Mail archive
alpine-aports

[alpine-aports] [PATCH edge] main/libsndfile: security upgrade to 1.0.28 - fixes #7149

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Fri, 14 Apr 2017 12:32:21 +0000

CVE-2017-7585: Stack-based buffer overflow in flac_buffer_copy()
CVE-2017-7741: invalid memory WRITE
CVE-2017-7742: invalid memory READ
---
 main/libsndfile/APKBUILD | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index b1a9bfdde7..81f9c4d6e4 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
_at_@ -1,6 +1,7 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=libsndfile
-pkgver=1.0.27
+pkgver=1.0.28
 pkgrel=0
 pkgdesc="A C library for reading and writing files containing sampled sound"
 url="http://www.mega-nerd.com/libsndfile"
_at_@ -12,6 +13,12 @@ depends_dev="flac-dev libvorbis-dev libogg-dev"
 makedepends="linux-headers alsa-lib-dev $depends_dev"
 source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz"
 
+# secfixes:
+#   1.0.28-r0:
+#   - CVE-2017-7585
+#   - CVE-2017-7741
+#   - CVE-2017-7742
+
 _builddir="$srcdir/$pkgname-$pkgver"
 
 prepare() {
_at_@ -36,6 +43,4 @@ package() {
 	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
 }
-md5sums="fd1d97c6077f03b5d984d7956ffedb7a  libsndfile-1.0.27.tar.gz"
-sha256sums="a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0  libsndfile-1.0.27.tar.gz"
-sha512sums="8272e3219d64be01034d3f7f7565bf20075c04533469a963ad055f00767e9c2987463fb982894ddc1023d5d6c2338f55f8c3e6d2e36635484dde577a0d2ac770  libsndfile-1.0.27.tar.gz"
+sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f  libsndfile-1.0.28.tar.gz"
-- 
2.12.2
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Apr 14 2017 - 12:32:21 GMT