forked from pool/libmirage
Accepting request 726099 from filesystems
- Add 0001-libMirage-CSO-filter-validate-part-size.patch, 0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch [boo#1148087, CVE-2019-15540] OBS-URL: https://build.opensuse.org/request/show/726099 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libmirage?expand=0&rev=19
This commit is contained in:
commit
d41a99a070
38
0001-libMirage-CSO-filter-validate-part-size.patch
Normal file
38
0001-libMirage-CSO-filter-validate-part-size.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 0e9292c9aa34bf545f43f7efe5f0b94faba94962 Mon Sep 17 00:00:00 2001
|
||||
From: Rok Mandeljc <rok.mandeljc@gmail.com>
|
||||
Date: Sun, 25 Aug 2019 14:53:58 +0200
|
||||
Subject: [PATCH 1/2] libMirage: CSO filter: validate part size
|
||||
|
||||
Part size must be always either smaller than the declared block
|
||||
size (compressed block) or equal to it (raw block). If not, return
|
||||
error - because we allocate our I/O buffer based on the block size.
|
||||
|
||||
Fixes SF bug #119, which is triggered by part size ending up being
|
||||
larger than the block size. Thanks to Andrea Fioraldi for report
|
||||
and thorough analysis of the issue.
|
||||
---
|
||||
libmirage/filters/filter-cso/filter-stream.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/libmirage/filters/filter-cso/filter-stream.c b/libmirage/filters/filter-cso/filter-stream.c
|
||||
index 5f2f5e25..d43aa54a 100644
|
||||
--- a/libmirage/filters/filter-cso/filter-stream.c
|
||||
+++ b/libmirage/filters/filter-cso/filter-stream.c
|
||||
@@ -120,6 +120,14 @@ static gboolean mirage_filter_stream_cso_read_index (MirageFilterStreamCso *self
|
||||
CSO_Part *prev_part = &self->priv->parts[i-1];
|
||||
|
||||
prev_part->comp_size = cur_part->offset - prev_part->offset;
|
||||
+
|
||||
+ /* Part size must be either smaller than header->block_size
|
||||
+ (compressed block ) or equal to it (raw block) */
|
||||
+ if (prev_part->comp_size > header->block_size) {
|
||||
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: invalid part/index entry: part data length (%" G_GINT64_MODIFIER "d) exceeds declared block size (%d)!\n", __debug__, prev_part->comp_size, header->block_size);
|
||||
+ g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_STREAM_ERROR, Q_("Invalid CSO file!"));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.22.1
|
||||
|
@ -0,0 +1,37 @@
|
||||
From f6adcd08beffd9dac2c4a86852ba0bda06870f4f Mon Sep 17 00:00:00 2001
|
||||
From: Rok Mandeljc <rok.mandeljc@gmail.com>
|
||||
Date: Sun, 25 Aug 2019 15:11:23 +0200
|
||||
Subject: [PATCH 2/2] libMirage: CSO filter: replaced a g_assert() with error
|
||||
return
|
||||
|
||||
---
|
||||
libmirage/filters/filter-cso/filter-stream.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libmirage/filters/filter-cso/filter-stream.c b/libmirage/filters/filter-cso/filter-stream.c
|
||||
index d43aa54a..065dc40c 100644
|
||||
--- a/libmirage/filters/filter-cso/filter-stream.c
|
||||
+++ b/libmirage/filters/filter-cso/filter-stream.c
|
||||
@@ -70,12 +70,17 @@ static gboolean mirage_filter_stream_cso_read_index (MirageFilterStreamCso *self
|
||||
|
||||
MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: reading part index\n", __debug__);
|
||||
|
||||
+ if (header->total_bytes % header->block_size) {
|
||||
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: original stream size (%" G_GUINT64_FORMAT ") is not a multiple of block size (%d)!\n", __debug__, header->total_bytes, header->block_size);
|
||||
+ g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_STREAM_ERROR, Q_("Invalid CSO file!"));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
self->priv->num_parts = header->total_bytes / header->block_size;
|
||||
self->priv->num_indices = self->priv->num_parts + 1; /* Contains EOF offset */
|
||||
- g_assert(header->total_bytes % header->block_size == 0);
|
||||
|
||||
MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: number of parts: %d\n", __debug__, self->priv->num_parts);
|
||||
- MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: original stream size: %" G_GINT64_MODIFIER "d\n", __debug__, header->total_bytes);
|
||||
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: original stream size: 0x%" G_GINT64_MODIFIER "X (%" G_GUINT64_FORMAT ")\n", __debug__, header->total_bytes, header->total_bytes);
|
||||
|
||||
/* At least one part must be present */
|
||||
if (!self->priv->num_parts) {
|
||||
--
|
||||
2.22.1
|
||||
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 26 08:28:33 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Drop SLE11 recipes from specfile, the build is disabled anyway.
|
||||
- Add 0001-libMirage-CSO-filter-validate-part-size.patch,
|
||||
0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
|
||||
[boo#1148087, CVE-2019-15540]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 1 13:34:01 UTC 2019 - Aaron Stern <ukbeast89@ptotonmail.com>
|
||||
|
||||
|
@ -27,22 +27,12 @@ Release: 0
|
||||
URL: http://cdemu.sf.net/about/libmirage/
|
||||
|
||||
#Git-Clone: git://git.code.sf.net/p/cdemu/code
|
||||
Source: http://downloads.sf.net/cdemu/%name-%version.tar.bz2
|
||||
Source: https://downloads.sf.net/cdemu/%name-%version.tar.bz2
|
||||
Patch1: 0001-libMirage-CSO-filter-validate-part-size.patch
|
||||
Patch2: 0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
|
||||
BuildRequires: cmake >= 2.8.5
|
||||
BuildRequires: intltool >= 0.21
|
||||
BuildRequires: pkg-config >= 0.16
|
||||
%if 0%{?sles_version} && 0%{?suse_version} == 1110
|
||||
# SLES 11 is still supported
|
||||
# Dependencies list in an old style
|
||||
BuildRequires: glib2-devel >= 2.28
|
||||
BuildRequires: gtk-doc >= 1.4
|
||||
BuildRequires: libbz2-devel >= 1.0.0
|
||||
BuildRequires: libsamplerate-devel >= 0.1.0
|
||||
BuildRequires: libsndfile-devel >= 1.0.0
|
||||
BuildRequires: shared-mime-info
|
||||
BuildRequires: xz-devel >= 5.0.0
|
||||
BuildRequires: zlib-devel >= 1.2.4
|
||||
%else
|
||||
BuildRequires: pkgconfig(bzip2) >= 1.0.0
|
||||
BuildRequires: pkgconfig(gio-2.0) >= 2.38
|
||||
BuildRequires: pkgconfig(glib-2.0) >= 2.38
|
||||
@ -55,9 +45,7 @@ BuildRequires: pkgconfig(samplerate) >= 0.1.0
|
||||
BuildRequires: pkgconfig(shared-mime-info)
|
||||
BuildRequires: pkgconfig(sndfile) >= 1.0.0
|
||||
BuildRequires: pkgconfig(zlib) >= 1.2.4
|
||||
%endif
|
||||
Recommends: %name-lang
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
A CD-ROM image access library part of the cdemu suite.
|
||||
@ -123,9 +111,7 @@ Summary: MIME type definitions and documentation for libmirage
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires(post): shared-mime-info
|
||||
Requires(postun): shared-mime-info
|
||||
%if 0%{?suse_version} >= 1130
|
||||
BuildArch: noarch
|
||||
%endif
|
||||
|
||||
%description data
|
||||
libmirage provides uniform access to the data stored in different
|
||||
@ -135,7 +121,7 @@ file.
|
||||
This package contains the MIME type definitions and documentation.
|
||||
|
||||
%package -n typelib-1_0-libmirage-%pname
|
||||
Summary: The libmirage CD-ROM image access library – introspection bindings
|
||||
Summary: Introspection bindings for the libmirage CD-ROM image access library
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n typelib-1_0-libmirage-%pname
|
||||
@ -146,7 +132,7 @@ file.
|
||||
This package provides the GObject Introspection bindings for libmirage.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p2
|
||||
|
||||
%build
|
||||
%cmake -DCMAKE_MODULE_LINKER_FLAGS=""
|
||||
@ -160,46 +146,30 @@ make %{?_smp_mflags}
|
||||
%postun -n %lname -p /sbin/ldconfig
|
||||
|
||||
%post data
|
||||
%if 0%{?sles_version} && 0%{?suse_version} == 1110
|
||||
/usr/bin/update-mime-database %{_datadir}/mime >/dev/null || :
|
||||
%else
|
||||
%mime_database_post
|
||||
%endif
|
||||
|
||||
%postun data
|
||||
%if 0%{?sles_version} && 0%{?suse_version} == 1110
|
||||
/usr/bin/update-mime-database %{_datadir}/mime >/dev/null || :
|
||||
%else
|
||||
%mime_database_postun
|
||||
%endif
|
||||
|
||||
%files -n %lname
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libmirage.so.11*
|
||||
|
||||
%files %pname
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libmirage-3*/
|
||||
|
||||
%files data
|
||||
%defattr(-,root,root)
|
||||
%_datadir/gtk-doc/
|
||||
%_datadir/mime/packages/*
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/libmirage-3*/
|
||||
%_libdir/libmirage.so
|
||||
%_libdir/pkgconfig/libmirage.pc
|
||||
%if 0%{?suse_version} > 1110
|
||||
%_datadir/gir-1.0
|
||||
|
||||
%files lang -f %name.lang
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n typelib-1_0-libmirage-%pname
|
||||
%defattr(-,root,root)
|
||||
%_libdir/girepository-1.0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user