Hello community, here is the log from the commit of package csound for openSUSE:11.4 checked in at Mon Feb 27 16:42:00 CET 2012.
-------- --- old-versions/11.4/all/csound/csound.changes 2009-07-16 18:05:26.000000000 +0200 +++ 11.4/csound/csound.changes 2012-02-27 11:21:44.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 27 11:21:19 CET 2012 - [email protected] + +- VUL-0: CVE-2012-0270: csound: two buffer overflow flaws in getnum() + (bnc#749073) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/csound Destination is old-versions/11.4/UPDATES/all/csound calling whatdependson for 11.4-i586 New: ---- csound-fix-CVE-2012-0270.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ csound.spec ++++++ --- /var/tmp/diff_new_pack.b39PtT/_old 2012-02-27 16:40:59.000000000 +0100 +++ /var/tmp/diff_new_pack.b39PtT/_new 2012-02-27 16:40:59.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package csound (Version 5.06.0) +# spec file for package csound # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,20 +15,32 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: csound %define support_fltk 0 -BuildRequires: alsa-devel fdupes fluidsynth-devel gcc-c++ jack-devel liblo-devel libsndfile-devel portaudio-devel python-devel scons swig +BuildRequires: alsa-devel +BuildRequires: fdupes +BuildRequires: fluidsynth-devel +BuildRequires: gcc-c++ +BuildRequires: jack-devel +BuildRequires: liblo-devel +BuildRequires: libsndfile-devel +BuildRequires: portaudio-devel +BuildRequires: python-devel +BuildRequires: scons +BuildRequires: swig %if %support_fltk -BuildRequires: fltk-devel libjpeg-devel libpng-devel xorg-x11-devel +BuildRequires: fltk-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: xorg-x11-devel %endif Summary: Computer Sound Synthesis and Composition Program -Version: 5.06.0 -Release: 130 -License: GFDL v1.2 ; LGPL v2.1 or later ; MIT License (or similar) +License: GFDL-1.2 ; LGPL-2.1+ ; MIT Group: Productivity/Multimedia/Sound/Utilities +Version: 5.06.0 +Release: 139.<RELEASE140> Source: Csound%{version}.tar.bz2 Source1: README.SuSE Patch: csound-alsa-fix.diff @@ -36,6 +48,7 @@ Patch2: csound-gcc-warning-fix.diff Patch3: csound-python-2.6-fix.diff Patch4: csound-sanitize-sys.patch +Patch5: csound-fix-CVE-2012-0270.patch Url: http://www.csounds.com AutoReq: on Autoprov: off @@ -56,6 +69,7 @@ %patch2 %patch3 %patch4 -p1 +%patch5 -p1 cp %{SOURCE1} . # fix encoding iconv -f latin1 -t utf8 readme-csound5.txt > readme-csound5.txt.utf8 ++++++ csound-fix-CVE-2012-0270.patch ++++++ >From 7d617a9551fb6c552ba16874b71266fcd90f3a6f Mon Sep 17 00:00:00 2001 From: John ffitch <[email protected]> Date: Thu, 19 Jan 2012 21:15:30 +0000 Subject: [PATCH] fix buffer overflows --- util/het_import.c | 2 +- util/heti_main.c | 2 +- util/lpci_main.c | 4 ++++ util/pv_import.c | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) --- a/util/het_import.c +++ b/util/het_import.c @@ -49,7 +49,7 @@ short getnum(FILE* inf, char *term) char buff[100]; int cc; int p = 0; - while ((cc=getc(inf))!=',' && cc!='\n') { + while ((cc=getc(inf))!=',' && cc!='\n' && p<99) { if (cc == EOF) { *term = '\0'; return 0; --- a/util/heti_main.c +++ b/util/heti_main.c @@ -43,7 +43,7 @@ short getnum(FILE* inf, char *term) char buff[100]; int cc; int p = 0; - while ((cc=getc(inf))!=',' && cc!='\n') { + while ((cc=getc(inf))!=',' && cc!='\n' && p<99) { if (cc == EOF) { *term = '\0'; return 0; --- a/util/lpci_main.c +++ b/util/lpci_main.c @@ -78,6 +78,10 @@ int main(int argc, char **argv) putc(str[i],outf); putc('\n', outf); coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT)); + if (coef==NULL) { + printf("memory allocation failure\n"); + exit(1); + } for (i = 0; i<hdr.nvals; i++) { fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf); for (j=0; j<hdr.npoles; j++) --- a/util/pv_import.c +++ b/util/pv_import.c @@ -44,7 +44,7 @@ static float getnum(FILE* inf, char *ter char buff[100]; int cc; int p = 0; - while ((cc=getc(inf))!=',' && cc!='\n' && cc!=EOF) buff[p++] = cc; + while ((cc=getc(inf))!=',' && cc!='\n' && cc!=EOF && p<99) buff[p++] = cc; buff[p]='\0'; *term = cc; return (float)atof(buff); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
