rpms/libvorbis/devel r16326.diff, NONE, 1.1 r16597.diff, NONE, 1.1 libvorbis.spec, 1.39, 1.40
Jindrich Novy
jnovy at fedoraproject.org
Mon Nov 2 14:12:15 UTC 2009
Author: jnovy
Update of /cvs/pkgs/rpms/libvorbis/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25407
Modified Files:
libvorbis.spec
Added Files:
r16326.diff r16597.diff
Log Message:
* Mon Nov 2 2009 Jindrich Novy <jnovy at redhat.com> 1.2.3-3
- backport patches to fix CVE-2009-3379 (#531765) from upstream
r16326.diff:
backends.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE r16326.diff ---
diff -up libvorbis-1.2.3/lib/backends.h.r16326 libvorbis-1.2.3/lib/backends.h
--- libvorbis-1.2.3/lib/backends.h.r16326 2009-07-09 11:12:08.000000000 +0200
+++ libvorbis-1.2.3/lib/backends.h 2009-11-02 14:55:42.000000000 +0100
@@ -111,7 +111,7 @@ typedef struct vorbis_info_residue0{
int partitions; /* possible codebooks for a partition */
int groupbook; /* huffbook for partitioning */
int secondstages[64]; /* expanded out to pointers in lookup */
- int booklist[256]; /* list of second stage books */
+ int booklist[512]; /* list of second stage books */
const float classmetric1[64];
const float classmetric2[64];
r16597.diff:
codebook.c | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE r16597.diff ---
diff -up libvorbis-1.2.3/lib/codebook.c.r16597 libvorbis-1.2.3/lib/codebook.c
--- libvorbis-1.2.3/lib/codebook.c.r16597 2009-07-09 11:12:08.000000000 +0200
+++ libvorbis-1.2.3/lib/codebook.c 2009-11-02 14:51:15.000000000 +0100
@@ -198,6 +198,7 @@ int vorbis_staticbook_unpack(oggpack_buf
for(i=0;i<s->entries;){
long num=oggpack_read(opb,_ilog(s->entries-i));
if(num==-1)goto _eofout;
+ if(length>32)goto _errout;
for(j=0;j<num && i<s->entries;j++,i++)
s->lengthlist[i]=length;
length++;
Index: libvorbis.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvorbis/devel/libvorbis.spec,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -p -r1.39 -r1.40
--- libvorbis.spec 25 Jul 2009 08:53:44 -0000 1.39
+++ libvorbis.spec 2 Nov 2009 14:12:13 -0000 1.40
@@ -9,6 +9,8 @@ URL: http://www.xiph.org/
Source: http://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libogg-devel >= 2:1.1
+Patch0: r16326.diff
+Patch1: r16597.diff
%description
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
@@ -40,6 +42,8 @@ Documentation for developing application
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
sed -i "s/-O20/$RPM_OPT_FLAGS/" configure
sed -i "s/-ffast-math//" configure
@@ -82,6 +86,9 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig
%changelog
+* Mon Nov 2 2009 Jindrich Novy <jnovy at redhat.com> 1.2.3-3
+- backport patches to fix CVE-2009-3379 (#531765) from upstream
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:1.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
More information about the fedora-extras-commits
mailing list