aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoralpine-mips-patches <info@mobile-stream.com>2019-03-07 15:14:20 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-04-12 10:33:20 +0000
commitafcf91b3195a7e0e88b3c570d405ddd1f4591460 (patch)
tree7996bdcd2e70d6febbff142c1b6ef2f1b61dff27
parentdf783fb4ec118d2b2d6ad60ba87247d67895ed7d (diff)
downloadaports-afcf91b3195a7e0e88b3c570d405ddd1f4591460.tar.gz
aports-afcf91b3195a7e0e88b3c570d405ddd1f4591460.tar.bz2
aports-afcf91b3195a7e0e88b3c570d405ddd1f4591460.tar.xz
main/libsndfile: update CVE-2018-19758 fix from upstream
The CVE-2018-19758.patch is now a merge of relevant bits from two upstream commits: 42132c543358cee9f7c3e9e9b15bb6c1063a608e 6d7ce94c020cc720a6b28719d1a7879181790008 Fixes #10108
-rw-r--r--main/libsndfile/APKBUILD5
-rw-r--r--main/libsndfile/CVE-2018-19758.patch13
2 files changed, 17 insertions, 1 deletions
diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index d8b9f06781..6cc76e7dd2 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libsndfile
pkgver=1.0.28
-pkgrel=5
+pkgrel=6
pkgdesc="A C library for reading and writing files containing sampled sound"
url="http://www.mega-nerd.com/libsndfile"
arch="all"
@@ -22,6 +22,9 @@ source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz
[ "$CARCH" = "armhf" ] && options="!check"
# secfixes:
+# 1.0.28-r6:
+# - CVE-2018-19758
+# - CVE-2019-3832
# 1.0.28-r5:
# - CVE-2017-17456
# - CVE-2017-17457
diff --git a/main/libsndfile/CVE-2018-19758.patch b/main/libsndfile/CVE-2018-19758.patch
new file mode 100644
index 0000000000..7b4e9477bb
--- /dev/null
+++ b/main/libsndfile/CVE-2018-19758.patch
@@ -0,0 +1,13 @@
+--- a/src/wav.c.orig
++++ b/src/wav.c
+@@ -1094,6 +1094,10 @@
+ psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+ psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+
++ /* Make sure we don't read past the loops array end. */
++ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
++
+ for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ { int type ;
+