Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
alpine
aports
Commits
b5b80b2b
Commit
b5b80b2b
authored
Jan 31, 2019
by
Leonardo Arena
Browse files
main/wavpack: security fixes (CVE-2018-19840, CVE-2018-19841)
Fixes
#9917
parent
c05d87b3
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
63 additions
and
2 deletions
+63
-2
main/wavpack/APKBUILD
main/wavpack/APKBUILD
+9
-2
main/wavpack/CVE-2018-19840.patch
main/wavpack/CVE-2018-19840.patch
+25
-0
main/wavpack/CVE-2018-19841.patch
main/wavpack/CVE-2018-19841.patch
+29
-0
No files found.
main/wavpack/APKBUILD
View file @
b5b80b2b
...
...
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
wavpack
pkgver
=
5.1.0
pkgrel
=
2
pkgrel
=
3
pkgdesc
=
"Audio compression format with lossless, lossy, and hybrid compression modes"
url
=
"http://www.wavpack.com/"
arch
=
"all"
...
...
@@ -16,10 +16,15 @@ source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2
CVE-2018-7254.patch
CVE-2018-10536_10537.patch
CVE-2018-10538_10539_10540.patch
CVE-2018-19840.patch
CVE-2018-19841.patch
"
builddir
=
"
$srcdir
"
/
$pkgname
-
$pkgver
# secfixes:
# 5.1.0-r3:
# - CVE-2018-19840
# - CVE-2018-19841
# 5.1.0-r2:
# - CVE-2018-10536
# - CVE-2018-10537
...
...
@@ -72,4 +77,6 @@ sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f4
6e8bdb2a1fa1445de7778226bf4db35efa96f6455be3f2c52bd56dc567eba8eeba9a0140965816c2dc340abcdcb966dc6fd647345e419fde3dceba2a512e5395 CVE-2018-7253.patch
8745e1d3b97df6bdc2844c6731c1079afce8aee6cd3ad39557c8442687f80d2e2b278fd5277e35f7793de3035a7923be69a248dd7ab2cae66d92ea43905dae60 CVE-2018-7254.patch
fd7ff58c53f9b4cec335e36017c5b1709c5526a2d44a54dfbeb050ea303997418d1fa312ebe39f521a35a6f2151b8a0f5845ee9bf6bbda22bef036e9fc0166a5 CVE-2018-10536_10537.patch
a59eff2a8f47d4383f33667e7737f5e2e639778b367340169f1c5d6335c8948cfd8e1a7554e8b6c05a59d80a04048cf137c0f4fdfd88d2d88757404d3dac31ee CVE-2018-10538_10539_10540.patch"
a59eff2a8f47d4383f33667e7737f5e2e639778b367340169f1c5d6335c8948cfd8e1a7554e8b6c05a59d80a04048cf137c0f4fdfd88d2d88757404d3dac31ee CVE-2018-10538_10539_10540.patch
67d02dd744c638d126cf5a894d1ff2c39726bd4d3771ef7410ea782e5c9a0f9341909432bd4bea9b8959891c38699601c1aac2da6e0eaddaa5a4d679e7f58dd2 CVE-2018-19840.patch
dba007fa8cb2537b6f6c8ee559a98e501e948260ce7e7af7d3fdc8c9145bbbbf85c8fed8030de354459c4b08d3015a0ea769a948636bdfd66e567c0a2d2493c6 CVE-2018-19841.patch"
main/wavpack/CVE-2018-19840.patch
0 → 100644
View file @
b5b80b2b
From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Thu, 29 Nov 2018 21:00:42 -0800
Subject: [PATCH] issue #53: error out on zero sample rate
---
src/pack_utils.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/pack_utils.c b/src/pack_utils.c
index 2253f0d..2a83497 100644
--- a/src/pack_utils.c
+++ b/src/pack_utils.c
@@ -195,6 +195,11 @@
int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
int num_chans = config->num_channels;
int i;
+ if (!config->sample_rate) {
+ strcpy (wpc->error_message, "sample rate cannot be zero!");
+ return FALSE;
+ }
+
wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {
main/wavpack/CVE-2018-19841.patch
0 → 100644
View file @
b5b80b2b
From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Thu, 29 Nov 2018 21:53:51 -0800
Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
---
src/open_utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/open_utils.c b/src/open_utils.c
index 80051fc..4fe0d67 100644
--- a/src/open_utils.c
+++ b/src/open_utils.c
@@ -1258,13 +1258,13 @@
int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
#endif
if (meta_bc == 4) {
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
return FALSE;
}
else {
csum ^= csum >> 16;
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
return FALSE;
}
algitbot
@root
mentioned in issue
#9917 (closed)
·
Jul 12, 2019
mentioned in issue
#9917 (closed)
mentioned in issue #9917
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
