Hello community,
here is the log from the commit of package xine-lib
checked in at Fri Dec 1 10:59:29 CET 2006.
--------
--- xine-lib/xine-lib.changes 2006-11-21 18:22:17.000000000 +0100
+++ /mounts/work_src_done/STABLE/STABLE/xine-lib/xine-lib.changes 2006-11-30 12:13:52.000000000 +0100
@@ -1,0 +2,7 @@
+Thu Nov 30 12:11:22 CET 2006 - mhopf@suse.de
+
+- Security fix for #224813: Potential buffer overflow for real media.
+ SF tracker #1603458:
+ https://sf.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655
+
+-------------------------------------------------------------------
New:
----
xine-lib-sf-1603458-COMMITTED.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xine-lib.spec ++++++
--- /var/tmp/diff_new_pack.gq3smI/_old 2006-12-01 10:59:22.000000000 +0100
+++ /var/tmp/diff_new_pack.gq3smI/_new 2006-12-01 10:59:22.000000000 +0100
@@ -15,7 +15,7 @@
%define DISTRIBUTABLE 1
Summary: Video Player with Plug-Ins
Version: 1.1.2
-Release: 36
+Release: 39
License: GNU General Public License (GPL), Other License(s), see package
Group: Productivity/Multimedia/Video/Players
URL: http://xine.sourceforge.net
@@ -32,6 +32,7 @@
Patch4: xine-lib-configure.diff
#Patch19: xine-lib-used-constants.diff
Patch22: xine-lib-cve-2006-4799.diff
+Patch23: xine-lib-sf-1603458-COMMITTED.diff
Patch24: xine-lib-mms-fixes-COMMITTED.diff
Patch25: xine-lib-buildfixed-COMMITTED.diff
Patch26: xine-lib-doc-fix-X11R6.diff
@@ -142,6 +143,7 @@
%patch1
%patch4
%patch22
+%patch23 -p1
%patch24
%patch25
%patch26
@@ -392,6 +394,10 @@
/usr/include/xine.h
%changelog -n xine-lib
+* Thu Nov 30 2006 - mhopf@suse.de
+- Security fix for #224813: Potential buffer overflow for real media.
+ SF tracker #1603458:
+ https://sf.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655
* Tue Nov 21 2006 - mhopf@suse.de
- Security fix for #222892: Insufficient validation of AVI headers.
CVE-2006-4799 and CVE-2006-4800.
++++++ xine-lib-sf-1603458-COMMITTED.diff ++++++
--- xine-lib-1.1.1/src/input/libreal/asmrp.c.jdw 2004-08-28 04:34:16.000000000 +1000
+++ xine-lib-1.1.1/src/input/libreal/asmrp.c 2006-11-27 14:03:58.000000000 +1100
@@ -604,7 +604,7 @@
return ret;
}
-static int asmrp_eval (asmrp_t *p, int *matches) {
+static int asmrp_eval (asmrp_t *p, int *matches, int matchsize) {
int rule_num, num_matches;
@@ -613,7 +613,7 @@
asmrp_get_sym (p);
rule_num = 0; num_matches = 0;
- while (p->sym != ASMRP_SYM_EOF) {
+ while (p->sym != ASMRP_SYM_EOF && num_matches < matchsize - 1) {
if (asmrp_rule (p)) {
lprintf ("rule #%d is true\n", rule_num);
@@ -629,7 +629,7 @@
return num_matches;
}
-int asmrp_match (const char *rules, int bandwidth, int *matches) {
+int asmrp_match (const char *rules, int bandwidth, int *matches, int matchsize) {
asmrp_t *p;
int num_matches;
@@ -641,7 +641,7 @@
asmrp_set_id (p, "Bandwidth", bandwidth);
asmrp_set_id (p, "OldPNMPlayer", 0);
- num_matches = asmrp_eval (p, matches);
+ num_matches = asmrp_eval (p, matches, matchsize);
asmrp_dispose (p);
--- xine-lib-1.1.1/src/input/libreal/asmrp.h.jdw 2003-12-09 11:02:30.000000000 +1100
+++ xine-lib-1.1.1/src/input/libreal/asmrp.h 2006-11-27 14:03:03.000000000 +1100
@@ -37,6 +37,6 @@
#ifndef HAVE_ASMRP_H
#define HAVE_ASMRP_H
-int asmrp_match (const char *rules, int bandwidth, int *matches) ;
+int asmrp_match (const char *rules, int bandwidth, int *matches, int matchesizxe) ;
#endif
--- xine-lib-1.1.1/src/input/libreal/real.c.jdw 2005-06-25 23:21:30.000000000 +1000
+++ xine-lib-1.1.1/src/input/libreal/real.c 2006-11-27 14:04:49.000000000 +1100
@@ -482,7 +482,7 @@
lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);
- n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches);
+ n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches, sizeof(rulematches)/sizeof(rulematches[0]));
for (j=0; j
participants (1)
-
root@suse.de