* Sat Mar 10 2007 Ville Skyttä <ville.skytta at iki.fi> - 1.1.4-3
- Apply upstream fix for CVE-2007-1246.
This commit is contained in:
parent
8c12c1927d
commit
c001b55cac
40
xine-lib-1.1.4-CVE-2007-1246.patch
Normal file
40
xine-lib-1.1.4-CVE-2007-1246.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---------------------
|
||||||
|
PatchSet 8656
|
||||||
|
Date: 2007/03/10 02:41:34
|
||||||
|
Author: dgp85
|
||||||
|
Branch: HEAD
|
||||||
|
Tag: (none)
|
||||||
|
Log:
|
||||||
|
* Security fixes:
|
||||||
|
- Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925]
|
||||||
|
Thanks to Kees Cook for reporting.
|
||||||
|
|
||||||
|
Members:
|
||||||
|
ChangeLog:1.724->1.725
|
||||||
|
src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9->1.10
|
||||||
|
src/libw32dll/dmo/DMO_VideoDecoder.c:1.4->1.5
|
||||||
|
|
||||||
|
Index: xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c
|
||||||
|
diff -u xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.10
|
||||||
|
--- xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 Wed Dec 24 16:55:36 2003
|
||||||
|
+++ xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c Sat Mar 10 00:41:34 2007
|
||||||
|
@@ -110,6 +110,7 @@
|
||||||
|
|
||||||
|
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
|
||||||
|
memcpy(this->iv.m_bh, format, bihs);
|
||||||
|
+ this->iv.m_bh->biSize = bihs;
|
||||||
|
|
||||||
|
this->iv.m_State = STOP;
|
||||||
|
//this->iv.m_pFrame = 0;
|
||||||
|
Index: xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c
|
||||||
|
diff -u xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.5
|
||||||
|
--- xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 Wed Dec 24 16:55:36 2003
|
||||||
|
+++ xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c Sat Mar 10 00:41:34 2007
|
||||||
|
@@ -118,6 +118,7 @@
|
||||||
|
|
||||||
|
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
|
||||||
|
memcpy(this->iv.m_bh, format, bihs);
|
||||||
|
+ this->iv.m_bh->biSize = bihs;
|
||||||
|
|
||||||
|
this->iv.m_State = STOP;
|
||||||
|
//this->iv.m_pFrame = 0;
|
@ -8,7 +8,7 @@
|
|||||||
Summary: Xine library
|
Summary: Xine library
|
||||||
Name: xine-lib
|
Name: xine-lib
|
||||||
Version: 1.1.4
|
Version: 1.1.4
|
||||||
Release: 1%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://xinehq.de/
|
URL: http://xinehq.de/
|
||||||
@ -21,6 +21,7 @@ Source2: %{name}-mk-autotools-patch.sh
|
|||||||
# autotools patch created with source2
|
# autotools patch created with source2
|
||||||
Patch0: %{name}-1.1.4-autotools.patch.bz2
|
Patch0: %{name}-1.1.4-autotools.patch.bz2
|
||||||
Patch1: %{name}-1.1.4-optflags.patch
|
Patch1: %{name}-1.1.4-optflags.patch
|
||||||
|
Patch2: %{name}-1.1.4-CVE-2007-1246.patch
|
||||||
Patch3: %{name}-1.1.3-legacy-flac-init.patch
|
Patch3: %{name}-1.1.3-legacy-flac-init.patch
|
||||||
Patch6: %{name}-1.1.1-deepbind-939.patch
|
Patch6: %{name}-1.1.1-deepbind-939.patch
|
||||||
Patch7: %{name}-1.1.1-multilib-devel.patch
|
Patch7: %{name}-1.1.1-multilib-devel.patch
|
||||||
@ -101,6 +102,7 @@ This package contains extra plugins for xine-lib:
|
|||||||
touch -r configure.ac aclocal.m4
|
touch -r configure.ac aclocal.m4
|
||||||
touch -r m4/optimizations.m4 m4/optimizations.m4.stamp
|
touch -r m4/optimizations.m4 m4/optimizations.m4.stamp
|
||||||
%patch1 -p1 -b .optflags
|
%patch1 -p1 -b .optflags
|
||||||
|
%patch2 -p1 -b .CVE-2007-1246
|
||||||
touch -r m4/optimizations.m4.stamp m4/optimizations.m4
|
touch -r m4/optimizations.m4.stamp m4/optimizations.m4
|
||||||
%patch3 -p0 -b .legacy-flac-init
|
%patch3 -p0 -b .legacy-flac-init
|
||||||
# Patch6 needed at least when compiling with external ffmpeg, #939.
|
# Patch6 needed at least when compiling with external ffmpeg, #939.
|
||||||
@ -284,6 +286,12 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Mar 10 2007 Ville Skyttä <ville.skytta at iki.fi> - 1.1.4-3
|
||||||
|
- Apply upstream fix for CVE-2007-1246.
|
||||||
|
|
||||||
|
* Wed Feb 14 2007 Ville Skyttä <ville.skytta at iki.fi> - 1.1.4-2
|
||||||
|
- Rebuild.
|
||||||
|
|
||||||
* Wed Jan 31 2007 Ville Skyttä <ville.skytta at iki.fi> - 1.1.4-1
|
* Wed Jan 31 2007 Ville Skyttä <ville.skytta at iki.fi> - 1.1.4-1
|
||||||
- 1.1.4, with wavpack and system libmpcdec support.
|
- 1.1.4, with wavpack and system libmpcdec support.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user