Hello community, here is the log from the commit of package aubio for openSUSE:Factory checked in at 2018-06-26 10:37:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aubio (Old) and /work/SRC/openSUSE:Factory/.aubio.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aubio" Tue Jun 26 10:37:07 2018 rev:24 rq:615283 version:0.4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/aubio/aubio.changes 2018-05-01 23:24:48.273958037 +0200 +++ /work/SRC/openSUSE:Factory/.aubio.new/aubio.changes 2018-06-26 10:37:13.499232611 +0200 @@ -1,0 +2,12 @@ +Fri Jun 8 16:19:05 CEST 2018 - [email protected] + +- Use license file tag + +------------------------------------------------------------------- +Fri Jun 8 16:08:08 CEST 2018 - [email protected] + +- Fix segfault with malformed input file (CVE-2017-17554, + bsc#1072317): + aubio-resampler-NULL-deref-fix.patch + +------------------------------------------------------------------- New: ---- aubio-resampler-NULL-deref-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aubio.spec ++++++ --- /var/tmp/diff_new_pack.4OwI3F/_old 2018-06-26 10:37:14.179207617 +0200 +++ /var/tmp/diff_new_pack.4OwI3F/_new 2018-06-26 10:37:14.183207470 +0200 @@ -43,6 +43,7 @@ Source1: http://aubio.org/pub/%{name}-%{version}.tar.bz2.asc Source99: baselibs.conf Patch1: aubio-wavread-input-validation.patch +Patch2: aubio-resampler-NULL-deref-fix.patch Url: http://aubio.org BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libpkgname} = %{version}-%{release} @@ -85,6 +86,7 @@ %prep %setup -q %patch1 -p1 +%patch2 -p1 sed -e "s,/lib,/%_lib," src/wscript_build > src/wscript_build.new diff -u src/wscript_build src/wscript_build.new || : mv src/wscript_build.new src/wscript_build @@ -110,7 +112,8 @@ %files -n libaubio-devel %defattr(-, root, root) -%doc AUTHORS ChangeLog COPYING README.md +%doc AUTHORS ChangeLog README.md +%license COPYING %{_libdir}/lib*.so %{_libdir}/pkgconfig/*.pc %{_includedir}/aubio ++++++ aubio-resampler-NULL-deref-fix.patch ++++++ From: Takashi Iwai <[email protected]> Subject: Fix a NULl dereference in aubio_source_avcodec_readframe() References: bsc#1072317 CVE-2017-17554 Signed-off-by: Takashi Iwai <[email protected]> --- src/io/source_avcodec.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/src/io/source_avcodec.c +++ b/src/io/source_avcodec.c @@ -420,6 +420,8 @@ void aubio_source_avcodec_readframe(aubi } #ifdef HAVE_AVRESAMPLE + if (!avr) + goto beach; in_linesize = 0; av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels, avFrame->nb_samples, avCodecCtx->sample_fmt, 1); @@ -430,6 +432,8 @@ void aubio_source_avcodec_readframe(aubi (uint8_t **)&output, out_linesize, max_out_samples, (uint8_t **)avFrame->data, in_linesize, in_samples); #elif defined(HAVE_SWRESAMPLE) + if (!avr) + goto beach; in_samples = avFrame->nb_samples; max_out_samples = AUBIO_AVCODEC_MAX_BUFFER_SIZE / avCodecCtx->channels; out_samples = swr_convert( avr,
