From fb1be60c09857bda17dc25ba860ae48a6f1688a1 Mon Sep 17 00:00:00 2001 From: falkTX Date: Sat, 30 May 2020 02:45:57 +0100 Subject: [PATCH] Add libsndfile patches Signed-off-by: falkTX --- patches/libsndfile/01_fix-static-libs.patch | 10 ++++ patches/libsndfile/02_CVE-2017-8365.patch | 50 ++++++++++++++++++ patches/libsndfile/03_CVE-2017-8363.patch | 44 ++++++++++++++++ patches/libsndfile/04_CVE-2017-8362.patch | 42 +++++++++++++++ patches/libsndfile/05_CVE-2017-6892.patch | 18 +++++++ .../06_binheader-heapoverflow.patch | 29 +++++++++++ patches/libsndfile/07_fix_rf64_arm.patch | 43 ++++++++++++++++ patches/libsndfile/08_fix_typos.patch | 51 +++++++++++++++++++ 8 files changed, 287 insertions(+) create mode 100644 patches/libsndfile/01_fix-static-libs.patch create mode 100644 patches/libsndfile/02_CVE-2017-8365.patch create mode 100644 patches/libsndfile/03_CVE-2017-8363.patch create mode 100644 patches/libsndfile/04_CVE-2017-8362.patch create mode 100644 patches/libsndfile/05_CVE-2017-6892.patch create mode 100644 patches/libsndfile/06_binheader-heapoverflow.patch create mode 100644 patches/libsndfile/07_fix_rf64_arm.patch create mode 100644 patches/libsndfile/08_fix_typos.patch diff --git a/patches/libsndfile/01_fix-static-libs.patch b/patches/libsndfile/01_fix-static-libs.patch new file mode 100644 index 0000000..5b58f9d --- /dev/null +++ b/patches/libsndfile/01_fix-static-libs.patch @@ -0,0 +1,10 @@ +--- libsndfile-static-1.0.25.orig/sndfile.pc.in ++++ libsndfile-static-1.0.25/sndfile.pc.in +@@ -7,6 +7,6 @@ Name: sndfile + Description: A library for reading and writing audio files + Requires: + Version: @VERSION@ +-Libs: -L${libdir} -lsndfile ++Libs: -L${libdir} -lsndfile -lFLAC -lvorbisenc -lvorbis -logg -lm + Libs.private: @EXTERNAL_XIPH_LIBS@ + Cflags: -I${includedir} diff --git a/patches/libsndfile/02_CVE-2017-8365.patch b/patches/libsndfile/02_CVE-2017-8365.patch new file mode 100644 index 0000000..409b32e --- /dev/null +++ b/patches/libsndfile/02_CVE-2017-8365.patch @@ -0,0 +1,50 @@ +Description: fixing buffer read/write overruns in FLAC-code + CVE-2017-8365, CVE-2017-8363, CVE-2017-8361 +Author: Erik de Castro Lopo +Origin: upstream +Applied-Upstream: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 +Last-Update: 2017-05-28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/common.h ++++ libsndfile/src/common.h +@@ -725,6 +725,7 @@ + SFE_FLAC_INIT_DECODER, + SFE_FLAC_LOST_SYNC, + SFE_FLAC_BAD_SAMPLE_RATE, ++ SFE_FLAC_CHANNEL_COUNT_CHANGED, + SFE_FLAC_UNKOWN_ERROR, + + SFE_WVE_NOT_WVE, +--- libsndfile.orig/src/flac.c ++++ libsndfile/src/flac.c +@@ -435,6 +435,19 @@ + + switch (metadata->type) + { case FLAC__METADATA_TYPE_STREAMINFO : ++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) ++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" ++ "Nothing to be but to error out.\n" , ++ psf->sf.channels, metadata->data.stream_info.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return ; ++ } ; ++ ++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate) ++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n" ++ "Carrying on as if nothing happened.", ++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ; ++ } ; + psf->sf.channels = metadata->data.stream_info.channels ; + psf->sf.samplerate = metadata->data.stream_info.sample_rate ; + psf->sf.frames = metadata->data.stream_info.total_samples ; +--- libsndfile.orig/src/sndfile.c ++++ libsndfile/src/sndfile.c +@@ -245,6 +245,7 @@ + { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." }, + { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." }, + { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." }, ++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." }, + { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." }, + + { SFE_WVE_NOT_WVE , "Error : not a WVE file." }, diff --git a/patches/libsndfile/03_CVE-2017-8363.patch b/patches/libsndfile/03_CVE-2017-8363.patch new file mode 100644 index 0000000..56f6269 --- /dev/null +++ b/patches/libsndfile/03_CVE-2017-8363.patch @@ -0,0 +1,44 @@ +Description: fixing another memory leak in FLAC code + CVE-2017-8363 +Author: Erik de Castro Lopo +Origin: upstream +Applied-Upstream: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 & https://github.com/erikd/libsndfile/commit/5206a9b65e61598fde44d276c81b0585bc428562 +Last-Update: 2017-05-28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/flac.c ++++ libsndfile/src/flac.c +@@ -430,8 +430,7 @@ + static void + sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__StreamMetadata *metadata, void *client_data) + { SF_PRIVATE *psf = (SF_PRIVATE*) client_data ; +- FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; +- int bitwidth = 0, i ; ++ int bitwidth = 0 ; + + switch (metadata->type) + { case FLAC__METADATA_TYPE_STREAMINFO : +@@ -481,12 +480,6 @@ + + if (bitwidth > 0) + psf_log_printf (psf, " Bit width : %d\n", bitwidth) ; +- +- +- for (i = 0 ; i < psf->sf.channels ; i++) +- pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (int32_t)) ; +- +- pflac->wbuffer = (const int32_t* const*) pflac->rbuffer ; + break ; + + case FLAC__METADATA_TYPE_VORBIS_COMMENT : +@@ -848,7 +841,9 @@ + + psf_log_printf (psf, "End\n") ; + +- if (psf->error == 0) ++ if (psf->error != 0) ++ FLAC__stream_decoder_delete (pflac->fsd) ; ++ else + { FLAC__uint64 position ; + + FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ; diff --git a/patches/libsndfile/04_CVE-2017-8362.patch b/patches/libsndfile/04_CVE-2017-8362.patch new file mode 100644 index 0000000..218085e --- /dev/null +++ b/patches/libsndfile/04_CVE-2017-8362.patch @@ -0,0 +1,42 @@ +Description: fixed yet another buffer read overflow in FLAC code + CVE-2017-8362 +Author: Erik de Castro Lopo +Origin: upstream +Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808 +Last-Update: 2017-05-28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/flac.c ++++ libsndfile/src/flac.c +@@ -169,6 +169,14 @@ + const int32_t* const *buffer = pflac->wbuffer ; + unsigned i = 0, j, offset, channels, len ; + ++ if (psf->sf.channels != (int) frame->header.channels) ++ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n" ++ "Nothing to do but to error out.\n" , ++ psf->sf.channels, frame->header.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return 0 ; ++ } ; ++ + /* + ** frame->header.blocksize is variable and we're using a constant blocksize + ** of FLAC__MAX_BLOCK_SIZE. +@@ -202,7 +210,6 @@ + return 0 ; + } ; + +- + len = SF_MIN (pflac->len, frame->header.blocksize) ; + + if (pflac->remain % channels != 0) +@@ -436,7 +443,7 @@ + { case FLAC__METADATA_TYPE_STREAMINFO : + if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) + { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" +- "Nothing to be but to error out.\n" , ++ "Nothing to do but to error out.\n" , + psf->sf.channels, metadata->data.stream_info.channels) ; + psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; + return ; diff --git a/patches/libsndfile/05_CVE-2017-6892.patch b/patches/libsndfile/05_CVE-2017-6892.patch new file mode 100644 index 0000000..9928297 --- /dev/null +++ b/patches/libsndfile/05_CVE-2017-6892.patch @@ -0,0 +1,18 @@ +Description: Fix for CVE-2017-6892 +Author: Erik de Castro Lopez +Origin: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 +Applied-Upstream: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 +Last-Update: 2017-06-20 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/aiff.c ++++ libsndfile/src/aiff.c +@@ -1905,7 +1905,7 @@ + psf_binheader_readf (psf, "j", dword - bytesread) ; + + if (map_info->channel_map != NULL) +- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ; ++ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ; + + free (psf->channel_map) ; + diff --git a/patches/libsndfile/06_binheader-heapoverflow.patch b/patches/libsndfile/06_binheader-heapoverflow.patch new file mode 100644 index 0000000..3aa796b --- /dev/null +++ b/patches/libsndfile/06_binheader-heapoverflow.patch @@ -0,0 +1,29 @@ +Description: Fix heap buffer overflows when writing strings in binheader +Author: Jörn Heusipp +Origin: upstream +Applied-Upstream: cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 +Last-Update: 2017-07-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/common.c ++++ libsndfile/src/common.c +@@ -675,15 +675,15 @@ + /* Write a C string (guaranteed to have a zero terminator). */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) + 1 ; +- size += (size & 1) ; + +- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) +- header_put_be_int (psf, size) ; ++ header_put_be_int (psf, size + (size & 1)) ; + else +- header_put_le_int (psf, size) ; ++ header_put_le_int (psf, size + (size & 1)) ; ++ size += (size & 1) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; + psf->header.indx += size ; + psf->header.ptr [psf->header.indx - 1] = 0 ; diff --git a/patches/libsndfile/07_fix_rf64_arm.patch b/patches/libsndfile/07_fix_rf64_arm.patch new file mode 100644 index 0000000..a85df40 --- /dev/null +++ b/patches/libsndfile/07_fix_rf64_arm.patch @@ -0,0 +1,43 @@ +Description: fix RF64 on armel/armhf archs +Author: Erik de Castro Lopez +Origin: upstream +Applied-Upstream: 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5 +Last-Update: 2017-06-20 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/rf64.c ++++ libsndfile/src/rf64.c +@@ -339,6 +339,12 @@ + } ; + break ; + ++ case JUNK_MARKER : ++ case PAD_MARKER : ++ psf_log_printf (psf, "%M : %d\n", marker, chunk_size) ; ++ psf_binheader_readf (psf, "j", chunk_size) ; ++ break ; ++ + default : + if (chunk_size >= 0xffff0000) + { psf_log_printf (psf, "*** Unknown chunk marker (%X) at position %D with length %u. Exiting parser.\n", marker, psf_ftell (psf) - 8, chunk_size) ; +@@ -659,7 +665,7 @@ + + if (wpriv->rf64_downgrade && psf->filelength < RIFF_DOWNGRADE_BYTES) + { psf_binheader_writef (psf, "etm8m", RIFF_MARKER, (psf->filelength < 8) ? 8 : psf->filelength - 8, WAVE_MARKER) ; +- psf_binheader_writef (psf, "m4884", JUNK_MARKER, 20, 0, 0, 0, 0) ; ++ psf_binheader_writef (psf, "m4z", JUNK_MARKER, 24, 24) ; + add_fact_chunk = 1 ; + } + else +@@ -735,9 +741,10 @@ + + #endif + ++ /* Padding may be needed if string data sizes change. */ + pad_size = psf->dataoffset - 16 - psf->header.indx ; + if (pad_size >= 0) +- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ; ++ psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ; + + if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES)) + psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ; diff --git a/patches/libsndfile/08_fix_typos.patch b/patches/libsndfile/08_fix_typos.patch new file mode 100644 index 0000000..fd5ac52 --- /dev/null +++ b/patches/libsndfile/08_fix_typos.patch @@ -0,0 +1,51 @@ +Description: fixed spelling errors + discovered by lintian +Author: IOhannes m zmölnig +Forwarded: yes +Last-Update: 2016-10-05 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/doc/bugs.html ++++ libsndfile/doc/bugs.html +@@ -31,7 +31,7 @@ +
    +
  • Compilation problems on new platforms. +
  • Errors being detected during the `make check' process. +-
  • Segmentation faults occuring inside libsndfile. ++
  • Segmentation faults occurring inside libsndfile. +
  • libsndfile hanging when opening a file. +
  • Supported sound file types being incorrectly read or written. +
  • Omissions, errors or spelling mistakes in the documentation. +--- libsndfile.orig/programs/sndfile-convert.c ++++ libsndfile/programs/sndfile-convert.c +@@ -317,7 +317,7 @@ + if ((sfinfo.format & SF_FORMAT_SUBMASK) == SF_FORMAT_GSM610 && sfinfo.samplerate != 8000) + { printf ( + "WARNING: GSM 6.10 data format only supports 8kHz sample rate. The converted\n" +- "ouput file will contain the input data converted to the GSM 6.10 data format\n" ++ "output file will contain the input data converted to the GSM 6.10 data format\n" + "but not re-sampled.\n" + ) ; + } ; +--- libsndfile.orig/src/ogg.c ++++ libsndfile/src/ogg.c +@@ -193,7 +193,7 @@ + break ; + } ; + +- psf_log_printf (psf, "This Ogg bitstream contains some uknown data type.\n") ; ++ psf_log_printf (psf, "This Ogg bitstream contains some unknown data type.\n") ; + return SFE_UNIMPLEMENTED ; + } /* ogg_stream_classify */ + +--- libsndfile.orig/src/wavlike.c ++++ libsndfile/src/wavlike.c +@@ -161,7 +161,7 @@ + { psf_log_printf (psf, " Bit Width : 24\n") ; + + psf_log_printf (psf, "\n" +- " Ambiguous information in 'fmt ' chunk. Possibile file types:\n" ++ " Ambiguous information in 'fmt ' chunk. Possible file types:\n" + " 0) Invalid IEEE float file generated by Syntrillium's Cooledit!\n" + " 1) File generated by ALSA's arecord containing 24 bit samples in 32 bit containers.\n" + " 2) 24 bit file with incorrect Block Align value.\n"