commit freerdp for openSUSE:Factory

Wed, 25 Jun 2014 06:25:01 -0700 

Hello community,

here is the log from the commit of package freerdp for openSUSE:Factory checked 
in at 2014-06-25 15:24:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freerdp (Old)
 and      /work/SRC/openSUSE:Factory/.freerdp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "freerdp"

Changes:
--------
--- /work/SRC/openSUSE:Factory/freerdp/freerdp.changes  2014-06-19 
13:19:54.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.freerdp.new/freerdp.changes     2014-06-25 
15:24:23.000000000 +0200
@@ -1,0 +2,7 @@
+Mon Jun 23 03:05:37 UTC 2014 - fezh...@suse.com
+
+- Add freerdp-CVE-2014-0791.patch to fix bnc#857491
+  backported from upstream commit:
+  
https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
+
+-------------------------------------------------------------------

New:
----
  freerdp-CVE-2014-0791.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ freerdp.spec ++++++
--- /var/tmp/diff_new_pack.UJBAJ7/_old  2014-06-25 15:24:24.000000000 +0200
+++ /var/tmp/diff_new_pack.UJBAJ7/_new  2014-06-25 15:24:24.000000000 +0200
@@ -35,6 +35,7 @@
 Patch5:         freerdp_branch-1.0.x_fix-kpdivide-issue831.patch
 # PATCH-FIX-UPSTREAM freerdp-CVE-2014-0250.patch bnc#880317 dli...@suse.com - 
backport from upstream 
 Patch6:         freerdp-CVE-2014-0250.patch
+Patch7:         freerdp-CVE-2014-0791.patch
 BuildRequires:  alsa-devel
 BuildRequires:  cmake
 BuildRequires:  cups-devel
@@ -86,6 +87,7 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 # use a versioned subdirectory for plugins in order to comply with the shared
 # library policy
 ed -s CMakeLists.txt 2>/dev/null <<'EOF'

++++++ freerdp-CVE-2014-0791.patch ++++++
>From 5253b9e27a2de48564f9b41eb3643a8edf11afe9 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezh...@suse.com>
Date: Mon, 23 Jun 2014 12:57:55 +0800
Subject: [PATCH] CVE-2014-0791

---
 libfreerdp-core/license.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libfreerdp-core/license.c b/libfreerdp-core/license.c
index 60b9f93..2425ddc 100644
--- a/libfreerdp-core/license.c
+++ b/libfreerdp-core/license.c
@@ -539,6 +539,8 @@ void license_read_scope_list(STREAM* s, SCOPE_LIST* 
scopeList)
        uint32 scopeCount;
 
        stream_read_uint32(s, scopeCount); /* ScopeCount (4 bytes) */
+       if (scopeCount > stream_get_left(s) / 4)  /* every blob is at least 4 
bytes */
+               return;
 
        scopeList->count = scopeCount;
        scopeList->array = (LICENSE_BLOB*) xmalloc(sizeof(LICENSE_BLOB) * 
scopeCount);
-- 
1.7.12.4

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to