TakeV/guix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

gnu: libsndfile: Remove graft for 1.0.30.

Browse source 
* gnu/packages/patches/libsndfile-CVE-2017-12562.patch,
gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch,
gnu/packages/patches/libsndfile-CVE-2017-8362.patch,
gnu/packages/patches/libsndfile-armhf-type-checks.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/pulseaudio.scm (libsndfile): Update to 1.0.30.
[replacement]: Remove.
[source](uri): Adjust for new URL.
[source](patches): Remove.
[source](modules, snippet): Incorporate from LIBSNDFILE-1.0.30.
[native-inputs]: Add PYTHON.
(libsndfile-1.0.30): Remove variable.
This commit is contained in:
Marius Bakke 2020-10-11 22:22:37 +02:00
parent 5e5b664bf7
commit 171c1f5ab3
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
6 changed files with 21 additions and 322 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
gnu/local.mk
View file

@ -1254,10 +1254,6 @@ dist_patch_DATA = \
%D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \
%D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \
%D%/packages/patches/libquicktime-ffmpeg.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
%D%/packages/patches/libsndfile-CVE-2017-12562.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtgvoip-disable-sse2.patch \
%D%/packages/patches/libtgvoip-disable-webrtc.patch \

97
gnu/packages/patches/libsndfile-CVE-2017-12562.patch
View file

@ -1,97 +0,0 @@
Fix CVE-2017-12562:
https://github.com/erikd/libsndfile/issues/292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562
Patch copied from upstream source repository:
https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
Date: Wed, 14 Jun 2017 12:25:40 +0200
Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
in binheader
Fixes the following problems:
1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
big switch statement by an amount (16 bytes) which is enough for all cases
where only a single value gets added. Cases 's', 'S', 'p' however
additionally write an arbitrary length block of data and again enlarge the
buffer to the required amount. However, the required space calculation does
not take into account the size of the length field which gets output before
the data.
3. Buffer size requirement calculation in case 'S' does not account for the
padding byte ("size += (size & 1) ;" happens after the calculation which
uses "size").
4. Case 'S' can overrun the header buffer by 1 byte when no padding is
involved
("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
the buffer is only guaranteed to have "size" space available).
5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
beyond the space which is guaranteed to be allocated in the header buffer.
6. Case 's' can overrun the provided source string by 1 byte if padding is
involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
plus optionally another 1 which is padding and not guaranteed to be
readable via the source string pointer).
Closes: https://github.com/erikd/libsndfile/issues/292
---
src/common.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/common.c b/src/common.c
index 1a6204ca..6b2a2ee9 100644
--- a/src/common.c
+++ b/src/common.c
@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
/* Write a C string (guaranteed to have a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size + (size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size + (size & 1)) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
+ size += (size & 1) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1] = 0 ;
count += 4 + size ;
@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
*/
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
header_put_le_int (psf, size) ;
- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
size += (size & 1) ;
psf->header.indx += size ;
- psf->header.ptr [psf->header.indx] = 0 ;
count += 4 + size ;
break ;
@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
size = (size & 1) ? size : size + 1 ;
size = (size > 254) ? 254 : size ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
return count ;
header_put_byte (psf, size) ;

77
gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
View file

@ -1,77 +0,0 @@
Fix CVE-2017-{8361,8363,8365}:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8365
Patch copied from upstream source repository:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 12 Apr 2017 19:45:30 +1000
Subject: [PATCH] FLAC: Fix a buffer read overrun
Buffer read overrun occurs when reading a FLAC file that switches
from 2 channels to one channel mid-stream. Only option is to
abort the read.
Closes: https://github.com/erikd/libsndfile/issues/230
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
diff --git a/src/common.h b/src/common.h
index 0bd810c3..e2669b6a 100644
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
diff --git a/src/flac.c b/src/flac.c
index 84de0e26..986a7b8f 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+ "Nothing to be but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+ "Carrying on as if nothing happened.",
+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
psf->sf.frames = metadata->data.stream_info.total_samples ;
diff --git a/src/sndfile.c b/src/sndfile.c
index 41875610..e2a87be8 100644
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },
--
2.12.2

61
gnu/packages/patches/libsndfile-CVE-2017-8362.patch
View file

@ -1,61 +0,0 @@
Fix CVE-2017-8362:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362
Patch copied from upstream source repository:
https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH] src/flac.c: Fix a buffer read overflow
A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.
Closes: https://github.com/erikd/libsndfile/issues/231
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/flac.c b/src/flac.c
index 5a4f8c21..e4f9aaa0 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;
--
2.12.2

42
gnu/packages/patches/libsndfile-armhf-type-checks.patch
View file

@ -1,42 +0,0 @@
This is a regression in 1.0.28 that causes a test failure on armhf.
Upstream bug URL:
https://github.com/erikd/libsndfile/issues/229
Patch copied from upstream source repository:
https://github.com/erikd/libsndfile/commit/9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5
From 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Sun, 16 Apr 2017 17:54:17 +1000
Subject: [PATCH] src/rf64.c: Fix varargs related bug
C's <stargs.h> functionality isn't type checked so that passing an
`sf_count_t` (64 bits) by mistake in place of a `unit32_t` can cause
errors. This would be fine if it was an error on every architecture
and platform, but its not. This particular problem only manifested
on armhf and some other Arm architectures. It was not an issue on
32 bit x86.
I have now fixed variants of this same bug several times.
Closes: https://github.com/erikd/libsndfile/issues/229
---
src/rf64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rf64.c b/src/rf64.c
index b3d637f..02dd904 100644
--- a/src/rf64.c
+++ b/src/rf64.c
@@ -742,7 +742,7 @@ rf64_write_header (SF_PRIVATE *psf, int calc_length)
pad_size = psf->dataoffset - 16 - psf->header.indx ;
if (pad_size >= 0)
- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
+ psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;

62
gnu/packages/pulseaudio.scm
View file

@ -71,45 +71,6 @@ (define-module (gnu packages pulseaudio)
(define-public libsndfile
(package
(name "libsndfile")
(version "1.0.28")
(replacement libsndfile-1.0.30)
(source (origin
(method url-fetch)
(uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-"
version ".tar.gz"))
(patches (search-patches "libsndfile-armhf-type-checks.patch"
"libsndfile-CVE-2017-8361-8363-8365.patch"
"libsndfile-CVE-2017-8362.patch"
"libsndfile-CVE-2017-12562.patch"))
(sha256
(base32
"1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz"))))
(build-system gnu-build-system)
(inputs
`(("libvorbis" ,libvorbis)
("libogg" ,libogg)
("flac" ,flac)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "http://www.mega-nerd.com/libsndfile/")
(synopsis "Reading and writing files containing sampled sound")
(description
"Libsndfile is a C library for reading and writing files containing
sampled sound (such as MS Windows WAV and the Apple/SGI AIFF format) through
one standard library interface.
It was designed to handle both little-endian (such as WAV) and
big-endian (such as AIFF) data, and to compile and run correctly on
little-endian (such as Intel and DEC/Compaq Alpha) processor systems as well
as big-endian processor systems such as Motorola 68k, Power PC, MIPS and
SPARC. Hopefully the design of the library will also make it easy to extend
for reading and writing new sound file formats.")
(license l:gpl2+)))
;; Replacement package to fix multiple security vulnerabilities.
(define libsndfile-1.0.30
(package
(inherit libsndfile)
(version "1.0.30")
(source (origin
(method url-fetch)
@ -137,9 +98,28 @@ (define libsndfile-1.0.30
(substitute* "tests/test_wrapper.sh.in"
(("^/usr/bin/env") "env"))
#t))))
(build-system gnu-build-system)
(inputs
`(("libvorbis" ,libvorbis)
("libogg" ,libogg)
("flac" ,flac)))
(native-inputs
`(("python" ,python)
,@(package-native-inputs libsndfile)))))
`(("pkg-config" ,pkg-config)
("python" ,python)))
(home-page "http://www.mega-nerd.com/libsndfile/")
(synopsis "Reading and writing files containing sampled sound")
(description
"Libsndfile is a C library for reading and writing files containing
sampled sound (such as MS Windows WAV and the Apple/SGI AIFF format) through
one standard library interface.
It was designed to handle both little-endian (such as WAV) and
big-endian (such as AIFF) data, and to compile and run correctly on
little-endian (such as Intel and DEC/Compaq Alpha) processor systems as well
as big-endian processor systems such as Motorola 68k, Power PC, MIPS and
SPARC. Hopefully the design of the library will also make it easy to extend
for reading and writing new sound file formats.")
(license l:gpl2+)))
(define-public libsamplerate
(package