Accepting request 40696 from multimedia:libs
Copy from multimedia:libs/libvorbis based on submit request 40696 from user tiwai OBS-URL: https://build.opensuse.org/request/show/40696 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvorbis?expand=0&rev=19
This commit is contained in:
OBS User autobuild
Git OBS Bridge
parent
6ed183c76c
commit
1347d9ef67
15
libvorbis-r16326-CVE-2009-3379.diff
Normal file
15
libvorbis-r16326-CVE-2009-3379.diff
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
lib/backends.h | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/lib/backends.h
|
||||||
|
+++ b/lib/backends.h
|
||||||
|
@@ -111,7 +111,7 @@
|
||||||
|
int partitions; /* possible codebooks for a partition */
|
||||||
|
int groupbook; /* huffbook for partitioning */
|
||||||
|
int secondstages[64]; /* expanded out to pointers in lookup */
|
||||||
|
- int booklist[256]; /* list of second stage books */
|
||||||
|
+ int booklist[512]; /* list of second stage books */
|
||||||
|
|
||||||
|
const float classmetric1[64];
|
||||||
|
const float classmetric2[64];
|
||||||
14
libvorbis-r16597-CVE-2009-3379.diff
Normal file
14
libvorbis-r16597-CVE-2009-3379.diff
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
lib/codebook.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
--- a/lib/codebook.c
|
||||||
|
+++ b/lib/codebook.c
|
||||||
|
@@ -198,6 +198,7 @@
|
||||||
|
for(i=0;i<s->entries;){
|
||||||
|
long num=oggpack_read(opb,_ilog(s->entries-i));
|
||||||
|
if(num==-1)goto _eofout;
|
||||||
|
+ if(length>32)goto _errout;
|
||||||
|
for(j=0;j<num && i<s->entries;j++,i++)
|
||||||
|
s->lengthlist[i]=length;
|
||||||
|
length++;
|
||||||
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de
|
||||||
|
|
||||||
|
- VUL-0: libvorbis: memory corruption while parsing ogg files
|
||||||
|
(bnc#608192, CVE-2009-3379)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de
|
Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@ Name: libvorbis
|
|||||||
BuildRequires: libogg-devel pkgconfig
|
BuildRequires: libogg-devel pkgconfig
|
||||||
Summary: The Vorbis General Audio Compression Codec
|
Summary: The Vorbis General Audio Compression Codec
|
||||||
Version: 1.2.3
|
Version: 1.2.3
|
||||||
Release: 2
|
Release: 3
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
License: BSD3c(or similar)
|
License: BSD3c(or similar)
|
||||||
Url: http://www.vorbis.com/
|
Url: http://www.vorbis.com/
|
||||||
@ -40,6 +40,9 @@ Patch3: libvorbis-automake-fix.diff
|
|||||||
# Patch5: libvorbis-%{version}-aotuv-b5.7.diff
|
# Patch5: libvorbis-%{version}-aotuv-b5.7.diff
|
||||||
Patch9: libvorbis-doc-fixes.diff
|
Patch9: libvorbis-doc-fixes.diff
|
||||||
Patch10: libvorbis-pkgconfig.patch
|
Patch10: libvorbis-pkgconfig.patch
|
||||||
|
# bnc608192
|
||||||
|
Patch11: libvorbis-r16326-CVE-2009-3379.diff
|
||||||
|
Patch12: libvorbis-r16597-CVE-2009-3379.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -106,6 +109,8 @@ Authors:
|
|||||||
# %patch5 -p1
|
# %patch5 -p1
|
||||||
%patch9
|
%patch9
|
||||||
%patch10
|
%patch10
|
||||||
|
%patch11 -p1
|
||||||
|
%patch12 -p1
|
||||||
if [ "%_lib" == "lib64" ]; then
|
if [ "%_lib" == "lib64" ]; then
|
||||||
%patch1
|
%patch1
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user