diff --git a/xine-lib-1.1.4-CVE-2007-1246.patch b/xine-lib-1.1.4-CVE-2007-1246.patch new file mode 100644 index 0000000..c7fec5d --- /dev/null +++ b/xine-lib-1.1.4-CVE-2007-1246.patch @@ -0,0 +1,40 @@ +--------------------- +PatchSet 8656 +Date: 2007/03/10 02:41:34 +Author: dgp85 +Branch: HEAD +Tag: (none) +Log: + * Security fixes: + - Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925] + Thanks to Kees Cook for reporting. + +Members: + ChangeLog:1.724->1.725 + src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9->1.10 + src/libw32dll/dmo/DMO_VideoDecoder.c:1.4->1.5 + +Index: xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c +diff -u xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.10 +--- xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 Wed Dec 24 16:55:36 2003 ++++ xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c Sat Mar 10 00:41:34 2007 +@@ -110,6 +110,7 @@ + + this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs); + memcpy(this->iv.m_bh, format, bihs); ++ this->iv.m_bh->biSize = bihs; + + this->iv.m_State = STOP; + //this->iv.m_pFrame = 0; +Index: xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c +diff -u xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.5 +--- xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 Wed Dec 24 16:55:36 2003 ++++ xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c Sat Mar 10 00:41:34 2007 +@@ -118,6 +118,7 @@ + + this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs); + memcpy(this->iv.m_bh, format, bihs); ++ this->iv.m_bh->biSize = bihs; + + this->iv.m_State = STOP; + //this->iv.m_pFrame = 0; diff --git a/xine-lib.spec b/xine-lib.spec index b902952..2397a7b 100644 --- a/xine-lib.spec +++ b/xine-lib.spec @@ -8,7 +8,7 @@ Summary: Xine library Name: xine-lib Version: 1.1.4 -Release: 1%{?dist} +Release: 3%{?dist} License: GPL Group: System Environment/Libraries URL: http://xinehq.de/ @@ -21,6 +21,7 @@ Source2: %{name}-mk-autotools-patch.sh # autotools patch created with source2 Patch0: %{name}-1.1.4-autotools.patch.bz2 Patch1: %{name}-1.1.4-optflags.patch +Patch2: %{name}-1.1.4-CVE-2007-1246.patch Patch3: %{name}-1.1.3-legacy-flac-init.patch Patch6: %{name}-1.1.1-deepbind-939.patch Patch7: %{name}-1.1.1-multilib-devel.patch @@ -101,6 +102,7 @@ This package contains extra plugins for xine-lib: touch -r configure.ac aclocal.m4 touch -r m4/optimizations.m4 m4/optimizations.m4.stamp %patch1 -p1 -b .optflags +%patch2 -p1 -b .CVE-2007-1246 touch -r m4/optimizations.m4.stamp m4/optimizations.m4 %patch3 -p0 -b .legacy-flac-init # Patch6 needed at least when compiling with external ffmpeg, #939. @@ -284,6 +286,12 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sat Mar 10 2007 Ville Skyttä - 1.1.4-3 +- Apply upstream fix for CVE-2007-1246. + +* Wed Feb 14 2007 Ville Skyttä - 1.1.4-2 +- Rebuild. + * Wed Jan 31 2007 Ville Skyttä - 1.1.4-1 - 1.1.4, with wavpack and system libmpcdec support.