From dd008a31d9cc9a1d02bfc848b8321758ac92d2d8 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Fri, 7 Dec 2018 17:56:36 +0000 Subject: user/vlc: sec fix for CVE-2018-19857 --- user/vlc/APKBUILD | 8 +++++++- user/vlc/CVE-2018-19857.patch | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 user/vlc/CVE-2018-19857.patch (limited to 'user/vlc') diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD index 7db6632a1..1d8f2de92 100644 --- a/user/vlc/APKBUILD +++ b/user/vlc/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: A. Wilcox pkgname=vlc pkgver=3.0.4 -pkgrel=1 +pkgrel=2 pkgdesc="Multi-platform MPEG, VCD/DVD, and DivX player" triggers="vlc-libs.trigger=/usr/lib/vlc/plugins" pkgusers="vlc" @@ -61,6 +61,7 @@ makedepends="autoconf automake bison eudev-dev flex libarchive-dev " source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz check-headless.patch + CVE-2018-19857.patch disable-sub-autodetect-fuzzy-1-test.patch endian-fix.patch fix-testing.patch @@ -71,6 +72,10 @@ source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz vlc-libs.trigger " +# secfixes: +# 3.0.4-r2: +# - CVE-2018-19857 + prepare() { default_prepare NOCONFIGURE=1 ./bootstrap @@ -295,6 +300,7 @@ plugins_visualization() { _mv_plugins visualization; } sha512sums="55c5a45a1573d559f8d62272dc446bebfb328bd48f938e634693a45032e1a3095148e634de5bc53a3a3c0e4858f7df3ed7e5dc91f3f5447e47d0ab5775171271 vlc-3.0.4.tar.xz 22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa check-headless.patch +57a2b843b4b80d3887ca0141b9ea1a00752473861846a6c988553faa58650eb42cc2cd011503dce075c8a5dcabf834e449397c3cdbfdcb291ae7a41d218512da CVE-2018-19857.patch e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0 disable-sub-autodetect-fuzzy-1-test.patch e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd4630948e30c4329d27bd928f95de20fe1050d5e839778a4d012 endian-fix.patch 63adb16b3a1927ee3de27ac339cbfbbaa346a69928c527f883259d1e03b5cb59f26a55feeda767837b448c455de584abcb53dc733b2845c0cc13621d72e7f6fd fix-testing.patch diff --git a/user/vlc/CVE-2018-19857.patch b/user/vlc/CVE-2018-19857.patch new file mode 100644 index 000000000..a65dcef20 --- /dev/null +++ b/user/vlc/CVE-2018-19857.patch @@ -0,0 +1,34 @@ +From 0cc5ea748ee5ff7705dde61ab15dff8f58be39d0 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= +Date: Sat, 1 Dec 2018 23:32:18 +0200 +Subject: [PATCH] caf: fix integer underflow + +Pointed-out-by: Hans Jerry Illikainen +--- + modules/demux/caf.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/modules/demux/caf.c b/modules/demux/caf.c +index cc312a5a30..39b381f963 100644 +--- a/modules/demux/caf.c ++++ b/modules/demux/caf.c +@@ -691,14 +691,13 @@ static int ReadKukiChunk( demux_t *p_demux, uint64_t i_size ) + demux_sys_t *p_sys = p_demux->p_sys; + const uint8_t *p_peek; + +- /* vlc_stream_Peek can't handle sizes bigger than INT32_MAX, and also p_sys->fmt.i_extra is of type 'int'*/ +- if( i_size > INT32_MAX ) ++ if( i_size > SSIZE_MAX ) + { + msg_Err( p_demux, "Magic Cookie chunk too big" ); + return VLC_EGENERIC; + } + +- if( (unsigned int)vlc_stream_Peek( p_demux->s, &p_peek, (int)i_size ) < i_size ) ++ if( vlc_stream_Peek( p_demux->s, &p_peek, i_size ) < (ssize_t)i_size ) + { + msg_Err( p_demux, "Couldn't peek extra data" ); + return VLC_EGENERIC; +-- +2.11.0 + -- cgit v1.2.3-60-g2f50