[Buildroot] [git commit] package/libsndfile: security bump to version 1.1.0

Peter Korsgaard peter at korsgaard.com
Mon Jun 27 20:41:05 UTC 2022 

commit: https://git.buildroot.net/buildroot/commit/?id=c59a9d12b7805f2ac08be81fe18a4ebc197d5cd9
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fix the following security issues:
 - Heap buffer overflow in wavlike_ima_decode_block()
 - Heap buffer overflow in msadpcm_decode_block()
 - Heap buffer overflow in psf_binheader_readf()
 - Index out of bounds in psf_nms_adpcm_decode_block()
 - Heap buffer overflow in flac_buffer_copy()
 - Heap buffer overflow in copyPredictorTo24()
 - Uninitialized variable in psf_binheader_readf()

Drop patch (already in version)

While at it, also drop mention of CVE-2018-13419 which is correctly
tagged as only affecting version 1.0.28 in NVD NIST database:
https://nvd.nist.gov/vuln/detail/CVE-2018-13419

https://github.com/libsndfile/libsndfile/releases/tag/1.1.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 .../0001-ms_adpcm-Fix-and-extend-size-checks.patch | 40 ----------------------
 package/libsndfile/libsndfile.hash                 |  2 +-
 package/libsndfile/libsndfile.mk                   | 10 ++----
 3 files changed, 3 insertions(+), 49 deletions(-)

diff --git a/package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch b/package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch
deleted file mode 100644
index edacbda01a..0000000000
--- a/package/libsndfile/0001-ms_adpcm-Fix-and-extend-size-checks.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
-From: bobsayshilol <bobsayshilol at live.co.uk>
-Date: Thu, 18 Feb 2021 21:52:09 +0000
-Subject: [PATCH] ms_adpcm: Fix and extend size checks
-
-'blockalign' is the size of a block, and each block contains 7 samples
-per channel as part of the preamble, so check against 'samplesperblock'
-rather than 'blockalign'. Also add an additional check that the block
-is big enough to hold the samples it claims to hold.
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
-Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
----
- src/ms_adpcm.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
-index 5e8f1a31..a21cb994 100644
---- a/src/ms_adpcm.c
-+++ b/src/ms_adpcm.c
-@@ -128,8 +128,14 @@ wavlike_msadpcm_init	(SF_PRIVATE *psf, int blockalign, int samplesperblock)
- 	if (psf->file.mode == SFM_WRITE)
- 		samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
- 
--	if (blockalign < 7 * psf->sf.channels)
--	{	psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
-+	/* There's 7 samples per channel in the preamble of each block */
-+	if (samplesperblock < 7 * psf->sf.channels)
-+	{	psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
-+		return SFE_INTERNAL ;
-+		} ;
-+
-+	if (2 * blockalign < samplesperblock * psf->sf.channels)
-+	{	psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
- 		return SFE_INTERNAL ;
- 		} ;
- 
--- 
-2.20.1
-
diff --git a/package/libsndfile/libsndfile.hash b/package/libsndfile/libsndfile.hash
index 14dfe823f9..67d10d03c4 100644
--- a/package/libsndfile/libsndfile.hash
+++ b/package/libsndfile/libsndfile.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256  a8cfb1c09ea6e90eff4ca87322d4168cdbe5035cb48717b40bf77e751cc02163  libsndfile-1.0.31.tar.bz2
+sha256  0f98e101c0f7c850a71225fb5feaf33b106227b3d331333ddc9bacee190bcf41  libsndfile-1.1.0.tar.xz
 # Locally calculated
 sha256  ad01ea5cd2755f6048383c8d54c88459cd6fcb17757c5c8892f8c5ea060f6140  COPYING
diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk
index ed9e8e3d14..12a6601b6b 100644
--- a/package/libsndfile/libsndfile.mk
+++ b/package/libsndfile/libsndfile.mk
@@ -4,20 +4,14 @@
 #
 ################################################################################
 
-LIBSNDFILE_VERSION = 1.0.31
-LIBSNDFILE_SOURCE = libsndfile-$(LIBSNDFILE_VERSION).tar.bz2
+LIBSNDFILE_VERSION = 1.1.0
+LIBSNDFILE_SOURCE = libsndfile-$(LIBSNDFILE_VERSION).tar.xz
 LIBSNDFILE_SITE = https://github.com/libsndfile/libsndfile/releases/download/$(LIBSNDFILE_VERSION)
 LIBSNDFILE_INSTALL_STAGING = YES
 LIBSNDFILE_LICENSE = LGPL-2.1+
 LIBSNDFILE_LICENSE_FILES = COPYING
 LIBSNDFILE_CPE_ID_VENDOR = libsndfile_project
 
-# 0001-ms_adpcm-Fix-and-extend-size-checks.patch
-LIBSNDFILE_IGNORE_CVES += CVE-2021-3246
-
-# disputed, https://github.com/erikd/libsndfile/issues/398
-LIBSNDFILE_IGNORE_CVES += CVE-2018-13419
-
 LIBSNDFILE_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
 LIBSNDFILE_CONF_OPTS = \
 	--disable-sqlite \

More information about the buildroot mailing list