CVS commit: pkgsrc/audio/libsndfile

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/audio/libsndfile
From: "Nia Alarie" <nia%netbsd.org@localhost>
Date: Thu, 9 Sep 2021 12:03:10 +0000

Module Name:    pkgsrc
Committed By:   nia
Date:           Thu Sep  9 12:03:10 UTC 2021

Modified Files:
        pkgsrc/audio/libsndfile: Makefile distinfo
Added Files:
        pkgsrc/audio/libsndfile/patches: patch-CVE-2021-3246
            patch-src_wavlike.c

Log Message:
libsndfile: apply patch for CVE-2021-3246


To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 pkgsrc/audio/libsndfile/Makefile
cvs rdiff -u -r1.49 -r1.50 pkgsrc/audio/libsndfile/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/audio/libsndfile/patches/patch-CVE-2021-3246 \
    pkgsrc/audio/libsndfile/patches/patch-src_wavlike.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/audio/libsndfile/Makefile
diff -u pkgsrc/audio/libsndfile/Makefile:1.86 pkgsrc/audio/libsndfile/Makefile:1.87
--- pkgsrc/audio/libsndfile/Makefile:1.86       Sun Jan 24 14:50:25 2021
+++ pkgsrc/audio/libsndfile/Makefile    Thu Sep  9 12:03:09 2021
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.86 2021/01/24 14:50:25 nia Exp $
+# $NetBSD: Makefile,v 1.87 2021/09/09 12:03:09 nia Exp $
 
 DISTNAME=      libsndfile-1.0.31
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libsndfile/}
 GITHUB_PROJECT=        libsndfile

Index: pkgsrc/audio/libsndfile/distinfo
diff -u pkgsrc/audio/libsndfile/distinfo:1.49 pkgsrc/audio/libsndfile/distinfo:1.50
--- pkgsrc/audio/libsndfile/distinfo:1.49       Sun Jan 24 14:50:25 2021
+++ pkgsrc/audio/libsndfile/distinfo    Thu Sep  9 12:03:09 2021
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.49 2021/01/24 14:50:25 nia Exp $
+$NetBSD: distinfo,v 1.50 2021/09/09 12:03:09 nia Exp $
 
 SHA1 (libsndfile-1.0.31.tar.bz2) = f16a88e7223baef7c4497536dc1b55b56811debc
 RMD160 (libsndfile-1.0.31.tar.bz2) = ae3fc5bbcb10a034f3edc1240acacd9f1ec349a7
 SHA512 (libsndfile-1.0.31.tar.bz2) = 62202092e5cac6346fd3c0a977380e9bf888fc59d08c9c9707dc254a8ef6ed6356da2ab0430bb970c7b06ba5bb1dafa5d7b0fe13898834c1fe4acb16f409f0e1
 Size (libsndfile-1.0.31.tar.bz2) = 875335 bytes
+SHA1 (patch-CVE-2021-3246) = 08620e24b8a41afd7c164781bf6088028ffc97ed
+SHA1 (patch-src_wavlike.c) = b2524c62d8dad9959ff7a50c412b0e85bf433f47

Added files:

Index: pkgsrc/audio/libsndfile/patches/patch-CVE-2021-3246
diff -u /dev/null pkgsrc/audio/libsndfile/patches/patch-CVE-2021-3246:1.1
--- /dev/null   Thu Sep  9 12:03:10 2021
+++ pkgsrc/audio/libsndfile/patches/patch-CVE-2021-3246 Thu Sep  9 12:03:10 2021
@@ -0,0 +1,31 @@
+$NetBSD: patch-CVE-2021-3246,v 1.1 2021/09/09 12:03:10 nia Exp $
+
+[PATCH] ms_adpcm: Fix and extend size checks
+
+'blockalign' is the size of a block, and each block contains 7 samples
+per channel as part of the preamble, so check against 'samplesperblock'
+rather than 'blockalign'. Also add an additional check that the block
+is big enough to hold the samples it claims to hold.
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
+https://github.com/libsndfile/libsndfile/pull/713
+
+--- src/ms_adpcm.c.orig        2021-01-23 16:12:45.000000000 +0000
++++ src/ms_adpcm.c
+@@ -128,8 +128,14 @@ wavlike_msadpcm_init      (SF_PRIVATE *psf, i
+       if (psf->file.mode == SFM_WRITE)
+               samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
+ 
+-      if (blockalign < 7 * psf->sf.channels)
+-      {       psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
++      /* There's 7 samples per channel in the preamble of each block */
++      if (samplesperblock < 7 * psf->sf.channels)
++      {       psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
++              return SFE_INTERNAL ;
++              } ;
++
++      if (2 * blockalign < samplesperblock * psf->sf.channels)
++      {       psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
+               return SFE_INTERNAL ;
+               } ;
+ 
Index: pkgsrc/audio/libsndfile/patches/patch-src_wavlike.c
diff -u /dev/null pkgsrc/audio/libsndfile/patches/patch-src_wavlike.c:1.1
--- /dev/null   Thu Sep  9 12:03:10 2021
+++ pkgsrc/audio/libsndfile/patches/patch-src_wavlike.c Thu Sep  9 12:03:10 2021
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_wavlike.c,v 1.1 2021/09/09 12:03:10 nia Exp $
+
+[PATCH] wavlike: Fix incorrect size check
+
+The SF_CART_INFO_16K struct has an additional 4 byte field to hold
+the size of 'tag_text' which the file header doesn't, so don't
+include it as part of the check when looking for the max length.
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026
+https://github.com/libsndfile/libsndfile/pull/713
+
+--- src/wavlike.c.orig 2021-01-23 16:12:45.000000000 +0000
++++ src/wavlike.c
+@@ -830,7 +830,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf
+               return 0 ;
+               } ;
+ 
+-      if (chunksize >= sizeof (SF_CART_INFO_16K))
++      /*
++      **      SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't part
++      **      of the chunk, so don't include it in the size check.
++      */
++      if (chunksize >= sizeof (SF_CART_INFO_16K) - 4)
+       {       psf_log_printf (psf, "cart : %u too big to be handled\n", chunksize) ;
+               psf_binheader_readf (psf, "j", chunksize) ;
+               return 0 ;

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/audio/libsndfile
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/audio/libsndfile
Indexes:

Home | Main Index | Thread Index | Old Index