Hello community, here is the log from the commit of package xine-lib checked in at Wed Apr 23 01:59:01 CEST 2008. -------- --- xine-lib/xine-lib.changes 2008-04-10 13:00:52.000000000 +0200 +++ /mounts/work_src_done/STABLE/xine-lib/xine-lib.changes 2008-04-18 15:07:57.000000000 +0200 @@ -1,0 +2,19 @@ +Fri Apr 18 15:07:47 CEST 2008 - lnussel@suse.de + +- fix overflow in nsf demuxer (bnc#380772, CVE-2008-1878) + +------------------------------------------------------------------- +Thu Apr 17 10:48:56 CEST 2008 - lnussel@suse.de + +- Update to vdr-xine-0.8.2 + * bugfix release +- don't use %run_ldconfig anymore +- don't install non-Linux READMEs + +------------------------------------------------------------------- +Tue Apr 15 17:01:11 CEST 2008 - lnussel@suse.de + +- fix insufficient bounds checking in speex decoder (bnc#379106, + CVE-2008-1686) + +------------------------------------------------------------------- Old: ---- vdr-xine-lib-0.8.1.diff.bz2 vdr-xine-libdir.diff New: ---- vdr-xine-0.8.2.diff.bz2 xine-lib-1.1.11.1-CVE-2008-1686-speex.diff xine-lib-CVE-2008-1878.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xine-lib.spec ++++++ --- /var/tmp/diff_new_pack.X21259/_old 2008-04-23 01:58:49.000000000 +0200 +++ /var/tmp/diff_new_pack.X21259/_new 2008-04-23 01:58:49.000000000 +0200 @@ -34,7 +34,7 @@ %endif Recommends: opensuse-codecs-installer Version: 1.1.11.1 -Release: 4 +Release: 8 %define abiversion 1.20 Summary: Video Player with Plug-Ins Group: Productivity/Multimedia/Video/Players @@ -52,10 +52,11 @@ Source99: precheckin_cripple_tarball.sh # *** xine-lib: Bugfixes Patch26: xine-lib-doc-fix-X11R6.diff +Patch27: xine-lib-1.1.11.1-CVE-2008-1686-speex.diff +Patch28: xine-lib-CVE-2008-1878.diff # *** Addons -Patch50: vdr-xine-lib-0.8.1.diff.bz2 +Patch50: vdr-xine-0.8.2.diff.bz2 Patch51: vdr-xine-SUSE.diff -Patch52: vdr-xine-libdir.diff Patch61: xine-lib-mjpegplugin.diff # *** SUSE only changes Patch70: xine-lib-crippled-LOCAL.diff @@ -173,7 +174,6 @@ %patch26 %patch50 -p1 %patch51 -p1 -%patch52 -p1 sed -i 's|^noinst_HEADERS = input_vdr.h|xineinclude_HEADERS = input_vdr.h|' src/vdr/Makefile.am %patch61 -p0 #sed -i 's|^ac_config_files="|ac_config_files="src/vdr/Makefile src/mjpeg/Makefile|' configure @@ -189,6 +189,8 @@ %endif %patch72 -p1 %patch73 -p1 +%patch27 -p1 +%patch28 -p1 %build cd xine-lib-%version @@ -221,8 +223,9 @@ make install DESTDIR=%buildroot LIB="%buildroot%_libdir/xine/plugins/%abiversion" # install documentation -mkdir -p %buildroot%_defaultdocdir install -m 0644 %SOURCE10 COPYING AUTHORS %buildroot%_defaultdocdir/xine/ +# remove usless READMEs +rm %buildroot%_defaultdocdir/xine/README.{irix,solaris,WIN32} %ifarch %ix86 mkdir -p %buildroot/usr/lib/win32 %endif @@ -394,11 +397,9 @@ rm -rf %buildroot %if %BUILD_XINE != 1 -%post -n xine-lib -%run_ldconfig +%post -n xine-lib -p /sbin/ldconfig -%postun -n xine-lib -%run_ldconfig +%postun -n xine-lib -p /sbin/ldconfig %files -n xine-lib -f files %defattr(-,root,root) @@ -451,6 +452,16 @@ %endif %changelog +* Fri Apr 18 2008 lnussel@suse.de +- fix overflow in nsf demuxer (bnc#380772, CVE-2008-1878) +* Thu Apr 17 2008 lnussel@suse.de +- Update to vdr-xine-0.8.2 + * bugfix release +- don't use %%run_ldconfig anymore +- don't install non-Linux READMEs +* Tue Apr 15 2008 lnussel@suse.de +- fix insufficient bounds checking in speex decoder (bnc#379106, + CVE-2008-1686) * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ++++++ vdr-xine-lib-0.8.1.diff.bz2 -> vdr-xine-0.8.2.diff.bz2 ++++++ Files xine-lib/vdr-xine-lib-0.8.1.diff.bz2 and /mounts/work_src_done/STABLE/xine-lib/vdr-xine-0.8.2.diff.bz2 differ ++++++ xine-lib-1.1.11.1-CVE-2008-1686-speex.diff ++++++ Index: xine-lib-1.1.11.1/src/libxineadec/xine_speex_decoder.c =================================================================== --- xine-lib-1.1.11.1.orig/src/libxineadec/xine_speex_decoder.c +++ xine-lib-1.1.11.1/src/libxineadec/xine_speex_decoder.c @@ -204,7 +204,7 @@ static void speex_decode_data (audio_dec if (!this->st) { SpeexMode * spx_mode; SpeexHeader * spx_header; - int modeID; + unsigned int modeID; int bitrate; speex_bits_init (&this->bits); @@ -216,7 +216,12 @@ static void speex_decode_data (audio_dec return; } - modeID = spx_header->mode; + modeID = (unsigned int)spx_header->mode; + if (modeID >= SPEEX_NB_MODES) { + xprintf(this->stream->xine, XINE_VERBOSITY_DEBUG, LOG_MODULE ": invalid mode ID %u\n", modeID); + return; + } + spx_mode = (SpeexMode *) speex_mode_list[modeID]; if (spx_mode->bitstream_version != spx_header->mode_bitstream_version) { ++++++ xine-lib-CVE-2008-1878.diff ++++++ Index: xine-lib-1.1.11.1/src/demuxers/demux_nsf.c =================================================================== --- xine-lib-1.1.11.1.orig/src/demuxers/demux_nsf.c +++ xine-lib-1.1.11.1/src/demuxers/demux_nsf.c @@ -106,9 +106,9 @@ static int open_nsf_file(demux_nsf_t *th this->total_songs = header[6]; this->current_song = header[7]; - this->title = strdup(&header[0x0E]); - this->artist = strdup(&header[0x2E]); - this->copyright = strdup(&header[0x4E]); + this->title = strndup((char*)&header[0x0E], 0x20); + this->artist = strndup((char*)&header[0x2E], 0x20); + this->copyright = strndup((char*)&header[0x4E], 0x20); this->filesize = this->input->get_length(this->input); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org