From fe4945fcbd40d47de5260137a30e0394ddb8de1d Mon Sep 17 00:00:00 2001 From: maxice8 Date: Fri, 5 Oct 2018 00:08:34 -0300 Subject: [PATCH] aubio: fix a few CVEs Fixes: CVE-2017-17054 CVE-2017-17554 CVE-2017-17555 CVE-2018-14521 CVE-2018-14522 CVE-2018-14523 --- srcpkgs/aubio/patches/CVE-2017-17054.patch | 42 +++++++++++++++++++ .../CVE-2017-17554-CVE-2018-14521.patch | 24 +++++++++++ srcpkgs/aubio/patches/CVE-2017-17555.patch | 29 +++++++++++++ srcpkgs/aubio/patches/CVE-2018-14522.patch | 26 ++++++++++++ srcpkgs/aubio/patches/CVE-2018-14523.patch | 34 +++++++++++++++ srcpkgs/aubio/template | 4 +- 6 files changed, 157 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/aubio/patches/CVE-2017-17054.patch create mode 100644 srcpkgs/aubio/patches/CVE-2017-17554-CVE-2018-14521.patch create mode 100644 srcpkgs/aubio/patches/CVE-2017-17555.patch create mode 100644 srcpkgs/aubio/patches/CVE-2018-14522.patch create mode 100644 srcpkgs/aubio/patches/CVE-2018-14523.patch diff --git a/srcpkgs/aubio/patches/CVE-2017-17054.patch b/srcpkgs/aubio/patches/CVE-2017-17054.patch new file mode 100644 index 0000000000..f02aa1de70 --- /dev/null +++ b/srcpkgs/aubio/patches/CVE-2017-17054.patch @@ -0,0 +1,42 @@ +From 25ecb7338cebc5b8c79092347839c78349ec33f1 Mon Sep 17 00:00:00 2001 +From: Paul Brossier +Date: Tue, 6 Feb 2018 22:32:59 +0100 +Subject: [PATCH] src/io/source_wavread.c: add some input validation (closes: + #158) + +--- + src/io/source_wavread.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c +index 640201bb..b91eb5cd 100644 +--- src/io/source_wavread.c ++++ src/io/source_wavread.c +@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa + // BitsPerSample + bytes_read += fread(buf, 1, 2, s->fid); + bitspersample = read_little_endian(buf, 2); ++ ++ if ( channels == 0 ) { ++ AUBIO_ERR("source_wavread: Failed opening %s (number of channels can not be 0)\n", s->path); ++ goto beach; ++ } ++ ++ if ( sr == 0 ) { ++ AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path); ++ goto beach; ++ } ++ ++ if ( byterate == 0 ) { ++ AUBIO_ERR("source_wavread: Failed opening %s (byterate can not be 0)\n", s->path); ++ goto beach; ++ } ++ ++ if ( bitspersample == 0 ) { ++ AUBIO_ERR("source_wavread: Failed opening %s (bitspersample can not be 0)\n", s->path); ++ goto beach; ++ } + #if 0 + if ( bitspersample != 16 ) { + AUBIO_ERR("source_wavread: can not process %dbit file %s\n", + diff --git a/srcpkgs/aubio/patches/CVE-2017-17554-CVE-2018-14521.patch b/srcpkgs/aubio/patches/CVE-2017-17554-CVE-2018-14521.patch new file mode 100644 index 0000000000..b9c6808263 --- /dev/null +++ b/srcpkgs/aubio/patches/CVE-2017-17554-CVE-2018-14521.patch @@ -0,0 +1,24 @@ +From a81b12a3b4174953b3bc7ef4c37103f4d5636740 Mon Sep 17 00:00:00 2001 +From: Paul Brossier +Date: Mon, 6 Aug 2018 14:58:27 +0200 +Subject: [PATCH] src/io/source_avcodec.c: give up if resampling context failed + opening (see #137, closes #187) + +--- + src/io/source_avcodec.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c +index 8197445c..6d8efa79 100644 +--- src/io/source_avcodec.c ++++ src/io/source_avcodec.c +@@ -275,6 +275,8 @@ aubio_source_avcodec_t * new_aubio_source_avcodec(const char_t * path, uint_t sa + // default to mono output + aubio_source_avcodec_reset_resampler(s, 0); + ++ if (s->avr == NULL) goto beach; ++ + s->eof = 0; + s->multi = 0; + + diff --git a/srcpkgs/aubio/patches/CVE-2017-17555.patch b/srcpkgs/aubio/patches/CVE-2017-17555.patch new file mode 100644 index 0000000000..7d2aab491c --- /dev/null +++ b/srcpkgs/aubio/patches/CVE-2017-17555.patch @@ -0,0 +1,29 @@ +From 265fe9a2ca606f8b9ae4a110390f26c139c01ad7 Mon Sep 17 00:00:00 2001 +From: Paul Brossier +Date: Mon, 6 Aug 2018 15:54:37 +0200 +Subject: [PATCH] src/io/source_avcodec.c: give up reading file if number of + channel changes during stream (closes #137) + +--- + src/io/source_avcodec.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c +index 6d8efa79..7082bc2e 100644 +--- src/io/source_avcodec.c ++++ src/io/source_avcodec.c +@@ -425,6 +425,13 @@ void aubio_source_avcodec_readframe(aubio_source_avcodec_t *s, uint_t * read_sam + goto beach; + } + ++ if (avFrame->channels != (sint_t)s->input_channels) { ++ AUBIO_WRN ("source_avcodec: trying to read from %d channel(s)," ++ "but configured for %d; is '%s' corrupt?\n", avFrame->channels, ++ s->input_channels, s->path); ++ goto beach; ++ } ++ + #ifdef HAVE_AVRESAMPLE + in_linesize = 0; + av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels, + diff --git a/srcpkgs/aubio/patches/CVE-2018-14522.patch b/srcpkgs/aubio/patches/CVE-2018-14522.patch new file mode 100644 index 0000000000..e602a9e66f --- /dev/null +++ b/srcpkgs/aubio/patches/CVE-2018-14522.patch @@ -0,0 +1,26 @@ +From 99c7aa2e3efec988a5f81018b48d9388ff24bba1 Mon Sep 17 00:00:00 2001 +From: Paul Brossier +Date: Mon, 6 Aug 2018 14:04:48 +0200 +Subject: [PATCH] src/io/source_wavread.c: also exit if samplerate is negative + (closes #188) + +--- + src/io/source_wavread.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c +index b91eb5cd..90638af8 100644 +--- src/io/source_wavread.c ++++ src/io/source_wavread.c +@@ -195,8 +195,8 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa + goto beach; + } + +- if ( sr == 0 ) { +- AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path); ++ if ( (sint_t)sr <= 0 ) { ++ AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be <= 0)\n", s->path); + goto beach; + } + + diff --git a/srcpkgs/aubio/patches/CVE-2018-14523.patch b/srcpkgs/aubio/patches/CVE-2018-14523.patch new file mode 100644 index 0000000000..5b687e154b --- /dev/null +++ b/srcpkgs/aubio/patches/CVE-2018-14523.patch @@ -0,0 +1,34 @@ +From af4f9e6a93b629fb6defa2a229ec828885b9d187 Mon Sep 17 00:00:00 2001 +From: Paul Brossier +Date: Mon, 6 Aug 2018 13:41:52 +0200 +Subject: [PATCH] src/pitch/pitchyinfft.c: fix out of bound read when + samplerate > 50kHz (closes: #189) + +--- + src/pitch/pitchyinfft.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c +index f213ef24..493ca08d 100644 +--- src/pitch/pitchyinfft.c ++++ src/pitch/pitchyinfft.c +@@ -44,7 +44,7 @@ static const smpl_t freqs[] = { + 0., 20., 25., 31.5, 40., 50., 63., 80., 100., 125., + 160., 200., 250., 315., 400., 500., 630., 800., 1000., 1250., + 1600., 2000., 2500., 3150., 4000., 5000., 6300., 8000., 9000., 10000., +- 12500., 15000., 20000., 25100 ++ 12500., 15000., 20000., 25100., -1. + }; + + static const smpl_t weight[] = { +@@ -72,7 +72,8 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize) + p->weight = new_fvec (bufsize / 2 + 1); + for (i = 0; i < p->weight->length; i++) { + freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate; +- while (freq > freqs[j]) { ++ while (freq > freqs[j] && freqs[j] > 0) { ++ AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, i, j); + j += 1; + } + a0 = weight[j - 1]; + diff --git a/srcpkgs/aubio/template b/srcpkgs/aubio/template index efe800dc52..30823a91d8 100644 --- a/srcpkgs/aubio/template +++ b/srcpkgs/aubio/template @@ -1,14 +1,14 @@ # Template file for 'aubio' pkgname=aubio version=0.4.6 -revision=1 +revision=2 build_style=waf # XXX lash, pure and swig support. hostmakedepends="python pkg-config" makedepends="libsamplerate-devel fftw-devel jack-devel" short_desc="A library for audio labelling" maintainer="Juan RP " -license="GPL-2" +license="GPL-3.0-or-later" homepage="http://aubio.org" distfiles="${homepage}/pub/${pkgname}-${version}.tar.bz2" checksum=bdc73be1f007218d3ea6d2a503b38a217815a0e2ccc4ed441f6e850ed5d47cfb