rpm/libquicktime
SHA256
1
0
Fork 0
forked from pool/libquicktime
Code Pull Requests Activity

Accepting request 457113 from multimedia:libs

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/457113
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libquicktime?expand=0&rev=50
This commit is contained in:
Dominique Leuenberger 2017-02-18 23:57:53 +00:00 committed by Git OBS Bridge
commit a0b69debfd
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libquicktime-1.2.4-integer_overflow.patch Normal file
View File

@ -0,0 +1,13 @@
Index: libquicktime-1.2.4/src/util.c
===================================================================
--- libquicktime-1.2.4.orig/src/util.c
+++ libquicktime-1.2.4/src/util.c
@@ -340,7 +340,7 @@ int64_t quicktime_byte_position(quicktim
void quicktime_read_pascal(quicktime_t *file, char *data)
{
- char len = quicktime_read_char(file);
+ unsigned char len = quicktime_read_char(file);
quicktime_read_data(file, (uint8_t*)data, len);
data[(int)len] = 0;
}

9
libquicktime.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Feb 14 11:11:34 UTC 2017 - kstreitova@suse.com
- add libquicktime-1.2.4-integer_overflow.patch to fix integer
overflow in the quicktime_read_pascal function in libquicktime
1.2.4 and earlier that allows remote attackers to cause a denial
of service or possibly have other unspecified impact via a crafted
hdlr MP4 atom [bsc#1022805] CVE-2016-2399
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 25 12:44:39 UTC 2016 - olaf@aepfle.de Mon Jul 25 12:44:39 UTC 2016 - olaf@aepfle.de

5
libquicktime.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libquicktime # spec file for package libquicktime
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -37,6 +37,8 @@ Source1: COPYING
Source2: baselibs.conf Source2: baselibs.conf
Patch0: libquicktime-ffmpeg3.patch Patch0: libquicktime-ffmpeg3.patch
Patch1: libquicktime-faad2.patch Patch1: libquicktime-faad2.patch
# PATCH-FIX-UPSTREAM bsc#1022805 CVE-2016-2399 kstreitova@suse.com -- fix integer overflow in the quicktime_read_pascal function
Patch2: libquicktime-1.2.4-integer_overflow.patch
BuildRequires: alsa-devel BuildRequires: alsa-devel
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -108,6 +110,7 @@ Tools for reading/writing quicktime movie files.
%setup -q -n %{name} %setup -q -n %{name}
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
sed -i 's/-DGTK_DISABLE_DEPRECATED//g' configure.ac sed -i 's/-DGTK_DISABLE_DEPRECATED//g' configure.ac