Accepting request 357850 from multimedia:libs

- Add vlc-CVE-2015-5949.patch: demux: mp4: correctly match release function (boo#965227, CVE-2015-5949). OBS-URL: https://build.opensuse.org/request/show/357850 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=50
2016-02-08 08:47:56 +00:00 · 2016-02-08 08:47:56 +00:00 · 5e2acc8ec0
commit 5e2acc8ec0
parent 3867a2a6ce aab27a0b8c
3 changed files with 39 additions and 0 deletions
--- a/vlc-CVE-2015-5949.patch
+++ b/vlc-CVE-2015-5949.patch
@ -0,0 +1,30 @@
+From ce91452460a75d7424b165c4dc8db98114c3cbd9 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcartegnie@free.fr>
+Date: Mon, 3 Aug 2015 15:17:32 +0200
+Subject: [PATCH 1/1] demux: mp4: correctly match release function
+
+Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
+---
+ modules/demux/mp4/libmp4.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
+index 331262b..f220e51 100644
+--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
+@@ -3643,6 +3643,11 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box )
+     {
+         for( i_index = 0; ; i_index++ )
+         {
+            if ( MP4_Box_Function[i_index].i_parent &&
+                 p_box->p_father &&
+                 p_box->p_father->i_type != MP4_Box_Function[i_index].i_parent )
+                continue;
+
+             if( ( MP4_Box_Function[i_index].i_type == p_box->i_type )||
+                 ( MP4_Box_Function[i_index].i_type == 0 ) )
+             {
+-- 
+1.7.10.4
+
+
--- a/vlc.changes
+++ b/vlc.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Feb  5 09:07:03 UTC 2016 - dimstar@opensuse.org
+
+- Add vlc-CVE-2015-5949.patch: demux: mp4: correctly match release
+  function (boo#965227, CVE-2015-5949).
+
 -------------------------------------------------------------------
 Mon Jan  4 08:50:53 UTC 2016 - ctrippe@opensuse.org

--- a/vlc.spec
+++ b/vlc.spec
@ -47,6 +47,8 @@ Patch1:         vlc-2.1.5-fix-skins2-default-skin-creation.patch
 Patch2:         vlc-qt5.5-mousepointer.patch
 Patch3:         0001-no-return-in-non-void.patch
 Patch4:         vlc-2.2.0-fix_deinterlace_mmx.patch
+# PATCH-FIX-UPSTREAM vlc-CVE-2015-5949.patch boo#965227 CVE-2015-5949 dimstar@opensuse.org -- demux: mp4: correctly match release function
+Patch5:         vlc-CVE-2015-5949.patch
 BuildRequires:  Mesa-devel
 BuildRequires:  SDL-devel >= 1.2.10
 BuildRequires:  aalib-devel
@ -313,6 +315,7 @@ date
 %patch4
 %endif
 %endif
+%patch5 -p1

 ### Fix up sources for LUA 5.3
 if pkg-config --atleast-version 5.3 lua; then