Accepting request 40696 from multimedia:libs

checked in (request 40696) OBS-URL: https://build.opensuse.org/request/show/40696 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libvorbis?expand=0&rev=13
2010-05-28 16:14:00 +00:00 · 2010-05-28 16:14:00 +00:00 · 7f12fb2715
commit 7f12fb2715
parent 8c5daa5e36
4 changed files with 0 additions and 40 deletions
--- a/libvorbis-r16326-CVE-2009-3379.diff
+++ b/libvorbis-r16326-CVE-2009-3379.diff
@ -1,15 +0,0 @@
---
- lib/backends.h |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/lib/backends.h
-+++ b/lib/backends.h
-@@ -111,7 +111,7 @@
-   int    partitions;       /* possible codebooks for a partition */
-   int    groupbook;        /* huffbook for partitioning */
-   int    secondstages[64]; /* expanded out to pointers in lookup */
-  int    booklist[256];    /* list of second stage books */
-+  int    booklist[512];    /* list of second stage books */
- 
-   const float classmetric1[64];
-   const float classmetric2[64];
--- a/libvorbis-r16597-CVE-2009-3379.diff
+++ b/libvorbis-r16597-CVE-2009-3379.diff
@ -1,14 +0,0 @@
---
- lib/codebook.c |    1 +
- 1 file changed, 1 insertion(+)
-
--- a/lib/codebook.c
-+++ b/lib/codebook.c
-@@ -198,6 +198,7 @@
-       for(i=0;i<s->entries;){
-         long num=oggpack_read(opb,_ilog(s->entries-i));
-         if(num==-1)goto _eofout;
-+        if(length>32)goto _errout;
-         for(j=0;j<num && i<s->entries;j++,i++)
-           s->lengthlist[i]=length;
-         length++;
--- a/libvorbis.changes
+++ b/libvorbis.changes
@ -1,9 +1,3 @@
-------------------------------------------------------------------
-Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de
-
- VUL-0: libvorbis: memory corruption while parsing ogg files
-  (bnc#608192, CVE-2009-3379)
-
 -------------------------------------------------------------------
 Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de

--- a/libvorbis.spec
+++ b/libvorbis.spec
@ -40,9 +40,6 @@ Patch3:         libvorbis-automake-fix.diff
 # Patch5:         libvorbis-%{version}-aotuv-b5.7.diff
 Patch9:         libvorbis-doc-fixes.diff
 Patch10:        libvorbis-pkgconfig.patch
-# bnc608192
-Patch11:        libvorbis-r16326-CVE-2009-3379.diff
-Patch12:        libvorbis-r16597-CVE-2009-3379.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -109,8 +106,6 @@ Authors:
 # %patch5 -p1
 %patch9
 %patch10
-%patch11 -p1
-%patch12 -p1
 if [ "%_lib" == "lib64" ]; then
 %patch1
 fi