./libvorbis r29: 1.2.0.dfsg-4 for real

Clint Adams schizo at debian.org
Sat Feb 28 00:10:46 UTC 2009 

------------------------------------------------------------
revno: 29
committer: Clint Adams <schizo at debian.org>
branch nick: libvorbis
timestamp: Fri 2009-02-27 19:10:46 -0500
message:
  1.2.0.dfsg-4 for real
added:
  debian/patches/CVE-2008-1420.patch
  debian/patches/CVE-2008-1423+CVE-2008-1419.patch
modified:
  debian/changelog
  debian/control
  debian/patches/series
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-05-20 16:19:59 +0000
+++ b/debian/changelog	2009-02-28 00:10:46 +0000
@@ -1,8 +1,19 @@
-libvorbis (1.2.0.dfsg-4) UNRELEASED; urgency=low
+libvorbis (1.2.0.dfsg-4) unstable; urgency=low
 
   * Add upstream-r14811_huffman_sanity_checks.diff.  closes: #482039.
-
- -- Clint Adams <schizo at debian.org>  Tue, 20 May 2008 12:06:58 -0400
+  * Bump to Standards-Version 3.8.0.
+  * Remove myself from Uploaders.
+
+ -- Clint Adams <schizo at debian.org>  Tue, 10 Jun 2008 12:06:58 -0400
+
+libvorbis (1.2.0.dfsg-3.1) unstable; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Fix integer overflows (and possible DoS attacks) via crafted
+    OGG files (Closes: #482518)
+    Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419
+
+ -- Steffen Joeris <white at debian.org>  Mon, 26 May 2008 12:48:06 +0000
 
 libvorbis (1.2.0.dfsg-3) unstable; urgency=low
 
@@ -40,7 +51,7 @@
 
 libvorbis (1.1.2.dfsg-2) unstable; urgency=low
 
-  * Bump to Standards-Version 3.7.2. 
+  * Bump to Standards-Version 3.7.2.
   * Add upstream_r13198-fix_segfault_in_ov_time_seek.diff. closes: #281995.
 
  -- Clint Adams <schizo at debian.org>  Fri, 29 Jun 2007 09:46:12 -0400

=== modified file 'debian/control'
--- a/debian/control	2007-12-27 13:35:09 +0000
+++ b/debian/control	2009-02-28 00:10:46 +0000
@@ -2,9 +2,9 @@
 Section: libs
 Priority: optional
 Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint at lists.alioth.debian.org>
-Uploaders: Adeodato Sim? <dato at net.com.org.es>, Clint Adams <schizo at debian.org>
+Uploaders: Adeodato Sim? <dato at net.com.org.es>
 Build-Depends: autotools-dev, debhelper, quilt, libogg-dev
-Standards-Version: 3.7.3
+Standards-Version: 3.8.0
 Vcs-Bzr: http://bzr.debian.org/bzr/pkg-xiph/libvorbis
 
 Package: libvorbis0a

=== added file 'debian/patches/CVE-2008-1420.patch'
--- a/debian/patches/CVE-2008-1420.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/CVE-2008-1420.patch	2009-02-28 00:10:46 +0000
@@ -0,0 +1,46 @@
+--- ../old/libvorbis-1.2.0.dfsg/lib/misc.h	2007-07-24 00:09:47.000000000 +0000
++++ libvorbis-1.2.0.dfsg/lib/misc.h	2008-05-23 08:29:23.000000000 +0000
+@@ -29,8 +29,9 @@
+ #ifdef DEBUG_MALLOC
+ 
+ #define _VDBG_GRAPHFILE "malloc.m"
+-extern void *_VDBG_malloc(void *ptr,long bytes,char *file,long line); 
+-extern void _VDBG_free(void *ptr,char *file,long line); 
++#undef _VDBG_GRAPHFILE
++void *_VDBG_malloc(void *ptr,long bytes,char *file,long line);
++void _VDBG_free(void *ptr,char *file,long line);
+ 
+ #ifndef MISC_C 
+ #undef _ogg_malloc
+--- ../old/libvorbis-1.2.0.dfsg/lib/res0.c	2007-07-24 00:09:47.000000000 +0000
++++ libvorbis-1.2.0.dfsg/lib/res0.c	2008-05-23 08:22:57.000000000 +0000
+@@ -223,6 +223,20 @@
+   for(j=0;j<acc;j++)
+     if(info->booklist[j]>=ci->books)goto errout;
+ 
++  /* verify the phrasebook is not specifying an impossible or
++     inconsistent partitioning scheme. */
++  {
++    int entries = ci->book_param[info->groupbook]->entries;
++    int dim = ci->book_param[info->groupbook]->dim;
++    int partvals = 1;
++    while(dim>0){
++      partvals *= info->partitions;
++      if(partvals > entries) goto errout;
++      dim--;
++    }
++    if(partvals != entries) goto errout;
++  }
++
+   return(info);
+  errout:
+   res0_free_info(info);
+@@ -263,7 +277,7 @@
+     }
+   }
+ 
+-  look->partvals=rint(pow((float)look->parts,(float)dim));
++  look->partvals=look->phrasebook->entries;
+   look->stages=maxstage;
+   look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+   for(j=0;j<look->partvals;j++){

=== added file 'debian/patches/CVE-2008-1423+CVE-2008-1419.patch'
--- a/debian/patches/CVE-2008-1423+CVE-2008-1419.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/CVE-2008-1423+CVE-2008-1419.patch	2009-02-28 00:10:46 +0000
@@ -0,0 +1,20 @@
+--- ../old/libvorbis-1.2.0.dfsg/lib/codebook.c	2007-07-24 00:09:47.000000000 +0000
++++ libvorbis-1.2.0.dfsg/lib/codebook.c	2008-05-23 08:18:46.000000000 +0000
+@@ -158,6 +158,8 @@
+   s->dim=oggpack_read(opb,16);
+   s->entries=oggpack_read(opb,24);
+   if(s->entries==-1)goto _eofout;
++  
++  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout; 
+ 
+   /* codeword ordering.... length ordered or unordered? */
+   switch((int)oggpack_read(opb,1)){
+@@ -225,7 +227,7 @@
+       int quantvals=0;
+       switch(s->maptype){
+       case 1:
+-	quantvals=_book_maptype1_quantvals(s);
++	quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ 	break;
+       case 2:
+ 	quantvals=s->entries*s->dim;

=== modified file 'debian/patches/series'
--- a/debian/patches/series	2008-05-20 16:19:59 +0000
+++ b/debian/patches/series	2009-02-28 00:10:46 +0000
@@ -1,2 +1,4 @@
 upstream-r14811_huffman_sanity_checks.diff 
 local-remove_nonfree_docs.diff
+CVE-2008-1420.patch
+CVE-2008-1423+CVE-2008-1419.patch

More information about the pkg-xiph-commits mailing list