pool/libvorbis
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvorbis?expand=0&rev=4

Browse Source
This commit is contained in:
OBS User unknown 2007-07-26 23:58:11 +00:00 committed by Git OBS Bridge
parent 941e237aff
commit ae2f49d8c7
3 changed files with 62 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
libvorbis-maptype-check.diff Normal file
View File

@ -0,0 +1,41 @@
Index: lib/info.c
===================================================================
--- lib/info.c (revision 13159)
+++ lib/info.c (revision 13160)
@@ -139,7 +139,7 @@
memset(vc,0,sizeof(*vc));
}
-/* blocksize 0 is guaranteed to be short, 1 is guarantted to be long.
+/* blocksize 0 is guaranteed to be short, 1 is guaranteed to be long.
They may be equal, but short will never ge greater than long */
int vorbis_info_blocksize(vorbis_info *vi,int zo){
codec_setup_info *ci = vi->codec_setup;
@@ -162,14 +162,23 @@
if(ci->mode_param[i])_ogg_free(ci->mode_param[i]);
for(i=0;i<ci->maps;i++) /* unpack does the range checking */
- _mapping_P[ci->map_type[i]]->free_info(ci->map_param[i]);
+ if(ci->map_param[i]) /* this may be cleaning up an aborted
+ unpack, in which case the below type
+ cannot be trusted */
+ _mapping_P[ci->map_type[i]]->free_info(ci->map_param[i]);
for(i=0;i<ci->floors;i++) /* unpack does the range checking */
- _floor_P[ci->floor_type[i]]->free_info(ci->floor_param[i]);
+ if(ci->floor_param[i]) /* this may be cleaning up an aborted
+ unpack, in which case the below type
+ cannot be trusted */
+ _floor_P[ci->floor_type[i]]->free_info(ci->floor_param[i]);
for(i=0;i<ci->residues;i++) /* unpack does the range checking */
- _residue_P[ci->residue_type[i]]->free_info(ci->residue_param[i]);
-
+ if(ci->residue_param[i]) /* this may be cleaning up an aborted
+ unpack, in which case the below type
+ cannot be trusted */
+ _residue_P[ci->residue_type[i]]->free_info(ci->residue_param[i]);
+
for(i=0;i<ci->books;i++){
if(ci->book_param[i]){
/* knows if the book was not alloced */

6
libvorbis.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jul 9 10:48:33 CEST 2007 - tiwai@suse.de
- fix array boundary conditional flaw in mapping (#287124,
CVE-2007-3106)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 23 18:06:06 CEST 2007 - tiwai@suse.de Mon Apr 23 18:06:06 CEST 2007 - tiwai@suse.de

22
libvorbis.spec
View File

@ -14,9 +14,9 @@ Name: libvorbis
BuildRequires: libogg-devel pkgconfig BuildRequires: libogg-devel pkgconfig
Summary: The Vorbis General Audio Compression Codec Summary: The Vorbis General Audio Compression Codec
Version: 1.1.2 Version: 1.1.2
Release: 45 Release: 64
Group: System/Libraries Group: System/Libraries
License: BSD License and BSD-like License: BSD 3-Clause
URL: http://www.vorbis.com/ URL: http://www.vorbis.com/
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
Patch1: libvorbis-lib64.dif Patch1: libvorbis-lib64.dif
@ -24,12 +24,16 @@ Patch2: libvorbis-m4.dif
Patch5: libvorbis-%{version}-aotuv-b5.diff Patch5: libvorbis-%{version}-aotuv-b5.diff
Patch6: libvorbis-%{version}-warning-fixes.diff Patch6: libvorbis-%{version}-warning-fixes.diff
Patch7: libvorbis-cflags.diff Patch7: libvorbis-cflags.diff
Patch8: libvorbis-maptype-check.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
Ogg Vorbis is a fully open, nonproprietary, patent-and-royalty-free, Vorbis is a fully open, nonproprietary, patent-and-royalty-free, and
and general-purpose compressed audio format for audio and music at general-purpose compressed audio format for audio and music at fixed
fixed and variable bit rates from 16 to 128 kbps/channel. and variable bit rates from 16 to 128 kbps/channel.
The native bitstream format of Vorbis is libogg (Ogg). Alternatively,
libmatroska (matroska) can also be used.
@ -39,14 +43,14 @@ Authors:
Xiphophorus Company <team@xiph.org> Xiphophorus Company <team@xiph.org>
%package devel %package devel
Summary: Include Files and Libraries mandatory for Development. Summary: Include Files and Libraries mandatory for Ogg Vorbis Development
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: glibc-devel, libogg-devel Requires: glibc-devel, libogg-devel
Requires: %{name} = %{version} Requires: %{name} = %{version}
%description devel %description devel
This package contains all necessary include files and libraries needed This package contains all necessary include files and libraries needed
to develop applications that require these. to compile and develop applications that use libvorbis.
@ -61,6 +65,7 @@ Authors:
%patch5 %patch5
%patch6 %patch6
%patch7 %patch7
%patch8
if [ "%_lib" == "lib64" ]; then if [ "%_lib" == "lib64" ]; then
%patch1 %patch1
fi fi
@ -103,6 +108,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%changelog %changelog
* Mon Jul 09 2007 - tiwai@suse.de
- fix array boundary conditional flaw in mapping (#287124,
CVE-2007-3106)
* Mon Apr 23 2007 - tiwai@suse.de * Mon Apr 23 2007 - tiwai@suse.de
- use aoTuV beta5 patch: - use aoTuV beta5 patch:
* The action of noise normalization has been improved. * The action of noise normalization has been improved.