summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch34
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb4
2 files changed, 37 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
new file mode 100644
index 0000000000..89552ac2d9
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
@@ -0,0 +1,34 @@
1From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
2From: Erik de Castro Lopo <erikd@mega-nerd.com>
3Date: Tue, 23 May 2017 20:15:24 +1000
4Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
5
6Secunia Advisory SA76717.
7
8Found by: Laurent Delosieres, Secunia Research at Flexera Software
9
10CVE: CVE-2017-6892
11Upstream-Status: Backport
12
13Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
14
15---
16 src/aiff.c | 2 +-
17 1 file changed, 1 insertion(+), 1 deletion(-)
18
19diff --git a/src/aiff.c b/src/aiff.c
20index 5b5f9f5..45864b7 100644
21--- a/src/aiff.c
22+++ b/src/aiff.c
23@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
24 psf_binheader_readf (psf, "j", dword - bytesread) ;
25
26 if (map_info->channel_map != NULL)
27- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
28+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
29
30 free (psf->channel_map) ;
31
32--
331.9.1
34
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb
index 09533f8ec0..8475ba3a25 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb
@@ -5,7 +5,9 @@ DEPENDS = "flac libogg libvorbis sqlite3"
5SECTION = "libs/multimedia" 5SECTION = "libs/multimedia"
6LICENSE = "LGPLv2.1" 6LICENSE = "LGPLv2.1"
7 7
8SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz" 8SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
9 file://CVE-2017-6892.patch \
10 "
9 11
10SRC_URI[md5sum] = "fd1d97c6077f03b5d984d7956ffedb7a" 12SRC_URI[md5sum] = "fd1d97c6077f03b5d984d7956ffedb7a"
11SRC_URI[sha256sum] = "a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0" 13SRC_URI[sha256sum] = "a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0"