rpms/amarok/F-9 amarok-1.4.10-aa_security.patch, NONE, 1.1 amarok.spec, 1.113, 1.114
Rex Dieter
rdieter at fedoraproject.org
Mon Jan 12 14:53:04 UTC 2009
Author: rdieter
Update of /cvs/pkgs/rpms/amarok/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6845
Modified Files:
amarok.spec
Added Files:
amarok-1.4.10-aa_security.patch
Log Message:
* Mon Jan 12 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.4.10-2
- backport security patch
amarok-1.4.10-aa_security.patch:
--- NEW FILE amarok-1.4.10-aa_security.patch ---
--- branches/stable/extragear/multimedia/amarok/src/metadata/audible/audibletag.cpp 2007/06/13 18:53:16 675130
+++ branches/stable/extragear/multimedia/amarok/src/metadata/audible/audibletag.cpp 2009/01/09 17:38:50 908415
@@ -71,7 +71,8 @@
{
char buf[1023];
fseek(fp, OFF_PRODUCT_ID, SEEK_SET);
- fread(buf, strlen("product_id"), 1, fp);
+ if (fread(buf, strlen("product_id"), 1, fp) != 1)
+ return;
if(memcmp(buf, "product_id", strlen("product_id")))
{
buf[20]='\0';
@@ -130,24 +131,65 @@
bool Audible::Tag::readTag( FILE *fp, char **name, char **value)
{
+ // arbitrary value that has to be smaller than 2^32-1 and that should be large enough for all tags
+ const uint32_t maxtaglen = 100000;
+
uint32_t nlen;
- fread(&nlen, sizeof(nlen), 1, fp);
+ if (fread(&nlen, sizeof(nlen), 1, fp) != 1)
+ return false;
nlen = ntohl(nlen);
//fprintf(stderr, "tagname len=%x\n", (unsigned)nlen);
- *name = new char[nlen+1];
- (*name)[nlen] = '\0';
+ if (nlen > maxtaglen)
+ return false;
uint32_t vlen;
- fread(&vlen, sizeof(vlen), 1, fp);
+ if (fread(&vlen, sizeof(vlen), 1, fp) != 1)
+ return false;
vlen = ntohl(vlen);
//fprintf(stderr, "tag len=%x\n", (unsigned)vlen);
+ if (vlen > maxtaglen)
+ return false;
+
+ *name = new char[nlen+1];
+ if (!*name)
+ return false;
+
*value = new char[vlen+1];
+ if (!*value)
+ {
+ delete[] *name;
+ *name = 0;
+ return false;
+ }
+
+ (*name)[nlen] = '\0';
(*value)[vlen] = '\0';
- fread(*name, nlen, 1, fp);
- fread(*value, vlen, 1, fp);
+ if (fread(*name, nlen, 1, fp) != 1)
+ {
+ delete[] *name;
+ *name = 0;
+ delete[] *value;
+ *value = 0;
+ return false;
+ }
+ if (fread(*value, vlen, 1, fp) != 1)
+ {
+ delete[] *name;
+ *name = 0;
+ delete[] *value;
+ *value = 0;
+ return false;
+ }
char lasttag;
- fread(&lasttag, 1, 1, fp);
+ if (fread(&lasttag, 1, 1, fp) != 1)
+ {
+ delete[] *name;
+ *name = 0;
+ delete[] *value;
+ *value = 0;
+ return false;
+ }
//fprintf(stderr, "%s: \"%s\"\n", *name, *value);
m_tagsEndOffset += 2 * 4 + nlen + vlen + 1;
Index: amarok.spec
===================================================================
RCS file: /cvs/pkgs/rpms/amarok/F-9/amarok.spec,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- amarok.spec 14 Aug 2008 02:07:31 -0000 1.113
+++ amarok.spec 12 Jan 2009 14:52:33 -0000 1.114
@@ -31,7 +31,7 @@
Name: amarok
Summary: Media player
Version: 1.4.10
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Applications/Multimedia
License: GPLv2+
@@ -43,6 +43,10 @@
# Use xdg-open to start the selected browser
Patch2: amarok-1.4.7-xdg.patch
+## upstream patches
+# security backport: http://websvn.kde.org/?view=rev&revision=908415
+Patch100: amarok-1.4.10-aa_security.patch
+
BuildRequires: alsa-lib-devel
BuildRequires: desktop-file-utils
BuildRequires: esound-devel
@@ -143,6 +147,7 @@
%patch1 -p1 -b .gcc43
%patch2 -p1 -b .xdg
+%patch100 -p4 -b .aa_security
%build
@@ -304,6 +309,9 @@
%changelog
+* Mon Jan 12 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.4.10-2
+- backport security patch
+
* Wed Aug 13 2008 Rex Dieter <rdieter at fedoraproject.org> - 1.4.10-1
- amarok-1.4.10
More information about the scm-commits
mailing list