forked from pool/libmirage
Accepting request 726099 from filesystems
- Add 0001-libMirage-CSO-filter-validate-part-size.patch, 0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch [boo#1148087, CVE-2019-15540] OBS-URL: https://build.opensuse.org/request/show/726099 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libmirage?expand=0&rev=19
This commit is contained in:
commit
d41a99a070
38
0001-libMirage-CSO-filter-validate-part-size.patch
Normal file
38
0001-libMirage-CSO-filter-validate-part-size.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 0e9292c9aa34bf545f43f7efe5f0b94faba94962 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rok Mandeljc <rok.mandeljc@gmail.com>
|
||||||
|
Date: Sun, 25 Aug 2019 14:53:58 +0200
|
||||||
|
Subject: [PATCH 1/2] libMirage: CSO filter: validate part size
|
||||||
|
|
||||||
|
Part size must be always either smaller than the declared block
|
||||||
|
size (compressed block) or equal to it (raw block). If not, return
|
||||||
|
error - because we allocate our I/O buffer based on the block size.
|
||||||
|
|
||||||
|
Fixes SF bug #119, which is triggered by part size ending up being
|
||||||
|
larger than the block size. Thanks to Andrea Fioraldi for report
|
||||||
|
and thorough analysis of the issue.
|
||||||
|
---
|
||||||
|
libmirage/filters/filter-cso/filter-stream.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libmirage/filters/filter-cso/filter-stream.c b/libmirage/filters/filter-cso/filter-stream.c
|
||||||
|
index 5f2f5e25..d43aa54a 100644
|
||||||
|
--- a/libmirage/filters/filter-cso/filter-stream.c
|
||||||
|
+++ b/libmirage/filters/filter-cso/filter-stream.c
|
||||||
|
@@ -120,6 +120,14 @@ static gboolean mirage_filter_stream_cso_read_index (MirageFilterStreamCso *self
|
||||||
|
CSO_Part *prev_part = &self->priv->parts[i-1];
|
||||||
|
|
||||||
|
prev_part->comp_size = cur_part->offset - prev_part->offset;
|
||||||
|
+
|
||||||
|
+ /* Part size must be either smaller than header->block_size
|
||||||
|
+ (compressed block ) or equal to it (raw block) */
|
||||||
|
+ if (prev_part->comp_size > header->block_size) {
|
||||||
|
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: invalid part/index entry: part data length (%" G_GINT64_MODIFIER "d) exceeds declared block size (%d)!\n", __debug__, prev_part->comp_size, header->block_size);
|
||||||
|
+ g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_STREAM_ERROR, Q_("Invalid CSO file!"));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.22.1
|
||||||
|
|
@ -0,0 +1,37 @@
|
|||||||
|
From f6adcd08beffd9dac2c4a86852ba0bda06870f4f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rok Mandeljc <rok.mandeljc@gmail.com>
|
||||||
|
Date: Sun, 25 Aug 2019 15:11:23 +0200
|
||||||
|
Subject: [PATCH 2/2] libMirage: CSO filter: replaced a g_assert() with error
|
||||||
|
return
|
||||||
|
|
||||||
|
---
|
||||||
|
libmirage/filters/filter-cso/filter-stream.c | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libmirage/filters/filter-cso/filter-stream.c b/libmirage/filters/filter-cso/filter-stream.c
|
||||||
|
index d43aa54a..065dc40c 100644
|
||||||
|
--- a/libmirage/filters/filter-cso/filter-stream.c
|
||||||
|
+++ b/libmirage/filters/filter-cso/filter-stream.c
|
||||||
|
@@ -70,12 +70,17 @@ static gboolean mirage_filter_stream_cso_read_index (MirageFilterStreamCso *self
|
||||||
|
|
||||||
|
MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: reading part index\n", __debug__);
|
||||||
|
|
||||||
|
+ if (header->total_bytes % header->block_size) {
|
||||||
|
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: original stream size (%" G_GUINT64_FORMAT ") is not a multiple of block size (%d)!\n", __debug__, header->total_bytes, header->block_size);
|
||||||
|
+ g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_STREAM_ERROR, Q_("Invalid CSO file!"));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
self->priv->num_parts = header->total_bytes / header->block_size;
|
||||||
|
self->priv->num_indices = self->priv->num_parts + 1; /* Contains EOF offset */
|
||||||
|
- g_assert(header->total_bytes % header->block_size == 0);
|
||||||
|
|
||||||
|
MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: number of parts: %d\n", __debug__, self->priv->num_parts);
|
||||||
|
- MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: original stream size: %" G_GINT64_MODIFIER "d\n", __debug__, header->total_bytes);
|
||||||
|
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: original stream size: 0x%" G_GINT64_MODIFIER "X (%" G_GUINT64_FORMAT ")\n", __debug__, header->total_bytes, header->total_bytes);
|
||||||
|
|
||||||
|
/* At least one part must be present */
|
||||||
|
if (!self->priv->num_parts) {
|
||||||
|
--
|
||||||
|
2.22.1
|
||||||
|
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 26 08:28:33 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Drop SLE11 recipes from specfile, the build is disabled anyway.
|
||||||
|
- Add 0001-libMirage-CSO-filter-validate-part-size.patch,
|
||||||
|
0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
|
||||||
|
[boo#1148087, CVE-2019-15540]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 1 13:34:01 UTC 2019 - Aaron Stern <ukbeast89@ptotonmail.com>
|
Mon Jul 1 13:34:01 UTC 2019 - Aaron Stern <ukbeast89@ptotonmail.com>
|
||||||
|
|
||||||
|
@ -27,22 +27,12 @@ Release: 0
|
|||||||
URL: http://cdemu.sf.net/about/libmirage/
|
URL: http://cdemu.sf.net/about/libmirage/
|
||||||
|
|
||||||
#Git-Clone: git://git.code.sf.net/p/cdemu/code
|
#Git-Clone: git://git.code.sf.net/p/cdemu/code
|
||||||
Source: http://downloads.sf.net/cdemu/%name-%version.tar.bz2
|
Source: https://downloads.sf.net/cdemu/%name-%version.tar.bz2
|
||||||
|
Patch1: 0001-libMirage-CSO-filter-validate-part-size.patch
|
||||||
|
Patch2: 0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
|
||||||
BuildRequires: cmake >= 2.8.5
|
BuildRequires: cmake >= 2.8.5
|
||||||
BuildRequires: intltool >= 0.21
|
BuildRequires: intltool >= 0.21
|
||||||
BuildRequires: pkg-config >= 0.16
|
BuildRequires: pkg-config >= 0.16
|
||||||
%if 0%{?sles_version} && 0%{?suse_version} == 1110
|
|
||||||
# SLES 11 is still supported
|
|
||||||
# Dependencies list in an old style
|
|
||||||
BuildRequires: glib2-devel >= 2.28
|
|
||||||
BuildRequires: gtk-doc >= 1.4
|
|
||||||
BuildRequires: libbz2-devel >= 1.0.0
|
|
||||||
BuildRequires: libsamplerate-devel >= 0.1.0
|
|
||||||
BuildRequires: libsndfile-devel >= 1.0.0
|
|
||||||
BuildRequires: shared-mime-info
|
|
||||||
BuildRequires: xz-devel >= 5.0.0
|
|
||||||
BuildRequires: zlib-devel >= 1.2.4
|
|
||||||
%else
|
|
||||||
BuildRequires: pkgconfig(bzip2) >= 1.0.0
|
BuildRequires: pkgconfig(bzip2) >= 1.0.0
|
||||||
BuildRequires: pkgconfig(gio-2.0) >= 2.38
|
BuildRequires: pkgconfig(gio-2.0) >= 2.38
|
||||||
BuildRequires: pkgconfig(glib-2.0) >= 2.38
|
BuildRequires: pkgconfig(glib-2.0) >= 2.38
|
||||||
@ -55,9 +45,7 @@ BuildRequires: pkgconfig(samplerate) >= 0.1.0
|
|||||||
BuildRequires: pkgconfig(shared-mime-info)
|
BuildRequires: pkgconfig(shared-mime-info)
|
||||||
BuildRequires: pkgconfig(sndfile) >= 1.0.0
|
BuildRequires: pkgconfig(sndfile) >= 1.0.0
|
||||||
BuildRequires: pkgconfig(zlib) >= 1.2.4
|
BuildRequires: pkgconfig(zlib) >= 1.2.4
|
||||||
%endif
|
|
||||||
Recommends: %name-lang
|
Recommends: %name-lang
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
A CD-ROM image access library part of the cdemu suite.
|
A CD-ROM image access library part of the cdemu suite.
|
||||||
@ -123,9 +111,7 @@ Summary: MIME type definitions and documentation for libmirage
|
|||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Requires(post): shared-mime-info
|
Requires(post): shared-mime-info
|
||||||
Requires(postun): shared-mime-info
|
Requires(postun): shared-mime-info
|
||||||
%if 0%{?suse_version} >= 1130
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
%endif
|
|
||||||
|
|
||||||
%description data
|
%description data
|
||||||
libmirage provides uniform access to the data stored in different
|
libmirage provides uniform access to the data stored in different
|
||||||
@ -135,7 +121,7 @@ file.
|
|||||||
This package contains the MIME type definitions and documentation.
|
This package contains the MIME type definitions and documentation.
|
||||||
|
|
||||||
%package -n typelib-1_0-libmirage-%pname
|
%package -n typelib-1_0-libmirage-%pname
|
||||||
Summary: The libmirage CD-ROM image access library – introspection bindings
|
Summary: Introspection bindings for the libmirage CD-ROM image access library
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
|
|
||||||
%description -n typelib-1_0-libmirage-%pname
|
%description -n typelib-1_0-libmirage-%pname
|
||||||
@ -146,7 +132,7 @@ file.
|
|||||||
This package provides the GObject Introspection bindings for libmirage.
|
This package provides the GObject Introspection bindings for libmirage.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p2
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%cmake -DCMAKE_MODULE_LINKER_FLAGS=""
|
%cmake -DCMAKE_MODULE_LINKER_FLAGS=""
|
||||||
@ -160,46 +146,30 @@ make %{?_smp_mflags}
|
|||||||
%postun -n %lname -p /sbin/ldconfig
|
%postun -n %lname -p /sbin/ldconfig
|
||||||
|
|
||||||
%post data
|
%post data
|
||||||
%if 0%{?sles_version} && 0%{?suse_version} == 1110
|
|
||||||
/usr/bin/update-mime-database %{_datadir}/mime >/dev/null || :
|
|
||||||
%else
|
|
||||||
%mime_database_post
|
%mime_database_post
|
||||||
%endif
|
|
||||||
|
|
||||||
%postun data
|
%postun data
|
||||||
%if 0%{?sles_version} && 0%{?suse_version} == 1110
|
|
||||||
/usr/bin/update-mime-database %{_datadir}/mime >/dev/null || :
|
|
||||||
%else
|
|
||||||
%mime_database_postun
|
%mime_database_postun
|
||||||
%endif
|
|
||||||
|
|
||||||
%files -n %lname
|
%files -n %lname
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libmirage.so.11*
|
%_libdir/libmirage.so.11*
|
||||||
|
|
||||||
%files %pname
|
%files %pname
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/libmirage-3*/
|
%_libdir/libmirage-3*/
|
||||||
|
|
||||||
%files data
|
%files data
|
||||||
%defattr(-,root,root)
|
|
||||||
%_datadir/gtk-doc/
|
%_datadir/gtk-doc/
|
||||||
%_datadir/mime/packages/*
|
%_datadir/mime/packages/*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
|
||||||
%_includedir/libmirage-3*/
|
%_includedir/libmirage-3*/
|
||||||
%_libdir/libmirage.so
|
%_libdir/libmirage.so
|
||||||
%_libdir/pkgconfig/libmirage.pc
|
%_libdir/pkgconfig/libmirage.pc
|
||||||
%if 0%{?suse_version} > 1110
|
|
||||||
%_datadir/gir-1.0
|
%_datadir/gir-1.0
|
||||||
|
|
||||||
%files lang -f %name.lang
|
%files lang -f %name.lang
|
||||||
%defattr(-,root,root)
|
|
||||||
|
|
||||||
%files -n typelib-1_0-libmirage-%pname
|
%files -n typelib-1_0-libmirage-%pname
|
||||||
%defattr(-,root,root)
|
|
||||||
%_libdir/girepository-1.0
|
%_libdir/girepository-1.0
|
||||||
%endif
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
Loading…
Reference in New Issue
Block a user