2 files changed, 31 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch
new file mode 100644
index 0000000000..b4e9994eab
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch
@@ -0,0 +1,30 @@
+From b0b7e7fa7a48485c4d6b0ae64bfddedd519716f5 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
+Date: Sun, 16 Mar 2025 23:25:15 +0100
+Subject: [PATCH] CVE-2023-32627 Filter null sampling rate in VOC coder
+Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/0028-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch
+CVE: CVE-2023-32627
+Upstream-Status: Inactive-Upstream [lastrelease: 2015]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/voc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/src/voc.c b/src/voc.c
+index 0ca07f94..d8b982c5 100644
+--- a/src/voc.c
+++ b/src/voc.c
+@@ -353,6 +353,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf,
+             v->block_remaining = 0;
+             return done;
+           }
+          if(uc == 0) {
+            lsx_fail_errno(ft, EINVAL, "invalid rate value");
+            v->block_remaining = 0;
+            return done;
+          }
+           *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
+           lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
+           ++buf;
diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
index 94072cb35a..7856407c67 100644
--- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
+++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \
           file://CVE-2021-40426.patch \
           file://CVE-2022-31650.patch \
           file://CVE-2022-31651.patch \
+           file://CVE-2023-32627.patch \
           "
 # last release was in 2015, use latest hash from 2024-05-30

diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch new file mode 100644 index 0000000000..b4e9994eab --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch
@@ -0,0 +1,30 @@
		1	From b0b7e7fa7a48485c4d6b0ae64bfddedd519716f5 Mon Sep 17 00:00:00 2001
		2	From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
		3	Date: Sun, 16 Mar 2025 23:25:15 +0100
		4	Subject: [PATCH] CVE-2023-32627 Filter null sampling rate in VOC coder
		5
		6	Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/0028-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch
		7
		8	CVE: CVE-2023-32627
		9	Upstream-Status: Inactive-Upstream [lastrelease: 2015]
		10	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		11	---
		12	src/voc.c \| 5 +++++
		13	1 file changed, 5 insertions(+)
		14
		15	diff --git a/src/voc.c b/src/voc.c
		16	index 0ca07f94..d8b982c5 100644
		17	--- a/src/voc.c
		18	+++ b/src/voc.c
		19	@@ -353,6 +353,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf,
		20	v->block_remaining = 0;
		21	return done;
		22	}
		23	+ if(uc == 0) {
		24	+ lsx_fail_errno(ft, EINVAL, "invalid rate value");
		25	+ v->block_remaining = 0;
		26	+ return done;
		27	+ }
		28	*buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
		29	lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
		30	++buf;


diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 94072cb35a..7856407c67 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \
35	file://CVE-2021-40426.patch \	35	file://CVE-2021-40426.patch \
36	file://CVE-2022-31650.patch \	36	file://CVE-2022-31650.patch \
37	file://CVE-2022-31651.patch \	37	file://CVE-2022-31651.patch \
		38	file://CVE-2023-32627.patch \
38	"	39	"
39		40
40	# last release was in 2015, use latest hash from 2024-05-30	41	# last release was in 2015, use latest hash from 2024-05-30