commit csound for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package csound for openSUSE:Factory checked 
in at 2012-04-19 08:48:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/csound (Old)
 and      /work/SRC/openSUSE:Factory/.csound.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "csound", Maintainer is "ti...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:Factory/csound/csound.changes    2012-03-01 
17:19:08.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.csound.new/csound.changes       2012-04-19 
08:48:49.000000000 +0200
@@ -1,0 +2,11 @@
+Wed Apr 18 11:21:46 CEST 2012 - ti...@suse.de
+
+- VUL-0: csound: buffer overflow in pv_import (CVE-2012-2106,
+  bnc#757254),
+  VUL-0: csound: buffer overflow in lpc_import (CVE-2012-2107,
+  bnc#757255),
+  VUL-0: csound: Stack-based buffer overflow in lpc_import
+  (CVE-2012-2108, bnc#757256):
+  a single patch for all three issues
+
+-------------------------------------------------------------------

New:
----
  csound-fix-CVE-2012-2107.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ csound.spec ++++++
--- /var/tmp/diff_new_pack.zC6z4W/_old  2012-04-19 08:48:51.000000000 +0200
+++ /var/tmp/diff_new_pack.zC6z4W/_new  2012-04-19 08:48:51.000000000 +0200
@@ -47,6 +47,7 @@
 Source:         Csound%{version}.tar.gz
 Source1:        README.SuSE
 Patch3:         %{name}-strncat-fix.patch
+Patch4:         csound-fix-CVE-2012-2107.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -67,6 +68,7 @@
 %prep
 %setup -q -n Csound%{version}
 %patch3
+%patch4 -p1
 # remove __DATE__ from source files, causes unnecessary rebuilds
 sed -i 's:__DATE__:"":' Engine/musmon.c frontends/CsoundVST/CsoundVstFltk.cpp 
Top/main.c
 # copy readme

++++++ csound-fix-CVE-2012-2107.patch ++++++
>From 61d1df45ca9a52bab62892a3c3a13c41e6384505 Mon Sep 17 00:00:00 2001
From: John ffitch <j...@codemist.co.uk>
Date: Tue, 6 Mar 2012 17:12:43 +0000
Subject: [PATCH] security in utilities

---
 util/lpci_main.c |   17 ++++++++++++++---
 util/pv_import.c |    4 ++++
 2 files changed, 18 insertions(+), 3 deletions(-)

--- a/util/lpci_main.c
+++ b/util/lpci_main.c
@@ -73,17 +73,28 @@ int main(int argc, char **argv)
             hdr.headersize, hdr.lpmagic, hdr.npoles, hdr.nvals,
             hdr.framrate, hdr.srate, hdr.duration);
     str = (char *)malloc(hdr.headersize-sizeof(LPHEADER)+4);
-    fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf);
+    if (str==NULL) {
+      printf("memory allocation failure\n");
+      exit(1);
+    }
+    if (hdr.headersize-sizeof(LPHEADER)+4 !=
+        fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf)) {
+      printf("Ill formed data\n");
+      exit(1);
+    }
     for (i=0; i<hdr.headersize-sizeof(LPHEADER)+4; i++)
       putc(str[i],outf);
     putc('\n', outf);
-    coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT));
+    coef = (MYFLT *)malloc(hdr.npoles*sizeof(MYFLT));
     if (coef==NULL) {
       printf("memory allocation failure\n");
       exit(1);
     }
     for (i = 0; i<hdr.nvals; i++) {
-      fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf);
+      if (hdr.npoles != fread(coef, sizeof(MYFLT), hdr.npoles, inf)) {
+        printf("Ill formed data\n");
+        exit(1);
+      }
       for (j=0; j<hdr.npoles; j++)
         fprintf(outf, "%f%c", coef[j], (j==hdr.npoles-1 ? '\n' : ','));
     }
--- a/util/pv_import.c
+++ b/util/pv_import.c
@@ -115,6 +115,10 @@ static int pv_import(CSOUND *csound, int
       float *frame =
         (float*) csound->Malloc(csound, data.nAnalysisBins*2*sizeof(float));
       int i;
+      if (frame==NULL) {
+        csound->Message(csound, Str("Memory failure\n"));
+        exit(1);
+      }
       for (i=1;;i++) {
         int j;
         for (j=0; j<data.nAnalysisBins*2; j++) {
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org