diff --git a/SOURCES/audiofile-0.3.6-CVE-2022-24599.patch b/SOURCES/audiofile-0.3.6-CVE-2022-24599.patch new file mode 100644 index 0000000..18237d0 --- /dev/null +++ b/SOURCES/audiofile-0.3.6-CVE-2022-24599.patch @@ -0,0 +1,45 @@ +diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c +index 60e6947..f5cf925 100644 +--- a/sfcommands/printinfo.c ++++ b/sfcommands/printinfo.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + static char *copyrightstring (AFfilehandle file); + +@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file) + int i, misccount; + + misccount = afGetMiscIDs(file, NULL); +- miscids = (int *) malloc(sizeof (int) * misccount); ++ if(!misccount) ++ return NULL; ++ miscids = (int *) calloc(misccount, sizeof(int)); ++ if(!miscids) ++ return NULL; + afGetMiscIDs(file, miscids); + + for (i=0; i= INT_MAX -1 ) { ++ goto error; ++ } ++ char *data = (char *) calloc(datasize + 1, 1); + afReadMisc(file, miscids[i], data, datasize); + copyright = data; + break; + } +- ++error: + free(miscids); + + return copyright; diff --git a/SPECS/audiofile.spec b/SPECS/audiofile.spec index fa096d4..b201364 100644 --- a/SPECS/audiofile.spec +++ b/SPECS/audiofile.spec @@ -3,10 +3,10 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 30%{?dist} +Release: 36%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README -License: LGPLv2+ and GPLv2+ +License: LGPL-2.1-or-later and GPL-2.0-or-later Source: http://audiofile.68k.org/%{name}-%{version}.tar.gz URL: http://audiofile.68k.org/ BuildRequires: gcc-c++ @@ -30,6 +30,7 @@ Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch Patch9: integer-overflow.patch +Patch10: audiofile-0.3.6-CVE-2022-24599.patch %description The Audio File library is an implementation of the Audio File Library @@ -50,17 +51,17 @@ other resources you can use to develop Audio File applications. %prep %setup -q -%patch0 -p1 -b .CVE-2015-7747 -%patch1 -p1 -b .left-shift-neg -%patch2 -p1 -b .narrowing-conversion -%patch3 -p1 -b .pull42 -%patch4 -p1 -b .pull43 -%patch5 -p1 -b .pull44 -%patch6 -p1 -b .CVE-2018-17095 -%patch7 -p1 -b .CVE-2018-13440 -%patch8 -p1 -b .CVE-2018-13440 -%patch9 -p1 -b .integer-overflow - +%patch -P 0 -p1 -b .CVE-2015-7747 +%patch -P 1 -p1 -b .left-shift-neg +%patch -P 2 -p1 -b .narrowing-conversion +%patch -P 3 -p1 -b .pull42 +%patch -P 4 -p1 -b .pull43 +%patch -P 5 -p1 -b .pull44 +%patch -P 6 -p1 -b .CVE-2018-17095 +%patch -P 7 -p1 -b .CVE-2018-13440 +%patch -P 8 -p1 -b .CVE-2018-13440 +%patch -P 9 -p1 -b .integer-overflow +%patch -P 10 -p1 -b .CVE-2022-24599 %build %configure --disable-rpath @@ -75,10 +76,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfconvert chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo -%check -%if %{make_check} -make check -%endif +#%check +#%if %{make_check} +#make check +#%endif %ldconfig_scriptlets @@ -100,9 +101,27 @@ make check %{_mandir}/man3/* %changelog -* Wed Jul 26 2023 Arkady L. Shane - 1:0.3.6-30 +* Mon Nov 13 2023 Gwyn Ciesla - 1:0.3.6-36 +Patch for CVE-2022-24599 + +* Wed Jul 26 2023 Arkady L. Shane - 1:0.3.6-35 - Rebuilt for MSVSphere 9.2 +* Wed Jul 19 2023 Fedora Release Engineering - 1:0.3.6-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Mar 02 2023 Gwyn Ciesla - 1:0.3.6-34 +- migrated to SPDX license + +* Wed Jan 18 2023 Fedora Release Engineering - 1:0.3.6-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Sep 13 2022 Michel Alexandre Salim - 1:0.3.6-32 +- Rebuilt for flac 1.4.0 + +* Wed Jul 20 2022 Fedora Release Engineering - 1:0.3.6-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Wed Jan 19 2022 Fedora Release Engineering - 1:0.3.6-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild