Hello community,

here is the log from the commit of package vorbis-tools for openSUSE:Factory 
checked in at 2015-01-29 09:54:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vorbis-tools (Old)
 and      /work/SRC/openSUSE:Factory/.vorbis-tools.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "vorbis-tools"

Changes:
--------
--- /work/SRC/openSUSE:Factory/vorbis-tools/vorbis-tools.changes        
2015-01-03 22:03:12.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.vorbis-tools.new/vorbis-tools.changes   
2015-01-29 09:54:55.000000000 +0100
@@ -1,0 +2,7 @@
+Tue Jan 27 18:04:18 CET 2015 - ti...@suse.de
+
+- Fix segfault by a crafted raw file input (CVE-2014-9640,
+  bsc#914938):
+  vorbis-tools-r19117-CVE-2014-9640.patch
+
+-------------------------------------------------------------------

New:
----
  vorbis-tools-r19117-CVE-2014-9640.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ vorbis-tools.spec ++++++
--- /var/tmp/diff_new_pack.cB8zdy/_old  2015-01-29 09:54:56.000000000 +0100
+++ /var/tmp/diff_new_pack.cB8zdy/_new  2015-01-29 09:54:56.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package vorbis-tools
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -30,6 +30,8 @@
 Patch1:         vorbis-tools-cflags.diff
 # PATCH-FIX-OPENSUSE vcut-fix-segfault.diff bnc#888360 -- Fix segfault of vcut
 Patch2:         vcut-fix-segfault.diff
+# PATCH-FIX-UPSTREAM vorbis-tools-r19117-CVE-2014-9640.patch bsc#914938 
CVE-201409640
+Patch3:         vorbis-tools-r19117-CVE-2014-9640.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 BuildRequires:  flac-devel
@@ -71,6 +73,7 @@
 %patch0
 %patch1
 %patch2 -p1
+%patch3 -p1
 # automake 1.13 deprecated AM_CONFIG_HEADER
 sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' configure.ac
 

++++++ vorbis-tools-r19117-CVE-2014-9640.patch ++++++
---
 oggenc/oggenc.c   |    4 ++--
 oggenc/skeleton.h |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/oggenc/oggenc.c
+++ b/oggenc/oggenc.c
@@ -97,6 +97,8 @@ int main(int argc, char **argv)
               .3,-1,
               0,0,0.f,
               0, 0, 0, 0, 0};
+    input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", 
+      N_("RAW file reader")};
 
     int i;
 
@@ -239,8 +241,6 @@ int main(int argc, char **argv)
 
         if(opt.rawmode)
         {
-            input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", 
-                N_("RAW file reader")};
 
             enc_opts.rate=opt.raw_samplerate;
             enc_opts.channels=opt.raw_channels;
--- a/oggenc/skeleton.h
+++ b/oggenc/skeleton.h
@@ -41,7 +41,7 @@ typedef struct {
     ogg_int64_t granule_rate_d;                            /* granule rate 
denominator */
     ogg_int64_t start_granule;                             /* start granule 
value */
     ogg_uint32_t preroll;                                   /* preroll */
-    unsigned char granule_shift; // a 8-bit field           /* 1 byte value 
holding the granule shift */
+    unsigned char granule_shift;                            /* 1 byte value 
holding the granule shift */
     char *message_header_fields;                            /* holds all the 
message header fields */
     /* current total size of the message header fields, for realloc purpose, 
initially zero */
     ogg_uint32_t current_header_size;
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to