main/wavpack: fix a few CVEs

ref #10756
author: Leo <thinkabit.ukim@gmail.com> 2019-08-23 11:43:03 -0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-08-26 08:49:25 +0000
commit: ac2fd8a89cfc84daba107884f80429f966353415 (patch)
tree: 31ca20d8206724de4242352c111ac45bb55b1625
parent: 0a567245f3079886830dc952c86c95d8f6b1c9de (diff)
5 files changed, 147 insertions, 3 deletions
diff --git a/main/wavpack/APKBUILD b/main/wavpack/APKBUILD
index d285d92dd12..2834c2c5500 100644
--- a/main/wavpack/APKBUILD
+++ b/main/wavpack/APKBUILD
@@ -3,14 +3,14 @@
 # Maintainer:  Natanael Copa <ncopa@alpinelinux.org>
 pkgname=wavpack
 pkgver=5.1.0
-pkgrel=7
+pkgrel=8
 pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
 url="http://www.wavpack.com/"
 arch="all"
 options="!check"  # No test suite.
 license="BSD-3-Clause"
 subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2
+source="http://www.wavpack.com/wavpack-$pkgver.tar.bz2
 	CVE-2018-6767.patch
 	CVE-2018-7253.patch
 	CVE-2018-7254.patch
@@ -18,9 +18,18 @@ source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2
 	CVE-2018-10538_10539_10540.patch
 	CVE-2018-19840.patch
 	CVE-2018-19841.patch
+	CVE-2019-1010315.patch
+	CVE-2019-11498.patch
+	CVE-2019-1010317.patch
+	CVE-2019-1010319.patch
 	"
 
 # secfixes:
+#   5.1.0-r8:
+#     - CVE-2019-1010319
+#     - CVE-2019-1010317
+#     - CVE-2019-1010315
+#     - CVE-2019-11498
 #   5.1.0-r7:
 #     - CVE-2018-19840
 #     - CVE-2018-19841
@@ -65,4 +74,8 @@ sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f4
 fd7ff58c53f9b4cec335e36017c5b1709c5526a2d44a54dfbeb050ea303997418d1fa312ebe39f521a35a6f2151b8a0f5845ee9bf6bbda22bef036e9fc0166a5  CVE-2018-10536_10537.patch
 a59eff2a8f47d4383f33667e7737f5e2e639778b367340169f1c5d6335c8948cfd8e1a7554e8b6c05a59d80a04048cf137c0f4fdfd88d2d88757404d3dac31ee  CVE-2018-10538_10539_10540.patch
 67d02dd744c638d126cf5a894d1ff2c39726bd4d3771ef7410ea782e5c9a0f9341909432bd4bea9b8959891c38699601c1aac2da6e0eaddaa5a4d679e7f58dd2  CVE-2018-19840.patch
-dba007fa8cb2537b6f6c8ee559a98e501e948260ce7e7af7d3fdc8c9145bbbbf85c8fed8030de354459c4b08d3015a0ea769a948636bdfd66e567c0a2d2493c6  CVE-2018-19841.patch"
+dba007fa8cb2537b6f6c8ee559a98e501e948260ce7e7af7d3fdc8c9145bbbbf85c8fed8030de354459c4b08d3015a0ea769a948636bdfd66e567c0a2d2493c6  CVE-2018-19841.patch
+46d0fb4483e5ea824b1bce67f2ea76894e16b3f86cd28f234c1e393ea1d859ac304f44f22a7e32cdfbd83ff83d99fc147e0f9de932ee674c4f565cc92e279c28  CVE-2019-1010315.patch
+30ad915f481eef07737cb95e44c1988441b72d0fc6731c4e48b391deb44168ad7536e0e7c3c9363e18f27814cade4c784e9a61e6a46e103aa88db0b42cef57e3  CVE-2019-11498.patch
+91b0fdefdfe2a3f135f3fdf947b43a7bc347e4cd21804d0e4997066997a32bc9bb218cc2ef6b1733c011d83c22035efd22cf993b7af5d0fa540441a3e9685c3c  CVE-2019-1010317.patch
+a180c662d41e96913b946782ae4679b944029d0d62161a7fc204c0b2ff898409a375a33d2376885fe425c449128de61f161867d1c264120682c0708aeea2d21e  CVE-2019-1010319.patch"
diff --git a/main/wavpack/CVE-2019-1010315.patch b/main/wavpack/CVE-2019-1010315.patch
new file mode 100644
index 00000000000..b52d8884a00
--- /dev/null
+++ b/main/wavpack/CVE-2019-1010315.patch
@@ -0,0 +1,36 @@
+From 4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Sat, 2 Mar 2019 18:37:14 -0800
+Subject: [PATCH] issue #65: make sure DSDIFF files have a valid channel count
+
+---
+ cli/dsdiff.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index 0ac4321..f357181 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -180,7 +180,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+ 
+             if (!strncmp (prop_chunk, "SND ", 4)) {
+                 char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
+-                uint16_t numChannels, chansSpecified, chanMask = 0;
++                uint16_t numChannels = 0, chansSpecified, chanMask = 0;
+                 uint32_t sampleRate;
+ 
+                 while (eptr - cptr >= sizeof (dff_chunk_header)) {
+@@ -279,6 +279,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             free (prop_chunk);
+         }
+         else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
++
++            if (!config->num_channels) {
++                error_line ("%s is not a valid .DFF file!", infilename);
++                return WAVPACK_SOFT_ERROR;
++            }
++
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+             break;
+         }
+
diff --git a/main/wavpack/CVE-2019-1010317.patch b/main/wavpack/CVE-2019-1010317.patch
new file mode 100644
index 00000000000..94f90275b82
--- /dev/null
+++ b/main/wavpack/CVE-2019-1010317.patch
@@ -0,0 +1,40 @@
+From f68a9555b548306c5b1ee45199ccdc4a16a6101b Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Mon, 4 Mar 2019 21:09:41 -0800
+Subject: [PATCH] issue #66: make sure CAF files have a "desc" chunk
+
+---
+ cli/caff.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/cli/caff.c b/cli/caff.c
+index 2a5e2d9..a35da74 100644
+--- a/cli/caff.c
++++ b/cli/caff.c
+@@ -152,7 +152,7 @@ static struct {
+ 
+ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
+ {
+-    uint32_t chan_chunk = 0, channel_layout = 0, bcount;
++    uint32_t chan_chunk = 0, desc_chunk = 0, channel_layout = 0, bcount;
+     unsigned char *channel_identities = NULL;
+     unsigned char *channel_reorder = NULL;
+     int64_t total_samples = 0, infilesize;
+@@ -218,6 +218,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+             }
+ 
+             WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat);
++            desc_chunk = 1;
+ 
+             if (debug_logging_mode) {
+                 char formatstr [5];
+@@ -458,7 +459,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+         else if (!strncmp (caf_chunk_header.mChunkType, "data", 4)) {     // on the data chunk, get size and exit loop
+             uint32_t mEditCount;
+ 
+-            if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
++            if (!desc_chunk || !DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
+                 bcount != sizeof (mEditCount)) {
+                     error_line ("%s is not a valid .CAF file!", infilename);
+                     return WAVPACK_SOFT_ERROR;
+
diff --git a/main/wavpack/CVE-2019-1010319.patch b/main/wavpack/CVE-2019-1010319.patch
new file mode 100644
index 00000000000..6a53ef8fbbc
--- /dev/null
+++ b/main/wavpack/CVE-2019-1010319.patch
@@ -0,0 +1,23 @@
+From 33a0025d1d63ccd05d9dbaa6923d52b1446a62fe Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Tue, 5 Mar 2019 21:21:48 -0800
+Subject: [PATCH] issue #68: clear WaveHeader at start to prevent uninitialized
+ read
+
+---
+ cli/wave64.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cli/wave64.c b/cli/wave64.c
+index 7beffe6..59548b1 100644
+--- a/cli/wave64.c
++++ b/cli/wave64.c
+@@ -56,6 +56,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+     int format_chunk = 0;
+     uint32_t bcount;
+ 
++    CLEAR (WaveHeader);
+     infilesize = DoGetFileSize (infile);
+     memcpy (&filehdr, fourcc, 4);
+ 
+
diff --git a/main/wavpack/CVE-2019-11498.patch b/main/wavpack/CVE-2019-11498.patch
new file mode 100644
index 00000000000..c94aee14665
--- /dev/null
+++ b/main/wavpack/CVE-2019-11498.patch
@@ -0,0 +1,32 @@
+From bc6cba3f552c44565f7f1e66dc1580189addb2b4 Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Tue, 5 Mar 2019 21:32:27 -0800
+Subject: [PATCH] issue #67: make sure sample rate is specified and non-zero in
+ DFF files
+
+---
+ cli/dsdiff.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index f357181..193adee 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -181,7 +181,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             if (!strncmp (prop_chunk, "SND ", 4)) {
+                 char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
+                 uint16_t numChannels = 0, chansSpecified, chanMask = 0;
+-                uint32_t sampleRate;
++                uint32_t sampleRate = 0;
+ 
+                 while (eptr - cptr >= sizeof (dff_chunk_header)) {
+                     memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
+@@ -280,7 +280,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+         }
+         else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
+ 
+-            if (!config->num_channels) {
++            if (!config->num_channels || !config->sample_rate) {
+                 error_line ("%s is not a valid .DFF file!", infilename);
+                 return WAVPACK_SOFT_ERROR;
+             }
author	Leo <thinkabit.ukim@gmail.com>	2019-08-23 11:43:03 -0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-08-26 08:49:25 +0000
commit	ac2fd8a89cfc84daba107884f80429f966353415 (patch)
tree	31ca20d8206724de4242352c111ac45bb55b1625
parent	0a567245f3079886830dc952c86c95d8f6b1c9de (diff)