diff --git a/libquicktime-1.2.4-multiple_vulnerabilities.patch b/libquicktime-1.2.4-multiple_vulnerabilities.patch new file mode 100644 index 0000000..cdd673f --- /dev/null +++ b/libquicktime-1.2.4-multiple_vulnerabilities.patch @@ -0,0 +1,62 @@ +Index: libquicktime/src/atom.c +=================================================================== +--- libquicktime.orig/src/atom.c ++++ libquicktime/src/atom.c +@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime + atom->size = read_size64(header); + atom->end = atom->start + atom->size; + } ++/* Avoid broken files */ ++ if(atom->end > file->total_length) ++ result = 1; + } + + +Index: libquicktime/src/lqt_quicktime.c +=================================================================== +--- libquicktime.orig/src/lqt_quicktime.c ++++ libquicktime/src/lqt_quicktime.c +@@ -993,8 +993,8 @@ int quicktime_read_info(quicktime_t *fil + quicktime_set_position(file, start_position); + free(temp); + +- quicktime_read_moov(file, &file->moov, &leaf_atom); +- got_header = 1; ++ if(!quicktime_read_moov(file, &file->moov, &leaf_atom)) ++ got_header = 1; + } + else + if(((leaf_atom.type[0] | leaf_atom.type[1] | leaf_atom.type[2] | leaf_atom.type[3]) == 0) && +Index: libquicktime/src/moov.c +=================================================================== +--- libquicktime.orig/src/moov.c ++++ libquicktime/src/moov.c +@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil + if(quicktime_atom_is(&leaf_atom, "trak")) + { + quicktime_trak_t *trak = quicktime_add_trak(file); +- quicktime_read_trak(file, trak, &leaf_atom); ++ if(quicktime_read_trak(file, trak, &leaf_atom)) ++ return 1; + } + else + if(quicktime_atom_is(&leaf_atom, "udta")) +Index: libquicktime/src/trak.c +=================================================================== +--- libquicktime.orig/src/trak.c ++++ libquicktime/src/trak.c +@@ -272,6 +272,14 @@ int quicktime_read_trak(quicktime_t *fil + else quicktime_atom_skip(file, &leaf_atom); + } while(quicktime_position(file) < trak_atom->end); + ++ /* Do some sanity checks to prevent later crashes */ ++ if(trak->mdia.minf.is_video || trak->mdia.minf.is_video) ++ { ++ if(!trak->mdia.minf.stbl.stsc.table || ++ !trak->mdia.minf.stbl.stco.table) ++ return 1; ++ } ++ + #if 1 + if(trak->mdia.minf.is_video && + quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac")) diff --git a/libquicktime.changes b/libquicktime.changes index b932d49..c745005 100644 --- a/libquicktime.changes +++ b/libquicktime.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Jun 23 21:58:19 UTC 2017 - kstreitova@suse.com + +- add libquicktime-1.2.4-multiple_vulnerabilities.patch to fix the + following security issues: + * CVE-2017-9122 [bsc#1044077] + * CVE-2017-9123 [bsc#1044009] + * CVE-2017-9124 [bsc#1044008] + * CVE-2017-9125 [bsc#1044122] + * CVE-2017-9126 [bsc#1044006] + * CVE-2017-9127 [bsc#1044002] + * CVE-2017-9128 [bsc#1044000] + ------------------------------------------------------------------- Sat Feb 25 21:11:11 UTC 2017 - zaitor@opensuse.org diff --git a/libquicktime.spec b/libquicktime.spec index fb2be5b..7f8901f 100644 --- a/libquicktime.spec +++ b/libquicktime.spec @@ -39,6 +39,8 @@ Patch0: libquicktime-ffmpeg3.patch Patch1: libquicktime-faad2.patch # PATCH-FIX-UPSTREAM bsc#1022805 CVE-2016-2399 kstreitova@suse.com -- fix integer overflow in the quicktime_read_pascal function Patch2: libquicktime-1.2.4-integer_overflow.patch +# PATCH-FIX-UPSTREAM kstreitova@suse.com -- fix multiple vulnerabilities (from CVE-2017-9122 to CVE-2017-9128) +Patch3: libquicktime-1.2.4-multiple_vulnerabilities.patch BuildRequires: alsa-devel BuildRequires: autoconf BuildRequires: automake @@ -130,6 +132,7 @@ Tools for reading/writing quicktime movie files. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 sed -i 's/-DGTK_DISABLE_DEPRECATED//g' configure.ac