commit audiofile for openSUSE:Factory
Hello community, here is the log from the commit of package audiofile for openSUSE:Factory checked in at 2015-10-30 16:34:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/audiofile (Old) and /work/SRC/openSUSE:Factory/.audiofile.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "audiofile" Changes: -------- --- /work/SRC/openSUSE:Factory/audiofile/audiofile.changes 2014-08-20 17:53:51.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.audiofile.new/audiofile.changes 2015-10-30 16:34:32.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Oct 22 16:40:50 CEST 2015 - sbrabec@suse.com + +- Fix overflow when changing both number of channels and sample + format (bsc#949399, CVE-2015-7747, + audiofile-CVE-2015-7747.patch). + +------------------------------------------------------------------- New: ---- audiofile-CVE-2015-7747.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ audiofile.spec ++++++ --- /var/tmp/diff_new_pack.7M28rW/_old 2015-10-30 16:34:33.000000000 +0100 +++ /var/tmp/diff_new_pack.7M28rW/_new 2015-10-30 16:34:33.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package audiofile # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,8 @@ Url: http://www.68k.org/~michael/audiofile/ Source: http://download.gnome.org/sources/audiofile/0.3/%{name}-%{version}.tar.xz Source2: baselibs.conf +# PATCH-FIX-SECURITY audiofile-CVE-2015-7747.patch bsc949399 CVE-2015-7747 sbrabec@suse.com -- Fix overflow when changing both number of channels and sample format https://github.com/mpruett/audiofile/pull/25/files https://github.com/mpruett/audiofile/pull/25.patch +Patch: audiofile-CVE-2015-7747.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -93,6 +95,7 @@ %prep %setup -q +%patch -p1 %build autoreconf -fi ++++++ audiofile-CVE-2015-7747.patch ++++++
From 4234a11442e673e4b96c4b0a9e707dcb15b01497 Mon Sep 17 00:00:00 2001 From: Fabrizio Gennari
Date: Thu, 1 Oct 2015 22:51:14 +0200 Subject: [PATCH 1/2] Do not corrupt files when changing both number of channels and sample format
--- libaudiofile/modules/ModuleState.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp index f76c495..0c29d7a 100644 --- a/libaudiofile/modules/ModuleState.cpp +++ b/libaudiofile/modules/ModuleState.cpp @@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle file, Track *track) addModule(new Transform(outfc, in.pcm, out.pcm)); if (in.channelCount != out.channelCount) - addModule(new ApplyChannelMatrix(infc, isReading, + addModule(new ApplyChannelMatrix(outfc, isReading, in.channelCount, out.channelCount, in.pcm.minClip, in.pcm.maxClip, track->channelMatrix));
From 1debf51f3a89d44c0bd46e7bc45c07342087dd7c Mon Sep 17 00:00:00 2001 From: Fabrizio Gennari
Date: Sun, 4 Oct 2015 01:14:00 +0200 Subject: [PATCH 2/2] Add a test case for conversion of both sample format and number of channels
This patch contains the testcase backport to version 0.3.6.
Author: Stanislav Brabec
participants (1)
-
root@hilbert.suse.de