From 1347d9ef6703bd4d31024c21189200e18a42195192d0004523dce65756938242 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 28 May 2010 16:14:01 +0000 Subject: [PATCH] Accepting request 40696 from multimedia:libs Copy from multimedia:libs/libvorbis based on submit request 40696 from user tiwai OBS-URL: https://build.opensuse.org/request/show/40696 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvorbis?expand=0&rev=19 --- libvorbis-r16326-CVE-2009-3379.diff | 15 +++++++++++++++ libvorbis-r16597-CVE-2009-3379.diff | 14 ++++++++++++++ libvorbis.changes | 6 ++++++ libvorbis.spec | 7 ++++++- 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 libvorbis-r16326-CVE-2009-3379.diff create mode 100644 libvorbis-r16597-CVE-2009-3379.diff diff --git a/libvorbis-r16326-CVE-2009-3379.diff b/libvorbis-r16326-CVE-2009-3379.diff new file mode 100644 index 0000000..553a281 --- /dev/null +++ b/libvorbis-r16326-CVE-2009-3379.diff @@ -0,0 +1,15 @@ +--- + lib/backends.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/backends.h ++++ b/lib/backends.h +@@ -111,7 +111,7 @@ + int partitions; /* possible codebooks for a partition */ + int groupbook; /* huffbook for partitioning */ + int secondstages[64]; /* expanded out to pointers in lookup */ +- int booklist[256]; /* list of second stage books */ ++ int booklist[512]; /* list of second stage books */ + + const float classmetric1[64]; + const float classmetric2[64]; diff --git a/libvorbis-r16597-CVE-2009-3379.diff b/libvorbis-r16597-CVE-2009-3379.diff new file mode 100644 index 0000000..9812403 --- /dev/null +++ b/libvorbis-r16597-CVE-2009-3379.diff @@ -0,0 +1,14 @@ +--- + lib/codebook.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/lib/codebook.c ++++ b/lib/codebook.c +@@ -198,6 +198,7 @@ + for(i=0;ientries;){ + long num=oggpack_read(opb,_ilog(s->entries-i)); + if(num==-1)goto _eofout; ++ if(length>32)goto _errout; + for(j=0;jentries;j++,i++) + s->lengthlist[i]=length; + length++; diff --git a/libvorbis.changes b/libvorbis.changes index f89bac5..4c135cc 100644 --- a/libvorbis.changes +++ b/libvorbis.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de + +- VUL-0: libvorbis: memory corruption while parsing ogg files + (bnc#608192, CVE-2009-3379) + ------------------------------------------------------------------- Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de diff --git a/libvorbis.spec b/libvorbis.spec index ca2c5cc..ccdbbb9 100644 --- a/libvorbis.spec +++ b/libvorbis.spec @@ -22,7 +22,7 @@ Name: libvorbis BuildRequires: libogg-devel pkgconfig Summary: The Vorbis General Audio Compression Codec Version: 1.2.3 -Release: 2 +Release: 3 Group: System/Libraries License: BSD3c(or similar) Url: http://www.vorbis.com/ @@ -40,6 +40,9 @@ Patch3: libvorbis-automake-fix.diff # Patch5: libvorbis-%{version}-aotuv-b5.7.diff Patch9: libvorbis-doc-fixes.diff Patch10: libvorbis-pkgconfig.patch +# bnc608192 +Patch11: libvorbis-r16326-CVE-2009-3379.diff +Patch12: libvorbis-r16597-CVE-2009-3379.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -106,6 +109,8 @@ Authors: # %patch5 -p1 %patch9 %patch10 +%patch11 -p1 +%patch12 -p1 if [ "%_lib" == "lib64" ]; then %patch1 fi