Hello community, here is the log from the commit of package csound for openSUSE:11.4 checked in at Mon Feb 27 16:42:00 CET 2012. -------- --- old-versions/11.4/all/csound/csound.changes 2009-07-16 18:05:26.000000000 +0200 +++ 11.4/csound/csound.changes 2012-02-27 11:21:44.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 27 11:21:19 CET 2012 - tiwai@suse.de + +- VUL-0: CVE-2012-0270: csound: two buffer overflow flaws in getnum() + (bnc#749073) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/csound Destination is old-versions/11.4/UPDATES/all/csound calling whatdependson for 11.4-i586 New: ---- csound-fix-CVE-2012-0270.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ csound.spec ++++++ --- /var/tmp/diff_new_pack.b39PtT/_old 2012-02-27 16:40:59.000000000 +0100 +++ /var/tmp/diff_new_pack.b39PtT/_new 2012-02-27 16:40:59.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package csound (Version 5.06.0) +# spec file for package csound # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,20 +15,32 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: csound %define support_fltk 0 -BuildRequires: alsa-devel fdupes fluidsynth-devel gcc-c++ jack-devel liblo-devel libsndfile-devel portaudio-devel python-devel scons swig +BuildRequires: alsa-devel +BuildRequires: fdupes +BuildRequires: fluidsynth-devel +BuildRequires: gcc-c++ +BuildRequires: jack-devel +BuildRequires: liblo-devel +BuildRequires: libsndfile-devel +BuildRequires: portaudio-devel +BuildRequires: python-devel +BuildRequires: scons +BuildRequires: swig %if %support_fltk -BuildRequires: fltk-devel libjpeg-devel libpng-devel xorg-x11-devel +BuildRequires: fltk-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: xorg-x11-devel %endif Summary: Computer Sound Synthesis and Composition Program -Version: 5.06.0 -Release: 130 -License: GFDL v1.2 ; LGPL v2.1 or later ; MIT License (or similar) +License: GFDL-1.2 ; LGPL-2.1+ ; MIT Group: Productivity/Multimedia/Sound/Utilities +Version: 5.06.0 +Release: 139.<RELEASE140> Source: Csound%{version}.tar.bz2 Source1: README.SuSE Patch: csound-alsa-fix.diff @@ -36,6 +48,7 @@ Patch2: csound-gcc-warning-fix.diff Patch3: csound-python-2.6-fix.diff Patch4: csound-sanitize-sys.patch +Patch5: csound-fix-CVE-2012-0270.patch Url: http://www.csounds.com AutoReq: on Autoprov: off @@ -56,6 +69,7 @@ %patch2 %patch3 %patch4 -p1 +%patch5 -p1 cp %{SOURCE1} . # fix encoding iconv -f latin1 -t utf8 readme-csound5.txt > readme-csound5.txt.utf8 ++++++ csound-fix-CVE-2012-0270.patch ++++++
From 7d617a9551fb6c552ba16874b71266fcd90f3a6f Mon Sep 17 00:00:00 2001 From: John ffitch
Date: Thu, 19 Jan 2012 21:15:30 +0000 Subject: [PATCH] fix buffer overflows
---
util/het_import.c | 2 +-
util/heti_main.c | 2 +-
util/lpci_main.c | 4 ++++
util/pv_import.c | 2 +-
4 files changed, 7 insertions(+), 3 deletions(-)
--- a/util/het_import.c
+++ b/util/het_import.c
@@ -49,7 +49,7 @@ short getnum(FILE* inf, char *term)
char buff[100];
int cc;
int p = 0;
- while ((cc=getc(inf))!=',' && cc!='\n') {
+ while ((cc=getc(inf))!=',' && cc!='\n' && p<99) {
if (cc == EOF) {
*term = '\0';
return 0;
--- a/util/heti_main.c
+++ b/util/heti_main.c
@@ -43,7 +43,7 @@ short getnum(FILE* inf, char *term)
char buff[100];
int cc;
int p = 0;
- while ((cc=getc(inf))!=',' && cc!='\n') {
+ while ((cc=getc(inf))!=',' && cc!='\n' && p<99) {
if (cc == EOF) {
*term = '\0';
return 0;
--- a/util/lpci_main.c
+++ b/util/lpci_main.c
@@ -78,6 +78,10 @@ int main(int argc, char **argv)
putc(str[i],outf);
putc('\n', outf);
coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT));
+ if (coef==NULL) {
+ printf("memory allocation failure\n");
+ exit(1);
+ }
for (i = 0; i