Merge and update to 0.3.6-36

1 year ago · f4a1f81299
parent e2ba5edb8d a5e3eb5c45
commit f4a1f81299
2 changed files with 82 additions and 18 deletions
--- a/SOURCES/audiofile-0.3.6-CVE-2022-24599.patch
+++ b/SOURCES/audiofile-0.3.6-CVE-2022-24599.patch
@ -0,0 +1,45 @@
+diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c
+index 60e6947..f5cf925 100644
+--- a/sfcommands/printinfo.c
+++ b/sfcommands/printinfo.c
+@@ -37,6 +37,7 @@
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+#include <limits.h>
+
+ static char *copyrightstring (AFfilehandle file);
+
+@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file)
+ 	int		i, misccount;
+
+ 	misccount = afGetMiscIDs(file, NULL);
+-	miscids = (int *) malloc(sizeof (int) * misccount);
+	if(!misccount)
+		return NULL;
+	miscids = (int *) calloc(misccount, sizeof(int));
+	if(!miscids)
+		return NULL;
+ 	afGetMiscIDs(file, miscids);
+
+ 	for (i=0; i<misccount; i++)
+@@ -159,13 +164,16 @@ static char *copyrightstring (AFfilehandle file)
+ 			If this code executes, the miscellaneous chunk is a
+ 			copyright chunk.
+ 		*/
+-		int datasize = afGetMiscSize(file, miscids[i]);
+-		char *data = (char *) malloc(datasize);
+		size_t datasize = afGetMiscSize(file, miscids[i]);
+		if(datasize >= INT_MAX -1 ) {
+			goto error;
+		}
+		char *data = (char *) calloc(datasize + 1, 1);
+ 		afReadMisc(file, miscids[i], data, datasize);
+ 		copyright = data;
+ 		break;
+ 	}
+-
+error:
+ 	free(miscids);
+
+ 	return copyright;
--- a/SPECS/audiofile.spec
+++ b/SPECS/audiofile.spec
@ -3,10 +3,10 @@
 Summary: Library for accessing various audio file formats
 Name: audiofile
 Version: 0.3.6
-Release: 30%{?dist}
+Release: 36%{?dist}
 Epoch: 1
 # library is LGPL / the two programs GPL / see README
-License: LGPLv2+ and GPLv2+
+License: LGPL-2.1-or-later and GPL-2.0-or-later
 Source: http://audiofile.68k.org/%{name}-%{version}.tar.gz
 URL: http://audiofile.68k.org/
 BuildRequires:  gcc-c++
@ -30,6 +30,7 @@ Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch
 Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch
 Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch
 Patch9: integer-overflow.patch
+Patch10: audiofile-0.3.6-CVE-2022-24599.patch

 %description
 The Audio File library is an implementation of the Audio File Library
@ -50,17 +51,17 @@ other resources you can use to develop Audio File applications.

 %prep
 %setup -q
-%patch0 -p1 -b .CVE-2015-7747
-%patch1 -p1 -b .left-shift-neg
-%patch2 -p1 -b .narrowing-conversion
-%patch3 -p1 -b .pull42
-%patch4 -p1 -b .pull43
-%patch5 -p1 -b .pull44
-%patch6 -p1 -b .CVE-2018-17095
-%patch7 -p1 -b .CVE-2018-13440
-%patch8 -p1 -b .CVE-2018-13440
-%patch9 -p1 -b .integer-overflow
-
+%patch -P 0 -p1 -b .CVE-2015-7747
+%patch -P 1 -p1 -b .left-shift-neg
+%patch -P 2 -p1 -b .narrowing-conversion
+%patch -P 3 -p1 -b .pull42
+%patch -P 4 -p1 -b .pull43
+%patch -P 5 -p1 -b .pull44
+%patch -P 6 -p1 -b .CVE-2018-17095
+%patch -P 7 -p1 -b .CVE-2018-13440
+%patch -P 8 -p1 -b .CVE-2018-13440
+%patch -P 9 -p1 -b .integer-overflow
+%patch -P 10 -p1 -b .CVE-2022-24599

 %build
 %configure --disable-rpath
@ -75,10 +76,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfconvert
 chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo

-%check
-%if %{make_check}
-make check
-%endif
+#%check
+#%if %{make_check}
+#make check
+#%endif


 %ldconfig_scriptlets
@ -100,9 +101,27 @@ make check
 %{_mandir}/man3/*

 %changelog
-* Wed Jul 26 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 1:0.3.6-30
+* Mon Nov 13 2023 Gwyn Ciesla <gwync@protonmail.com> - 1:0.3.6-36
+Patch for CVE-2022-24599
+
+* Wed Jul 26 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 1:0.3.6-35
 - Rebuilt for MSVSphere 9.2

+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-35
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Mar 02 2023 Gwyn Ciesla <gwync@protonmail.com> - 1:0.3.6-34
+- migrated to SPDX license
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Sep 13 2022 Michel Alexandre Salim <salimma@fedoraproject.org> - 1:0.3.6-32
+- Rebuilt for flac 1.4.0
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
 * Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-30
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild