[SCM] GNU Shockwave Flash (SWF) player branch, squeeze-backports, updated. debian/0.8.10-5-5-gea1f858

Gabriele Giacone gg0-guest at alioth.debian.org
Fri Mar 16 00:33:40 UTC 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Shockwave Flash (SWF) player".

The branch, squeeze-backports has been updated
       via  ea1f8587c4500341213d41e4ecfc696c9f6b44e0 (commit)
       via  d86032842087b3a96fb230b3bf4dc68810531baa (commit)
       via  f1309ca96e581d93d676ac1b65eb57bb838c882a (commit)
       via  830c52b59d0b40d4a5dc84df1d57cb06c8852aed (commit)
       via  aa054d69d495617a422c6d59df88e26308c823e1 (commit)
      from  356108d03ee55fb38c98db0448cd65f4e3d6c86e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ea1f8587c4500341213d41e4ecfc696c9f6b44e0
Author: Gabriele Giacone <1o5g4r8o at gmail.com>
Date:   Thu Mar 15 17:14:29 2012 +0000

    Rebuild for squeeze-backports.

commit d86032842087b3a96fb230b3bf4dc68810531baa
Merge: 356108d f1309ca
Author: Gabriele Giacone <1o5g4r8o at gmail.com>
Date:   Thu Mar 15 17:04:02 2012 +0000

    Merge master.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog               |   19 +++++++++++++
 debian/control                 |    4 +-
 debian/patches/00CVE-2012-1175 |   58 ++++++++++++++++++++++++++++++++++++++++
 debian/patches/series          |    1 +
 4 files changed, 80 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e403ede..a614e1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+gnash (0.8.10-5~bpo60+1) squeeze-backports; urgency=low
+
+  * Rebuild for squeeze-backports.
+
+ -- Gabriele Giacone <1o5g4r8o at gmail.com>  Thu, 15 Mar 2012 17:06:35 +0000
+
+gnash (0.8.10-5) unstable; urgency=low
+
+  * Fix CVE-2012-1175 (Closes: #664023).
+
+ -- Gabriele Giacone <1o5g4r8o at gmail.com>  Thu, 15 Mar 2012 03:04:37 +0100
+
+gnash (0.8.10-4) unstable; urgency=low
+
+  * B-D on libpng-dev for libpng15 transition (Closes: #662353).
+  * Bump Standards-Version to 3.9.3 (no changes).
+
+ -- Gabriele Giacone <1o5g4r8o at gmail.com>  Mon, 05 Mar 2012 13:11:02 +0000
+
 gnash (0.8.10-3~bpo60+1) squeeze-backports; urgency=low
 
   * Rebuild for squeeze-backports.
diff --git a/debian/control b/debian/control
index 20ef57d..5350251 100644
--- a/debian/control
+++ b/debian/control
@@ -38,7 +38,7 @@ Build-Depends: autoconf,
                libltdl-dev,
                libmysqlclient-dev,
                libpango1.0-dev | pango-dev,
-               libpng12-dev | libpng-dev,
+               libpng-dev,
                libqt4-dev,
                libsdl1.2-dev,
                libspeex-dev,
@@ -54,7 +54,7 @@ Build-Depends: autoconf,
                xsltproc,
                xulrunner-dev
 XS-Python-Version: current
-Standards-Version: 3.9.2
+Standards-Version: 3.9.3
 Section: video
 Homepage: http://www.gnu.org/software/gnash/
 DM-Upload-Allowed: yes
diff --git a/debian/patches/00CVE-2012-1175 b/debian/patches/00CVE-2012-1175
new file mode 100644
index 0000000..3dbf490
--- /dev/null
+++ b/debian/patches/00CVE-2012-1175
@@ -0,0 +1,58 @@
+Description: Fix CVE-2012-1175.
+Origin: http://git.sv.gnu.org/cgit/gnash.git/patch/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527
+Author: Benjamin Wolsey <bwy at benjaminwolsey.de>
+Bug-Debian: http://bugs.debian.org/664023
+
+--- a/libbase/GnashImage.cpp
++++ b/libbase/GnashImage.cpp
+@@ -26,6 +26,7 @@
+ #include <boost/scoped_array.hpp>
+ #include <boost/shared_ptr.hpp>
+ #include <algorithm>
++#include <cassert>
+ 
+ #ifdef USE_PNG
+ # include "GnashImagePng.h"
+@@ -44,6 +45,21 @@ namespace image {
+ 
+ namespace {
+     void processAlpha(GnashImage::iterator imageData, size_t pixels);
++    bool checkValidSize(size_t width, size_t height, size_t channels) {
++
++        if (width == 0 || height == 0) return false;
++
++        assert(channels > 0);
++
++        boost::uint32_t maxSize = std::numeric_limits<boost::int32_t>::max();
++        if (width >= maxSize || height >= maxSize) return false;
++
++        maxSize /= channels;
++        maxSize /= width;
++        maxSize /= height;
++
++        return maxSize > 0;
++    }
+ }
+ 
+ GnashImage::GnashImage(iterator data, size_t width, size_t height,
+@@ -55,6 +71,8 @@ GnashImage::GnashImage(iterator data, size_t width, size_t height,
+     _height(height),
+     _data(data)
+ {
++    // Callers should check dimensions
++    assert(checkValidSize(_width, _height, channels()));
+ }
+ 
+ /// Create an image allocating a buffer of height*pitch bytes
+@@ -66,8 +84,9 @@ GnashImage::GnashImage(size_t width, size_t height, ImageType type,
+     _width(width),
+     _height(height)
+ {
+-    const size_t max = std::numeric_limits<boost::int32_t>::max();
+-    if (size() > max) {
++    // Constructed from external input, so restrict dimensions to avoid
++    // overflow in size calculations
++    if (!checkValidSize(_width, _height, channels())) {
+         throw std::bad_alloc();
+     }
+     _data.reset(new value_type[size()]);
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..f08dd83 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+00CVE-2012-1175


hooks/post-receive
-- 
GNU Shockwave Flash (SWF) player

More information about the pkg-flash-devel mailing list