rpms/libvorbis/F-11 r16182-CVE-2009-2663.patch, NONE, 1.1 libvorbis.spec, 1.34, 1.35
Jindrich Novy
jnovy at fedoraproject.org
Sun Aug 9 06:10:41 UTC 2009
- Previous message: rpms/libvorbis/F-10 r16182-CVE-2009-2663.patch, NONE, 1.1 libvorbis.spec, 1.32, 1.33
- Next message: rpms/glpk/devel .cvsignore, 1.16, 1.17 glpk.spec, 1.25, 1.26 sources, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/pkgs/rpms/libvorbis/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16659
Modified Files:
libvorbis.spec
Added Files:
r16182-CVE-2009-2663.patch
Log Message:
* Sun Aug 7 2009 Jindrich Novy <jnovy at redhat.com> 1.2.0-8
- fix CVE-2009-2663 (#516259)
r16182-CVE-2009-2663.patch:
floor1.c | 18 ++++++++++++++----
res0.c | 4 +++-
2 files changed, 17 insertions(+), 5 deletions(-)
--- NEW FILE r16182-CVE-2009-2663.patch ---
diff -up libvorbis-1.2.0/lib/floor1.c.r16182-CVE-2009-2663 libvorbis-1.2.0/lib/floor1.c
--- libvorbis-1.2.0/lib/floor1.c.r16182-CVE-2009-2663 2007-07-24 02:09:47.000000000 +0200
+++ libvorbis-1.2.0/lib/floor1.c 2009-08-08 21:11:18.000000000 +0200
@@ -138,6 +138,9 @@ static void floor1_pack (vorbis_info_flo
}
}
+static int icomp(const void *a,const void *b){
+ return(**(int **)a-**(int **)b);
+}
static vorbis_info_floor *floor1_unpack (vorbis_info *vi,oggpack_buffer *opb){
codec_setup_info *ci=vi->codec_setup;
@@ -182,6 +185,17 @@ static vorbis_info_floor *floor1_unpack
info->postlist[0]=0;
info->postlist[1]=1<<rangebits;
+ /* don't allow repeated values in post list as they'd result in
+ zero-length segments */
+ {
+ int *sortpointer[VIF_POSIT+2];
+ for(j=0;j<count+2;j++)sortpointer[j]=info->postlist+j;
+ qsort(sortpointer,count+2,sizeof(*sortpointer),icomp);
+
+ for(j=1;j<count+2;j++)
+ if(*sortpointer[j-1]==*sortpointer[j])goto err_out;
+ }
+
return(info);
err_out:
@@ -189,10 +203,6 @@ static vorbis_info_floor *floor1_unpack
return(NULL);
}
-static int icomp(const void *a,const void *b){
- return(**(int **)a-**(int **)b);
-}
-
static vorbis_look_floor *floor1_look(vorbis_dsp_state *vd,
vorbis_info_floor *in){
diff -up libvorbis-1.2.0/lib/res0.c.r16182-CVE-2009-2663 libvorbis-1.2.0/lib/res0.c
--- libvorbis-1.2.0/lib/res0.c.r16182-CVE-2009-2663 2009-08-08 21:07:23.000000000 +0200
+++ libvorbis-1.2.0/lib/res0.c 2009-08-08 21:07:23.000000000 +0200
@@ -220,8 +220,10 @@ vorbis_info_residue *res0_unpack(vorbis_
info->booklist[j]=oggpack_read(opb,8);
if(info->groupbook>=ci->books)goto errout;
- for(j=0;j<acc;j++)
+ for(j=0;j<acc;j++){
if(info->booklist[j]>=ci->books)goto errout;
+ if(ci->book_param[info->booklist[j]]->maptype==0)goto errout;
+ }
/* verify the phrasebook is not specifying an impossible or
inconsistent partitioning scheme. */
Index: libvorbis.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvorbis/F-11/libvorbis.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -p -r1.34 -r1.35
--- libvorbis.spec 25 Feb 2009 19:53:06 -0000 1.34
+++ libvorbis.spec 9 Aug 2009 06:10:40 -0000 1.35
@@ -1,7 +1,7 @@
Summary: The Vorbis General Audio Compression Codec.
Name: libvorbis
Version: 1.2.0
-Release: 7%{?dist}
+Release: 8%{?dist}
Epoch: 1
Group: System Environment/Libraries
License: BSD
@@ -13,6 +13,7 @@ Patch2: r14598-CVE-2008-1420.patch
Patch3: r14602-CVE-2008-1419.patch
Patch4: r14602-CVE-2008-1423.patch
Patch5: r14811.patch
+Patch6: r16182-CVE-2009-2663.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libogg-devel >= 2:1.1
@@ -44,6 +45,7 @@ needed to develop applications with Ogg
%patch3 -p0 -b .r14602-CVE-2008-1419
%patch4 -p0 -b .r14602-CVE-2008-1423
%patch5 -p0 -b .r14811
+%patch6 -p1 -b .r16182-CVE-2009-2663
perl -p -i -e "s/-O20/$RPM_OPT_FLAGS/" configure
perl -p -i -e "s/-ffast-math//" configure
# link to .pdf spec rather than ship redundant copy
@@ -91,6 +93,9 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig
%changelog
+* Sun Aug 7 2009 Jindrich Novy <jnovy at redhat.com> 1.2.0-8
+- fix CVE-2009-2663 (#516259)
+
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:1.2.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
- Previous message: rpms/libvorbis/F-10 r16182-CVE-2009-2663.patch, NONE, 1.1 libvorbis.spec, 1.32, 1.33
- Next message: rpms/glpk/devel .cvsignore, 1.16, 1.17 glpk.spec, 1.25, 1.26 sources, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list