new file mode 100644
@@ -0,0 +1,30 @@
+From bcdbdbecea8fae984e895fb5f9b20fedb3602945 Mon Sep 17 00:00:00 2001
+From: Mans Rullgard <mans@mansr.com>
+Date: Sun, 5 Nov 2017 17:02:11 +0000
+Subject: [PATCH] wav: fix crash writing header when channel count >64k
+ (CVE-2017-11359)
+
+CVE: CVE-2017-11359
+Upstream-Status: Backport [https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/wav.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/wav.c b/src/wav.c
+index 71fd52a..eca1cde 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1379,6 +1379,12 @@ static int wavwritehdr(sox_format_t * ft, int second_header)
+ long blocksWritten = 0;
+ sox_bool isExtensible = sox_false; /* WAVE_FORMAT_EXTENSIBLE? */
+
++ if (ft->signal.channels > UINT16_MAX) {
++ lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)",
++ ft->signal.channels);
++ return SOX_EOF;
++ }
++
+ dwSamplesPerSecond = ft->signal.rate;
+ wChannels = ft->signal.channels;
+ wBitsPerSample = ft->encoding.bits_per_sample;
@@ -32,6 +32,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \
file://0001-Update-exported-symbol-list.patch \
file://CVE-2017-11332.patch \
file://CVE-2017-11358.patch \
+ file://CVE-2017-11359.patch \
"
SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33"
SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11359 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-11359 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../sox/sox/CVE-2017-11359.patch | 30 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch