diff --git a/opus-1.1.3.tar.gz b/opus-1.1.3.tar.gz deleted file mode 100644 index 94b42d8..0000000 --- a/opus-1.1.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:58b6fe802e7e30182e95d0cde890c0ace40b6f125cffc50635f0ad2eef69b633 -size 978848 diff --git a/opus-1.1.4.tar.gz b/opus-1.1.4.tar.gz new file mode 100644 index 0000000..802bd2c --- /dev/null +++ b/opus-1.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9122b6b380081dd2665189f97bfd777f04f92dc3ab6698eea1dbb27ad59d8692 +size 978830 diff --git a/opus-NLSF-not-negative.patch b/opus-NLSF-not-negative.patch deleted file mode 100644 index 8fc3a28..0000000 --- a/opus-NLSF-not-negative.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 79e8f527b0344b0897a65be35e77f7885bd99409 Mon Sep 17 00:00:00 2001 -From: Felicia Lim -Date: Thu, 28 Jul 2016 15:21:19 +0200 -Subject: [PATCH] Ensure that NLSF cannot be negative when computing a min - distance between them - -Signed-off-by: Jean-Marc Valin ---- - silk/NLSF_stabilize.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/silk/NLSF_stabilize.c b/silk/NLSF_stabilize.c -index 1fa1ea3..8f3426b 100644 ---- a/silk/NLSF_stabilize.c -+++ b/silk/NLSF_stabilize.c -@@ -130,7 +130,7 @@ void silk_NLSF_stabilize( - - /* Keep delta_min distance between the NLSFs */ - for( i = 1; i < L; i++ ) -- NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], NLSF_Q15[i-1] + NDeltaMin_Q15[i] ); -+ NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], silk_ADD_SAT16( NLSF_Q15[i-1], NDeltaMin_Q15[i] ) ); - - /* Last NLSF should be no higher than 1 - NDeltaMin[L] */ - NLSF_Q15[L-1] = silk_min_int( NLSF_Q15[L-1], (1<<15) - NDeltaMin_Q15[L] ); --- -2.1.4 - diff --git a/opus.changes b/opus.changes index a00b36c..1ae6473 100644 --- a/opus.changes +++ b/opus.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Sun Feb 26 23:08:38 UTC 2017 - zaitor@opensuse.org + +- Update to version 1.1.4 (CVE-2017-0381): + + A specially-crafted Opus packet could cause an integer + wrap-around in the SILK LSF stabilization code. This would + cause an out-of-bounds read 256 bytes before a constant table. +- Drop opus-NLSF-not-negative.patch: Fixed upstream. + ------------------------------------------------------------------- Mon Jan 16 20:56:54 UTC 2017 - zaitor@opensuse.org diff --git a/opus.spec b/opus.spec index 4e1d806..a2acb58 100644 --- a/opus.spec +++ b/opus.spec @@ -19,7 +19,7 @@ %define soname 0 Name: opus -Version: 1.1.3 +Version: 1.1.4 Release: 0 Summary: Opus Audio Codec Library License: BSD-3-Clause @@ -27,8 +27,6 @@ Group: System/Libraries Url: http://opus-codec.org/ Source: http://downloads.xiph.org/releases/opus/%{name}-%{version}.tar.gz Source99: baselibs.conf -# PATCH-FIX-UPSTREAM opus-NLSF-not-negative.patch CVE-2017-0381 boo#1020102 zaitor@opensuse.org -- Ensure that NLSF cannot be negative when computing a min distance between them. -Patch0: opus-NLSF-not-negative.patch BuildRequires: pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -68,7 +66,6 @@ technology from Skype's SILK codec and Xiph.Org's CELT codec. %prep %setup -q -%patch0 -p1 %build %configure \