Accepting request 450587 from multimedia:libs

1

OBS-URL: https://build.opensuse.org/request/show/450587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/opus?expand=0&rev=14

opus-NLSF-not-negative.patch

@@ -0,0 +1,27 @@
+From 79e8f527b0344b0897a65be35e77f7885bd99409 Mon Sep 17 00:00:00 2001
+From: Felicia Lim <flim@google.com>
+Date: Thu, 28 Jul 2016 15:21:19 +0200
+Subject: [PATCH] Ensure that NLSF cannot be negative when computing a min
+ distance between them
+
+Signed-off-by: Jean-Marc Valin <jmvalin@jmvalin.ca>
+---
+ silk/NLSF_stabilize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/silk/NLSF_stabilize.c b/silk/NLSF_stabilize.c
+index 1fa1ea3..8f3426b 100644
+--- a/silk/NLSF_stabilize.c
++++ b/silk/NLSF_stabilize.c
+@@ -130,7 +130,7 @@ void silk_NLSF_stabilize(
+ 
+         /* Keep delta_min distance between the NLSFs */
+         for( i = 1; i < L; i++ )
+-            NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], NLSF_Q15[i-1] + NDeltaMin_Q15[i] );
++            NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], silk_ADD_SAT16( NLSF_Q15[i-1], NDeltaMin_Q15[i] ) );
+ 
+         /* Last NLSF should be no higher than 1 - NDeltaMin[L] */
+         NLSF_Q15[L-1] = silk_min_int( NLSF_Q15[L-1], (1<<15) - NDeltaMin_Q15[L] );
+-- 
+2.1.4
+

opus.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jan 16 20:56:54 UTC 2017 - zaitor@opensuse.org
+
+- Fix CVE-2017-0381 (boo#1020102), opus: remote code execution
+  vulnerability in silk/NLSF_stabilize.c.
+- Add opus-NLSF-not-negative.patch: Ensure that NLSF cannot be
+  negative when computing a min distance between them.
+
 -------------------------------------------------------------------
 Sat Aug 13 15:26:11 UTC 2016 - zaitor@opensuse.org
 

opus.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package opus
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2012 Pascal Bleser <pascal.bleser@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -27,6 +27,8 @@ Group:          System/Libraries
 Url:            http://opus-codec.org/
 Source:         http://downloads.xiph.org/releases/opus/%{name}-%{version}.tar.gz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM opus-NLSF-not-negative.patch CVE-2017-0381 boo#1020102 zaitor@opensuse.org -- Ensure that NLSF cannot be negative when computing a min distance between them.
+Patch0:         opus-NLSF-not-negative.patch
 BuildRequires:  pkg-config
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -66,6 +68,7 @@ technology from Skype's SILK codec and Xiph.Org's CELT codec.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure \