libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365

Backport the patch to fix two CVEs: CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8361 https://nvd.nist.gov/vuln/detail/CVE-2017-8365 (From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jackie Huang <jackie.huang@windriver.com> 2017-08-17 14:44:27 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-08-18 23:46:37 +0100
commit: 768cd2beff0949bbe1bd07f2dc0d46ba105ca875 (patch)
tree: 6b525afc62e6b2b33d058d09a8842e631dc1208b /meta/recipes-multimedia
parent: 0782f4fce2450fbeb40e351b49cc000b00b98aae (diff)
download: poky-768cd2beff0949bbe1bd07f2dc0d46ba105ca875.tar.gz
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
new file mode 100644
index 0000000000..ac99516bb3
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
@@ -0,0 +1,73 @@
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+Closes: https://github.com/erikd/libsndfile/issues/230
+CVE: CVE-2017-8361 CVE-2017-8365
+Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3]
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+diff --git a/src/common.h b/src/common.h
+index 0bd810c..e2669b6 100644
+--- a/src/common.h
+++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+        SFE_FLAC_INIT_DECODER,
+        SFE_FLAC_LOST_SYNC,
+        SFE_FLAC_BAD_SAMPLE_RATE,
+       SFE_FLAC_CHANNEL_COUNT_CHANGED,
+        SFE_FLAC_UNKOWN_ERROR,
+ 
+        SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e2..986a7b8 100644
+--- a/src/flac.c
+++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+        switch (metadata->type)
+        {       case FLAC__METADATA_TYPE_STREAMINFO :
+                       if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+                       {       psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+                                                                       "Nothing to be but to error out.\n" ,
+                                                                       psf->sf.channels, metadata->data.stream_info.channels) ;
+                               psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+                               return ;
+                               } ;
+
+                       if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+                       {       psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+                                                                       "Carrying on as if nothing happened.",
+                                                                       psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+                               } ;
+                        psf->sf.channels = metadata->data.stream_info.channels ;
+                        psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+                        psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 4187561..e2a87be 100644
+--- a/src/sndfile.c
+++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+        {       SFE_FLAC_INIT_DECODER   , "Error : problem with initialization of the flac decoder." },
+        {       SFE_FLAC_LOST_SYNC              , "Error : flac decoder lost sync." },
+        {       SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+       {       SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+        {       SFE_FLAC_UNKOWN_ERROR   , "Error : unknown error in flac decoder." },
+ 
+        {       SFE_WVE_NOT_WVE                 , "Error : not a WVE file." },
+-- 
+2.7.4
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index e6a92a2a41..f80ce2fc99 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -7,6 +7,7 @@ LICENSE = "LGPLv2.1"
 SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
           file://CVE-2017-6892.patch \
+           file://CVE-2017-8361-8365.patch \
          "
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
author	Jackie Huang <jackie.huang@windriver.com>	2017-08-17 14:44:27 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-18 23:46:37 +0100
commit	768cd2beff0949bbe1bd07f2dc0d46ba105ca875 (patch)
tree	6b525afc62e6b2b33d058d09a8842e631dc1208b /meta/recipes-multimedia
parent	0782f4fce2450fbeb40e351b49cc000b00b98aae (diff)
download	poky-768cd2beff0949bbe1bd07f2dc0d46ba105ca875.tar.gz

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch new file mode 100644 index 0000000000..ac99516bb3 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
@@ -0,0 +1,73 @@
		1	From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
		2	From: Erik de Castro Lopo <erikd@mega-nerd.com>
		3	Date: Wed, 12 Apr 2017 19:45:30 +1000
		4	Subject: [PATCH] FLAC: Fix a buffer read overrun
		5
		6	Buffer read overrun occurs when reading a FLAC file that switches
		7	from 2 channels to one channel mid-stream. Only option is to
		8	abort the read.
		9
		10	Closes: https://github.com/erikd/libsndfile/issues/230
		11
		12	CVE: CVE-2017-8361 CVE-2017-8365
		13
		14	Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3]
		15
		16	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
		17	---
		18	src/common.h \| 1 +
		19	src/flac.c \| 13 +++++++++++++
		20	src/sndfile.c \| 1 +
		21	3 files changed, 15 insertions(+)
		22
		23	diff --git a/src/common.h b/src/common.h
		24	index 0bd810c..e2669b6 100644
		25	--- a/src/common.h
		26	+++ b/src/common.h
		27	@@ -725,6 +725,7 @@ enum
		28	SFE_FLAC_INIT_DECODER,
		29	SFE_FLAC_LOST_SYNC,
		30	SFE_FLAC_BAD_SAMPLE_RATE,
		31	+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
		32	SFE_FLAC_UNKOWN_ERROR,
		33
		34	SFE_WVE_NOT_WVE,
		35	diff --git a/src/flac.c b/src/flac.c
		36	index 84de0e2..986a7b8 100644
		37	--- a/src/flac.c
		38	+++ b/src/flac.c
		39	@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
		40
		41	switch (metadata->type)
		42	{ case FLAC__METADATA_TYPE_STREAMINFO :
		43	+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
		44	+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
		45	+ "Nothing to be but to error out.\n" ,
		46	+ psf->sf.channels, metadata->data.stream_info.channels) ;
		47	+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
		48	+ return ;
		49	+ } ;
		50	+
		51	+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
		52	+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
		53	+ "Carrying on as if nothing happened.",
		54	+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
		55	+ } ;
		56	psf->sf.channels = metadata->data.stream_info.channels ;
		57	psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
		58	psf->sf.frames = metadata->data.stream_info.total_samples ;
		59	diff --git a/src/sndfile.c b/src/sndfile.c
		60	index 4187561..e2a87be 100644
		61	--- a/src/sndfile.c
		62	+++ b/src/sndfile.c
		63	@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
		64	{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
		65	{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
		66	{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
		67	+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
		68	{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
		69
		70	{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },
		71	--
		72	2.7.4
		73


diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index e6a92a2a41..f80ce2fc99 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -7,6 +7,7 @@ LICENSE = "LGPLv2.1"
7		7
8	SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \	8	SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
9	file://CVE-2017-6892.patch \	9	file://CVE-2017-6892.patch \
		10	file://CVE-2017-8361-8365.patch \
10	"	11	"
11		12
12	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"	13	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"