wavpack: Add patch for CVE-2018-19840 CVE-2018-19841
This commit is contained in:
Nathan
Helmut Pozimski
parent
2f745ec8b5
commit
5bcc061c78
3 changed files with 58 additions and 4 deletions
25
srcpkgs/wavpack/patches/CVE-2018-19840.patch
Normal file
25
srcpkgs/wavpack/patches/CVE-2018-19840.patch
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001
|
||||
From: David Bryant <david@wavpack.com>
|
||||
Date: Thu, 29 Nov 2018 21:00:42 -0800
|
||||
Subject: [PATCH] issue #53: error out on zero sample rate
|
||||
|
||||
---
|
||||
src/pack_utils.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git src/pack_utils.c src/pack_utils.c
|
||||
index 2253f0d..2a83497 100644
|
||||
--- a/src/pack_utils.c
|
||||
+++ b/src/pack_utils.c
|
||||
@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
|
||||
int num_chans = config->num_channels;
|
||||
int i;
|
||||
|
||||
+ if (!config->sample_rate) {
|
||||
+ strcpy (wpc->error_message, "sample rate cannot be zero!");
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
|
||||
|
||||
if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {
|
||||
29
srcpkgs/wavpack/patches/CVE-2018-19841.patch
Normal file
29
srcpkgs/wavpack/patches/CVE-2018-19841.patch
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
|
||||
From: David Bryant <david@wavpack.com>
|
||||
Date: Thu, 29 Nov 2018 21:53:51 -0800
|
||||
Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
|
||||
|
||||
---
|
||||
src/open_utils.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/open_utils.c b/src/open_utils.c
|
||||
index 80051fc..4fe0d67 100644
|
||||
--- a/src/open_utils.c
|
||||
+++ b/src/open_utils.c
|
||||
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
|
||||
#endif
|
||||
|
||||
if (meta_bc == 4) {
|
||||
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
|
||||
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
|
||||
return FALSE;
|
||||
}
|
||||
else {
|
||||
csum ^= csum >> 16;
|
||||
|
||||
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
|
||||
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
|
@ -1,15 +1,15 @@
|
|||
# Template file for 'wavpack'
|
||||
pkgname=wavpack
|
||||
version=5.1.0
|
||||
revision=3
|
||||
patch_args="-Np1"
|
||||
revision=4
|
||||
build_style=gnu-configure
|
||||
short_desc="Hybrid lossless audio compression"
|
||||
homepage="http://www.wavpack.com/"
|
||||
license="BSD-3-Clause"
|
||||
maintainer="Juan RP <xtraeme@voidlinux.org>"
|
||||
license="BSD-3-Clause"
|
||||
homepage="http://www.wavpack.com/"
|
||||
distfiles="http://www.wavpack.com/${pkgname}-${version}.tar.bz2"
|
||||
checksum=1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944
|
||||
patch_args="-Np1"
|
||||
|
||||
pre_configure() {
|
||||
case "$XBPS_TARGET_MACHINE" in
|
||||
|
|
|
|||
Loading…
Reference in a new issue