SHA256
1
0
forked from pool/libmirage

Accepting request 726099 from filesystems

- Add 0001-libMirage-CSO-filter-validate-part-size.patch,
  0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
  [boo#1148087, CVE-2019-15540]

OBS-URL: https://build.opensuse.org/request/show/726099
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libmirage?expand=0&rev=19
This commit is contained in:
Dominique Leuenberger 2019-08-27 08:24:56 +00:00 committed by Git OBS Bridge
commit d41a99a070
4 changed files with 88 additions and 35 deletions

View File

@ -0,0 +1,38 @@
From 0e9292c9aa34bf545f43f7efe5f0b94faba94962 Mon Sep 17 00:00:00 2001
From: Rok Mandeljc <rok.mandeljc@gmail.com>
Date: Sun, 25 Aug 2019 14:53:58 +0200
Subject: [PATCH 1/2] libMirage: CSO filter: validate part size
Part size must be always either smaller than the declared block
size (compressed block) or equal to it (raw block). If not, return
error - because we allocate our I/O buffer based on the block size.
Fixes SF bug #119, which is triggered by part size ending up being
larger than the block size. Thanks to Andrea Fioraldi for report
and thorough analysis of the issue.
---
libmirage/filters/filter-cso/filter-stream.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libmirage/filters/filter-cso/filter-stream.c b/libmirage/filters/filter-cso/filter-stream.c
index 5f2f5e25..d43aa54a 100644
--- a/libmirage/filters/filter-cso/filter-stream.c
+++ b/libmirage/filters/filter-cso/filter-stream.c
@@ -120,6 +120,14 @@ static gboolean mirage_filter_stream_cso_read_index (MirageFilterStreamCso *self
CSO_Part *prev_part = &self->priv->parts[i-1];
prev_part->comp_size = cur_part->offset - prev_part->offset;
+
+ /* Part size must be either smaller than header->block_size
+ (compressed block ) or equal to it (raw block) */
+ if (prev_part->comp_size > header->block_size) {
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: invalid part/index entry: part data length (%" G_GINT64_MODIFIER "d) exceeds declared block size (%d)!\n", __debug__, prev_part->comp_size, header->block_size);
+ g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_STREAM_ERROR, Q_("Invalid CSO file!"));
+ return FALSE;
+ }
}
}
--
2.22.1

View File

@ -0,0 +1,37 @@
From f6adcd08beffd9dac2c4a86852ba0bda06870f4f Mon Sep 17 00:00:00 2001
From: Rok Mandeljc <rok.mandeljc@gmail.com>
Date: Sun, 25 Aug 2019 15:11:23 +0200
Subject: [PATCH 2/2] libMirage: CSO filter: replaced a g_assert() with error
return
---
libmirage/filters/filter-cso/filter-stream.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libmirage/filters/filter-cso/filter-stream.c b/libmirage/filters/filter-cso/filter-stream.c
index d43aa54a..065dc40c 100644
--- a/libmirage/filters/filter-cso/filter-stream.c
+++ b/libmirage/filters/filter-cso/filter-stream.c
@@ -70,12 +70,17 @@ static gboolean mirage_filter_stream_cso_read_index (MirageFilterStreamCso *self
MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: reading part index\n", __debug__);
+ if (header->total_bytes % header->block_size) {
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: original stream size (%" G_GUINT64_FORMAT ") is not a multiple of block size (%d)!\n", __debug__, header->total_bytes, header->block_size);
+ g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_STREAM_ERROR, Q_("Invalid CSO file!"));
+ return FALSE;
+ }
+
self->priv->num_parts = header->total_bytes / header->block_size;
self->priv->num_indices = self->priv->num_parts + 1; /* Contains EOF offset */
- g_assert(header->total_bytes % header->block_size == 0);
MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: number of parts: %d\n", __debug__, self->priv->num_parts);
- MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: original stream size: %" G_GINT64_MODIFIER "d\n", __debug__, header->total_bytes);
+ MIRAGE_DEBUG(self, MIRAGE_DEBUG_PARSER, "%s: original stream size: 0x%" G_GINT64_MODIFIER "X (%" G_GUINT64_FORMAT ")\n", __debug__, header->total_bytes, header->total_bytes);
/* At least one part must be present */
if (!self->priv->num_parts) {
--
2.22.1

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Aug 26 08:28:33 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Drop SLE11 recipes from specfile, the build is disabled anyway.
- Add 0001-libMirage-CSO-filter-validate-part-size.patch,
0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
[boo#1148087, CVE-2019-15540]
-------------------------------------------------------------------
Mon Jul 1 13:34:01 UTC 2019 - Aaron Stern <ukbeast89@ptotonmail.com>

View File

@ -27,22 +27,12 @@ Release: 0
URL: http://cdemu.sf.net/about/libmirage/
#Git-Clone: git://git.code.sf.net/p/cdemu/code
Source: http://downloads.sf.net/cdemu/%name-%version.tar.bz2
Source: https://downloads.sf.net/cdemu/%name-%version.tar.bz2
Patch1: 0001-libMirage-CSO-filter-validate-part-size.patch
Patch2: 0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
BuildRequires: cmake >= 2.8.5
BuildRequires: intltool >= 0.21
BuildRequires: pkg-config >= 0.16
%if 0%{?sles_version} && 0%{?suse_version} == 1110
# SLES 11 is still supported
# Dependencies list in an old style
BuildRequires: glib2-devel >= 2.28
BuildRequires: gtk-doc >= 1.4
BuildRequires: libbz2-devel >= 1.0.0
BuildRequires: libsamplerate-devel >= 0.1.0
BuildRequires: libsndfile-devel >= 1.0.0
BuildRequires: shared-mime-info
BuildRequires: xz-devel >= 5.0.0
BuildRequires: zlib-devel >= 1.2.4
%else
BuildRequires: pkgconfig(bzip2) >= 1.0.0
BuildRequires: pkgconfig(gio-2.0) >= 2.38
BuildRequires: pkgconfig(glib-2.0) >= 2.38
@ -55,9 +45,7 @@ BuildRequires: pkgconfig(samplerate) >= 0.1.0
BuildRequires: pkgconfig(shared-mime-info)
BuildRequires: pkgconfig(sndfile) >= 1.0.0
BuildRequires: pkgconfig(zlib) >= 1.2.4
%endif
Recommends: %name-lang
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
A CD-ROM image access library part of the cdemu suite.
@ -123,9 +111,7 @@ Summary: MIME type definitions and documentation for libmirage
Group: Development/Libraries/C and C++
Requires(post): shared-mime-info
Requires(postun): shared-mime-info
%if 0%{?suse_version} >= 1130
BuildArch: noarch
%endif
%description data
libmirage provides uniform access to the data stored in different
@ -135,7 +121,7 @@ file.
This package contains the MIME type definitions and documentation.
%package -n typelib-1_0-libmirage-%pname
Summary: The libmirage CD-ROM image access library introspection bindings
Summary: Introspection bindings for the libmirage CD-ROM image access library
Group: System/Libraries
%description -n typelib-1_0-libmirage-%pname
@ -146,7 +132,7 @@ file.
This package provides the GObject Introspection bindings for libmirage.
%prep
%setup -q
%autosetup -p2
%build
%cmake -DCMAKE_MODULE_LINKER_FLAGS=""
@ -160,46 +146,30 @@ make %{?_smp_mflags}
%postun -n %lname -p /sbin/ldconfig
%post data
%if 0%{?sles_version} && 0%{?suse_version} == 1110
/usr/bin/update-mime-database %{_datadir}/mime >/dev/null || :
%else
%mime_database_post
%endif
%postun data
%if 0%{?sles_version} && 0%{?suse_version} == 1110
/usr/bin/update-mime-database %{_datadir}/mime >/dev/null || :
%else
%mime_database_postun
%endif
%files -n %lname
%defattr(-,root,root)
%_libdir/libmirage.so.11*
%files %pname
%defattr(-,root,root)
%_libdir/libmirage-3*/
%files data
%defattr(-,root,root)
%_datadir/gtk-doc/
%_datadir/mime/packages/*
%files devel
%defattr(-,root,root)
%_includedir/libmirage-3*/
%_libdir/libmirage.so
%_libdir/pkgconfig/libmirage.pc
%if 0%{?suse_version} > 1110
%_datadir/gir-1.0
%files lang -f %name.lang
%defattr(-,root,root)
%files -n typelib-1_0-libmirage-%pname
%defattr(-,root,root)
%_libdir/girepository-1.0
%endif
%changelog