rev 13349 - in kde-extras/amarok/trunk/debian: . patches
Modestas Vainius
modax-guest at alioth.debian.org
Wed Jan 14 19:10:12 UTC 2009
Author: modax-guest
Date: 2009-01-14 19:10:11 +0000 (Wed, 14 Jan 2009)
New Revision: 13349
Added:
kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff
Modified:
kde-extras/amarok/trunk/debian/changelog
kde-extras/amarok/trunk/debian/patches/series
Log:
* Add 20_security_audible_tags.diff patch to fix integer overflow while
reading audible aa file tags.
* Urgengy high due to security fix.
* New upstream release:
- [Secunia SA31418] Fixes insecure temporary file creation
(Closes: #494765).
* Urgency high due to security fix.
Modified: kde-extras/amarok/trunk/debian/changelog
===================================================================
--- kde-extras/amarok/trunk/debian/changelog 2009-01-14 14:41:03 UTC (rev 13348)
+++ kde-extras/amarok/trunk/debian/changelog 2009-01-14 19:10:11 UTC (rev 13349)
@@ -1,3 +1,20 @@
+amarok (1.4.10-2) unstable; urgency=high
+
+ * Add 20_security_audible_tags.diff patch to fix integer overflow while
+ reading audible aa file tags.
+ * Urgengy high due to security fix.
+
+ -- Modestas Vainius <modestas at vainius.eu> Sat, 10 Jan 2009 13:56:55 +0200
+
+amarok (1.4.10-1) unstable; urgency=high
+
+ * New upstream release:
+ - [Secunia SA31418] Fixes insecure temporary file creation
+ (Closes: #494765).
+ * Urgency high due to security fix.
+
+ -- Modestas Vainius <modestas at vainius.eu> Thu, 14 Aug 2008 21:35:56 +0300
+
amarok (1.4.9.1-3) unstable; urgency=low
* Make amarok depend strictly on the same source version of amarok-common (=)
Added: kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff
===================================================================
--- kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff (rev 0)
+++ kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff 2009-01-14 19:10:11 UTC (rev 13349)
@@ -0,0 +1,100 @@
+integer overflow in reading audible aa file tags in amarok 1.x
+and newer.
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ Amarok ChangeLog
+ ================
+-(C) 2002-2007 the Amarok authors.
++(C) 2002-2009 the Amarok authors.
++
++ BUGFIX:
++ * Fix possible buffer overflows when parsing Audible .aa files.
+
+ VERSION 1.4.10
+ BUGFIX:
+--- a/amarok/src/metadata/audible/audibletag.cpp
++++ b/amarok/src/metadata/audible/audibletag.cpp
+@@ -71,7 +71,8 @@
+ {
+ char buf[1023];
+ fseek(fp, OFF_PRODUCT_ID, SEEK_SET);
+- fread(buf, strlen("product_id"), 1, fp);
++ if (fread(buf, strlen("product_id"), 1, fp) != 1)
++ return;
+ if(memcmp(buf, "product_id", strlen("product_id")))
+ {
+ buf[20]='\0';
+@@ -130,24 +131,65 @@
+
+ bool Audible::Tag::readTag( FILE *fp, char **name, char **value)
+ {
++ // arbitrary value that has to be smaller than 2^32-1 and that should be large enough for all tags
++ const uint32_t maxtaglen = 100000;
++
+ uint32_t nlen;
+- fread(&nlen, sizeof(nlen), 1, fp);
++ if (fread(&nlen, sizeof(nlen), 1, fp) != 1)
++ return false;
+ nlen = ntohl(nlen);
+ //fprintf(stderr, "tagname len=%x\n", (unsigned)nlen);
+- *name = new char[nlen+1];
+- (*name)[nlen] = '\0';
++ if (nlen > maxtaglen)
++ return false;
+
+ uint32_t vlen;
+- fread(&vlen, sizeof(vlen), 1, fp);
++ if (fread(&vlen, sizeof(vlen), 1, fp) != 1)
++ return false;
+ vlen = ntohl(vlen);
+ //fprintf(stderr, "tag len=%x\n", (unsigned)vlen);
++ if (vlen > maxtaglen)
++ return false;
++
++ *name = new char[nlen+1];
++ if (!*name)
++ return false;
++
+ *value = new char[vlen+1];
++ if (!*value)
++ {
++ delete[] *name;
++ *name = 0;
++ return false;
++ }
++
++ (*name)[nlen] = '\0';
+ (*value)[vlen] = '\0';
+
+- fread(*name, nlen, 1, fp);
+- fread(*value, vlen, 1, fp);
++ if (fread(*name, nlen, 1, fp) != 1)
++ {
++ delete[] *name;
++ *name = 0;
++ delete[] *value;
++ *value = 0;
++ return false;
++ }
++ if (fread(*value, vlen, 1, fp) != 1)
++ {
++ delete[] *name;
++ *name = 0;
++ delete[] *value;
++ *value = 0;
++ return false;
++ }
+ char lasttag;
+- fread(&lasttag, 1, 1, fp);
++ if (fread(&lasttag, 1, 1, fp) != 1)
++ {
++ delete[] *name;
++ *name = 0;
++ delete[] *value;
++ *value = 0;
++ return false;
++ }
+ //fprintf(stderr, "%s: \"%s\"\n", *name, *value);
+
+ m_tagsEndOffset += 2 * 4 + nlen + vlen + 1;
Modified: kde-extras/amarok/trunk/debian/patches/series
===================================================================
--- kde-extras/amarok/trunk/debian/patches/series 2009-01-14 14:41:03 UTC (rev 13348)
+++ kde-extras/amarok/trunk/debian/patches/series 2009-01-14 19:10:11 UTC (rev 13349)
@@ -14,4 +14,5 @@
17_xiph_audio_mimetypes.diff
18_add_lastfm_recommended_radio.diff
19_amarok_play_audiocd.desktop.diff
+20_security_audible_tags.diff
97_automake_cleanup.diff
More information about the pkg-kde-commits
mailing list