summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch35
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb1
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch
new file mode 100644
index 0000000000..4ae3674df1
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch
@@ -0,0 +1,35 @@
1From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Wed, 10 Oct 2018 08:59:30 +0800
4Subject: [PATCH] libsndfile1: patch for CVE-2018-13139
5
6Upstream-Status: Backport [https://github.com/bwarden/libsndfile/
7commit/df18323c622b54221ee7ace74b177cdcccc152d7]
8
9CVE: CVE-2018-13139
10
11Signed-off-by: Changqing Li <changqing.li@windriver.com>
12---
13 programs/sndfile-deinterleave.c | 6 ++++++
14 1 file changed, 6 insertions(+)
15
16diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
17index e27593e..721bee7 100644
18--- a/programs/sndfile-deinterleave.c
19+++ b/programs/sndfile-deinterleave.c
20@@ -89,6 +89,12 @@ main (int argc, char **argv)
21 exit (1) ;
22 } ;
23
24+ if (sfinfo.channels > MAX_CHANNELS)
25+ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
26+ argv [1], sfinfo.channels, MAX_CHANNELS) ;
27+ exit (1) ;
28+ } ;
29+
30 state.channels = sfinfo.channels ;
31 sfinfo.channels = 1 ;
32
33--
342.7.4
35
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index ed43b7494e..b28f675286 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
12 file://CVE-2017-8363.patch \ 12 file://CVE-2017-8363.patch \
13 file://CVE-2017-14245-14246.patch \ 13 file://CVE-2017-14245-14246.patch \
14 file://CVE-2017-14634.patch \ 14 file://CVE-2017-14634.patch \
15 file://CVE-2018-13139.patch \
15 " 16 "
16 17
17SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" 18SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"