Hello community, here is the log from the commit of package libquicktime for openSUSE:Factory checked in at 2017-07-02 13:37:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libquicktime (Old) and /work/SRC/openSUSE:Factory/.libquicktime.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libquicktime" Sun Jul 2 13:37:08 2017 rev:53 rq:506702 version:1.2.4cvs20150223 Changes: -------- --- /work/SRC/openSUSE:Factory/libquicktime/libquicktime.changes 2017-04-11 12:39:18.732197016 +0200 +++ /work/SRC/openSUSE:Factory/.libquicktime.new/libquicktime.changes 2017-07-02 13:37:09.631672171 +0200 @@ -1,0 +2,13 @@ +Fri Jun 23 21:58:19 UTC 2017 - [email protected] + +- add libquicktime-1.2.4-multiple_vulnerabilities.patch to fix the + following security issues: + * CVE-2017-9122 [bsc#1044077] + * CVE-2017-9123 [bsc#1044009] + * CVE-2017-9124 [bsc#1044008] + * CVE-2017-9125 [bsc#1044122] + * CVE-2017-9126 [bsc#1044006] + * CVE-2017-9127 [bsc#1044002] + * CVE-2017-9128 [bsc#1044000] + +------------------------------------------------------------------- New: ---- libquicktime-1.2.4-multiple_vulnerabilities.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libquicktime.spec ++++++ --- /var/tmp/diff_new_pack.EhOm3N/_old 2017-07-02 13:37:10.327574039 +0200 +++ /var/tmp/diff_new_pack.EhOm3N/_new 2017-07-02 13:37:10.331573474 +0200 @@ -39,6 +39,8 @@ Patch1: libquicktime-faad2.patch # PATCH-FIX-UPSTREAM bsc#1022805 CVE-2016-2399 [email protected] -- fix integer overflow in the quicktime_read_pascal function Patch2: libquicktime-1.2.4-integer_overflow.patch +# PATCH-FIX-UPSTREAM [email protected] -- fix multiple vulnerabilities (from CVE-2017-9122 to CVE-2017-9128) +Patch3: libquicktime-1.2.4-multiple_vulnerabilities.patch BuildRequires: alsa-devel BuildRequires: autoconf BuildRequires: automake @@ -130,6 +132,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 sed -i 's/-DGTK_DISABLE_DEPRECATED//g' configure.ac ++++++ libquicktime-1.2.4-multiple_vulnerabilities.patch ++++++ Index: libquicktime/src/atom.c =================================================================== --- libquicktime.orig/src/atom.c +++ libquicktime/src/atom.c @@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime atom->size = read_size64(header); atom->end = atom->start + atom->size; } +/* Avoid broken files */ + if(atom->end > file->total_length) + result = 1; } Index: libquicktime/src/lqt_quicktime.c =================================================================== --- libquicktime.orig/src/lqt_quicktime.c +++ libquicktime/src/lqt_quicktime.c @@ -993,8 +993,8 @@ int quicktime_read_info(quicktime_t *fil quicktime_set_position(file, start_position); free(temp); - quicktime_read_moov(file, &file->moov, &leaf_atom); - got_header = 1; + if(!quicktime_read_moov(file, &file->moov, &leaf_atom)) + got_header = 1; } else if(((leaf_atom.type[0] | leaf_atom.type[1] | leaf_atom.type[2] | leaf_atom.type[3]) == 0) && Index: libquicktime/src/moov.c =================================================================== --- libquicktime.orig/src/moov.c +++ libquicktime/src/moov.c @@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil if(quicktime_atom_is(&leaf_atom, "trak")) { quicktime_trak_t *trak = quicktime_add_trak(file); - quicktime_read_trak(file, trak, &leaf_atom); + if(quicktime_read_trak(file, trak, &leaf_atom)) + return 1; } else if(quicktime_atom_is(&leaf_atom, "udta")) Index: libquicktime/src/trak.c =================================================================== --- libquicktime.orig/src/trak.c +++ libquicktime/src/trak.c @@ -272,6 +272,14 @@ int quicktime_read_trak(quicktime_t *fil else quicktime_atom_skip(file, &leaf_atom); } while(quicktime_position(file) < trak_atom->end); + /* Do some sanity checks to prevent later crashes */ + if(trak->mdia.minf.is_video || trak->mdia.minf.is_video) + { + if(!trak->mdia.minf.stbl.stsc.table || + !trak->mdia.minf.stbl.stco.table) + return 1; + } + #if 1 if(trak->mdia.minf.is_video && quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac"))
