diff options
author | Kiyoshi Aman <kiyoshi.aman+apkfission@gmail.com> | 2018-12-06 08:27:52 -0600 |
---|---|---|
committer | Kiyoshi Aman <kiyoshi.aman+apkfission@gmail.com> | 2018-12-06 10:35:16 -0600 |
commit | a9690f97d468433e5f61cf79f8ba94062aca94db (patch) | |
tree | cc005ff7df91f4abcef195b2e813df1cb70d4daf | |
parent | 20f6886b2f4338a78ea1409a8497982c9024509a (diff) | |
download | packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.gz packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.bz2 packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.xz packages-a9690f97d468433e5f61cf79f8ba94062aca94db.zip |
user/wavpack: patches for CVEs 2018-19840 & -19841
-rw-r--r-- | user/wavpack/APKBUILD | 14 | ||||
-rw-r--r-- | user/wavpack/cve2018-19840.patch | 25 | ||||
-rw-r--r-- | user/wavpack/cve2018-19841.patch | 29 |
3 files changed, 65 insertions, 3 deletions
diff --git a/user/wavpack/APKBUILD b/user/wavpack/APKBUILD index a98666d6e..e59ef255e 100644 --- a/user/wavpack/APKBUILD +++ b/user/wavpack/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: pkgname=wavpack pkgver=5.1.0 -pkgrel=3 +pkgrel=4 pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes" url="http://www.wavpack.com/" arch="all" @@ -12,9 +12,15 @@ license="BSD-3-Clause" depends="" makedepends="" subpackages="$pkgname-dev $pkgname-doc" -source="http://www.wavpack.com/$pkgname-$pkgver.tar.bz2" +source="http://www.wavpack.com/$pkgname-$pkgver.tar.bz2 + cve2018-19840.patch + cve2018-19841.patch + " # secfixes: +# 5.1.0-r4: +# - CVE-2018-19840 +# - CVE-2018-19840 # 5.1.0-r0: # - CVE-2016-10169 # - CVE-2016-10170 @@ -46,4 +52,6 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54 wavpack-5.1.0.tar.bz2" +sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54 wavpack-5.1.0.tar.bz2 +67d02dd744c638d126cf5a894d1ff2c39726bd4d3771ef7410ea782e5c9a0f9341909432bd4bea9b8959891c38699601c1aac2da6e0eaddaa5a4d679e7f58dd2 cve2018-19840.patch +dba007fa8cb2537b6f6c8ee559a98e501e948260ce7e7af7d3fdc8c9145bbbbf85c8fed8030de354459c4b08d3015a0ea769a948636bdfd66e567c0a2d2493c6 cve2018-19841.patch" diff --git a/user/wavpack/cve2018-19840.patch b/user/wavpack/cve2018-19840.patch new file mode 100644 index 000000000..2da022025 --- /dev/null +++ b/user/wavpack/cve2018-19840.patch @@ -0,0 +1,25 @@ +From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001 +From: David Bryant <david@wavpack.com> +Date: Thu, 29 Nov 2018 21:00:42 -0800 +Subject: [PATCH] issue #53: error out on zero sample rate + +--- + src/pack_utils.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/pack_utils.c b/src/pack_utils.c +index 2253f0d..2a83497 100644 +--- a/src/pack_utils.c ++++ b/src/pack_utils.c +@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64 + int num_chans = config->num_channels; + int i; + ++ if (!config->sample_rate) { ++ strcpy (wpc->error_message, "sample rate cannot be zero!"); ++ return FALSE; ++ } ++ + wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS; + + if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) { diff --git a/user/wavpack/cve2018-19841.patch b/user/wavpack/cve2018-19841.patch new file mode 100644 index 000000000..6872ed91e --- /dev/null +++ b/user/wavpack/cve2018-19841.patch @@ -0,0 +1,29 @@ +From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001 +From: David Bryant <david@wavpack.com> +Date: Thu, 29 Nov 2018 21:53:51 -0800 +Subject: [PATCH] issue #54: fix potential out-of-bounds heap read + +--- + src/open_utils.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/open_utils.c b/src/open_utils.c +index 80051fc..4fe0d67 100644 +--- a/src/open_utils.c ++++ b/src/open_utils.c +@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum) + #endif + + if (meta_bc == 4) { +- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff)) ++ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff)) + return FALSE; + } + else { + csum ^= csum >> 16; + +- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff)) ++ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff)) + return FALSE; + } + |