Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package vlc for openSUSE:Factory checked in at 2021-01-18 11:27:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vlc (Old) and /work/SRC/openSUSE:Factory/.vlc.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vlc" Mon Jan 18 11:27:45 2021 rev:113 rq:863152 version:3.0.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/vlc/vlc.changes 2020-12-18 19:52:21.593611344 +0100 +++ /work/SRC/openSUSE:Factory/.vlc.new.28504/vlc.changes 2021-01-18 11:30:54.796599408 +0100 @@ -1,0 +2,7 @@ +Thu Jan 14 15:58:51 UTC 2021 - Dominique Leuenberger <[email protected]> + +- Add vlc-CVE-2020-26664.patch: mkv: Ensure we don't use an + EbmlDummy element for something it's not (CVE-2020-26664, + boo#1180755). + +------------------------------------------------------------------- New: ---- vlc-CVE-2020-26664.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vlc.spec ++++++ --- /var/tmp/diff_new_pack.BcVRQD/_old 2021-01-18 11:30:55.980600575 +0100 +++ /var/tmp/diff_new_pack.BcVRQD/_new 2021-01-18 11:30:55.984600579 +0100 @@ -1,7 +1,7 @@ # # spec file for package vlc # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2012 Dominique Leuenberger, Amsterdam, The Netherlands # # All modifications and additions to the file contributed by third parties @@ -51,6 +51,8 @@ Patch2: vlc-lua-5.3.patch # PATCH-FIX-UPSTREAM fix-build-with-fdk-2.0.patch -- Fix building vlc with libfdk-aac v2 Patch3: fix-build-with-fdk-2.0.patch +# PATCH-FIX-UPSTREAM vlc-CVE-2020-26664.patch CVE-2020-26664 [email protected] -- mkv: Ensure we don't use an EbmlDummy element for something it's not +Patch4: vlc-CVE-2020-26664.patch # PATCH-FEATURE-OPENSUSE vlc-projectM-qt5.patch -- Build against projectM-qt5; openSUSE provides projectM as -qt and -qt5 variant Patch100: vlc-projectM-qt5.patch # PATCH-FIX-UPSTREAM -- Use OpenCV C++ API @@ -400,6 +402,7 @@ %patch0 -p1 %patch1 -p1 %patch3 -p1 +%patch4 -p1 %if 0%{?suse_version} > 1320 && 0%{?suse_version} < 1550 && 0%{?sle_version} < 150200 %patch100 -p1 %endif ++++++ vlc-CVE-2020-26664.patch ++++++ diff --git a/modules/demux/mkv/mkv.hpp b/modules/demux/mkv/mkv.hpp index 38a62aa2af2ca8462eedfda25608543d1bd9eec6..fa9a1e81a5994a487ec846fed6d8c9a2cec3139e 100644 --- a/modules/demux/mkv/mkv.hpp +++ b/modules/demux/mkv/mkv.hpp @@ -113,7 +113,7 @@ enum #define MKVD_TIMECODESCALE 1000000 -#define MKV_IS_ID( el, C ) ( el != NULL && (el->operator const EbmlId&()) == (C::ClassInfos.ClassId()) ) +#define MKV_IS_ID( el, C ) ( el != NULL && (el->operator const EbmlId&()) == (C::ClassInfos.ClassId()) && !el->IsDummy() ) #define MKV_CHECKED_PTR_DECL( name, type, src ) type * name = MKV_IS_ID(src, type) ? static_cast<type*>(src) : NULL #define MKV_CHECKED_PTR_DECL_CONST( name, type, src ) const type * name = MKV_IS_ID(src, type) ? static_cast<const type*>(src) : NULL
