libwavpack: Add security patch

from 773f9d0803.
2022-03-15 14:23:19 +09:00 · 2022-03-15 14:23:19 +09:00 · b6161d0bf6
parent 2894168dfa
commit b6161d0bf6
3 changed files with 42 additions and 1 deletions
--- a/packages/libwavpack/build.sh
+++ b/packages/libwavpack/build.sh
@ -3,9 +3,10 @@ TERMUX_PKG_DESCRIPTION="A completely open audio compression format providing los
 TERMUX_PKG_LICENSE="BSD 3-Clause"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION=5.4.0
+TERMUX_PKG_REVISION=1
 TERMUX_PKG_SRCURL=https://github.com/dbry/WavPack/releases/download/${TERMUX_PKG_VERSION}/wavpack-${TERMUX_PKG_VERSION}.tar.xz
 TERMUX_PKG_SHA256=4bde6a6b2a86614a6bd2579e60dcc974e2c8f93608d2281110a717c1b3c28b79
-TERMUX_PKG_DEPENDS="libandroid-glob, libiconv"
+TERMUX_PKG_DEPENDS="libandroid-glob"

 termux_step_pre_configure() {
 	LDFLAGS+=" -landroid-glob"
--- a/packages/libwavpack/wavpack-5.4.0-sanitize-DSD-file-types.patch
+++ b/packages/libwavpack/wavpack-5.4.0-sanitize-DSD-file-types.patch
@ -0,0 +1,39 @@
+From 773f9d0803c6888ae7d5391878d7337f24216f4a Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Tue, 23 Nov 2021 13:14:35 -0800
+Subject: [PATCH] issue #110: sanitize DSD file types for invalid lengths
+
+---
+ cli/dsdiff.c | 6 ++++++
+ cli/dsf.c    | 1 +
+ 2 files changed, 7 insertions(+)
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index d7adb6a..5bdcae3 100644
+--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
+@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             }
+ 
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+
+            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index e1d7973..dddd488 100644
+--- a/cli/dsf.c
+++ b/cli/dsf.c
+@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
--- a/packages/libwavpack/wavpack.subpackage.sh
+++ b/packages/libwavpack/wavpack.subpackage.sh
@ -1,2 +1,3 @@
 TERMUX_SUBPKG_INCLUDE="bin/ share/man/man1/"
 TERMUX_SUBPKG_DESCRIPTION="WavPack command-line programs"
+TERMUX_SUBPKG_DEPENDS="libiconv"