[arch-commits] Commit in lame/trunk (CVE-2017-15018.patch PKGBUILD)

Antonio Rojas arojas at archlinux.org
Fri Oct 6 22:23:01 UTC 2017 

    Date: Friday, October 6, 2017 @ 22:23:01
  Author: arojas
Revision: 307066

Fix CVE-2017-15018

Added:
  lame/trunk/CVE-2017-15018.patch
Modified:
  lame/trunk/PKGBUILD

----------------------+
 CVE-2017-15018.patch |   12 ++++++++++++
 PKGBUILD             |    8 +++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

Added: CVE-2017-15018.patch
===================================================================
--- CVE-2017-15018.patch	                        (rev 0)
+++ CVE-2017-15018.patch	2017-10-06 22:23:01 UTC (rev 307066)
@@ -0,0 +1,12 @@
+diff -rupN src/lame-3.99.5/libmp3lame/set_get.c ../lame/libmp3lame/set_get.c
+--- lame-3.99.5/libmp3lame/set_get.c	2011-05-07 12:05:17.000000000 -0400
++++ lame/libmp3lame/set_get.c	2017-09-06 11:07:30.000000000 -0400
+@@ -68,6 +68,8 @@ int
+ lame_set_in_samplerate(lame_global_flags * gfp, int in_samplerate)
+ {
+     if (is_lame_global_flags_valid(gfp)) {
++        if (in_samplerate < 1)
++            return -1;
+         /* input sample rate in Hz,  default = 44100 Hz */
+         gfp->samplerate_in = in_samplerate;
+         return 0;

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-10-06 20:36:34 UTC (rev 307065)
+++ PKGBUILD	2017-10-06 22:23:01 UTC (rev 307066)
@@ -5,7 +5,7 @@
 
 pkgname=lame
 pkgver=3.99.5
-pkgrel=3
+pkgrel=4
 pkgdesc="A high quality MPEG Audio Layer III (MP3) encoder"
 arch=('i686' 'x86_64')
 url="http://lame.sourceforge.net/"
@@ -13,13 +13,15 @@
 makedepends=('nasm')
 license=('LGPL')
 source=("http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
-        "sse.patch")
+        "sse.patch" CVE-2017-15018.patch)
 md5sums=('84835b313d4a8b68f5349816d33e07ce'
-         'ca77f3259ed398ae1c55073dacdd752f')
+         'ca77f3259ed398ae1c55073dacdd752f'
+         'f3707ae5dbc6c84018b925ce98ce6158')
 
 prepare() {
   cd "$srcdir/$pkgname-$pkgver"
   patch -Np1 -i ../sse.patch
+  patch -Np1 -i ../CVE-2017-15018.patch # https://sourceforge.net/p/lame/bugs/480/
 }
 
 build() {

More information about the arch-commits mailing list