Accepting request 106324 from home:tiwai:branches:multimedia:libs

- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
  (bnc#747912)

OBS-URL: https://build.opensuse.org/request/show/106324
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libvorbis?expand=0&rev=37

libvorbis-CVE-2012-0444.diff

@@ -0,0 +1,14 @@
+---
+ lib/floor1.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/lib/floor1.c
++++ b/lib/floor1.c
+@@ -167,6 +167,7 @@ static vorbis_info_floor *floor1_unpack
+ 
+   for(j=0,k=0;j<info->partitions;j++){
+     count+=info->class_dim[info->partitionclass[j]];
++    if(count>VIF_POSIT) goto err_out;
+     for(;k<count;k++){
+       int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
+       if(t<0 || t>=(1<<rangebits))

libvorbis.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb 21 14:32:38 CET 2012 - tiwai@suse.de
+
+- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
+  (bnc#747912)
+
 -------------------------------------------------------------------
 Sun Dec 25 11:09:50 UTC 2011 - idonmez@suse.com
 

libvorbis.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libvorbis
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -39,6 +39,7 @@ Patch2:         libvorbis-m4.dif
 Patch10:        libvorbis-pkgconfig.patch
 Patch11:        vorbis-fix-linking.patch
 Patch12:        vorbis-ocloexec.patch
+Patch20:        libvorbis-CVE-2012-0444.diff
 BuildRequires:  fdupes
 BuildRequires:  libogg-devel
 BuildRequires:  libtool
@@ -139,6 +140,7 @@ if [ "%{_lib}" == "lib64" ]; then
 fi
 %patch11
 %patch12
+%patch20 -p1
 
 %build
 # Fix optimization level