Hello community, here is the log from the commit of package libsndfile for openSUSE:Factory checked in at 2018-06-15 14:33:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsndfile (Old) and /work/SRC/openSUSE:Factory/.libsndfile.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsndfile" Fri Jun 15 14:33:46 2018 rev:54 rq:615239 version:1.0.28 Changes: -------- --- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes 2017-12-21 11:21:59.085078039 +0100 +++ /work/SRC/openSUSE:Factory/.libsndfile.new/libsndfile.changes 2018-06-15 14:33:51.239603159 +0200 @@ -1,0 +2,15 @@ +Fri Jun 8 14:49:18 CEST 2018 - [email protected] + +- Use license file tag + +------------------------------------------------------------------- +Fri Jun 8 14:46:54 CEST 2018 - [email protected] + +- Fix potential overflow in d2alaw_array() (CVE-2017-17456, + bsc#1071777): + libsndfile-CVE-2017-17456-alaw-range-check.patch +- Fix potential overflow in d2ulaw_array() (CVE-2017-17457, + bsc#1071767): + libsndfile-CVE-2017-17457-ulaw-range-check.patch + +------------------------------------------------------------------- New: ---- libsndfile-CVE-2017-17456-alaw-range-check.patch libsndfile-CVE-2017-17457-ulaw-range-check.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsndfile-progs.spec ++++++ --- /var/tmp/diff_new_pack.sKLCW7/_old 2018-06-15 14:33:52.195568193 +0200 +++ /var/tmp/diff_new_pack.sKLCW7/_new 2018-06-15 14:33:52.199568046 +0200 @@ -1,7 +1,7 @@ # # spec file for package libsndfile-progs # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Version: 1.0.28 Release: 0 Summary: Example Programs for libsndfile -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Url: http://www.mega-nerd.com/libsndfile/ Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz ++++++ libsndfile.spec ++++++ --- /var/tmp/diff_new_pack.sKLCW7/_old 2018-06-15 14:33:52.227567022 +0200 +++ /var/tmp/diff_new_pack.sKLCW7/_new 2018-06-15 14:33:52.231566875 +0200 @@ -1,7 +1,7 @@ # # spec file for package libsndfile # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Version: 1.0.28 Release: 0 Summary: Development/Libraries/C and C++ -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Url: http://www.mega-nerd.com/libsndfile Source0: http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz @@ -36,6 +36,9 @@ Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch # not yet upstreamed, https://github.com/erikd/libsndfile/issues/317 Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch +# not yet upstreamed +Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch +Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel @@ -89,6 +92,8 @@ %patch20 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 +%patch33 -p1 %patch100 -p1 %build @@ -133,8 +138,9 @@ %files devel %defattr(-, root, root) -%doc AUTHORS COPYING ChangeLog NEWS README +%doc AUTHORS ChangeLog NEWS README %doc doc/*.html doc/*.jpg doc/*.css doc/*.HOWTO +%license COPYING %{_libdir}/libsndfile.so %{_includedir}/sndfile.h %{_includedir}/sndfile.hh ++++++ libsndfile-CVE-2017-17456-alaw-range-check.patch ++++++ --- src/alaw.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) --- a/src/alaw.c +++ b/src/alaw.c @@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count, static inline void f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact) { while (--count >= 0) - { if (ptr [count] >= 0) - buffer [count] = alaw_encode [lrintf (normfact * ptr [count])] ; - else - buffer [count] = 0x7F & alaw_encode [- lrintf (normfact * ptr [count])] ; + { int idx; + if (isnan (ptr [count])) { + buffer [count] = alaw_encode [0] ; + } else if (ptr [count] >= 0) { + idx = lrintf (normfact * ptr [count]) ; + if (idx > 2048) + idx = 2048; + buffer [count] = alaw_encode [idx] ; + } else { + idx = -lrintf (normfact * ptr [count]) ; + if (idx > 2048) + idx = 2048 ; + buffer [count] = 0x7F & alaw_encode [idx] ; + } } ; } /* f2alaw_array */ static inline void d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact) { while (--count >= 0) - { if (ptr [count] >= 0) - buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ; - else - buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ; + { int idx; + if (isnan (ptr [count])) { + buffer [count] = alaw_encode [0] ; + } else if (ptr [count] >= 0) { + idx = lrintf (normfact * ptr [count]) ; + if (idx > 2048) + idx = 2048; + buffer [count] = alaw_encode [idx] ; + } else { + idx = -lrintf (normfact * ptr [count]) ; + if (idx > 2048) + idx = 2048 ; + buffer [count] = 0x7F & alaw_encode [idx] ; + } } ; } /* d2alaw_array */ ++++++ libsndfile-CVE-2017-17457-ulaw-range-check.patch ++++++ --- src/ulaw.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) --- a/src/ulaw.c +++ b/src/ulaw.c @@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count, static inline void f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact) { while (--count >= 0) - { if (ptr [count] >= 0) - buffer [count] = ulaw_encode [lrintf (normfact * ptr [count])] ; - else - buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact * ptr [count])] ; + { int idx; + if (isnan (ptr [count])) { + buffer [count] = ulaw_encode [0]; + } else if (ptr [count] >= 0) { + idx = lrint (normfact * ptr [count]); + if (idx > 8192) + idx = 8192; + buffer [count] = ulaw_encode [idx] ; + } else { + idx = -lrint (normfact * ptr [count]) ; + if (idx > 8192) + idx = 8192; + buffer [count] = 0x7F & ulaw_encode [idx] ; + } } ; } /* f2ulaw_array */ static inline void d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact) { while (--count >= 0) - { if (ptr [count] >= 0) - buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ; - else - buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ; + { int idx; + if (isnan (ptr [count])) { + buffer [count] = ulaw_encode [0]; + } else if (ptr [count] >= 0) { + idx = lrint (normfact * ptr [count]); + if (idx > 8192) + idx = 8192; + buffer [count] = ulaw_encode [idx] ; + } else { + idx = -lrint (normfact * ptr [count]) ; + if (idx > 8192) + idx = 8192; + buffer [count] = 0x7F & ulaw_encode [idx] ; + } } ; } /* d2ulaw_array */
