[oe-commits] [openembedded-core] 06/36: libsndfile1: Fix CVE-2017-6892

git at git.openembedded.org git at git.openembedded.org
Mon Sep 11 21:16:39 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch pyro
in repository openembedded-core.

commit eed7d052dc053732e2d485dcc7e551b6754c4576
Author: Fan Xin <fan.xin at jp.fujitsu.com>
AuthorDate: Thu Jun 22 10:44:02 2017 +0900

    libsndfile1: Fix CVE-2017-6892
    
    Backport upstream patch to fix CVE-2017-6892.
    
    CVE: CVE-2017-6892
    
    (From OE-Core rev: cc9b8d0afe64b83f585843f3aff1c077f69fd656)
    
    Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 .../libsndfile/libsndfile1/CVE-2017-6892.patch     | 34 ++++++++++++++++++++++
 .../libsndfile/libsndfile1_1.0.27.bb               |  4 ++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
new file mode 100644
index 0000000..89552ac
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
@@ -0,0 +1,34 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd at mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+
+CVE: CVE-2017-6892
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com>
+
+---
+ src/aiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index 5b5f9f5..45864b7 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+ 		psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+ 	if (map_info->channel_map != NULL)
+-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+ 		free (psf->channel_map) ;
+ 
+-- 
+1.9.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb
index 09533f8..8475ba3 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb
@@ -5,7 +5,9 @@ DEPENDS = "flac libogg libvorbis sqlite3"
 SECTION = "libs/multimedia"
 LICENSE = "LGPLv2.1"
 
-SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz"
+SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
+           file://CVE-2017-6892.patch \
+          "
 
 SRC_URI[md5sum] = "fd1d97c6077f03b5d984d7956ffedb7a"
 SRC_URI[sha256sum] = "a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list