rpms/libsndfile/EL-5 libsndfile-1.0.17-channels-per-frame-overflow.patch, NONE, 1.1 libsndfile.spec, 1.14, 1.15

Michel Alexandre Salim salimma at fedoraproject.org
Wed Jul 7 23:14:33 UTC 2010 

Author: salimma

Update of /cvs/pkgs/rpms/libsndfile/EL-5
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv20668

Modified Files:
	libsndfile.spec 
Added Files:
	libsndfile-1.0.17-channels-per-frame-overflow.patch 
Log Message:
* Thu Jul  8 2010 Michel Salim <salimma at fedoraproject.org> - 1.0.17-3
- Fix for channel per frame overflow (CVE-2009-0186, #488364)


libsndfile-1.0.17-channels-per-frame-overflow.patch:
 caf.c |    5 +++++
 1 file changed, 5 insertions(+)

--- NEW FILE libsndfile-1.0.17-channels-per-frame-overflow.patch ---
diff -up libsndfile-1.0.17/src/caf.c.orig libsndfile-1.0.17/src/caf.c
--- libsndfile-1.0.17/src/caf.c.orig	2006-08-31 11:22:07.000000000 +0200
+++ libsndfile-1.0.17/src/caf.c	2010-07-07 15:25:35.579607380 +0200
@@ -282,6 +282,11 @@ caf_read_header (SF_PRIVATE *psf)
 			"  Frames / packet  : %u\n  Channels / frame : %u\n  Bits / channel   : %u\n",
 			desc.fmt_id, desc.fmt_flags, desc.pkt_bytes, desc.pkt_frames, desc.channels_per_frame, desc.bits_per_chan) ;
 
+	if (desc.channels_per_frame > 200)
+	{       psf_log_printf (psf, "**** Bad channels per frame value %u.\n", desc.channels_per_frame) ;
+		return SFE_MALFORMED_FILE ;
+		} ;
+
 	if (chunk_size > SIGNED_SIZEOF (DESC_CHUNK))
 		psf_binheader_readf (psf, "j", (int) (chunk_size - sizeof (DESC_CHUNK))) ;
 



Index: libsndfile.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsndfile/EL-5/libsndfile.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- libsndfile.spec	20 Sep 2007 11:38:03 -0000	1.14
+++ libsndfile.spec	7 Jul 2010 23:14:31 -0000	1.15
@@ -1,13 +1,14 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
 Version:	1.0.17
-Release:	2%{?dist}
+Release:	3%{?dist}
 License:	LGPL
 Group:		System Environment/Libraries
 URL:		http://www.mega-nerd.com/libsndfile/
-Source0:	http://www.mega-nerd.com/libsndfile/libsndfile-%{version}.tar.gz
+Source0:	http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
 Patch0:         libsndfile-1.0.17+flac-1.1.3.patch
 Patch1:         libsndfile-1.0.17-flac-buffer-overflow.patch
+Patch2:		libsndfile-1.0.17-channels-per-frame-overflow.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
 
 BuildRequires:	alsa-lib-devel
@@ -35,6 +36,7 @@ This package contains files needed to de
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure --disable-dependency-tracking
@@ -82,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Jul  8 2010 Michel Salim <salimma at fedoraproject.org> - 1.0.17-3
+- Fix for channel per frame overflow (CVE-2009-0186, #488364)
+
 * Thu Sep 20 2007 Andreas Thienemann <andreas at bawue.net> - 1.0.17-2
 - Adding FLAC support to libsndfile courtesy of gentoo, #237575
 - Fixing CVE-2007-4974. Thanks to the gentoo people for the patch, #296221

More information about the scm-commits mailing list