| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_gcc6.patch | Fix FTBFS with GCC 6 | Michael Schwendt <mschwendt@fedoraproject.org> | no | debian | vendor, https://github.com/mpruett/audiofile/pull/27 | |
| 02_hurd.patch | Remove usage of PATH_MAX in tests to fix FTBFS on Hurd. jcowgill: Removed Changelog changes | Pino Toscano <toscano.pino@tiscali.it> | yes | debian upstream | backport, https://github.com/mpruett/audiofile/commit/34c261034f1193a783196618f0052112e00fbcfe | |
| 03_CVE-2015-7747.patch | fix buffer overflow when changing both sample format and number of channels | no | debian | https://github.com/mpruett/audiofile/pull/25 | ||
| 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch | clamp index values to fix index overflow in IMA.cpp This fixes #33 (also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026981 and https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/) |
Antonio Larrosa <larrosa@kde.org> | no | 2017-03-06 | ||
| 05_Always-check-the-number-of-coefficients.patch | Always check the number of coefficients When building the library with NDEBUG, asserts are eliminated so it's better to always check that the number of coefficients is inside the array range. This fixes the 00191-audiofile-indexoob issue in #41 |
Antonio Larrosa <larrosa@kde.org> | no | 2017-03-06 | ||
| 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch | Check for multiplication overflow in MSADPCM decodeSample Check for multiplication overflow (using __builtin_mul_overflow if available) in MSADPCM.cpp decodeSample and return an empty decoded block if an error occurs. This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41 |
Antonio Larrosa <larrosa@kde.org> | no | 2017-03-06 | ||
| 07_Check-for-multiplication-overflow-in-sfconvert.patch | Check for multiplication overflow in sfconvert Checks that a multiplication doesn't overflow when calculating the buffer size, and if it overflows, reduce the buffer size instead of failing. This fixes the 00192-audiofile-signintoverflow-sfconvert case in #41 |
Antonio Larrosa <larrosa@kde.org> | no | 2017-03-06 | ||
| 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch | Fix signature of multiplyCheckOverflow. It returns a bool, not an int | Antonio Larrosa <larrosa@kde.org> | no | 2017-03-10 | ||
| 09_Actually-fail-when-error-occurs-in-parseFormat.patch | Actually fail when error occurs in parseFormat When there's an unsupported number of bits per sample or an invalid number of samples per block, don't only print an error message using the error handler, but actually stop parsing the file. This fixes #35 (also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/ ) |
Antonio Larrosa <larrosa@kde.org> | no | 2017-03-06 | ||
| 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch | Check for division by zero in BlockCodec::runPull | Antonio Larrosa <larrosa@kde.org> | no | 2017-03-09 | ||
| 11_CVE-2018-13440.patch | [PATCH] ModuleState: handle compress/decompress init failure When the unit initcompress or initdecompress function fails, m_fileModule is NULL. Return AF_FAIL in that case instead of causing NULL pointer dereferences later. Fixes #49 |
Wim Taymans <wtaymans@redhat.com> | no | 2018-09-27 | ||
| 12_CVE-2018-17095.patch | [PATCH] SimpleModule: set output chunk framecount after pull After pulling the data, set the output chunk to the amount of frames we pulled so that the next module in the chain has the correct frame count. Fixes #50 and #51 |
Wim Taymans <wtaymans@redhat.com> | no | 2018-09-27 |