rpms/xine-lib/EL-5 xine-lib-1.1.8-CVE-2006-1664.patch, NONE, 1.1 xine-lib-1.1.8-CVE-2008-0486.patch, NONE, 1.1 xine-lib.spec, 1.16, 1.17
Ville Skytta (scop)
fedora-extras-commits at redhat.com
Fri Feb 8 20:39:33 UTC 2008
- Previous message (by thread): rpms/setroubleshoot-plugins/F-8 .cvsignore, 1.7, 1.8 setroubleshoot-plugins.spec, 1.6, 1.7 sources, 1.7, 1.8
- Next message (by thread): rpms/hunspell-en/devel .cvsignore, 1.4, 1.5 hunspell-en.spec, 1.14, 1.15 mozilla_words.patch, 1.1, 1.2 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: scop
Update of /cvs/pkgs/rpms/xine-lib/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28781
Modified Files:
xine-lib.spec
Added Files:
xine-lib-1.1.8-CVE-2006-1664.patch
xine-lib-1.1.8-CVE-2008-0486.patch
Log Message:
* Fri Feb 8 2008 Ville Skyttä <ville.skytta at iki.fi> - 1.1.8-8
- Include ASF and FLAC comment security fixes from 1.1.10 and 1.1.10.1.
xine-lib-1.1.8-CVE-2006-1664.patch:
--- NEW FILE xine-lib-1.1.8-CVE-2006-1664.patch ---
diff -r 461fae9b8fca -r fb6d089b520d src/demuxers/demux_asf.c
--- a/src/demuxers/demux_asf.c Wed Jan 23 18:29:51 2008 +0000
+++ b/src/demuxers/demux_asf.c Wed Jan 23 19:40:16 2008 +0000
@@ -379,10 +379,21 @@ static int asf_read_header (demux_asf_t
char *asf_header_buffer = NULL;
asf_header_len = get_le64(this);
- asf_header_buffer = alloca(asf_header_len);
+ if (asf_header_len > 4 * 1024 * 1024)
+ {
+ xprintf(this->stream->xine, XINE_VERBOSITY_DEBUG,
+ "demux_asf: asf_read_header: overly-large header? (%"PRIu64" bytes)\n",
+ asf_header_len);
+ return 0;
+ }
+
+ asf_header_buffer = malloc (asf_header_len);
if (this->input->read (this->input, asf_header_buffer, asf_header_len) != asf_header_len)
+ {
+ free (asf_header_buffer);
return 0;
+ }
/* delete previous header */
if (this->asf_header) {
@@ -395,7 +406,11 @@ static int asf_read_header (demux_asf_t
*/
this->asf_header = asf_header_new(asf_header_buffer, asf_header_len);
if (!this->asf_header)
+ {
+ free (asf_header_buffer);
return 0;
+ }
+ free (asf_header_buffer);
lprintf("asf header parsing ok\n");
xine-lib-1.1.8-CVE-2008-0486.patch:
--- NEW FILE xine-lib-1.1.8-CVE-2008-0486.patch ---
diff -r 6cce4115cd7d -r 71d64201b47e src/demuxers/demux_flac.c
--- a/src/demuxers/demux_flac.c Thu Feb 07 17:49:40 2008 +0000
+++ b/src/demuxers/demux_flac.c Thu Feb 07 17:51:59 2008 +0000
@@ -189,7 +189,7 @@ static int open_flac_file(demux_flac_t *
case 4:
lprintf ("VORBIS_COMMENT metadata\n");
{
- char comments[block_length];
+ char comments[block_length + 1]; /* last byte for NUL termination */
char *ptr = comments;
uint32_t length, user_comment_list_length;
int cn;
@@ -202,18 +202,25 @@ static int open_flac_file(demux_flac_t *
length = _X_LE_32(ptr);
ptr += 4 + length;
+ if (length >= block_length - 8)
+ return 0; /* bad length or too little left in the buffer */
user_comment_list_length = _X_LE_32(ptr);
ptr += 4;
cn = 0;
for (; cn < user_comment_list_length; cn++) {
+ if (ptr > comments + block_length - 4)
+ return 0; /* too little left in the buffer */
+
length = _X_LE_32(ptr);
ptr += 4;
+ if (length >= block_length || ptr + length > comments + block_length)
+ return 0; /* bad length */
comment = (char*) ptr;
c = comment[length];
- comment[length] = 0;
+ comment[length] = 0; /* NUL termination */
lprintf ("comment[%02d] = %s\n", cn, comment);
@@ -248,8 +255,8 @@ static int open_flac_file(demux_flac_t *
}
if ((tracknumber > 0) && (tracktotal > 0)) {
- char tn[16];
- snprintf (tn, 16, "%02d/%02d", tracknumber, tracktotal);
+ char tn[24];
+ snprintf (tn, 24, "%02d/%02d", tracknumber, tracktotal);
_x_meta_info_set(flac->stream, XINE_META_INFO_TRACK_NUMBER, tn);
}
else if (tracknumber > 0) {
Index: xine-lib.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xine-lib/EL-5/xine-lib.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- xine-lib.spec 12 Jan 2008 11:41:42 -0000 1.16
+++ xine-lib.spec 8 Feb 2008 20:38:56 -0000 1.17
@@ -33,7 +33,7 @@
Summary: Xine library
Name: xine-lib
Version: 1.1.8
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv2+
Group: System Environment/Libraries
URL: http://xinehq.de/
@@ -47,6 +47,8 @@
Patch0: %{name}-%{version}-autotools.patch.bz2
Patch1: %{name}-1.1.4-optflags.patch
Patch2: %{name}-1.1.8-CVE-2008-0225.patch
+Patch3: %{name}-1.1.8-CVE-2006-1664.patch
+Patch4: %{name}-1.1.8-CVE-2008-0486.patch
Patch6: %{name}-1.1.1-deepbind-939.patch
Patch7: %{name}-1.1.5-multilib-devel.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -163,6 +165,8 @@
%patch1 -p1 -b .optflags
touch -r m4/optimizations.m4.stamp m4/optimizations.m4
%patch2 -p1 -b .CVE-2008-0225
+%patch3 -p1 -b .CVE-2006-1664
+%patch4 -p1 -b .CVE-2008-0486
# Patch6 needed at least when compiling with external ffmpeg, #939.
%patch6 -p1 -b .deepbind
%patch7 -p0 -b .multilib-devel
@@ -388,6 +392,9 @@
%changelog
+* Fri Feb 8 2008 Ville Skyttä <ville.skytta at iki.fi> - 1.1.8-8
+- Include ASF and FLAC comment security fixes from 1.1.10 and 1.1.10.1.
+
* Sat Jan 12 2008 Ville Skyttä <ville.skytta at iki.fi> - 1.1.8-7
- Include RTSP security fixes from 1.1.9.1.
- Previous message (by thread): rpms/setroubleshoot-plugins/F-8 .cvsignore, 1.7, 1.8 setroubleshoot-plugins.spec, 1.6, 1.7 sources, 1.7, 1.8
- Next message (by thread): rpms/hunspell-en/devel .cvsignore, 1.4, 1.5 hunspell-en.spec, 1.14, 1.15 mozilla_words.patch, 1.1, 1.2 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list