libsndfile1: Fix CVE-2017-6892

Backport upstream patch to fix CVE-2017-6892. CVE: CVE-2017-6892 (From OE-Core rev: cc9b8d0afe64b83f585843f3aff1c077f69fd656) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Fan Xin <fan.xin@jp.fujitsu.com> 2017-06-22 10:44:02 +0900
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-06-28 15:52:18 +0100
commit: d5e18f4a1a47ffeddd434f74729e26bdb61f2d10 (patch)
tree: 3500125465ec922b4ed2ae6b5b7b2293ec2eeabe /meta/recipes-multimedia
parent: d0b743f553e8f842b6d25229fbe4311903cd1c75 (diff)
download: poky-d5e18f4a1a47ffeddd434f74729e26bdb61f2d10.tar.gz
2 files changed, 37 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
new file mode 100644
index 0000000000..89552ac2d9
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
@@ -0,0 +1,34 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+Secunia Advisory SA76717.
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+CVE: CVE-2017-6892
+Upstream-Status: Backport
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+---
+ src/aiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/aiff.c b/src/aiff.c
+index 5b5f9f5..45864b7 100644
+--- a/src/aiff.c
+++ b/src/aiff.c
+@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+                psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+        if (map_info->channel_map != NULL)
+-       {       size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+       {       size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+                free (psf->channel_map) ;
+ 
+-- 
+1.9.1
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 248b292e36..6f242cfaa0 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -5,7 +5,9 @@ DEPENDS = "flac libogg libvorbis sqlite3"
 SECTION = "libs/multimedia"
 LICENSE = "LGPLv2.1"
-SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz"
+SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
+           file://CVE-2017-6892.patch \
+          "
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
 SRC_URI[sha256sum] = "1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9"
author	Fan Xin <fan.xin@jp.fujitsu.com>	2017-06-22 10:44:02 +0900
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-06-28 15:52:18 +0100
commit	d5e18f4a1a47ffeddd434f74729e26bdb61f2d10 (patch)
tree	3500125465ec922b4ed2ae6b5b7b2293ec2eeabe /meta/recipes-multimedia
parent	d0b743f553e8f842b6d25229fbe4311903cd1c75 (diff)
download	poky-d5e18f4a1a47ffeddd434f74729e26bdb61f2d10.tar.gz

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch new file mode 100644 index 0000000000..89552ac2d9 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
@@ -0,0 +1,34 @@
		1	From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
		2	From: Erik de Castro Lopo <erikd@mega-nerd.com>
		3	Date: Tue, 23 May 2017 20:15:24 +1000
		4	Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
		5
		6	Secunia Advisory SA76717.
		7
		8	Found by: Laurent Delosieres, Secunia Research at Flexera Software
		9
		10	CVE: CVE-2017-6892
		11	Upstream-Status: Backport
		12
		13	Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
		14
		15	---
		16	src/aiff.c \| 2 +-
		17	1 file changed, 1 insertion(+), 1 deletion(-)
		18
		19	diff --git a/src/aiff.c b/src/aiff.c
		20	index 5b5f9f5..45864b7 100644
		21	--- a/src/aiff.c
		22	+++ b/src/aiff.c
		23	@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
		24	psf_binheader_readf (psf, "j", dword - bytesread) ;
		25
		26	if (map_info->channel_map != NULL)
		27	- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
		28	+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
		29
		30	free (psf->channel_map) ;
		31
		32	--
		33	1.9.1
		34


diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 248b292e36..6f242cfaa0 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -5,7 +5,9 @@ DEPENDS = "flac libogg libvorbis sqlite3"
5	SECTION = "libs/multimedia"	5	SECTION = "libs/multimedia"
6	LICENSE = "LGPLv2.1"	6	LICENSE = "LGPLv2.1"
7		7
8	SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz"	8	SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
		9	file://CVE-2017-6892.patch \
		10	"
9		11
10	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"	12	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
11	SRC_URI[sha256sum] = "1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9"	13	SRC_URI[sha256sum] = "1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9"