From patchwork Mon Jan 26 13:04:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79686 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3F9ED13C00 for ; Mon, 26 Jan 2026 13:05:16 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18911.1769432709908208646 for ; Mon, 26 Jan 2026 05:05:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IiUHSkLf; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-47d59da3d81so34940665e9.0 for ; Mon, 26 Jan 2026 05:05:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432708; x=1770037508; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=vaOyIqDsXT7R7wtFL0tTbMAE5+7+8tPGaRPejr4VBd0=; b=IiUHSkLfoZLaHy5dKb7HNo7wmn2P9K+TrtVQTKTpiKL8aH7QCswtc2kPM6HDoeluLd 5dvFy2Nzo+BxgCBLKY/X5XFAt+ahc8v2MqXx/mBQG75IF5NtNlwbmF8i/Doszqbk3dKX TW7l7vMDHfYXp//H9hl565iaFawgcvokckFdmiODVYDzl7So9aCZ4FwgQqRIcHxYfJzK CdFQbFe+LFlJtqzddSFbSvYsnMg8nlkThwY/BO03qi255SXMaKdJDvXMpd127DyVumS4 dWgNzUG+PAB1kBbEpIK7urLTqALNbl4MgOijHLl6peKleqd0OweIesUkGwH/qR2qC3NX Nfmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432708; x=1770037508; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vaOyIqDsXT7R7wtFL0tTbMAE5+7+8tPGaRPejr4VBd0=; b=rr3HEEX86XrQXemZwKkae5TjNR32NTSiu7LBXX6wevvuhhukH4ic+0tBQ2gkZmFjyg 9SkN0OA/lrvZGFiPBSkboKFzRI2tm/rh7ESpGKETAVTty+TSmcvZ7EZrvlwTNMf8BHNw PioqP759g7gc76CYJzykajCC9D0C0VWEao9derZiwbcm5sB5I/3er00pTIYbkAcDG7Ht IFYiAmbxdtSzpo3vH/Knf2igx7SrERfgderkaScGLbwaAq3Aa6ME4yHA0bRFfrfrB6Rb Yf0xb1xO4uevwYXMQoAwRZAqJ/OpUladXP8V2WXEazrqZyOnDiz34t5ubK97TXg1x4qm jnKA== X-Gm-Message-State: AOJu0Yx0b9q/pdwy3fgi/7Qo68H3bnPFXt52TXQxZSSkZXcI0Ed4dulB udZ3ucez07P7iNnxHFOzBFdArx1ZuLvGoye4mWR+tJAaLaC8qPaqZ12Byz8vxg== X-Gm-Gg: AZuq6aKfBXbplY95DyCJCHNLgysNBzMC9bnRT7eRzvGQe3zBn6P2n1SAdLPBSXJUSh2 ehMpvRAmE7PpcmyeU1QYxItH4XVzbfpPAH7GTILCAcjYmLzqqGX08biQkMLgTn0KArMCvp1grDs tjVP4/y1u0j1cPZT82CvaqPsUt26pY+7APFrAvDKg9+YMOECQ4RFhLOeEVOW4XuJcEjOoHXIUPG msj+ys5xJm4u6WWyGmJMycOcA/dPO/yu8V9pfpMomHlLsboE9Ky+shyo4w1ACEwWLn1t+1Yg3Xb XmGosnfAx7WJNP6dxGO7MLKnZWBK3pLl8HppoXJZDrBh06iyqnwAgV2LmcFTkNDdMXjylxPK7at /U5fZNCsrez6V/jr72Qk1YFypQ8bCa5CKpQttTQYmCrTSN+MsH46S6kVtVJraVHQBo1sB7Akuc1 XaNd0xamnw X-Received: by 2002:a05:6000:400f:b0:431:2ff:128f with SMTP id ffacd0b85a97d-435c9a8eaafmr7709236f8f.6.1769432707881; Mon, 26 Jan 2026 05:05:07 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:07 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 01/11] sox: patch CVE-2017-11332 Date: Mon, 26 Jan 2026 14:04:55 +0100 Message-ID: <20260126130506.82699-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123878 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11332 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-11332 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-11332.patch | 28 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11332.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11332.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11332.patch new file mode 100644 index 0000000000..383813e469 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11332.patch @@ -0,0 +1,28 @@ +From 80479b4978ddeb6fadb75007abc81f1ca2c50abb Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Sun, 5 Nov 2017 16:29:28 +0000 +Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332) + +CVE: CVE-2017-11332 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571] +Signed-off-by: Gyorgy Sarvari +--- + src/wav.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/wav.c b/src/wav.c +index 5202556..71fd52a 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -712,6 +712,11 @@ static int startread(sox_format_t * ft) + else + lsx_report("User options overriding channels read in .wav header"); + ++ if (ft->signal.channels == 0) { ++ lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero"); ++ return SOX_EOF; ++ } ++ + if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond) + ft->signal.rate = dwSamplesPerSecond; + else diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index a79fb15d39..38566735bc 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -30,6 +30,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPL;md5=751419260aa954499f7abaabaa882bbe \ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://0001-remove-the-error-line-and-live-without-file-type-det.patch \ file://0001-Update-exported-symbol-list.patch \ + file://CVE-2017-11332.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:04:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39C90D13C11 for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18913.1769432710580517299 for ; Mon, 26 Jan 2026 05:05:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=iFqLgGl9; spf=pass (domain: gmail.com, ip: 209.85.221.45, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-4359228b7c6so2880645f8f.2 for ; Mon, 26 Jan 2026 05:05:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432709; x=1770037509; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mszX4OX/4k204+zqhjgNjiuMx0fndDpRyvqpyExta/k=; b=iFqLgGl9mgKNcxfDuyPhURHrUqwWggMBeiXxsx6paeEm66vdb+2HT6Zf3/J3oj2ZPp 0KgvQXg+/PnJ1PY/Pz6SXrW2Qi5XzvWE96fsVBhQ2x5a2pCh4ShbWbHif47I8hhLbZfo VLQwft10AVeWu181ecmEyODljwefD8Z5TmIr3z49NhvSuVdaiNhHDAkpRSU6ZIXgJxZs otQ4PL2yPQT9UnmHxxFTCxs8SK3ZfiW0B4hVOSHaltXCRnMv4i4VY13+ppVdjwzeb24F w2jiHRqUJsGWVsy2cH2nbivCwiOOv/OeLEoLi0CyG7CQJh29NLH22ItWdIFiU7ykiisX NlEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432709; x=1770037509; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mszX4OX/4k204+zqhjgNjiuMx0fndDpRyvqpyExta/k=; b=LrE9BUyEwX2JBI++h4unEmucQKnKza2w/Jvga98pw4gnyV8WJ0AhUVpDEycQukWGzV Rpz6ySrUVwfLsvDkdfdTnxipaZg50E2a5zRtA0eXKYvrnO7Y1dopu4GzjaBoZlCVe8Zc IuxDaPx4SqRL5cvX3zht6xncJQvru0SMt8x4UYxFyIurqmWMAAnF1A3XNna8pcqhiK2d M1xkGQ4jyL57MfBMZbusDYNsX/U9DjoksdkE6D7RWa1oREKzcsgH4wLUF6U81VnEbqCs RZyGDzQoHcqhjsd2u44lyCinBr5Ic9+tkjy1125WPz8RsTy05T4liimRWyNfzR2G9b38 9c3g== X-Gm-Message-State: AOJu0YxiiehUBVfqmq7v+HerT0RMNXiQLSqcjPXuzKEqA4RIzS5TafMw hNmpogkThAxYKTRXgaMbUJ/MJ4y5Erjx1VclbDNXNL/Z7S4dcASZzKIV74MVng== X-Gm-Gg: AZuq6aIq2IToOJ7fRr0s01MjQMuTdiEq9uk3X9Rb29FU9/9KIO3JZ0TTMKPxLD8z8go fJvxvqF+Izr5qiFjrjGfIvVfMtlwaiTYTQNkqIIxgvQ3lyTewz6SglLtk6AnbLCbFA4SYHuhJtq v0x1JCiut7Uf4ome68Tk6xfpqDuuJG7HLVIqrreS3zG2f/jepnb105Ez2tgygWqhdg1jUVapM1/ CvyFhZAG2sSpmgQogoCBvbGJKYzhExzkNoFO23XjmPGAQ6A0E7UMtsjDms6cbTcc0R4qoQQguQ5 lrDdCB6K1VcoM3hEqC1cz5rUJg8PokZ0fppey3seImpmAhGjAdjNKBT9tlv9M8z3B5m42cDGj63 KT9amGAOo2lLxeoRVnb0iXw5x3M7q69sGJ4tWB15yvEe1X9hd94+FeAwsTawuU7zEPaklaYa03V fAj/oswi3g333vNkXxw4Y= X-Received: by 2002:a05:6000:2dc2:b0:435:aaba:b8e9 with SMTP id ffacd0b85a97d-435ca00a52cmr6101681f8f.0.1769432708682; Mon, 26 Jan 2026 05:05:08 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:08 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 02/11] sox: patch CVE-2017-11358 Date: Mon, 26 Jan 2026 14:04:56 +0100 Message-ID: <20260126130506.82699-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123879 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11358 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-11358 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-11358.patch | 29 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch new file mode 100644 index 0000000000..9e797c0e7b --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch @@ -0,0 +1,29 @@ +From 0e3909288d38487d7c86b11c7509cca01296fdc8 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Sun, 5 Nov 2017 16:43:35 +0000 +Subject: [PATCH] hcom: fix crash on input with corrupt dictionary + (CVE-2017-11358) + +CVE: CVE-2017-11358 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00] +Signed-off-by: Gyorgy Sarvari +--- + src/hcom.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/hcom.c b/src/hcom.c +index e76820e..ee28cba 100644 +--- a/src/hcom.c ++++ b/src/hcom.c +@@ -150,6 +150,11 @@ static int startread(sox_format_t * ft) + lsx_debug("%d %d", + p->dictionary[i].dict_leftson, + p->dictionary[i].dict_rightson); ++ if ((unsigned) p->dictionary[i].dict_leftson >= dictsize || ++ (unsigned) p->dictionary[i].dict_rightson >= dictsize) { ++ lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary"); ++ return SOX_EOF; ++ } + } + rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */ + if (rc) diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 38566735bc..8f6808b0f0 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -31,6 +31,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://0001-remove-the-error-line-and-live-without-file-type-det.patch \ file://0001-Update-exported-symbol-list.patch \ file://CVE-2017-11332.patch \ + file://CVE-2017-11358.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:04:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79690 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 332E5D13C0E for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18914.1769432711585670680 for ; Mon, 26 Jan 2026 05:05:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VNAqaqF7; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-47ee2715254so22874845e9.3 for ; Mon, 26 Jan 2026 05:05:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432710; x=1770037510; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Qo+ikf9LOafGIvcedXQhu38imrG3t0FM8NYphNMJeb4=; b=VNAqaqF7PAz/6z5oNrrQTqVXY++41M/m9rRO9tUd12amAlHsLw/dewIfr0AGzuvmas +FgQp6hK2OwRMDZz+Kis6gV3fOVIgD3916s+Ha4u0Lp9BTlYh+9LQPbI0e02laKje3/7 uWxsCfZmNWsHAFBkhCNBf8tRAs2+Q+ZNFqz3mB2nAeZSELOEIBQfO8GjRiwCuJUB+RMs NEnIHcNrSidwIHcoJq3jgOMtRTyV6l7l/2aC/oytldFdP2EfrsalAvvAOhyuMD0dONVm H+e7A+Ew+kdtjlR0gzKqdeB9LNEn+I09XOx/D0BOfhQk0rxQEm3SIq4wPvObpRIg+QtL jrUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432710; x=1770037510; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Qo+ikf9LOafGIvcedXQhu38imrG3t0FM8NYphNMJeb4=; b=qBk6JRhi605X8Hpfv8RxpXJ0AIdhzsN7mytrtfz152VvgIkkfY2tBkwauAqqbMq5wo G47UMpQj39yRKNBOiUyxUtPm3l6U6Wi+sN/YYKYsg5FwpBV35LT3Uzu+29Sb/o2fWqDq J9E+B4D4XA7jMEili1dd4c/MZbtZNEUIJaUgYl0fWKokvPLy0DevKCwg72AxkQq6Ok1B XWgs1CNpvBimvyVJrkgkDun9m99vEFMa/r46CtUxldhGcs7BXwnzIOnIWpSfmcmUxHf0 w2IQAe/Vg1dSqnCWKKFx3/GFP2xyAzmbPkdJICN/XBJJS15N3fq3/U8uVqgDOhV4RJKe q06A== X-Gm-Message-State: AOJu0YylvkIYARwCjwyXzXAWBJ2G/Yyay2xkZaC5xsHODyq7ZbGZWPCJ ra4+l2q56q/co+HG0I+jK3kQ5XL2ZfldXoEthRs+fcnIlp9fjZEtxyw/7FKG9w== X-Gm-Gg: AZuq6aLQTOSI92qpvUlh8SRueLZh11g8UENR44F0ighdXT+9uAZgE9o9Tyl15czvU3x WrLw4RjMUyBWjK7M3OVJmlGgayJ03T1c9xzXzuDmDtoxMcbpW6p2d3jKRg5IH9Mjbm/+wWxQ1X+ 7e/KoG+ChGiRuPIHWiboy1IRYQJl/4mkDzlGPAAfhqGaXlZn66bGaFPJsomG76967S+85BEYETw 7Zs91fcSTdIWZAm8zmvASNmozSjQFok4YB5CPteSo9jFaMeZfgXy5oxn2SZBh5y5zXEhWPX+000 BQkFheNemEdP/uw6VpSf2vC70RtJJ3mVfqezxD+BG9PSV/3nKa27Kn2b9O3cOr7fUpMsDJfZhTX lGTntZ8RWMmlpOQW95n6Rab98M2Wywb3tg6YRMbHxmDX0K9inYaqtKTnYK9xoTkHdEeVhI0JceH pnywnOvQFs X-Received: by 2002:a05:6000:4381:b0:435:97ab:1299 with SMTP id ffacd0b85a97d-435ca399137mr7063796f8f.51.1769432709597; Mon, 26 Jan 2026 05:05:09 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:09 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 03/11] sox: patch CVE-2017-11359 Date: Mon, 26 Jan 2026 14:04:57 +0100 Message-ID: <20260126130506.82699-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123880 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11359 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-11359 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-11359.patch | 30 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch new file mode 100644 index 0000000000..fcd3e4af50 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch @@ -0,0 +1,30 @@ +From bcdbdbecea8fae984e895fb5f9b20fedb3602945 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Sun, 5 Nov 2017 17:02:11 +0000 +Subject: [PATCH] wav: fix crash writing header when channel count >64k + (CVE-2017-11359) + +CVE: CVE-2017-11359 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60] +Signed-off-by: Gyorgy Sarvari +--- + src/wav.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/wav.c b/src/wav.c +index 71fd52a..eca1cde 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -1379,6 +1379,12 @@ static int wavwritehdr(sox_format_t * ft, int second_header) + long blocksWritten = 0; + sox_bool isExtensible = sox_false; /* WAVE_FORMAT_EXTENSIBLE? */ + ++ if (ft->signal.channels > UINT16_MAX) { ++ lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)", ++ ft->signal.channels); ++ return SOX_EOF; ++ } ++ + dwSamplesPerSecond = ft->signal.rate; + wChannels = ft->signal.channels; + wBitsPerSample = ft->encoding.bits_per_sample; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 8f6808b0f0..18ce9a95d0 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -32,6 +32,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://0001-Update-exported-symbol-list.patch \ file://CVE-2017-11332.patch \ file://CVE-2017-11358.patch \ + file://CVE-2017-11359.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:04:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79687 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2792CD13C0F for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18915.1769432712177811997 for ; Mon, 26 Jan 2026 05:05:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=eIMKkflA; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-435a11957f6so3705281f8f.0 for ; Mon, 26 Jan 2026 05:05:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432710; x=1770037510; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=U9yxDQc89QQf+pNKq4HjvjL3RQR2qzHajlztEixlC3Y=; b=eIMKkflASLQWAdQgANfTW3aCE5KZo/XA7dzlB7bdPNvwExW1kDkNAFYjyj5JZidK2B PtFT9PF8Uvntd0KS/CBw04bCcQ30slVHTse8XRai/vdwGl0T24gmPYpupOVU7cvq7IyC IuJopu6G+iG5nmdS/zsnuFC60zCe2mvueIPcQcZx7l8/CE0jBEzBydTrMSq+pKEWRizZ 6AC7s2U36BtkzJ4RMim491oJvBzBIfzF2rII5pvz2KMmDlO45lxbkbLbgWcjj5pdx0Cy Wq8h/b+MzW3ZX9XxGB6Wi4XPMNcNL3QOqVF7mShyFboGPq4EEm9ElD27FY2CozNoyWeg I7ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432710; x=1770037510; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=U9yxDQc89QQf+pNKq4HjvjL3RQR2qzHajlztEixlC3Y=; b=HjjbHZSqjtCk7aVXLbNGSeb/2Zg6ixnANrktNcMiu/cq5AeOna153yVTJETBb+cSXJ owd+rGna1SalCcwweUj0HS8sC1JBibeIxs1KK/ZqjHyOiBrTRgLo4g+Gkeo5mxDt7irk bDf3YiKHo3hhAu4iWH+19q2V3KzmVdMwtHWct/Cn3Dg/j+SDev4iBL1/3WeEGc4lB1nf rXm5MT0As6P4mmhuhOtRqQgodbpqW894/3VM3C+2k31eIopwdCK04UaJ/Ianzc2PLuhq 67wVP0AqvtL8mLQd52Y/EULHAGlbkcHsbkgvR14meNkzVL+s1JGP7Yzjefl1iyUTDZxf 8T9w== X-Gm-Message-State: AOJu0YzHLkcWYfj5p4LCxOfd1xhgIukYZOkeblnZmNrgwjtOcumd0E7V uIWhYgMXsxjS10Q6jpCSJRVHxUIforYEMgt1Q8lyG4aKDzYckizIp6Jr/wxfMg== X-Gm-Gg: AZuq6aIGYQV2WYOIV3u+iqEUqGoHt3wC8euLODMqMDEFir+rGzani0cBUCwQwmIdQAW hz/xrHOFOzl2F6YaXN761WgM2PyLSlfyUL6lju29dhwH1jvRb1Kc+oBl8KyjmX9u6bgCocTRT5J /IPw0lz46FXxeJekVnSkmUzcl01ko6SEcKw8y3dzRRAaMqXgPWVUBV+ys1V8Qz5929QRfaqNrzh TxqWSA2ZWNalGH8h5fVUV7fdhwvJIkOQEBND2Kphbu6l2akyYijPpF4SmqbYZ79TuQIoLIfJs85 Fwxi0oEbBGwqNYEYzIdAvG6qLXQNM0rnC7YGfZp4urywatmrNXVUnI2tRr7MWiBq6OvdZFaX5oi 13b08zyOY/WhrQ482AJ7Y8XGN3QQZq2c5eYycBveJHpINsrXCaMEABKYU6W4SCe0OH0dJcZcIda qFxbXXiEim+NMAC4sNVXk= X-Received: by 2002:a05:6000:2401:b0:431:62:d946 with SMTP id ffacd0b85a97d-435ca121886mr7237140f8f.23.1769432710341; Mon, 26 Jan 2026 05:05:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:09 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 04/11] sox: patch CVE-2017-15370 Date: Mon, 26 Jan 2026 14:04:58 +0100 Message-ID: <20260126130506.82699-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123881 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15370 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-15370 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-15370.patch | 29 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch new file mode 100644 index 0000000000..39a18ebd9a --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch @@ -0,0 +1,29 @@ +From cd7a008958d208345de04c7b6306c79a8a933f32 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Sun, 5 Nov 2017 16:21:23 +0000 +Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input + (CVE-2017-15370) + +Add the same check bad block size as was done for MS adpcm in commit +f39c574b ("More checks for invalid MS ADPCM blocks"). + +CVE: CVE-2017-15370 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e] +Signed-off-by: Gyorgy Sarvari +--- + src/wav.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav.c b/src/wav.c +index eca1cde..fad334c 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) + /* work with partial blocks. Specs say it should be null */ + /* padded but I guess this is better than trailing quiet. */ + samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); +- if (samplesThisBlock == 0) ++ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) + { + lsx_warn("Premature EOF on .wav input file"); + return 0; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 18ce9a95d0..ae5d6d2010 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -33,6 +33,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-11332.patch \ file://CVE-2017-11358.patch \ file://CVE-2017-11359.patch \ + file://CVE-2017-15370.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:04:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79684 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17A51D13C09 for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18916.1769432712900379408 for ; Mon, 26 Jan 2026 05:05:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IR5MvARr; spf=pass (domain: gmail.com, ip: 209.85.221.45, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-42fb5810d39so2853993f8f.2 for ; Mon, 26 Jan 2026 05:05:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432711; x=1770037511; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CModWm+42C3+B+CIDkhjxlhR9h4jNubLfrqTRfAG2Mk=; b=IR5MvARrNmfWv2AeZyok/pFH1EBT0KXnmtBziLzqoO63DWLGdXGdGa7rdfp+39sCa7 wKRahlFtenCJVGXbNIneNhrHIRmGkiZv6fm0qlOmFYXTCW/isEzDuJwx2ONAn4noVa5c yBQnndOIhFyWK0Me8QekDNBZganqrjojkRxx2eqqTmnbygVd2qPTwPJI7571oPXg6YJH H0L0IjX1YKV1iyW075lOwpUEjHUrEFNSHhYqJdvIge4rxv8A3BfO/paOeg/zJmOB4/Br lQxmdx1o3arzEJnNS+gbkzIJQg2q+VO4DfACC2LLul3ZfNhhUulKcXhR0NZ6qBYjXIN+ 5b4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432711; x=1770037511; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CModWm+42C3+B+CIDkhjxlhR9h4jNubLfrqTRfAG2Mk=; b=Y/EvmgehvRYz8zOJxPkumy09EpaFSTequAifuYBG2d9fYbTmF0C9DXGapOi7U2RWTB OcnefkryDdfCAHmvF7PGPNVnnFKNziFF7e4Cx3k5fmNNqE/HTqMZhM9GpexTmqH1HKoc 3wWid763f3PHZi/3My3IqwCHywT7d8ga6oJc8LSBUVEUG6GyxZIToDmOoM9Kji4+l/I/ LcEz/idSaIvv4D0Os/fMl1IKfIqQgGY8TKKnRNbMrYY52MEUkaN8xZ1WCRDU7MYhYs9O bTWBULFspp7Ojs5C05KBNtG8C27HD75jI/TatzNa9n0G9q0f9EC55wv/d95WW/xlsz56 bQSQ== X-Gm-Message-State: AOJu0YzIjKx993ZH9tIkVw0lAt/77phT6jAf6clO74M8iMOf2/x4keSA zSWs0E33/mPebvjMXBmB2iZBVs/oUQhpR9kyo2ZMcBw52Zv4AxzL8mLW2L6jLA== X-Gm-Gg: AZuq6aKMN9RpshLuHlcuOEypaPSaqfCW3YUYWsiKbxRMfEV8lTjw96pl8PbuRN9pbkm l/xdz2vwirFI933D6G7Vkw5zK/4I3l4Rp7bxQTPy+eWwFpSGT8+jUPEEBOO8ktbLxOQl3WDPXtE igLs4ICWk8unMUTh1oLiNt9H2peB5yc/VEsjv0op+3b2H++YDH1e4lYA3x1jYukYh2z2RNfHsm3 e9NxYlouFedeUQYcrCnpwWNDIAbCnrKPjNltqKmpgDLnmq+5OO4YYE5NtZ+14AA6KrjQvzYMmfg j+2wiaGIOPvH7LmfXrwPTSefMLR5XCAvOT3R7x9MUlqIV3CC657vhwknA2xUuR9U3+zK50p5mAf AkyqeWpW/uPCCs5DqhXnp6me0ZWQo2mvzwlqryIlDY/hJ5NADxQP7pUWIlQSqrKmOMtBF8AddYZ Tjhty+L/DllIm9x4K4Tx0= X-Received: by 2002:a05:6000:2483:b0:435:bdc0:48e9 with SMTP id ffacd0b85a97d-435ca1ab666mr6488862f8f.55.1769432711104; Mon, 26 Jan 2026 05:05:11 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:10 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 05/11] sox: patch CVE-2017-15371 Date: Mon, 26 Jan 2026 14:04:59 +0100 Message-ID: <20260126130506.82699-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123882 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15371 Pick the patch that was identified by Debian[1] to fix the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-15371 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-15371.patch | 40 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15371.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15371.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15371.patch new file mode 100644 index 0000000000..f0aa8d39e7 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15371.patch @@ -0,0 +1,40 @@ +From 83bf78913ee813c2c767854eb16acd9e6fb779cb Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Sun, 5 Nov 2017 15:57:48 +0000 +Subject: [PATCH] flac: fix crash on corrupt metadata (CVE-2017-15371) + +CVE: CVE-2017-15371 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/818bdd0ccc1e5b6cae742c740c17fd414935cf39] +Signed-off-by: Gyorgy Sarvari +--- + src/flac.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/flac.c b/src/flac.c +index 0d7829e..07f45c1 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -119,9 +119,10 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL + p->total_samples = metadata->data.stream_info.total_samples; + } + else if (metadata->type == FLAC__METADATA_TYPE_VORBIS_COMMENT) { ++ const FLAC__StreamMetadata_VorbisComment *vc = &metadata->data.vorbis_comment; + size_t i; + +- if (metadata->data.vorbis_comment.num_comments == 0) ++ if (vc->num_comments == 0) + return; + + if (ft->oob.comments != NULL) { +@@ -129,8 +130,9 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL + return; + } + +- for (i = 0; i < metadata->data.vorbis_comment.num_comments; ++i) +- sox_append_comment(&ft->oob.comments, (char const *) metadata->data.vorbis_comment.comments[i].entry); ++ for (i = 0; i < vc->num_comments; ++i) ++ if (vc->comments[i].entry) ++ sox_append_comment(&ft->oob.comments, (char const *) vc->comments[i].entry); + } + } + diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index ae5d6d2010..4c5452427e 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -34,6 +34,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-11358.patch \ file://CVE-2017-11359.patch \ file://CVE-2017-15370.patch \ + file://CVE-2017-15371.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:05:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79688 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17CD2D13C0D for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.19487.1769432713520489103 for ; Mon, 26 Jan 2026 05:05:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WjRTkVVx; spf=pass (domain: gmail.com, ip: 209.85.221.49, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-43591b55727so4336145f8f.3 for ; Mon, 26 Jan 2026 05:05:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432712; x=1770037512; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ABkfWZB9/uQgguQ3Qx8ZzzksVXGhimak7R+HN9AUogA=; b=WjRTkVVxT4Hrlvg3gmbshC7Xhl3J4bnuNYGfByf/12vwiULNg8akGSymf5tj8NB95N RAZ3IzhpVMYkVgSmWKN3UL4xMDTm6oQ95GjK/sK3GOSP2oHDGdkNd3qfWs6Bx7zIT1d2 800XCnBFNEOWchkMQuOETPw2q0QZuaxKunWp9cCXnHtXYO0CQsCr+cuAq3/Jm3cW/y2Z iJL3Yju5jFpzneNpND3Ji6/KzD303TUp43ieW6ZQNsrAeFco/Nlep3MuTzjFbTa3o4kf DGbnDo4jCbkU/dXt+DdP1P5GvbzR5tCmUszOaEzy1fDXm4GLSF3tMnyicnRI7Qf6l4D5 FvJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432712; x=1770037512; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ABkfWZB9/uQgguQ3Qx8ZzzksVXGhimak7R+HN9AUogA=; b=EOD5qTW5F/C95nRMGqJL7dT5kmHJx2NEUVOEo/ZEtf/hQdwtkyXx1I1GKuSXqe/PKZ Ec5KhTW1nQPSoykNUeHHa9u0YNYjIzBOmFq8MlywtDvB/hvKTb/0QXTI6o9FfXlanBPe etFTSNOcvv2stt4/mPJnAtDorKjoUcKOGh+EwV1YkeD5KWOG/W5vfeEdRf9uiNxPme/R LhatyMdYHyqq2i2ffea7n802Ibcrje4itOOHIeP8zqq4C+AB2Q5lPzMyFWTvH6I+bAWE jnrKjD2VsiwK6DsOR6SkRROVFalgk4EeQgDWZTfYmr3YcZfk7yOXC0mQWjzGeSCwyhM3 fjTQ== X-Gm-Message-State: AOJu0Yx5+YeFJ3ZjybqFXK4o6SkZjS+JJSEFY841T+u6+fSuH5Td/A7b oenGLOg6Fo5ouedpXAF3xxLsHyBrknZU/hOYkRMtP57N6ZpZwokYYpCEnT0vGg== X-Gm-Gg: AZuq6aLUtlUviafPytauCISfH9anv/yXbeVeuw0XKKelnWk9M/tOgGQ8madujY0V0I8 Wi8bj98HLWVUZ1fhniytnnMq0PzNyuH6SpJlGrcZg0/Hb64C+Be/r2eZnqtCoZXG++IBoEetGX3 w6pc45DSgo/8QYFwgYN+U5SSsFXALy7/zmJYpxECb8xqd6qhCYlMwVdqaj63RHV46uem/r5y7fs 6i5e6ofYi/RSrUm7+mS+ggfjMmwhXmWYPKC2chiaAY6WccL+vsznxsWh3rqYt2bHP0zskm8JBIc t+6ddE3nXRCBCTqKAg/I1KuBHUrQTtpLvPeqqMPQG7c0/ddfLXSZEODsFFtSpwEiirm22YAZHJH Oj+JszSUn5OkBh7zp6EYOKEcboIpp4+YZKZiSD5qzE88M7tIXPRfgT6ok3bYUhClYCK4tRNEeBe LULue7STABHPtqu3HuiTQ= X-Received: by 2002:a5d:6e0e:0:b0:435:ae97:b31 with SMTP id ffacd0b85a97d-435ca125bc2mr5260677f8f.2.1769432711807; Mon, 26 Jan 2026 05:05:11 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:11 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 06/11] sox: patch CVE-2017-15372 Date: Mon, 26 Jan 2026 14:05:00 +0100 Message-ID: <20260126130506.82699-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123883 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15372 Pick the patch that was indeitified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-15372 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-15372.patch | 100 ++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 101 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15372.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15372.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15372.patch new file mode 100644 index 0000000000..168fded39f --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15372.patch @@ -0,0 +1,100 @@ +From 13086aa971f5a0a5a644323456a90a9fa96e03c3 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Wed, 8 Nov 2017 00:27:46 +0000 +Subject: [PATCH] adpcm: fix stack overflow with >4 channels (CVE-2017-15372) + +CVE: CVE-2017-15372 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/001c337552912d286ba68086ac378f6fdc1e8b50] +Signed-off-by: Gyorgy Sarvari +--- + src/adpcm.c | 8 +++++++- + src/adpcm.h | 3 +++ + src/wav.c | 5 ++++- + 3 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/adpcm.c b/src/adpcm.c +index 2e13867..f64b7d5 100644 +--- a/src/adpcm.c ++++ b/src/adpcm.c +@@ -71,6 +71,11 @@ const short lsx_ms_adpcm_i_coef[7][2] = { + { 392,-232} + }; + ++extern void *lsx_ms_adpcm_alloc(unsigned chans) ++{ ++ return lsx_malloc(chans * sizeof(MsState_t)); ++} ++ + static inline sox_sample_t AdpcmDecode(sox_sample_t c, MsState_t *state, + sox_sample_t sample1, sox_sample_t sample2) + { +@@ -102,6 +107,7 @@ static inline sox_sample_t AdpcmDecode(sox_sample_t c, MsState_t *state, + + /* lsx_ms_adpcm_block_expand_i() outputs interleaved samples into one output buffer */ + const char *lsx_ms_adpcm_block_expand_i( ++ void *priv, + unsigned chans, /* total channels */ + int nCoef, + const short *coef, +@@ -113,7 +119,7 @@ const char *lsx_ms_adpcm_block_expand_i( + const unsigned char *ip; + unsigned ch; + const char *errmsg = NULL; +- MsState_t state[4]; /* One decompressor state for each channel */ ++ MsState_t *state = priv; /* One decompressor state for each channel */ + + /* Read the four-byte header for each channel */ + ip = ibuff; +diff --git a/src/adpcm.h b/src/adpcm.h +index af4d6f0..db5cc61 100644 +--- a/src/adpcm.h ++++ b/src/adpcm.h +@@ -29,8 +29,11 @@ + /* default coef sets */ + extern const short lsx_ms_adpcm_i_coef[7][2]; + ++extern void *lsx_ms_adpcm_alloc(unsigned chans); ++ + /* lsx_ms_adpcm_block_expand_i() outputs interleaved samples into one output buffer */ + extern const char *lsx_ms_adpcm_block_expand_i( ++ void *priv, + unsigned chans, /* total channels */ + int nCoef, + const short *coef, +diff --git a/src/wav.c b/src/wav.c +index fad334c..066be6d 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -82,6 +82,7 @@ typedef struct { + /* following used by *ADPCM wav files */ + unsigned short nCoefs; /* ADPCM: number of coef sets */ + short *lsx_ms_adpcm_i_coefs; /* ADPCM: coef sets */ ++ void *ms_adpcm_data; /* Private data of adpcm decoder */ + unsigned char *packet; /* Temporary buffer for packets */ + short *samples; /* interleaved samples buffer */ + short *samplePtr; /* Pointer to current sample */ +@@ -175,7 +176,7 @@ static unsigned short AdpcmReadBlock(sox_format_t * ft) + } + } + +- errmsg = lsx_ms_adpcm_block_expand_i(ft->signal.channels, wav->nCoefs, wav->lsx_ms_adpcm_i_coefs, wav->packet, wav->samples, samplesThisBlock); ++ errmsg = lsx_ms_adpcm_block_expand_i(wav->ms_adpcm_data, ft->signal.channels, wav->nCoefs, wav->lsx_ms_adpcm_i_coefs, wav->packet, wav->samples, samplesThisBlock); + + if (errmsg) + lsx_warn("%s", errmsg); +@@ -791,6 +792,7 @@ static int startread(sox_format_t * ft) + + /* nCoefs, lsx_ms_adpcm_i_coefs used by adpcm.c */ + wav->lsx_ms_adpcm_i_coefs = lsx_malloc(wav->nCoefs * 2 * sizeof(short)); ++ wav->ms_adpcm_data = lsx_ms_adpcm_alloc(wChannels); + { + int i, errct=0; + for (i=0; len>=2 && i < 2*wav->nCoefs; i++) { +@@ -1216,6 +1218,7 @@ static int stopread(sox_format_t * ft) + free(wav->packet); + free(wav->samples); + free(wav->lsx_ms_adpcm_i_coefs); ++ free(wav->ms_adpcm_data); + free(wav->comment); + wav->comment = NULL; + diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 4c5452427e..96d0543520 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -35,6 +35,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-11359.patch \ file://CVE-2017-15370.patch \ file://CVE-2017-15371.patch \ + file://CVE-2017-15372.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:05:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79683 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D9A2D13C07 for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18918.1769432714292207250 for ; Mon, 26 Jan 2026 05:05:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NdKUsWp0; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-47f5c2283b6so34044115e9.1 for ; Mon, 26 Jan 2026 05:05:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432713; x=1770037513; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UkFcWxrArZIIB2szhtlb0PmpIkIdsJBiH4DpQ93oaLI=; b=NdKUsWp062XjGAEkM3SbM9RUoRGWorbfbCtQLAzGKy5Mjkgo8RobTZ8rI47i4PAEF4 MUHHm8IEdeSvxOEYMHQ2Es4O2CIGk07fWkhvwZvf0MYwtdF/J+NxkmhzMCdCnq39/+LB MxDQAbBpfzfatrurg5NPo3/7BXoZ4EClRTukECLullBO8acxHtfgfmNQS+rlhchxhj2u QNPuWBdjRgQ6MqiO8gFMtMa4FLRqGoBqR2GN7len4dVZ1lXg48bT1UtzcFx2hnAQTsS2 ipjC7c3Sy0PRke+nBdhRpywGmVyQM61ADr9gDjt6/1qCDVZxAdPJjp+k7w1llNzNNa6X HQuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432713; x=1770037513; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=UkFcWxrArZIIB2szhtlb0PmpIkIdsJBiH4DpQ93oaLI=; b=H8Jb621P99TgTTADiHdYE2OC7LO54ZSJPTmeiGxnXa9aq2LEE9XFVw1yU50SrTkoeG bd6biRfizhHI/9IHobGdf07nWBMX67IN8ZRHOSGIx675LtxdSbQ8cNdLzs9Y9RkMvjzH Nq+BI9ZGL4MAV4GYShYDfPxXsB+FliK+dK4unFmfQaXvZbRFkZABrtvvd710st7wD+Ns A6GqhkQwv+bxE4mSydZzwpqJsTifGfzhWmS6N07IxD9nRZAduPW+jcbx2eiIE/wKBYr+ 4wW5gPd+HswDppK7zV4qsnbiP0CCUNL2T6zd1gYU8JY135Yd1UTFBJlGXY1OOljiWTFD ux3g== X-Gm-Message-State: AOJu0YzQMxBFTfMdD3xsPKMPoNlFB+lgELuPIqH2qtBHFm1kXDA8oeq/ uf7Dss7FLB2AShPqTv9px4MM/soMlJSrh0aiYMwxM7ghyB5E8xXTLAEfDKns7g== X-Gm-Gg: AZuq6aL7aH/o6kyyHoZXGwqQjpl3Tl4g+LUOH/wk4l9/KbHhT0ohccPAd3nBJFB/Mn0 ft6WUU19aWDT2sbnZO2+5rP8rnyvzf7oSJqgOmynWdeHA9RnxUNrqYQVnztZqMOjXGvI0Ee1n97 cLdMRooTHdWxBhQkSQLdEqOH79dcPj/ZVnBqXxbpco787OlmDP8dFNtQEs7C5H3qMLi6ukx29WN w18vV9cgLZ2vb9PpEAYG1ec/vwRV6x2Q5sW2Teqfm18euZflicai/4QrkO5LO6FXsuOx4PXWrFS GyvnIliu+e8IIDVyVBrfF9AekBwhKMhQ+XrwaeU2OSHhRLKm1zUjxVayJt+nHYTehRhuYgaB2OV zW3zYpfBurUVJk8v8aZJ6YSF6xAwcaqn5R5aWG47geYztNAIDXBOR/Djpq79HebU3sNjh+dFSkq KfcqGgeixT X-Received: by 2002:a05:6000:3109:b0:432:c0e6:cfda with SMTP id ffacd0b85a97d-435ca051defmr6760214f8f.7.1769432712529; Mon, 26 Jan 2026 05:05:12 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:12 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 07/11] sox: patch CVE-2017-15642 Date: Mon, 26 Jan 2026 14:05:01 +0100 Message-ID: <20260126130506.82699-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123884 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15642 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-15642 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-15642.patch | 35 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15642.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15642.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15642.patch new file mode 100644 index 0000000000..c505919edf --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15642.patch @@ -0,0 +1,35 @@ +From eb9b33dd01ae7b3cf50894e7d5044fc2db183529 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Mon, 20 Nov 2017 11:03:15 +0000 +Subject: [PATCH] aiff: fix crash on empty comment chunk (CVE-2017-15642) + +This fixes a use after free and double free if an empty comment +chunk follows a non-empty one. + +CVE: CVE-2017-15642 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2] +Signed-off-by: Gyorgy Sarvari +--- + src/aiff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/aiff.c b/src/aiff.c +index 240d2e1..11ddb54 100644 +--- a/src/aiff.c ++++ b/src/aiff.c +@@ -62,7 +62,6 @@ int lsx_aiffstartread(sox_format_t * ft) + size_t ssndsize = 0; + char *annotation; + char *author; +- char *comment = NULL; + char *copyright; + char *nametext; + +@@ -270,6 +269,7 @@ int lsx_aiffstartread(sox_format_t * ft) + free(annotation); + } + else if (strncmp(buf, "COMT", (size_t)4) == 0) { ++ char *comment = NULL; + rc = commentChunk(&comment, "Comment:", ft); + if (rc) { + /* Fail already called in function */ diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 96d0543520..d49ac822b4 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -36,6 +36,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15370.patch \ file://CVE-2017-15371.patch \ file://CVE-2017-15372.patch \ + file://CVE-2017-15642.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:05:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79685 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F16DFD13C05 for ; Mon, 26 Jan 2026 13:05:16 +0000 (UTC) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18919.1769432715017247446 for ; Mon, 26 Jan 2026 05:05:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WrSpkZWc; spf=pass (domain: gmail.com, ip: 209.85.221.43, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-42fb6ce71c7so4200865f8f.1 for ; Mon, 26 Jan 2026 05:05:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432713; x=1770037513; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wZoKvAw3hakVmxRBdH64AtBbHTShWZdqdTLqfR0j1h4=; b=WrSpkZWcvSGRcfF9Y/ZqMwC1U4rCi3gET2yLEeTfcjtvfbgHwNTATE8xUJsSdhJ9es 5jW6ZYVEFrBst+u/RqXRl8BZ6MLgb1OKpZiQMfEy3xIgsxl2qR52cshxe2rR5/kv9LXf vLrvVJD8KllNv5dXP0etMcSq9R0Qm+4vpAXMD0oUHH/9bj5ywH/fJeh4dh95TZAx+msy bcAjixAouM8WxN1TeapmqSIvUPO12erIO65tMV1k7LMulMMCOowO8k8EJYu/YNFxBMQs +HhiSjF/3zAWWzTm3Ij9+Rr1VopAiJ0AFjQeOkTUcaL+lmU664QJrsK9+whl6WBz53Wr nvFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432713; x=1770037513; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=wZoKvAw3hakVmxRBdH64AtBbHTShWZdqdTLqfR0j1h4=; b=JscyBC59xwpOKMu4E1B+qbAqHOXutYnaG293XsIFa9R/ocfeEbg5b4KJ18ThSjIwW0 8QkGuYDthf/6Bv2PRiijSQlz267tmBgSrBLF5AouRJkvY4LcGyK4Qz3xcFpQFMJoF82E CzeBsF8RbfMWUnPDT7YnuBz8SVTgDxDUaoRZzmTvTppYq1FaAnCm26IPQF9oxLTXSNRQ EpVRpw/41ZmEavO1HZf+L3HF65yRSNWAHpbtPrbCfLoThKMThV7RIajiiDdozJNP6sep m4t3wTsi0Wl9HOSpMOSe9+DBPH5DoP7Qcm2RuDUs3wAQQsvrXsAZrpfeYPC12xkX/xY2 VrqA== X-Gm-Message-State: AOJu0YzCTI8zSXRMHs1S5BZ4R0+UqR/ON4wM/Z6PYd84yyOqJ1xD4jww bNzTl5z1eDqMATxsy3ecebGveoTz8HHpDfrIpZP/EeFNQ/u8YPqaRHfizm+MdA== X-Gm-Gg: AZuq6aLuALYngBYqtt05m+J9DfysEiJ25v3DMv2t6FaY+YuwXOMpWLBHlhDnQA1Jfg8 tF9jA1idPbmERoZ+b5H1nrhg9cQ9DrSGc8TXd6U5zMulx4+DYYYKqJHIZVq8Gzxl4qmnx9YC9lz fxGsl1al95KUNO0r8jENLcVeMRlU0qs3QXHCZHwJNGPn0IBF9m20uG7E783RGY1vVD0jXgFHRoN I1XjDuzw5wJXo99PtPIjqPByPvuK5jr/rTQwhwsPtvkCxVa3iW4WBbzThoK0tZ7rfVWThHu/ZK2 Qje9VSJOFKQRMcp6fDC6hTgOrjn5efEInw5i4UYIPOeEw4fN1fXcCF5zIpPsop1TUDBFBck27C3 9GS8aNhTjtiCH/SaMbqh6eCHdoQClccofZk6We47i/ZRs3s2J6mhbuUt2ooC1LoEfuPxxlIK8Wi VxTafqWjRd X-Received: by 2002:a05:6000:1ace:b0:431:c73:48a8 with SMTP id ffacd0b85a97d-435ca193bc9mr7535370f8f.29.1769432713210; Mon, 26 Jan 2026 05:05:13 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:12 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 08/11] sox: patch CVE-2017-18189 Date: Mon, 26 Jan 2026 14:05:02 +0100 Message-ID: <20260126130506.82699-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123885 Details: https://nvd.nist.gov/vuln/detail/CVE-2017-18189 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-18189 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2017-18189.patch | 34 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch new file mode 100644 index 0000000000..3ca829b230 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch @@ -0,0 +1,34 @@ +From c9e266bc77952c873a28ae320dac2eae5cbc9934 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Thu, 9 Nov 2017 11:45:10 +0000 +Subject: [PATCH] xa: validate channel count + +A corrupt header specifying zero channels would send read_channels() +into an infinite loop. Prevent this by sanity checking the channel +count in open_read(). Also add an upper bound to prevent overflow +in multiplication. + +CVE: CVE-2017-18189 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53] +Signed-off-by: Gyorgy Sarvari +--- + src/xa.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/xa.c b/src/xa.c +index 81a7677..9fc086e 100644 +--- a/src/xa.c ++++ b/src/xa.c +@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft) + lsx_report("User options overriding rate read in .xa header"); + } + ++ if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) { ++ lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d", ++ ft->signal.channels); ++ return SOX_EOF; ++ } ++ + /* Check for supported formats */ + if (ft->encoding.bits_per_sample != 16) { + lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.", diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index d49ac822b4..8606eb6c0f 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -37,6 +37,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15371.patch \ file://CVE-2017-15372.patch \ file://CVE-2017-15642.patch \ + file://CVE-2017-18189.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:05:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79682 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2B5ED13C06 for ; Mon, 26 Jan 2026 13:05:16 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18920.1769432716000522941 for ; Mon, 26 Jan 2026 05:05:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NyfBUfqz; spf=pass (domain: gmail.com, ip: 209.85.221.41, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-42fb5810d39so2854045f8f.2 for ; Mon, 26 Jan 2026 05:05:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432714; x=1770037514; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BintwLvDcCtgAT+7KCneustgdv8UVv2m1G6ImUELGYU=; b=NyfBUfqzDyyqCboa9uPjtDkfs4O+7HOquCAHZJeQEdKQ73UAi9Mtasfm/frk/S3csM Nz/ZnjLK18zwqqCa3jQMOwRmXDyzJ/B3KF/4G6W9uI3yiE/zixpUHihPGgcnJvys1z8V kjDGLa3AXUrY6Szx0+8gf7RgbyvFo8p/fqqKfSuhtnUfr2k/LGESyPEdNo13o3cP/8aa DyfguTelNaIIq7JbcyiRwVgUxEicKTvkf9fhPsTOlk7bnCmN5w4DRuBqvnG6wA6uMLd9 E7LKIlSOmyhzLxLIbTKAtQ3zxCjzlYEuxSPnxD5A0FBgOPasbZyuo5knsKGPK7/A/w46 ZJUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432714; x=1770037514; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BintwLvDcCtgAT+7KCneustgdv8UVv2m1G6ImUELGYU=; b=Vbs+lX707+hsHbdYObiwOsZBd9oh9OUWNI/CKQWjwvn7ciOj7E/MDNZijfb4lMxPAi KRby9IX/Ry8O9aRfOUD3EZadjSZPBY/yS//ztb3wKe4ucttlLbwTKZ3fv/lw5AcuQmDo 5fL/WehglO40MmKFBugErQTlOZz0cMubxd6bXe+GXSCSj9zITPky03DOcmx1yNHvma8K ew6ArN3KGJ5kRzSYnXIdSgEs5IUydX3npfdbyUOcn9LgDe7D059mxqzU93QjMt3gGTRV ug2DajuI5DUGv0V4pzZgzND4U87yydHgw+TMt77a7KLXfAVzRHt88FIbKtoHDszRNEqY 2oJQ== X-Gm-Message-State: AOJu0YxqHCzkD7ThAEjUxDJfoA5e+Hj6Xkxn5K2hAx6P+oSzHnXfKrdg Ai7jg+lYU8zxb3O9pfxMrYMXYzxMrSHaNkYckY2NRiLjgF1QR6AlcTlSq3ZJbA== X-Gm-Gg: AZuq6aItmY3yVC7a3YcPDdq1GqOkvXfun8lc6RrKqfn1Fd5pLxnVeFxglh8XuVsOn0R TQtK672lsUeOYO0bpx31SrHvXcSoU+IWlWtH46pmjT4VbQXJZUp7b0xFXTYtY7jRXd3/fRvuq/b uY8gL+qfMZxAaAirlsB6AN55HlvQn5LEAA/t4E2dY+8K98gsqVi/F7y/zY5bdWu45LQ0HZsCJgW S2XgGl1w9N3Kwj3x2/kMdB4P8eTZr+/IQMP4eCl+L/Z9oUmzpwLVulz62PJ0FyUjeCTNqYLf3Xl xE0S9OUuWZQa+FSr/mdWE0UIdhmjDxYuB8I2BzMym/3FGtFg+T5dfdZ6Yn175MpZBVGC7X2r2eW pr4HzvxFsNOr4I2bujQ3lj18kEt/ojmqBnShTNijX+I6NTvUqhDy/SveOoiKy0xtPVr/AZCKzJD U6xWvh/hDc X-Received: by 2002:a05:6000:2483:b0:435:bdc0:48e9 with SMTP id ffacd0b85a97d-435ca1ab666mr6489037f8f.55.1769432714083; Mon, 26 Jan 2026 05:05:14 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:13 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 09/11] sox: mark CVE-2019-1010004 as patched Date: Mon, 26 Jan 2026 14:05:03 +0100 Message-ID: <20260126130506.82699-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123886 Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004 The description mentions that this vulnerability overlaps with CVE-2017-18189, and Debian's investigation[1] confirms that it is solved by the same commit. Add the ID to the CVE tag of CVE-2017-18189.patch. [1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004 Signed-off-by: Gyorgy Sarvari --- meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch index 3ca829b230..20af7cdada 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch @@ -8,7 +8,7 @@ into an infinite loop. Prevent this by sanity checking the channel count in open_read(). Also add an upper bound to prevent overflow in multiplication. -CVE: CVE-2017-18189 +CVE: CVE-2017-18189 CVE-2019-1010004 Upstream-Status: Backport [https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53] Signed-off-by: Gyorgy Sarvari --- From patchwork Mon Jan 26 13:05:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47C5ED13C13 for ; Mon, 26 Jan 2026 13:05:17 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.19489.1769432716774375246 for ; Mon, 26 Jan 2026 05:05:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FR7oDUyN; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-480142406b3so30040805e9.1 for ; Mon, 26 Jan 2026 05:05:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432715; x=1770037515; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VtjAnAYrQ/C+urR0iwTdVP8qpu1NOkh9CA7IrTeeGNI=; b=FR7oDUyNZaonpE+kdjFH+20E66dh1lMVrIlU15a5UX2HX2yqLZJl87VcXWnH2SbtQk 7y3e+FBBbntmhpTGpLgIP7F5drnmPlu9T3ZMOqFu/F2QofktHzccOC+Xuoi0dWdFtCSu ymxOidrchYLSFcirBN6LXbPElumd/mHFgiSg/J0gkWs9tYEnWDnAsZd7NK6lwHtGAeXo JKz87gh60vdoK0iZIsYQqktXNTi4HzjB6RW3bXkGqGL6VE5OUNWWYHS04KzqNtvUAF0A TGjRz2uvp8Tp3UD5r7TwtCsVVk25LQFYlFudnCJ2dM5YA3RPAbjHiTE3VWBfxQTLsk9x vhMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432715; x=1770037515; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VtjAnAYrQ/C+urR0iwTdVP8qpu1NOkh9CA7IrTeeGNI=; b=HMxu/spH3ifNRFbVCCZ0UPrkPO2Vdt7uKafA943VlF9crqnakEvF4J5U6odks6ye7B 7Nc7Ne5FrOZ22wekDTbcTvd2iEgCnsV9+WXLyoVyBdy831jcS4JDlXTzA50AMNLMV4AA uRBUEbOsuL0uMxlDyHi7agnaPg4gJIcTGoe/H0ZfpRgY/QrdeSXWXeh2HIXsQ38OhODX HyF+Qio4P1ZRf+qXQHREWml+wYgjk/oGFmUb8DMuOTpyGOvgKSOib2aV0lZVqvw5PWce 6IubzLEvZU+yszZYISx3rBzvEFyUCA2PXOBaWmut8IJfUVQ+Zz/bSR0fp7Prtd4T6Aik Mwzw== X-Gm-Message-State: AOJu0YybPHGIFNnBLeNXMuLHQosJ+voZR2fDr6u53472+0fjuhcBU5y/ LaFQb6b3OR0uZcmMWi24K8GXJWaAZPILD3jfnHvgETxTJ8MAv/aX3xOhpq85zg== X-Gm-Gg: AZuq6aJdPQcjFh2IAhu7qcld5fKfMiePDsTuu9Yte6A917I55fvwXB4sg1dFFAPzYxG h2oPvnHZsWLg8NPXTQhMcuKzWqtAIT5sPDTOWKpLb+8HTrT6aK1antDZxk6wL4uBUsOSgjOWHSv 3z5cvuA1hNsdnSEjJwYFg3DDHv081pmECxq5/FuHI8IoRMyLdUxwZFd+VNFkRKAl6r9ZrvvS6LC gtnsGSiNYeqxrOQ3mZTSlcnEKvqPXduEUZGnKy5iBvIlb8dkhVnGoJ+hPh7VtWrWC9MoKGh8gMf 0MKkABr1PCzM2i+QOXMDoPKYBkDqg7ab+BKFxfeOPlXTKDYwQO842lAZh6PdtxAuJ/f1ISeW73Q tcS3Gecy4iLsoSulFUEtpIXoaIRCc/bawynryceSt6buX6+tAg+PLmWg6qW3IWhybrjO35DWn3d qIHP+b55ir X-Received: by 2002:a05:6000:430d:b0:435:9690:f056 with SMTP id ffacd0b85a97d-435ca18fcf8mr7362459f8f.35.1769432714884; Mon, 26 Jan 2026 05:05:14 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:14 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 10/11] sox: patch CVE-2019-13590 Date: Mon, 26 Jan 2026 14:05:04 +0100 Message-ID: <20260126130506.82699-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123887 Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13590 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2019-13590 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2019-13590.patch | 34 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch new file mode 100644 index 0000000000..4877ba8b53 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch @@ -0,0 +1,34 @@ +From aa8f02729962a0ee5e9864de90871fa821f262be Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Tue, 4 Feb 2020 12:55:18 +0000 +Subject: [PATCH] sox-fmt: validate comments_bytes before use (CVE-2019-13590) + [bug #325] + +Cap the comments size to 1 GB to avoid overflows in subsequent +arithmetic. + +The missing null check mentioned in the bug report is bogus since +lsx_calloc() returns a valid pointer or aborts. + +CVE: CVE-2019-13590 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/7b6a889217d62ed7e28188621403cc7542fd1f7e] +Signed-off-by: Gyorgy Sarvari +--- + src/sox-fmt.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/sox-fmt.c b/src/sox-fmt.c +index aad965c..11c8877 100644 +--- a/src/sox-fmt.c ++++ b/src/sox-fmt.c +@@ -46,7 +46,9 @@ static int startread(sox_format_t * ft) + lsx_readdw(ft, &comments_bytes)) + return SOX_EOF; + +- if (((headers_bytes + 4) & 7) || headers_bytes < FIXED_HDR + comments_bytes || ++ if (((headers_bytes + 4) & 7) || ++ comments_bytes > 0x40000000 || /* max 1 GB */ ++ headers_bytes < FIXED_HDR + comments_bytes || + (num_channels > 65535)) /* Reserve top 16 bits */ { + lsx_fail_errno(ft, SOX_EHDR, "invalid sox file format header"); + return SOX_EOF; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 8606eb6c0f..5b47382334 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -38,6 +38,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15372.patch \ file://CVE-2017-15642.patch \ file://CVE-2017-18189.patch \ + file://CVE-2019-13590.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" From patchwork Mon Jan 26 13:05:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79692 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 460ADD13C06 for ; Mon, 26 Jan 2026 13:05:27 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18921.1769432717586838466 for ; Mon, 26 Jan 2026 05:05:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Vqg90eUK; spf=pass (domain: gmail.com, ip: 209.85.221.49, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-432d28870ddso2307793f8f.3 for ; Mon, 26 Jan 2026 05:05:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769432716; x=1770037516; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HF2jRCm6wrzmSmmCKVuExxJn7ClfNoJF2m9otH4mO+0=; b=Vqg90eUKrihLa2urLptSuSp29IslJMrXgifFZkqjgweipnNafRcb6JJpQ9Je5t/UM/ jfuvQWPs+HR/tUNNCRtOEqIIsCOBrc/0Hns5dZ94t1XXjrnORQGX63Zps8KAxinMA1IJ 0Flj/6ctjMgNzQ8ULEL9ERELU1FhGwo9WhnbIQNEp8dRiQYKye5XzP3NT6iSacYSsAaR qnT+SvtPIKF02I9VLXFafjxgQYhxQo6wOA+H3eMlKSpPQ2aYPM+wBWy+faDUKrPTcAWk Hjty65BlxNMRCcU/AosbzFepIsGvbpN0CCLcJMqRhGYFwasHMuwPlvj8qHIYnbViCmyC PVqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769432716; x=1770037516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HF2jRCm6wrzmSmmCKVuExxJn7ClfNoJF2m9otH4mO+0=; b=hmh9Iz/kXOAyDaOTHsZUCEymHoRR8GRFigEOEDsmVcnc6I44rqDOJN6SReAm1EPOz6 MAbIXVCcdZ59OXOzRhAaPPZqFRrSsgmJTyWwksgV5gmcrwYvMWFAC0+ha/fB3cf2WOFs vJd5CegoCTeS8nbQ9w72bh+4qwpVT8xnHUB4DtIhChuEymbf6UhEbekAnqDpCgpw7+XT Pmss65E6qWgo8jBpkr7IO/3vHS7quqiS6rJCaqRz/KfeRYBOdusqL87DAop0+++d6CAp oMXb72LyaQq3dlInFpOcbaTEsExphOgr0McT6dAby2Lnm0WSa6vONn5iV59HHzGP/H9f p2nA== X-Gm-Message-State: AOJu0YwnYgFKQm/Phmr34GEA6SKJafKFNpxQpCo2N7GJyaeLNVOQD9bj dZ6pBmljNh4LVQMLmv+anO2V/qqeTrMuqZX22PDF8oJQ5wEPZ7+FDhHpbiWiTg== X-Gm-Gg: AZuq6aL4DDHGQjvZSRtTJLO73CPf84B3g1GAoSmy7HR8/HbtQiCpXAM5DHEjTUMgLkf 9NwQR3tA4vEjazohVfJam5WEd4fduvvPOeC59E5YipgN40YWsi3mHcmaoYllBGOQYGC2tm0q/5g GxNPypBlnRdq1PjHG4YAPTJCzspeg0peBuNe4Yyyrjs4nRi1FR50dytDglT+VE7s/7lwvMFdeHr hgcjT/B+hcWnrKPRVleV8cyhCUvAq5qDkkl8UCDRvE/JQTXesH3AMPEW5eH/HkQBwqFls9pxq7q t+T4DSVnHzkYZS+jToxgPEzii0c9bLmAswmkCqmzuLVwLGJm/ExDxQnMOf0IIjmSTFet3/Owx/Z Ys/7F3S1QAoNOV682IuiijFp444YXydZ95x8APxMZhEBii1V49JMU8iGS2fu+ZgLVkOTUf4uLWo OeRV/bVVOO X-Received: by 2002:a5d:588d:0:b0:431:5ca:c1a9 with SMTP id ffacd0b85a97d-435ca14784cmr7168135f8f.23.1769432715696; Mon, 26 Jan 2026 05:05:15 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24b54sm30897978f8f.15.2026.01.26.05.05.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 05:05:15 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][scarthgap][PATCH 11/11] sox: patch CVE-2019-8354 Date: Mon, 26 Jan 2026 14:05:05 +0100 Message-ID: <20260126130506.82699-11-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260126130506.82699-1-skandigraun@gmail.com> References: <20260126130506.82699-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 26 Jan 2026 13:05:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123888 Details: https://nvd.nist.gov/vuln/detail/CVE-2019-8354 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2019-8354 Signed-off-by: Gyorgy Sarvari --- .../sox/sox/CVE-2019-8354.patch | 29 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch new file mode 100644 index 0000000000..c45917c1c9 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch @@ -0,0 +1,29 @@ +From 5066f093b08b4033f59ea6d99001f059e919239b Mon Sep 17 00:00:00 2001 +From: Mans Rullgard +Date: Wed, 24 Apr 2019 14:57:34 +0100 +Subject: [PATCH] fix possible buffer size overflow in lsx_make_lpf() + (CVE-2019-8354) + +The multiplication in the size argument malloc() might overflow, +resulting in a small buffer being allocated. Use calloc() instead. + +CVE: CVE-2019-8354 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/f70911261a84333b077c29908e1242f69d7439eb] +Signed-off-by: Gyorgy Sarvari +--- + src/effects_i_dsp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/effects_i_dsp.c b/src/effects_i_dsp.c +index a979b50..e32dfa0 100644 +--- a/src/effects_i_dsp.c ++++ b/src/effects_i_dsp.c +@@ -357,7 +357,7 @@ double * lsx_make_lpf(int num_taps, double Fc, double beta, double rho, + double scale, sox_bool dc_norm) + { + int i, m = num_taps - 1; +- double * h = malloc(num_taps * sizeof(*h)), sum = 0; ++ double * h = calloc(num_taps, sizeof(*h)), sum = 0; + double mult = scale / lsx_bessel_I_0(beta), mult1 = 1 / (.5 * m + rho); + assert(Fc >= 0 && Fc <= 1); + lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale); diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 5b47382334..24acd882fc 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -39,6 +39,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15642.patch \ file://CVE-2017-18189.patch \ file://CVE-2019-13590.patch \ + file://CVE-2019-8354.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"