Accepting request 720864 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/720864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=98

vlc-CVE-2019-13602_1.patch

@@ -0,0 +1,35 @@
+From b2b157076d9e94df34502dd8df0787deb940e938 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net>
+Date: Thu, 27 Jun 2019 23:19:38 +0300
+Subject: [PATCH] mp4: fix integer underflow
+
+Reported-by: Hyeon-Ju Lee <zorurione@gmail.com>
+---
+ modules/demux/mp4/mp4.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c
+index 540aa836c2..77b46de1c3 100644
+--- a/modules/demux/mp4/mp4.c
++++ b/modules/demux/mp4/mp4.c
+@@ -510,11 +510,11 @@ static block_t * MP4_EIA608_Convert( block_t * p_block )
+     block_t *p_newblock;
+ 
+     /* always need at least 10 bytes (atom size+header+1pair)*/
+-    if ( i_remaining < 10 ||
+-         !(i_bytes = GetDWBE(p_block->p_buffer)) ||
+-         (i_bytes > i_remaining) ||
+-         memcmp("cdat", &p_block->p_buffer[4], 4) ||
+-         !(p_newblock = block_Alloc( i_remaining * 3 - 8 )) )
++    i_bytes = GetDWBE(p_block->p_buffer);
++
++    if (10 < i_bytes || i_bytes < i_remaining ||
++        memcmp("cdat", &p_block->p_buffer[4], 4) ||
++        (p_newblock = block_Alloc(i_remaining * 3 - 8)) == NULL)
+     {
+         p_block->i_buffer = 0;
+         return p_block;
+-- 
+2.11.0
+
+

vlc-CVE-2019-13602_2.patch

@@ -0,0 +1,33 @@
+From 8e8e0d72447f8378244f5b4a3dcde036dbeb1491 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net>
+Date: Thu, 27 Jun 2019 23:19:38 +0300
+Subject: [PATCH] mp4: fix integer underflow
+
+Reported-by: Hyeon-Ju Lee <zorurione@gmail.com>
+---
+ modules/demux/mp4/mp4.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c
+index 77b46de1c3..83f36db1a7 100644
+--- a/modules/demux/mp4/mp4.c
++++ b/modules/demux/mp4/mp4.c
+@@ -536,10 +536,10 @@ static block_t * MP4_EIA608_Convert( block_t * p_block )
+     } while( i_bytes >= 2 );
+ 
+     /* cdt2 is optional */
+-    if ( i_remaining >= 10 &&
+-         (i_bytes = GetDWBE(p_read)) &&
+-         (i_bytes <= i_remaining) &&
+-         !memcmp("cdt2", &p_read[4], 4) )
++    i_bytes = GetDWBE(p_read);
++
++    if (10 <= i_bytes && i_bytes <= i_remaining &&
++        !memcmp("cdt2", &p_read[4], 4))
+     {
+         p_read += 8;
+         i_bytes -= 8;
+-- 
+2.11.0
+
+

vlc-CVE-2019-13962.patch

@@ -0,0 +1,38 @@
+From 2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Mon, 20 May 2019 14:27:39 +0200
+Subject: [PATCH] codec: avcodec: fix broken check before copy (fix #22240)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+copy parameters are the picture ones
+
+regression by c988b8d58b01ef6d628e3051774a2032dd7f6b7d
+
+(cherry picked from commit 603ecaf0f3fdf3b0a83cd2c773e05ac347b2149a)
+Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
+---
+ modules/codec/avcodec/video.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
+index 097e7cb11a..c5899fd736 100644
+--- a/modules/codec/avcodec/video.c
++++ b/modules/codec/avcodec/video.c
+@@ -364,8 +364,9 @@ static int lavc_CopyPicture(decoder_t *dec, picture_t *pic, AVFrame *frame)
+                 sys->p_context->pix_fmt, (name != NULL) ? name : "unknown");
+         return VLC_EGENERIC;
+     } else if (fourcc != pic->format.i_chroma
+-     || frame->width > (int) pic->format.i_width
+-     || frame->height > (int) pic->format.i_height)
++     /* ensure we never read more than dst lines/pixels from src */
++     || frame->width != (int) pic->format.i_visible_width
++     || frame->height < (int) pic->format.i_visible_height)
+     {
+         msg_Warn(dec, "dropping frame because the vout changed");
+         return VLC_EGENERIC;
+-- 
+2.11.0
+
+

vlc.changes

@@ -1,7 +1,24 @@
+-------------------------------------------------------------------
+Sun Aug  4 01:44:44 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
+
+- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some
+  image loading libraries (libpng, libjpeg, ...) which are either wrapped
+  by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).
+
+-------------------------------------------------------------------
+Wed Jul 31 07:51:02 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Add vlc-CVE-2019-13602_1.patch and vlc-CVE-2019-13602_2.patch:
+  fix integer underflow in mp4 demuxer (CVE-2019-13602,
+  boo#1141522).
+- Add vlc-CVE-2019-13962.patch: codec: avcodec: fix broken check
+  before copy (CVE-2019-13962, boo#1142161).
+
 -------------------------------------------------------------------
 Fri Jun 14 17:14:13 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 
-- Update to version 3.0.7.1:
+- Update to version 3.0.7.1 (CVE-2019-5439, CVE-2019-5459,
+  CVE-2019-5460, CVE-2019-12874, boo#1138933, boo#1143549, boo#1138354, boo#1143547)
   + Access: Update libbluray to 1.1.2.
   + Video Output:
     * Fix hardware acceleration with some AMD drivers
@@ -109,7 +126,7 @@ Thu Jan  3 18:38:26 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
 -------------------------------------------------------------------
 Sat Dec 29 02:42:11 UTC 2018 - sean@suspend.net
 
-- Update to version 3.0.5:
+- Update to version 3.0.5 (CVE-2018-19857, boo#1118586):
   + Access:
     * Improve RTSP playback
     * BluRay fixes and improvements, notably for menus and seeking

vlc.spec

@@ -51,6 +51,12 @@ Patch1:         vlc-allow-deprecated-fribidi.patch
 Patch2:         vlc-lua-5.3.patch
 # PATCH-FIX-UPSTREAM fix-build-with-fdk-2.0.patch -- Fix building vlc with libfdk-aac v2
 Patch3:         fix-build-with-fdk-2.0.patch
+# PATCH-FIX-UPSTREAM vlc-CVE-2019-13962.patch -- Fix An Integer Underflow in MP4_EIA608_Convert()
+Patch4:         vlc-CVE-2019-13962.patch
+# PATCH-FIX-UPSTREAM vlc-CVE-2019-13602_1.patch -- mp4: fix integer underflow
+Patch5:         vlc-CVE-2019-13602_1.patch
+# PATCH-FIX-UPSTREAM vlc-CVE-2019-13602_2.patch -- mp4: fix integer underflow
+Patch6:         vlc-CVE-2019-13602_2.patch
 # PATCH-FEATURE-OPENSUSE vlc-projectM-qt5.patch -- Build against projectM-qt5; openSUSE provides projectM as -qt and -qt5 variant
 Patch100:       vlc-projectM-qt5.patch
 # PATCH-FIX-UPSTREAM 0001-Fix-leaking-AvahiServiceResolver-in-the-error-paths.patch -- Fix some memleaks
@@ -58,7 +64,6 @@ Patch101:       0001-Fix-leaking-AvahiServiceResolver-in-the-error-paths.patch
 # PATCH-FIX-UPSTREAM 0002-Add-Avahi-implementation-for-chromecast-renderer-dis.patch -- Use Avahi for discovery, microdns is not available
 Patch102:       0002-Add-Avahi-implementation-for-chromecast-renderer-dis.patch
 BuildRequires:  Mesa-devel
-BuildRequires:  SDL-devel >= 1.2.10
 BuildRequires:  aalib-devel
 BuildRequires:  alsa-devel >= 1.0.24
 BuildRequires:  avahi-devel >= 0.6
@@ -192,7 +197,6 @@ BuildRequires:  pkgconfig(Qt5X11Extras)
 BuildRequires:  pkgconfig(xi)
 %endif
 %if 0%{?is_opensuse}
-BuildRequires:  pkgconfig(SDL_image) >= 1.2.10
 BuildRequires:  pkgconfig(libupnp)
 BuildRequires:  pkgconfig(opencv) > 2.0
 %ifarch %{ix86} x86_64
@@ -380,6 +384,9 @@ default when `vlc` is invoked from an X session.
 %patch0 -p1
 %patch1 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
 %if 0%{?suse_version} > 1320 && 0%{?suse_version} < 1550
 %patch100 -p1
 %endif
@@ -589,9 +596,6 @@ done
 %{_libdir}/vlc/plugins/audio_output/libpulse_plugin.so
 %{_libdir}/vlc/plugins/codec/libavcodec_plugin.so
 %{_libdir}/vlc/plugins/codec/liblibass_plugin.so
-%if 0%{?is_opensuse}
-%{_libdir}/vlc/plugins/codec/libsdl_image_plugin.so
-%endif
 %{_libdir}/vlc/plugins/control/libxcb_hotkeys_plugin.so
 %{_libdir}/vlc/plugins/demux/libavformat_plugin.so
 %{_libdir}/vlc/plugins/gui/libskins2_plugin.so