pool/libcdio
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 580772 from multimedia:libs

Browse Source 
- Fix double free vulnerability (bsc#1082877, CVE-2017-18201,
  CVE-2017-18201.patch).

OBS-URL: https://build.opensuse.org/request/show/580772
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcdio?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2018-03-01 11:03:53 +00:00 committed by Git OBS Bridge
commit ef8e42a9eb
4 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2017-18201.patch Normal file
View File

@ -0,0 +1,24 @@
From f6f9c48fb40b8a1e8218799724b0b61a7161eb1d Mon Sep 17 00:00:00 2001
From: "R. Bernstein" <rocky@gnu.org>
Date: Fri, 22 Dec 2017 16:06:57 -0500
Subject: [PATCH] Fix double free courtesy of Chris Clayton
---
lib/driver/_cdio_generic.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c
index d40ac0d9..ae820d25 100644
--- a/lib/driver/_cdio_generic.c
+++ b/lib/driver/_cdio_generic.c
@@ -296,7 +296,6 @@ get_cdtext_generic (void *p_user_data)
if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) {
p_env->b_cdtext_error = true;
- cdtext_destroy (p_env->cdtext);
free(p_env->cdtext);
p_env->cdtext = NULL;
}
--
2.16.2

2
cdio-utils.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package cdio-utils # spec file for package cdio-utils
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed

6
libcdio.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Feb 27 17:09:35 CET 2018 - sbrabec@suse.com
- Fix double free vulnerability (bsc#1082877, CVE-2017-18201,
CVE-2017-18201.patch).
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Nov 4 20:38:28 UTC 2017 - schwab@linux-m68k.org Sat Nov 4 20:38:28 UTC 2017 - schwab@linux-m68k.org

5
libcdio.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libcdio # spec file for package libcdio
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -31,6 +31,8 @@ Source2: %{name}.keyring
Source3: baselibs.conf Source3: baselibs.conf
# PATCH-FIX-UPSTREAM 0001-Savannah-Bug-49907.patch https://savannah.gnu.org/bugs/index.php?49907 # PATCH-FIX-UPSTREAM 0001-Savannah-Bug-49907.patch https://savannah.gnu.org/bugs/index.php?49907
Patch0: 0001-Savannah-Bug-49907.patch Patch0: 0001-Savannah-Bug-49907.patch
# PATCH-FIX-SECURITY CVE-2017-18201.patch bsc1082877 CVE-2017-18201 sbrabec@suse.com -- Fix double free vulnerability.
Patch1: CVE-2017-18201.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: help2man BuildRequires: help2man
@ -110,6 +112,7 @@ applications that want to make use of the cdio libraries.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
%define buildir ${PWD} %define buildir ${PWD}