From c1c4e50c142588b067105052c682ed2b459eddc0 Mon Sep 17 00:00:00 2001 From: xuyuchao Date: Fri, 22 Dec 2023 10:10:26 +0800 Subject: [PATCH 1/3] * Thu Dec 21 2023 xuyuchao - 1.0.28-21 - Type:CVE - CVE:CVE-2023-33065 - DESC:fix CVE-2023-33065 nter the commit message for your changes. Lines starting --- backport-CVE-2022-33065.patch | 42 +++++++++++++++++++++++++++++++++++ libsndfile.spec | 8 ++++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2022-33065.patch diff --git a/backport-CVE-2022-33065.patch b/backport-CVE-2022-33065.patch new file mode 100644 index 0000000..3bc3f19 --- /dev/null +++ b/backport-CVE-2022-33065.patch @@ -0,0 +1,42 @@ +From da1fcb0199f6a5c883fd158a20896a0e9c085e02 Mon Sep 17 00:00:00 2001 +From: Alex Stewart +Date: Wed, 22 Nov 2023 17:15:12 +0800 +Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation +The clang sanitizer warns of a possible signed integer overflow when +calculating the `dataend` value in `mat4_read_header()`. + +``` +src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int' +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in +src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int' +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in +``` + +Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of +`dataend` before performing the calculation, to avoid the issue. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/789 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart +--- + src/mat4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mat4.c b/src/mat4.c +index 3c73680..e2f98b7 100644 +--- a/src/mat4.c ++++ b/src/mat4.c +@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf) + psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ; + } + else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth) +- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ; ++ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ; + + psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ; + +-- +2.27.0 + diff --git a/libsndfile.spec b/libsndfile.spec index 2c8a23d..efbfd1b 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,6 +1,6 @@ Name: libsndfile Version: 1.0.28 -Release: 20 +Release: 21 Summary: Library for reading and writing sound files License: LGPLv2+ and GPLv2+ and BSD URL: http://www.mega-nerd.com/libsndfile/ @@ -23,6 +23,7 @@ Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch Patch6007: backport-CVE-2021-3246.patch Patch6008: backport-CVE-2021-4156.patch +Patch6009: backport-CVE-2022-33065.patch %description Libsndfile is a C library for reading and writing files containing @@ -129,6 +130,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %{_mandir}/man1/sndfile-salvage.1* %changelog +* Thu Dec 21 2023 xuyuchao - 1.0.28-21 +- Type:CVE +- CVE:CVE-2023-33065 +- DESC:fix CVE-2023-33065 + * Mon May 16 2022 zhouwenpei - 1.0.28-20 - fix CVE-2021-4156 -- Gitee From 7b1f94537afdb388655c1d23cf6d1f94d7f53fe6 Mon Sep 17 00:00:00 2001 From: xuyuchao Date: Fri, 29 Dec 2023 02:05:18 +0000 Subject: [PATCH 2/3] update libsndfile.spec. Signed-off-by: xuyuchao --- libsndfile.spec | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/libsndfile.spec b/libsndfile.spec index efbfd1b..4ff13ed 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -10,20 +10,20 @@ BuildRequires: alsa-lib-devel gcc gcc-c++ flac-devel BuildRequires: libogg-devel libtool libvorbis-devel pkgconfig BuildRequires: sqlite-devel -Patch0: libsndfile-1.0.25-zerodivfix.patch -Patch1: libsndfile-1.0.28-flacbufovfl.patch -Patch2: libsndfile-1.0.29-cve2017_6892.patch -Patch3: libsndfile-1.0.28-cve2017_12562.patch -Patch6000: libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch -Patch6001: libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch -Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch -Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch -Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch -Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch -Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch -Patch6007: backport-CVE-2021-3246.patch -Patch6008: backport-CVE-2021-4156.patch -Patch6009: backport-CVE-2022-33065.patch +Patch0: libsndfile-1.0.25-zerodivfix.patch +Patch1: libsndfile-1.0.28-flacbufovfl.patch +Patch2: libsndfile-1.0.29-cve2017_6892.patch +Patch3: libsndfile-1.0.28-cve2017_12562.patch +Patch6000: libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch +Patch6001: libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch +Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch +Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch +Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch +Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch +Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch +Patch6007: backport-CVE-2021-3246.patch +Patch6008: backport-CVE-2021-4156.patch +Patch6009: backport-CVE-2022-33065.patch %description Libsndfile is a C library for reading and writing files containing -- Gitee From d5270f3b473dfc7a1909f3623f8d47d3e88a7e72 Mon Sep 17 00:00:00 2001 From: xuyuchao Date: Fri, 29 Dec 2023 10:33:25 +0800 Subject: [PATCH 3/3] modify --- libsndfile.spec | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/libsndfile.spec b/libsndfile.spec index 4ff13ed..a21fcc5 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -10,20 +10,20 @@ BuildRequires: alsa-lib-devel gcc gcc-c++ flac-devel BuildRequires: libogg-devel libtool libvorbis-devel pkgconfig BuildRequires: sqlite-devel -Patch0: libsndfile-1.0.25-zerodivfix.patch -Patch1: libsndfile-1.0.28-flacbufovfl.patch -Patch2: libsndfile-1.0.29-cve2017_6892.patch -Patch3: libsndfile-1.0.28-cve2017_12562.patch -Patch6000: libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch -Patch6001: libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch -Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch -Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch -Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch -Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch -Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch -Patch6007: backport-CVE-2021-3246.patch -Patch6008: backport-CVE-2021-4156.patch -Patch6009: backport-CVE-2022-33065.patch +Patch0: libsndfile-1.0.25-zerodivfix.patch +Patch1: libsndfile-1.0.28-flacbufovfl.patch +Patch2: libsndfile-1.0.29-cve2017_6892.patch +Patch3: libsndfile-1.0.28-cve2017_12562.patch +Patch6000: libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch +Patch6001: libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch +Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch +Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch +Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch +Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch +Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch +Patch6007: backport-CVE-2021-3246.patch +Patch6008: backport-CVE-2021-4156.patch +Patch6009: backport-CVE-2022-33065.patch %description Libsndfile is a C library for reading and writing files containing -- Gitee