Debian Patches

Status for audiofile/0.3.6-5

Patch Description Author Forwarded Bugs Origin Last update
01_gcc6.patch Fix FTBFS with GCC 6 Michael Schwendt <mschwendt@fedoraproject.org> no debian vendor, https://github.com/mpruett/audiofile/pull/27
02_hurd.patch Remove usage of PATH_MAX in tests to fix FTBFS on Hurd. jcowgill: Removed Changelog changes Pino Toscano <toscano.pino@tiscali.it> yes debian upstream backport, https://github.com/mpruett/audiofile/commit/34c261034f1193a783196618f0052112e00fbcfe
03_CVE-2015-7747.patch fix buffer overflow when changing both sample format and number of channels no debian https://github.com/mpruett/audiofile/pull/25
04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch clamp index values to fix index overflow in IMA.cpp
This fixes #33
(also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026981
and https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/)
Antonio Larrosa <larrosa@kde.org> no 2017-03-06
05_Always-check-the-number-of-coefficients.patch Always check the number of coefficients
When building the library with NDEBUG, asserts are eliminated
so it's better to always check that the number of coefficients
is inside the array range.

This fixes the 00191-audiofile-indexoob issue in #41
Antonio Larrosa <larrosa@kde.org> no 2017-03-06
06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch Check for multiplication overflow in MSADPCM decodeSample
Check for multiplication overflow (using __builtin_mul_overflow
if available) in MSADPCM.cpp decodeSample and return an empty
decoded block if an error occurs.

This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41
Antonio Larrosa <larrosa@kde.org> no 2017-03-06
07_Check-for-multiplication-overflow-in-sfconvert.patch Check for multiplication overflow in sfconvert
Checks that a multiplication doesn't overflow when
calculating the buffer size, and if it overflows,
reduce the buffer size instead of failing.

This fixes the 00192-audiofile-signintoverflow-sfconvert case
in #41
Antonio Larrosa <larrosa@kde.org> no 2017-03-06
08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch Fix signature of multiplyCheckOverflow. It returns a bool, not an int Antonio Larrosa <larrosa@kde.org> no 2017-03-10
09_Actually-fail-when-error-occurs-in-parseFormat.patch Actually fail when error occurs in parseFormat
When there's an unsupported number of bits per sample or an invalid
number of samples per block, don't only print an error message using
the error handler, but actually stop parsing the file.

This fixes #35 (also reported at
https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
)
Antonio Larrosa <larrosa@kde.org> no 2017-03-06
10_Check-for-division-by-zero-in-BlockCodec-runPull.patch Check for division by zero in BlockCodec::runPull Antonio Larrosa <larrosa@kde.org> no 2017-03-09
11_CVE-2018-13440.patch [PATCH] ModuleState: handle compress/decompress init failure
When the unit initcompress or initdecompress function fails,
m_fileModule is NULL. Return AF_FAIL in that case instead of
causing NULL pointer dereferences later.

Fixes #49
Wim Taymans <wtaymans@redhat.com> no 2018-09-27
12_CVE-2018-17095.patch [PATCH] SimpleModule: set output chunk framecount after pull
After pulling the data, set the output chunk to the amount of
frames we pulled so that the next module in the chain has the correct
frame count.

Fixes #50 and #51
Wim Taymans <wtaymans@redhat.com> no 2018-09-27

All known versions for source package 'audiofile'

Links