rpms/libvorbis/F-10 r16326.diff, NONE, 1.1 r16597.diff, NONE, 1.1 libvorbis.spec, 1.33, 1.34
Jindrich Novy
jnovy at fedoraproject.org
Mon Nov 9 14:19:59 UTC 2009
- Previous message (by thread): rpms/libvorbis/F-11 r16326.diff, NONE, 1.1 r16597.diff, NONE, 1.1 libvorbis.spec, 1.35, 1.36
- Next message (by thread): rpms/webkitkde/F-12 sources,1.2,1.3 webkitkde.spec,1.2,1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/pkgs/rpms/libvorbis/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14485
Modified Files:
libvorbis.spec
Added Files:
r16326.diff r16597.diff
Log Message:
* Mon Nov 9 2009 Jindrich Novy <jnovy at redhat.com> 1.2.0-7
- backport patches to fix CVE-2009-3379 (#531765) from upstream
r16326.diff:
backends.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE r16326.diff ---
diff -up libvorbis-1.2.3/lib/backends.h.r16326 libvorbis-1.2.3/lib/backends.h
--- libvorbis-1.2.3/lib/backends.h.r16326 2009-07-09 11:12:08.000000000 +0200
+++ libvorbis-1.2.3/lib/backends.h 2009-11-02 14:55:42.000000000 +0100
@@ -111,7 +111,7 @@ typedef struct vorbis_info_residue0{
int partitions; /* possible codebooks for a partition */
int groupbook; /* huffbook for partitioning */
int secondstages[64]; /* expanded out to pointers in lookup */
- int booklist[256]; /* list of second stage books */
+ int booklist[512]; /* list of second stage books */
const float classmetric1[64];
const float classmetric2[64];
r16597.diff:
codebook.c | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE r16597.diff ---
diff -pruN libvorbis-1.2.0.orig/lib/codebook.c libvorbis-1.2.0/lib/codebook.c
--- libvorbis-1.2.0.orig/lib/codebook.c 2009-10-30 11:28:22.000000000 +0100
+++ libvorbis-1.2.0/lib/codebook.c 2009-10-30 11:35:28.000000000 +0100
@@ -198,6 +198,7 @@ int vorbis_staticbook_unpack(oggpack_buf
for(i=0;i<s->entries;){
long num=oggpack_read(opb,_ilog(s->entries-i));
if(num==-1)goto _eofout;
+ if(length>32)goto _errout;
for(j=0;j<num && i<s->entries;j++,i++)
s->lengthlist[i]=length;
length++;
Index: libvorbis.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvorbis/F-10/libvorbis.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- libvorbis.spec 9 Aug 2009 06:09:14 -0000 1.33
+++ libvorbis.spec 9 Nov 2009 14:19:59 -0000 1.34
@@ -1,7 +1,7 @@
Summary: The Vorbis General Audio Compression Codec.
Name: libvorbis
Version: 1.2.0
-Release: 6%{?dist}
+Release: 7%{?dist}
Epoch: 1
Group: System Environment/Libraries
License: BSD
@@ -14,6 +14,8 @@ Patch3: r14602-CVE-2008-1419.patch
Patch4: r14602-CVE-2008-1423.patch
Patch5: r14811.patch
Patch6: r16182-CVE-2009-2663.patch
+Patch7: r16326.diff
+Patch8: r16597.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libogg-devel >= 2:1.1
@@ -46,6 +48,8 @@ needed to develop applications with Ogg
%patch4 -p0 -b .r14602-CVE-2008-1423
%patch5 -p0 -b .r14811
%patch6 -p1 -b .r16182-CVE-2009-2663
+%patch7 -p1
+%patch8 -p1
perl -p -i -e "s/-O20/$RPM_OPT_FLAGS/" configure
perl -p -i -e "s/-ffast-math//" configure
# link to .pdf spec rather than ship redundant copy
@@ -93,6 +97,9 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig
%changelog
+* Mon Nov 9 2009 Jindrich Novy <jnovy at redhat.com> 1.2.0-7
+- backport patches to fix CVE-2009-3379 (#531765) from upstream
+
* Sun Aug 9 2009 Jindrich Novy <jnovy at redhat.com> 1.2.0-6
- fix CVE-2009-2663 (#516259)
- Previous message (by thread): rpms/libvorbis/F-11 r16326.diff, NONE, 1.1 r16597.diff, NONE, 1.1 libvorbis.spec, 1.35, 1.36
- Next message (by thread): rpms/webkitkde/F-12 sources,1.2,1.3 webkitkde.spec,1.2,1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list