Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F146093916
D14552.id39851.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
D14552.id39851.diff
View Options
Index: audio/libsndfile/Makefile
===================================================================
--- audio/libsndfile/Makefile
+++ audio/libsndfile/Makefile
@@ -3,6 +3,7 @@
PORTNAME= libsndfile
PORTVERSION= 1.0.28
+PORTREVISION= 1
CATEGORIES= audio
MASTER_SITES= http://www.mega-nerd.com/libsndfile/files/
@@ -10,6 +11,7 @@
COMMENT= Reading and writing files containing sampled sound (like WAV or AIFF)
LICENSE= LGPL21
+LICENSE_FILE= ${WRKSRC}/COPYING
USES= cpe gmake libtool localbase pkgconfig
CPE_VENDOR= ${CPE_PRODUCT}_project
Index: audio/libsndfile/files/patch-src_aiff.c
===================================================================
--- /dev/null
+++ audio/libsndfile/files/patch-src_aiff.c
@@ -0,0 +1,19 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+--- src/aiff.c.orig 2017-04-01 07:18:02 UTC
++++ src/aiff.c
+@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+ psf_binheader_readf (psf, "j", dword - bytesread) ;
+
+ if (map_info->channel_map != NULL)
+- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+
+ free (psf->channel_map) ;
+
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Feb 28, 6:29 PM (1 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29078680
Default Alt Text
D14552.id39851.diff (1 KB)
Attached To
Mode
D14552: audio/libsndfile: Fix for CVE-2017-6982
Attached
Detach File
Event Timeline
Log In to Comment