Hello community, here is the log from the commit of package vlc for openSUSE:Factory checked in at 2019-08-05 10:34:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vlc (Old) and /work/SRC/openSUSE:Factory/.vlc.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vlc" Mon Aug 5 10:34:53 2019 rev:98 rq:720864 version:3.0.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/vlc/vlc.changes 2019-06-18 14:55:46.189425069 +0200 +++ /work/SRC/openSUSE:Factory/.vlc.new.4126/vlc.changes 2019-08-05 10:34:56.275371818 +0200 @@ -1,0 +2,16 @@ +Sun Aug 4 01:44:44 UTC 2019 - Stefan Brüns <[email protected]> + +- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some + image loading libraries (libpng, libjpeg, ...) which are either wrapped + by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so). + +------------------------------------------------------------------- +Wed Jul 31 07:51:02 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Add vlc-CVE-2019-13602_1.patch and vlc-CVE-2019-13602_2.patch: + fix integer underflow in mp4 demuxer (CVE-2019-13602, + boo#1141522). +- Add vlc-CVE-2019-13962.patch: codec: avcodec: fix broken check + before copy (CVE-2019-13962, boo#1142161). + +------------------------------------------------------------------- @@ -4 +20,2 @@ -- Update to version 3.0.7.1: +- Update to version 3.0.7.1 (CVE-2019-5439, CVE-2019-5459, + CVE-2019-5460, CVE-2019-12874, boo#1138933, boo#1143549, boo#1138354, boo#1143547) @@ -112 +129 @@ -- Update to version 3.0.5: +- Update to version 3.0.5 (CVE-2018-19857, boo#1118586): New: ---- vlc-CVE-2019-13602_1.patch vlc-CVE-2019-13602_2.patch vlc-CVE-2019-13962.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vlc.spec ++++++ --- /var/tmp/diff_new_pack.mD2sGt/_old 2019-08-05 10:34:57.283371250 +0200 +++ /var/tmp/diff_new_pack.mD2sGt/_new 2019-08-05 10:34:57.287371248 +0200 @@ -51,6 +51,12 @@ Patch2: vlc-lua-5.3.patch # PATCH-FIX-UPSTREAM fix-build-with-fdk-2.0.patch -- Fix building vlc with libfdk-aac v2 Patch3: fix-build-with-fdk-2.0.patch +# PATCH-FIX-UPSTREAM vlc-CVE-2019-13962.patch -- Fix An Integer Underflow in MP4_EIA608_Convert() +Patch4: vlc-CVE-2019-13962.patch +# PATCH-FIX-UPSTREAM vlc-CVE-2019-13602_1.patch -- mp4: fix integer underflow +Patch5: vlc-CVE-2019-13602_1.patch +# PATCH-FIX-UPSTREAM vlc-CVE-2019-13602_2.patch -- mp4: fix integer underflow +Patch6: vlc-CVE-2019-13602_2.patch # PATCH-FEATURE-OPENSUSE vlc-projectM-qt5.patch -- Build against projectM-qt5; openSUSE provides projectM as -qt and -qt5 variant Patch100: vlc-projectM-qt5.patch # PATCH-FIX-UPSTREAM 0001-Fix-leaking-AvahiServiceResolver-in-the-error-paths.patch -- Fix some memleaks @@ -58,7 +64,6 @@ # PATCH-FIX-UPSTREAM 0002-Add-Avahi-implementation-for-chromecast-renderer-dis.patch -- Use Avahi for discovery, microdns is not available Patch102: 0002-Add-Avahi-implementation-for-chromecast-renderer-dis.patch BuildRequires: Mesa-devel -BuildRequires: SDL-devel >= 1.2.10 BuildRequires: aalib-devel BuildRequires: alsa-devel >= 1.0.24 BuildRequires: avahi-devel >= 0.6 @@ -192,7 +197,6 @@ BuildRequires: pkgconfig(xi) %endif %if 0%{?is_opensuse} -BuildRequires: pkgconfig(SDL_image) >= 1.2.10 BuildRequires: pkgconfig(libupnp) BuildRequires: pkgconfig(opencv) > 2.0 %ifarch %{ix86} x86_64 @@ -380,6 +384,9 @@ %patch0 -p1 %patch1 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %if 0%{?suse_version} > 1320 && 0%{?suse_version} < 1550 %patch100 -p1 %endif @@ -589,9 +596,6 @@ %{_libdir}/vlc/plugins/audio_output/libpulse_plugin.so %{_libdir}/vlc/plugins/codec/libavcodec_plugin.so %{_libdir}/vlc/plugins/codec/liblibass_plugin.so -%if 0%{?is_opensuse} -%{_libdir}/vlc/plugins/codec/libsdl_image_plugin.so -%endif %{_libdir}/vlc/plugins/control/libxcb_hotkeys_plugin.so %{_libdir}/vlc/plugins/demux/libavformat_plugin.so %{_libdir}/vlc/plugins/gui/libskins2_plugin.so ++++++ vlc-CVE-2019-13602_1.patch ++++++ >From b2b157076d9e94df34502dd8df0787deb940e938 Mon Sep 17 00:00:00 2001 From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <[email protected]> Date: Thu, 27 Jun 2019 23:19:38 +0300 Subject: [PATCH] mp4: fix integer underflow Reported-by: Hyeon-Ju Lee <[email protected]> --- modules/demux/mp4/mp4.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c index 540aa836c2..77b46de1c3 100644 --- a/modules/demux/mp4/mp4.c +++ b/modules/demux/mp4/mp4.c @@ -510,11 +510,11 @@ static block_t * MP4_EIA608_Convert( block_t * p_block ) block_t *p_newblock; /* always need at least 10 bytes (atom size+header+1pair)*/ - if ( i_remaining < 10 || - !(i_bytes = GetDWBE(p_block->p_buffer)) || - (i_bytes > i_remaining) || - memcmp("cdat", &p_block->p_buffer[4], 4) || - !(p_newblock = block_Alloc( i_remaining * 3 - 8 )) ) + i_bytes = GetDWBE(p_block->p_buffer); + + if (10 < i_bytes || i_bytes < i_remaining || + memcmp("cdat", &p_block->p_buffer[4], 4) || + (p_newblock = block_Alloc(i_remaining * 3 - 8)) == NULL) { p_block->i_buffer = 0; return p_block; -- 2.11.0 ++++++ vlc-CVE-2019-13602_2.patch ++++++ >From 8e8e0d72447f8378244f5b4a3dcde036dbeb1491 Mon Sep 17 00:00:00 2001 From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <[email protected]> Date: Thu, 27 Jun 2019 23:19:38 +0300 Subject: [PATCH] mp4: fix integer underflow Reported-by: Hyeon-Ju Lee <[email protected]> --- modules/demux/mp4/mp4.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c index 77b46de1c3..83f36db1a7 100644 --- a/modules/demux/mp4/mp4.c +++ b/modules/demux/mp4/mp4.c @@ -536,10 +536,10 @@ static block_t * MP4_EIA608_Convert( block_t * p_block ) } while( i_bytes >= 2 ); /* cdt2 is optional */ - if ( i_remaining >= 10 && - (i_bytes = GetDWBE(p_read)) && - (i_bytes <= i_remaining) && - !memcmp("cdt2", &p_read[4], 4) ) + i_bytes = GetDWBE(p_read); + + if (10 <= i_bytes && i_bytes <= i_remaining && + !memcmp("cdt2", &p_read[4], 4)) { p_read += 8; i_bytes -= 8; -- 2.11.0 ++++++ vlc-CVE-2019-13962.patch ++++++ >From 2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 Mon Sep 17 00:00:00 2001 From: Francois Cartegnie <[email protected]> Date: Mon, 20 May 2019 14:27:39 +0200 Subject: [PATCH] codec: avcodec: fix broken check before copy (fix #22240) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit copy parameters are the picture ones regression by c988b8d58b01ef6d628e3051774a2032dd7f6b7d (cherry picked from commit 603ecaf0f3fdf3b0a83cd2c773e05ac347b2149a) Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> --- modules/codec/avcodec/video.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c index 097e7cb11a..c5899fd736 100644 --- a/modules/codec/avcodec/video.c +++ b/modules/codec/avcodec/video.c @@ -364,8 +364,9 @@ static int lavc_CopyPicture(decoder_t *dec, picture_t *pic, AVFrame *frame) sys->p_context->pix_fmt, (name != NULL) ? name : "unknown"); return VLC_EGENERIC; } else if (fourcc != pic->format.i_chroma - || frame->width > (int) pic->format.i_width - || frame->height > (int) pic->format.i_height) + /* ensure we never read more than dst lines/pixels from src */ + || frame->width != (int) pic->format.i_visible_width + || frame->height < (int) pic->format.i_visible_height) { msg_Warn(dec, "dropping frame because the vout changed"); return VLC_EGENERIC; -- 2.11.0
