From unknown Fri Jun 20 07:24:22 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#26739: [PATCH 1/1] gnu: libsndfile: Fix CVE-2017-{8361,8362,8363,8365}.
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 01 May 2017 18:28:02 +0000
Resent-Message-ID: <handler.26739.B.1493663228375@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 26739
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 26739@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.1493663228375
          (code B ref -1); Mon, 01 May 2017 18:28:02 +0000
Received: (at submit) by debbugs.gnu.org; 1 May 2017 18:27:08 +0000
Received: from localhost ([127.0.0.1]:49906 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1d5G2J-00005u-KZ
	for submit@debbugs.gnu.org; Mon, 01 May 2017 14:27:08 -0400
Received: from eggs.gnu.org ([208.118.235.92]:58627)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1d5G2F-00005M-Ha
 for submit@debbugs.gnu.org; Mon, 01 May 2017 14:27:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1d5G28-00026Z-H8
 for submit@debbugs.gnu.org; Mon, 01 May 2017 14:26:54 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:59408)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1d5G28-00026V-CS
 for submit@debbugs.gnu.org; Mon, 01 May 2017 14:26:52 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49584)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1d5G26-0000N1-Lb
 for guix-patches@gnu.org; Mon, 01 May 2017 14:26:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1d5G23-000257-6N
 for guix-patches@gnu.org; Mon, 01 May 2017 14:26:50 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:50203)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1d5G22-00024v-Qx
 for guix-patches@gnu.org; Mon, 01 May 2017 14:26:47 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id A9265209DB;
 Mon,  1 May 2017 14:26:44 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Mon, 01 May 2017 14:26:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:message-id:subject:to:x-me-sender:x-me-sender
 :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=VaQprpMgQeoZ60OqO844tgBPV25
 U5P5npAtCAX9BOJM=; b=Z82eOxAMLc0irsNksq5cvtJHIzMGDpZXRrs3xsDZQtD
 zo6YdCkDbXltqNLinx/rMMgfSM6HNqQmRkOmWD+P4Sz1F5eUG+1bxbvlI4lpPgks
 YZL4Q9pHfyLrYptNRFxdqx2lLBzgkzNfzuv1oLT6tqkOss4jAzQjEAX+8BK6zO4o
 =
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=VaQprp
 MgQeoZ60OqO844tgBPV25U5P5npAtCAX9BOJM=; b=DuBmYVMJdQ9m1OP+TK6q70
 tXFMO7VoTLPMMQeWYy9W2QhuG80CJizILD422EYK/UvGHk0MMpFL9Ib+dQcrNfX2
 jDXOu4ZOndkeFUjoLilYnpxcBnmLZD+z1MHej1jxyeRYhJoGKZaFXTHWu95zzhzO
 UrbpEZNKgu35No0akIWXjUtseEe3aGGdKDvzKA7e8LMN+L73F3deLZP+du1z8Vqp
 nuwioBZBOEMJukRNRl5xZ2dKhrmXm0etOXWkKUb91HNiibXaQjGqMPtM1kyd6d6B
 j6/gRdwitFI0LXigeoWIGuuxtviwxSH/P8Dv5UvKMwnw27a27zQLMyQ9gsMK1anA
 ==
X-ME-Sender: <xms:5H0HWZraUAZdRMaT-cpQMGrrC__rznimhMbvtP7YBuQHkQ7nMRxiNw>
X-Sasl-enc: qRuh0lLsEiQUrOhnSuOeNLiUpxAykBggDnWmRNcteAQE 1493663204
Received: from localhost.localdomain (c-73-165-108-70.hsd1.pa.comcast.net
 [73.165.108.70])
 by mail.messagingengine.com (Postfix) with ESMTPA id 517F07E72B
 for <guix-patches@gnu.org>; Mon,  1 May 2017 14:26:44 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
Date: Mon,  1 May 2017 14:26:43 -0400
Message-Id: <b592ba5a9a3a33b2329cedf17db6ea209f360f91.1493663203.git.leo@famulari.name>
X-Mailer: git-send-email 2.12.2
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.1 (----)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -4.1 (----)

* gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch,
gnu/packages/patches/libsndfile-CVE-2017-8362.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
[libsndfile/fixed]: Use them.
---
 gnu/local.mk                                       |  2 +
 .../libsndfile-CVE-2017-8361-8363-8365.patch       | 77 ++++++++++++++++++++++
 .../patches/libsndfile-CVE-2017-8362.patch         | 61 +++++++++++++++++
 gnu/packages/pulseaudio.scm                        | 13 ++++
 4 files changed, 153 insertions(+)
 create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
 create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8362.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f5574ecd8..52000a2c5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -719,6 +719,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
+  %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
+  %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
   %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
   %D%/packages/patches/libtar-CVE-2013-4420.patch \
   %D%/packages/patches/libtheora-config-guess.patch		\
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
new file mode 100644
index 000000000..5f63231af
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
@@ -0,0 +1,77 @@
+Fix CVE-2017-{8361,8363,8365}:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8361
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8363
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8365
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8362.patch b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
new file mode 100644
index 000000000..5fc52a377
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
@@ -0,0 +1,61 @@
+Fix CVE-2017-8362:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
+
+From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Fri, 14 Apr 2017 15:19:16 +1000
+Subject: [PATCH] src/flac.c: Fix a buffer read overflow
+
+A file (generated by a fuzzer) which increased the number of channels
+from one frame to the next could cause a read beyond the end of the
+buffer provided by libFLAC. Only option is to abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/231
+---
+ src/flac.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/flac.c b/src/flac.c
+index 5a4f8c21..e4f9aaa0 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const int32_t* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset, channels, len ;
+ 
++	if (psf->sf.channels != (int) frame->header.channels)
++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++									"Nothing to do but to error out.\n" ,
++									psf->sf.channels, frame->header.channels) ;
++		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++		return 0 ;
++		} ;
++
+ 	/*
+ 	**	frame->header.blocksize is variable and we're using a constant blocksize
+ 	**	of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		return 0 ;
+ 		} ;
+ 
+-
+ 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
+ 
+ 	if (pflac->remain % channels != 0)
+@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
+ 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+-									"Nothing to be but to error out.\n" ,
++									"Nothing to do but to error out.\n" ,
+ 									psf->sf.channels, metadata->data.stream_info.channels) ;
+ 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ 				return ;
+-- 
+2.12.2
+
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index c52f265cc..92ebe6f3e 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -45,6 +45,7 @@
 (define-public libsndfile
   (package
     (name "libsndfile")
+    (replacement libsndfile/fixed)
     (version "1.0.28")
     (source (origin
              (method url-fetch)
@@ -76,6 +77,18 @@ SPARC.  Hopefully the design of the library will also make it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
+(define libsndfile/fixed
+  (package
+    (inherit libsndfile)
+    (source
+      (origin
+        (inherit (package-source libsndfile))
+        (patches
+          (append
+            (origin-patches (package-source libsndfile))
+            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
+                            "libsndfile-CVE-2017-8362.patch")))))))
+
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
-- 
2.12.2





From unknown Fri Jun 20 07:24:22 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#26739: [PATCH 1/1] gnu: libsndfile: Fix CVE-2017-{8361, 8362, 8363, 8365}.
Resent-From: Kei Kebreau <kei@openmailbox.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 01 May 2017 19:21:02 +0000
Resent-Message-ID: <handler.26739.B26739.14936664545038@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 26739
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Leo Famulari <leo@famulari.name>
Cc: 26739@debbugs.gnu.org
Received: via spool by 26739-submit@debbugs.gnu.org id=B26739.14936664545038
          (code B ref 26739); Mon, 01 May 2017 19:21:02 +0000
Received: (at 26739) by debbugs.gnu.org; 1 May 2017 19:20:54 +0000
Received: from localhost ([127.0.0.1]:49937 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1d5GsP-0001JA-Jh
	for submit@debbugs.gnu.org; Mon, 01 May 2017 15:20:54 -0400
Received: from lb1.openmailbox.org ([5.79.108.160]:35342
 helo=mail.openmailbox.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kei@openmailbox.org>) id 1d5GsK-0001Ix-AP
 for 26739@debbugs.gnu.org; Mon, 01 May 2017 15:20:52 -0400
Received: by mail.openmailbox.org (Postfix, from userid 20002)
 id 0961D50FC9F; Mon,  1 May 2017 21:20:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1493666447;
 bh=gUAsUAlNohiX/IMi2WFCTYvztXECG1dJj2T0IJkGpFw=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
 b=quIFkPpBnBbWp2kKMbejLxcDhna0lSzAOBQaEhtUeqSOSTFJWbF5TyRMHluT/L0UJ
 xekfDAbjsfEppw3nyIqlpKMIh400SPXZ1361Rru6Ec5BQhTslDxqDqAq4wFJQSs10D
 CMk1DyTTsH+ZNbhh4p6/RjhJgNM3I7/N9XaK9MNI=
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR002
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS,
 T_DKIM_INVALID,URIBL_BLOCKED autolearn=disabled version=3.4.0
From: Kei Kebreau <kei@openmailbox.org>
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1493666446;
 bh=gUAsUAlNohiX/IMi2WFCTYvztXECG1dJj2T0IJkGpFw=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
 b=EgLQ31ap6hez9/+DeFLI+FANfjELBiBXkNXCqCHxRzkJ/PPLcErAoEEy/Ic9R6lw0
 HLRmjTanmgusSSAk3GDOtSOWq4FQdCbQ1dHTE2hbJLEFkk00u0CACrkhZXHej3tblc
 jhJI84YuoEI+BQ9NagK4r3qIxs0SNrGfaGKJu89k=
In-Reply-To: <b592ba5a9a3a33b2329cedf17db6ea209f360f91.1493663203.git.leo@famulari.name>
 (Leo Famulari's message of "Mon, 1 May 2017 14:26:43 -0400")
References: <b592ba5a9a3a33b2329cedf17db6ea209f360f91.1493663203.git.leo@famulari.name>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
Date: Mon, 01 May 2017 15:20:39 -0400
Message-ID: <87ziewidtk.fsf@openmailbox.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: -2.8 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.8 (--)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Leo Famulari <leo@famulari.name> writes:

> * gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch,
> gnu/packages/patches/libsndfile-CVE-2017-8362.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
> * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
> [libsndfile/fixed]: Use them.
> ---
>  gnu/local.mk                                       |  2 +
>  .../libsndfile-CVE-2017-8361-8363-8365.patch       | 77 ++++++++++++++++=
++++++
>  .../patches/libsndfile-CVE-2017-8362.patch         | 61 +++++++++++++++++
>  gnu/packages/pulseaudio.scm                        | 13 ++++
>  4 files changed, 153 insertions(+)
>  create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8361-8363-83=
65.patch
>  create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8362.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index f5574ecd8..52000a2c5 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -719,6 +719,8 @@ dist_patch_DATA =3D						\
>    %D%/packages/patches/libmad-frame-length.patch		\
>    %D%/packages/patches/libmad-mips-newgcc.patch			\
>    %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
> +  %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
> +  %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
>    %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
>    %D%/packages/patches/libtar-CVE-2013-4420.patch \
>    %D%/packages/patches/libtheora-config-guess.patch		\
> diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patc=
h b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
> new file mode 100644
> index 000000000..5f63231af
> --- /dev/null
> +++ b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
> @@ -0,0 +1,77 @@
> +Fix CVE-2017-{8361,8363,8365}:
> +
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-8361
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-8363
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-8365
> +
> +Patch copied from upstream source repository:
> +
> +https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8=
b857b385eb3
> +
> +From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
> +From: Erik de Castro Lopo <erikd@mega-nerd.com>
> +Date: Wed, 12 Apr 2017 19:45:30 +1000
> +Subject: [PATCH] FLAC: Fix a buffer read overrun
> +
> +Buffer read overrun occurs when reading a FLAC file that switches
> +from 2 channels to one channel mid-stream. Only option is to
> +abort the read.
> +
> +Closes: https://github.com/erikd/libsndfile/issues/230
> +---
> + src/common.h  |  1 +
> + src/flac.c    | 13 +++++++++++++
> + src/sndfile.c |  1 +
> + 3 files changed, 15 insertions(+)
> +
> +diff --git a/src/common.h b/src/common.h
> +index 0bd810c3..e2669b6a 100644
> +--- a/src/common.h
> ++++ b/src/common.h
> +@@ -725,6 +725,7 @@ enum
> + 	SFE_FLAC_INIT_DECODER,
> + 	SFE_FLAC_LOST_SYNC,
> + 	SFE_FLAC_BAD_SAMPLE_RATE,
> ++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
> + 	SFE_FLAC_UNKOWN_ERROR,
> +=20
> + 	SFE_WVE_NOT_WVE,
> +diff --git a/src/flac.c b/src/flac.c
> +index 84de0e26..986a7b8f 100644
> +--- a/src/flac.c
> ++++ b/src/flac.c
> +@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * =
UNUSED (decoder), const FLAC_
> +=20
> + 	switch (metadata->type)
> + 	{	case FLAC__METADATA_TYPE_STREAMINFO :
> ++			if (psf->sf.channels > 0 && psf->sf.channels !=3D (int) metadata->da=
ta.stream_info.channels)
> ++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d cha=
nnels\n"
> ++									"Nothing to be but to error out.\n" ,
> ++									psf->sf.channels, metadata->data.stream_info.channels) ;
> ++				psf->error =3D SFE_FLAC_CHANNEL_COUNT_CHANGED ;
> ++				return ;
> ++				} ;
> ++
> ++			if (psf->sf.channels > 0 && psf->sf.samplerate !=3D (int) metadata->=
data.stream_info.sample_rate)
> ++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates fr=
om %d to %d.\n"
> ++									"Carrying on as if nothing happened.",
> ++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
> ++				} ;
> + 			psf->sf.channels =3D metadata->data.stream_info.channels ;
> + 			psf->sf.samplerate =3D metadata->data.stream_info.sample_rate ;
> + 			psf->sf.frames =3D metadata->data.stream_info.total_samples ;
> +diff --git a/src/sndfile.c b/src/sndfile.c
> +index 41875610..e2a87be8 100644
> +--- a/src/sndfile.c
> ++++ b/src/sndfile.c
> +@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =3D
> + 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the =
flac decoder." },
> + 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
> + 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample=
 rate." },
> ++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid st=
ream." },
> + 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
> +=20
> + 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
> +--=20
> +2.12.2
> +
> diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8362.patch b/gnu/pa=
ckages/patches/libsndfile-CVE-2017-8362.patch
> new file mode 100644
> index 000000000..5fc52a377
> --- /dev/null
> +++ b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
> @@ -0,0 +1,61 @@
> +Fix CVE-2017-8362:
> +
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-8362
> +
> +Patch copied from upstream source repository:
> +
> +https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd6=
38a9c4cd808
> +
> +From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
> +From: Erik de Castro Lopo <erikd@mega-nerd.com>
> +Date: Fri, 14 Apr 2017 15:19:16 +1000
> +Subject: [PATCH] src/flac.c: Fix a buffer read overflow
> +
> +A file (generated by a fuzzer) which increased the number of channels
> +from one frame to the next could cause a read beyond the end of the
> +buffer provided by libFLAC. Only option is to abort the read.
> +
> +Closes: https://github.com/erikd/libsndfile/issues/231
> +---
> + src/flac.c | 11 +++++++++--
> + 1 file changed, 9 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/flac.c b/src/flac.c
> +index 5a4f8c21..e4f9aaa0 100644
> +--- a/src/flac.c
> ++++ b/src/flac.c
> +@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
> + 	const int32_t* const *buffer =3D pflac->wbuffer ;
> + 	unsigned i =3D 0, j, offset, channels, len ;
> +=20
> ++	if (psf->sf.channels !=3D (int) frame->header.channels)
> ++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channe=
ls\n"
> ++									"Nothing to do but to error out.\n" ,
> ++									psf->sf.channels, frame->header.channels) ;
> ++		psf->error =3D SFE_FLAC_CHANNEL_COUNT_CHANGED ;
> ++		return 0 ;
> ++		} ;
> ++
> + 	/*
> + 	**	frame->header.blocksize is variable and we're using a constant bloc=
ksize
> + 	**	of FLAC__MAX_BLOCK_SIZE.
> +@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
> + 		return 0 ;
> + 		} ;
> +=20
> +-
> + 	len =3D SF_MIN (pflac->len, frame->header.blocksize) ;
> +=20
> + 	if (pflac->remain % channels !=3D 0)
> +@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * U=
NUSED (decoder), const FLAC_
> + 	{	case FLAC__METADATA_TYPE_STREAMINFO :
> + 			if (psf->sf.channels > 0 && psf->sf.channels !=3D (int) metadata->da=
ta.stream_info.channels)
> + 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d cha=
nnels\n"
> +-									"Nothing to be but to error out.\n" ,
> ++									"Nothing to do but to error out.\n" ,
> + 									psf->sf.channels, metadata->data.stream_info.channels) ;
> + 				psf->error =3D SFE_FLAC_CHANNEL_COUNT_CHANGED ;
> + 				return ;
> +--=20
> +2.12.2
> +
> diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
> index c52f265cc..92ebe6f3e 100644
> --- a/gnu/packages/pulseaudio.scm
> +++ b/gnu/packages/pulseaudio.scm
> @@ -45,6 +45,7 @@
>  (define-public libsndfile
>    (package
>      (name "libsndfile")
> +    (replacement libsndfile/fixed)
>      (version "1.0.28")
>      (source (origin
>               (method url-fetch)
> @@ -76,6 +77,18 @@ SPARC.  Hopefully the design of the library will also =
make it easy to extend
>  for reading and writing new sound file formats.")
>      (license l:gpl2+)))
>=20=20
> +(define libsndfile/fixed
> +  (package
> +    (inherit libsndfile)
> +    (source
> +      (origin
> +        (inherit (package-source libsndfile))
> +        (patches
> +          (append
> +            (origin-patches (package-source libsndfile))
> +            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
> +                            "libsndfile-CVE-2017-8362.patch")))))))
> +
>  (define-public libsamplerate
>    (package
>      (name "libsamplerate")                     ; aka. Secret Rabbit Code=
 (SRC)

LGTM.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlkHiogACgkQ5qXuPBlG
eg1snw//T5Uak5xI2CH2mLlsl6mIVzXzki8+9rBLgu8/5hm00KD8ia5u9WnEcCbj
ShWiQ4hQ6QTSsIBvzAlnOx6bJUNGlGCt+jpBJfF4ySBJopiesYQbRS1jIK96q0Jq
lmZ4/aIFLyT8AqkQjpnovqCKHyXtYSIjiSGA4Zaac8CS63JojdKJ25CKcqONVMf0
Bgnk05FLv6DkD2upt1hgksWk3SkY3C0o9QUgJypEFGBEdsvpespU4Q5a+XaLZBIJ
PhXb1trVZ79Ay0eIybEiVqdBov2jxTQoNJFJ3jmKqhnZolY5PMQWe1BQAMAGf9XE
NBdCMjE3xMMiDqAblndQjplZogTRrn5YkjFbDvewwYHQ3tQNhFkCtRFE/o3Ba2ZJ
V8dSz4ZkbMqO9Ntp1lJFXWv5LIB5+XFsI0viZfqsIBiWuIZufglRmlSGY0pqSR1D
J2thIdYG7LfKc8XOZxyLRTj/gX0s3bqRLdokPt5QnZl9n1nbX98oTGyQh54GIcNm
toOfOii2t3ou8sib+/kf1H4B4rTK4FG8Tc/ug6OF6ZSnaPLUWXD5I9cMSqJbP2LZ
v2Tt18LKTCA5mLsCkY3T6QjOg1CzL1VHWN5sF/kG+yA8bsECiiNxvBr43hXETRZ/
t8gIceXIk64FfElroUTpnSMo5t4zlV5lHwHD9cNBsW9cvF6OTPw=
=NzvP
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Fri Jun 20 07:24:22 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo@famulari.name>
Subject: bug#26739: closed (Re: bug#26739: [PATCH 1/1] gnu: libsndfile:
 Fix CVE-2017-{8361,8362,8363,8365}.)
Message-ID: <handler.26739.D26739.14936684338073.notifdone@debbugs.gnu.org>
References: <20170501195344.GA25261@jasmine>
 <b592ba5a9a3a33b2329cedf17db6ea209f360f91.1493663203.git.leo@famulari.name>
X-Gnu-PR-Message: they-closed 26739
X-Gnu-PR-Package: guix-patches
X-Gnu-PR-Keywords: patch
Reply-To: 26739@debbugs.gnu.org
Date: Mon, 01 May 2017 19:54:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1493668442-8090-1"

This is a multi-part message in MIME format...

------------=_1493668442-8090-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#26739: [PATCH 1/1] gnu: libsndfile: Fix CVE-2017-{8361,8362,8363,8365}.

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 26739@debbugs.gnu.org.

--=20
26739: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D26739
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1493668442-8090-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 26739-done) by debbugs.gnu.org; 1 May 2017 19:53:53 +0000
Received: from localhost ([127.0.0.1]:49983 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1d5HOK-000269-UU
	for submit@debbugs.gnu.org; Mon, 01 May 2017 15:53:53 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:52789)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1d5HOG-00025z-J0
 for 26739-done@debbugs.gnu.org; Mon, 01 May 2017 15:53:51 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 1B1B420ACB;
 Mon,  1 May 2017 15:53:48 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Mon, 01 May 2017 15:53:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=LEw1pt7LF6BinTrO9uQhYWQJW3shHDSI9+hq5W
 45RXI=; b=GFm0E2Ob4FdH4yyYb+pAk4xtCnI0Ex3i/GriIKms/FY5GOM14WRQre
 3K6tLGP7pFmN1nh3HX1YSxdI4eg+SwcwbGUWeBUEgkpVYcDDuNrH9vFgyy7PL5q/
 ZSZpZs2z7hcD+o0EwVez4WMvmlgfNhPkdDn44qDisD1NIMwl3sU1Y=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=LEw1pt7LF6BinTrO9u
 QhYWQJW3shHDSI9+hq5W45RXI=; b=CPNf3xEuCNNqJNxRkPLZfsrFPMCAton4D9
 zRd5kLMCHiAbdtHEDpuGF9EKlj5sYV0B3JuKFQe/Irm/YxjZkgtdBZEaop4vsxCd
 zSjx24QRUguBBwF+AcRIwbGliVXnmnaGzTd5WYvi7pfqXZbPWzJiJEk11BJYrrus
 SiD/15wjtxJGBR2L42SvsVv9JueqONzzMxTdLGjHZnUC6fEj5WdSgZXVkJqNEuf9
 e2zxlVujyj+l8xb0K58jt/Q4iZx6+4SxUVwq6Av6T4RLOYUFLXJuwZzwoD+HY3Dp
 gMqAfQ7nFxH2hrmfH/MQSBbeajFfZQrNE0dMcx5vHldd1saOnkHg==
X-ME-Sender: <xms:TJIHWUFC7ZmjryrG-3FT6t47tEmL3Pe_2bMrluaohAOi8ygRJx9aEw>
X-Sasl-enc: whe3PE6PQh9c9+bWpGYLzCBavkIZQ/mpUP2ZbnRHWqb7 1493668427
Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70])
 by mail.messagingengine.com (Postfix) with ESMTPA id C9EAA7E89A;
 Mon,  1 May 2017 15:53:47 -0400 (EDT)
Date: Mon, 1 May 2017 15:53:44 -0400
From: Leo Famulari <leo@famulari.name>
To: Kei Kebreau <kei@openmailbox.org>
Subject: Re: bug#26739: [PATCH 1/1] gnu: libsndfile: Fix
 CVE-2017-{8361,8362,8363,8365}.
Message-ID: <20170501195344.GA25261@jasmine>
References: <b592ba5a9a3a33b2329cedf17db6ea209f360f91.1493663203.git.leo@famulari.name>
 <87ziewidtk.fsf@openmailbox.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline
In-Reply-To: <87ziewidtk.fsf@openmailbox.org>
User-Agent: Mutt/1.8.2 (2017-04-18)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 26739-done
Cc: 26739-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)


--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 01, 2017 at 03:20:39PM -0400, Kei Kebreau wrote:
> Leo Famulari <leo@famulari.name> writes:
>=20
> > * gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch,
> > gnu/packages/patches/libsndfile-CVE-2017-8362.patch: New files.
> > * gnu/local.mk (dist_patch_DATA): Add them.
> > * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
> > [libsndfile/fixed]: Use them.

> LGTM.

Thanks, pushed!

--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkHkkgACgkQJkb6MLrK
fwi2cA//eJaPJWkcOTOeqJbxUZjSX3Ry2yEaJp1jy2ZIQsF2so11bAnYtHdXtys0
a3epLkKoxW62BkmRdhezD70958kK6LnxK+ab29XT9+XZYjJmWrpFau/6h40zfu25
+CLzHZGBi6VEPdO+MhDQCYdDIDbMa0GeyPm2zj4Ciuhc1G8ieMJ2e+ITQF17PoLs
dDuleQpsUUWAy9DcpUP0ALsFAI07YhzkckKSWIeb1no+U2AZwYjATgCrXyabqvY+
k6ywzhTUlqmX7Gk1dTKnAUre96VddC5CBjAst2lV0rvLcautAxMMs3QNsN4EDiO1
/Bdj4V1NZIqWGE0KvrubjoKJYvAT2Vs9Iaq/+woVKLJoaSn8pw/bu+y9M7dpHeFs
rh74nhHBFLLLC5jyJvsX9NWUl2rN7zAH7epcS0hqPGWUTxfWZaTe/PvzdwU9UFm/
+ZDyFFAH2/RcxBi3lJpXP1cmI0gPRDbds0htgFQofCOTUFCiHUZp6qDHghKK/Dzu
hHcnbD2PqsRbdNZEpH9Od7fBqgsMd4eKiO7AAC/ZRQn8hhq/pv6FjloIpeWC9qZx
JZ3i3Zysp/eiXx/nj185s1KRgTA7EFcvF26zESgFOTlsCmUqUuYIBPMkvGWQ7xZ6
5326jk2QGaZ/bL85uphltmtpgW25XqRj3krsPQGH3FrZYF5DacY=
=JlBx
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--


------------=_1493668442-8090-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 1 May 2017 18:27:08 +0000
Received: from localhost ([127.0.0.1]:49906 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1d5G2J-00005u-KZ
	for submit@debbugs.gnu.org; Mon, 01 May 2017 14:27:08 -0400
Received: from eggs.gnu.org ([208.118.235.92]:58627)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1d5G2F-00005M-Ha
 for submit@debbugs.gnu.org; Mon, 01 May 2017 14:27:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1d5G28-00026Z-H8
 for submit@debbugs.gnu.org; Mon, 01 May 2017 14:26:54 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:59408)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1d5G28-00026V-CS
 for submit@debbugs.gnu.org; Mon, 01 May 2017 14:26:52 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49584)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1d5G26-0000N1-Lb
 for guix-patches@gnu.org; Mon, 01 May 2017 14:26:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1d5G23-000257-6N
 for guix-patches@gnu.org; Mon, 01 May 2017 14:26:50 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:50203)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1d5G22-00024v-Qx
 for guix-patches@gnu.org; Mon, 01 May 2017 14:26:47 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id A9265209DB;
 Mon,  1 May 2017 14:26:44 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Mon, 01 May 2017 14:26:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:message-id:subject:to:x-me-sender:x-me-sender
 :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=VaQprpMgQeoZ60OqO844tgBPV25
 U5P5npAtCAX9BOJM=; b=Z82eOxAMLc0irsNksq5cvtJHIzMGDpZXRrs3xsDZQtD
 zo6YdCkDbXltqNLinx/rMMgfSM6HNqQmRkOmWD+P4Sz1F5eUG+1bxbvlI4lpPgks
 YZL4Q9pHfyLrYptNRFxdqx2lLBzgkzNfzuv1oLT6tqkOss4jAzQjEAX+8BK6zO4o
 =
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=VaQprp
 MgQeoZ60OqO844tgBPV25U5P5npAtCAX9BOJM=; b=DuBmYVMJdQ9m1OP+TK6q70
 tXFMO7VoTLPMMQeWYy9W2QhuG80CJizILD422EYK/UvGHk0MMpFL9Ib+dQcrNfX2
 jDXOu4ZOndkeFUjoLilYnpxcBnmLZD+z1MHej1jxyeRYhJoGKZaFXTHWu95zzhzO
 UrbpEZNKgu35No0akIWXjUtseEe3aGGdKDvzKA7e8LMN+L73F3deLZP+du1z8Vqp
 nuwioBZBOEMJukRNRl5xZ2dKhrmXm0etOXWkKUb91HNiibXaQjGqMPtM1kyd6d6B
 j6/gRdwitFI0LXigeoWIGuuxtviwxSH/P8Dv5UvKMwnw27a27zQLMyQ9gsMK1anA
 ==
X-ME-Sender: <xms:5H0HWZraUAZdRMaT-cpQMGrrC__rznimhMbvtP7YBuQHkQ7nMRxiNw>
X-Sasl-enc: qRuh0lLsEiQUrOhnSuOeNLiUpxAykBggDnWmRNcteAQE 1493663204
Received: from localhost.localdomain (c-73-165-108-70.hsd1.pa.comcast.net
 [73.165.108.70])
 by mail.messagingengine.com (Postfix) with ESMTPA id 517F07E72B
 for <guix-patches@gnu.org>; Mon,  1 May 2017 14:26:44 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
To: guix-patches@gnu.org
Subject: [PATCH 1/1] gnu: libsndfile: Fix CVE-2017-{8361,8362,8363,8365}.
Date: Mon,  1 May 2017 14:26:43 -0400
Message-Id: <b592ba5a9a3a33b2329cedf17db6ea209f360f91.1493663203.git.leo@famulari.name>
X-Mailer: git-send-email 2.12.2
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.1 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -4.1 (----)

* gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch,
gnu/packages/patches/libsndfile-CVE-2017-8362.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
[libsndfile/fixed]: Use them.
---
 gnu/local.mk                                       |  2 +
 .../libsndfile-CVE-2017-8361-8363-8365.patch       | 77 ++++++++++++++++++++++
 .../patches/libsndfile-CVE-2017-8362.patch         | 61 +++++++++++++++++
 gnu/packages/pulseaudio.scm                        | 13 ++++
 4 files changed, 153 insertions(+)
 create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
 create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8362.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f5574ecd8..52000a2c5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -719,6 +719,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
+  %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
+  %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
   %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
   %D%/packages/patches/libtar-CVE-2013-4420.patch \
   %D%/packages/patches/libtheora-config-guess.patch		\
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
new file mode 100644
index 000000000..5f63231af
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
@@ -0,0 +1,77 @@
+Fix CVE-2017-{8361,8363,8365}:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8361
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8363
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8365
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8362.patch b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
new file mode 100644
index 000000000..5fc52a377
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
@@ -0,0 +1,61 @@
+Fix CVE-2017-8362:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
+
+From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Fri, 14 Apr 2017 15:19:16 +1000
+Subject: [PATCH] src/flac.c: Fix a buffer read overflow
+
+A file (generated by a fuzzer) which increased the number of channels
+from one frame to the next could cause a read beyond the end of the
+buffer provided by libFLAC. Only option is to abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/231
+---
+ src/flac.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/flac.c b/src/flac.c
+index 5a4f8c21..e4f9aaa0 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const int32_t* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset, channels, len ;
+ 
++	if (psf->sf.channels != (int) frame->header.channels)
++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++									"Nothing to do but to error out.\n" ,
++									psf->sf.channels, frame->header.channels) ;
++		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++		return 0 ;
++		} ;
++
+ 	/*
+ 	**	frame->header.blocksize is variable and we're using a constant blocksize
+ 	**	of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		return 0 ;
+ 		} ;
+ 
+-
+ 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
+ 
+ 	if (pflac->remain % channels != 0)
+@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
+ 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+-									"Nothing to be but to error out.\n" ,
++									"Nothing to do but to error out.\n" ,
+ 									psf->sf.channels, metadata->data.stream_info.channels) ;
+ 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ 				return ;
+-- 
+2.12.2
+
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index c52f265cc..92ebe6f3e 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -45,6 +45,7 @@
 (define-public libsndfile
   (package
     (name "libsndfile")
+    (replacement libsndfile/fixed)
     (version "1.0.28")
     (source (origin
              (method url-fetch)
@@ -76,6 +77,18 @@ SPARC.  Hopefully the design of the library will also make it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
+(define libsndfile/fixed
+  (package
+    (inherit libsndfile)
+    (source
+      (origin
+        (inherit (package-source libsndfile))
+        (patches
+          (append
+            (origin-patches (package-source libsndfile))
+            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
+                            "libsndfile-CVE-2017-8362.patch")))))))
+
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
-- 
2.12.2




------------=_1493668442-8090-1--