Hello community, here is the log from the commit of package xine-lib checked in at Fri Jun 2 02:10:21 CEST 2006. -------- --- xine-lib/xine-lib.changes 2006-05-17 13:51:51.000000000 +0200 +++ xine-lib/xine-lib.changes 2006-06-01 18:31:35.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Jun 1 17:29:40 CEST 2006 - mhopf@suse.de + +- Security fix for #180850: Buffer overflow in HTTP input plugin. + +------------------------------------------------------------------- New: ---- xine-lib-fix-http.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xine-lib.spec ++++++ --- /var/tmp/diff_new_pack.HOpeNb/_old 2006-06-02 02:09:58.000000000 +0200 +++ /var/tmp/diff_new_pack.HOpeNb/_new 2006-06-02 02:09:58.000000000 +0200 @@ -15,7 +15,7 @@ %define DISTRIBUTABLE 1 Summary: Video Player with Plug-Ins Version: 1.1.1 -Release: 25 +Release: 26 %define libversion 1.1.1 %define uiversion 0.99.4 Obsoletes: xine @@ -46,6 +46,7 @@ Patch18: xine-lib-demux_avi_indx_buffer.diff Patch19: xine-lib-used-constants.diff Patch20: xine-lib-unaligned.diff +Patch21: xine-lib-fix-http.diff Patch100: xine-ui.diff Patch102: vdr-xine-ui-0.7.6.diff Patch103: xine-ui-fix-gcc-warnings.diff @@ -111,7 +112,7 @@ Group: Productivity/Multimedia/Video/Players Provides: xine:/usr/bin/xine Version: 0.99.4 -Release: 33 +Release: 34 Autoreqprov: on %description -n xine-ui @@ -183,6 +184,7 @@ %patch18 %patch19 %patch20 +%patch21 -p1 (cd ../xine-ui-%{uiversion} %patch100 %patch102 -p1 @@ -514,6 +516,8 @@ /usr/include/xine.h %changelog -n xine-lib +* Thu Jun 01 2006 - mhopf@suse.de +- Security fix for #180850: Buffer overflow in HTTP input plugin. * Wed May 17 2006 - schwab@suse.de - Fix unaligned access. * Sun May 14 2006 - schwab@suse.de ++++++ xine-lib-fix-http.diff ++++++ Index: xine-lib-1.1.2cvs20060328/src/input/input_http.c =================================================================== --- xine-lib-1.1.2cvs20060328.orig/src/input/input_http.c +++ xine-lib-1.1.2cvs20060328/src/input/input_http.c @@ -895,6 +895,12 @@ static int http_plugin_open (input_plugi len = 0; } else len ++; + if ( len >= buflen ) { + _x_message(this->stream, XINE_MSG_PERMISSION_ERROR, this->mrl, NULL); + xine_log (this->stream->xine, XINE_LOG_MSG, + _("input_http: buffer exhausted after %d bytes."), buflen); + return 0; + } } lprintf ("end of headers\n"); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org