0459bda34d
Fix a minor security issue. This fix is in version 1.0.2, however since we are in freeze, I cherrypicked this fix from upstream git. From commit https://git.xiph.org/?p=opus.git;a=commit;h=9345aaa5ca1c2fb7d62981b2a538e0ce20612c38 Fixes an out-of-bounds read issue with the padding handling code This was reported by Juri Aedla and is limited to reading memory up to about 60 kB beyond the compressed buffer. This can only be triggered by a compressed packet more than about 16 MB long, so it's not a problem for RTP. In theory, it *could* crash an Ogg decoder if the memory just after the incoming packet is out-of-range. OBS-URL: https://build.opensuse.org/request/show/148337 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/opus?expand=0&rev=5
27 lines
946 B
Plaintext
27 lines
946 B
Plaintext
-------------------------------------------------------------------
|
||
Sun Jan 13 20:13:46 UTC 2013 - zaitor@opensuse.org
|
||
|
||
- Add
|
||
opus-fix-out-of-bounds-read-issue-with-the-padding-handling.patch
|
||
Fixes an out-of-bounds read that could be triggered by a
|
||
malicious Opus packet causing an integer wrap-around in the
|
||
padding code.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 19 18:56:42 UTC 2012 - zaitor@opensuse.org
|
||
|
||
- Update to version 1.0.1:
|
||
+ First bugfix release of stable version.
|
||
+ Changes are mostly buildfixes.
|
||
+ Fully compliant with the Opus specification.
|
||
- Remove unneeded autoconf, automake, gcc glibc-devel and make.
|
||
- Remove manual deletion of docs, instead pass --disable-doc to
|
||
configure.
|
||
- Minor spec cleanup.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 31 14:31:47 CET 2012 - pascal.bleser@opensuse.org
|
||
|
||
- initial version (0.9.14)
|
||
|