVX_NO_FORM , "Error in 8SVX / 16SV file, no 'FORM' marker." }, { SFE_SVX_NO_BODY , "Error in 8SVX / 16SV file, no 'BODY' marker." }, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org