rpms/faad2/F-8 faad2-cve-2008-4201.patch, NONE, 1.1 faad2.spec, 1.2, 1.3

Mon Nov 10 23:35:19 CET 2008

Author: rathann

Update of /cvs/free/rpms/faad2/F-8
In directory se02.es.rpmfusion.net:/tmp/cvs-serv29402/F-8

Modified Files:
	faad2.spec 
Added Files:
	faad2-cve-2008-4201.patch 
Log Message:
- fix CVE-2008-4201


faad2-cve-2008-4201.patch:

--- NEW FILE faad2-cve-2008-4201.patch ---
diff -up faad2/frontend/main.c.cve faad2/frontend/main.c
--- faad2/frontend/main.c.cve	2007-11-01 13:33:29.000000000 +0100
+++ faad2/frontend/main.c	2008-11-10 22:43:49.000000000 +0100
@@ -914,6 +914,8 @@ int decodeMP4file(char *mp4file, char *s
                 sample_count = frameInfo.samples;
             } else {
                 sample_count = (unsigned int)(dur * frameInfo.channels);
+                if (sample_count > frameInfo.samples)
+                    sample_count = frameInfo.samples;
 
                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
                 {


Index: faad2.spec
===================================================================
RCS file: /cvs/free/rpms/faad2/F-8/faad2.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- faad2.spec	18 Oct 2008 18:02:03 -0000	1.2
+++ faad2.spec	10 Nov 2008 22:34:49 -0000	1.3
@@ -12,11 +12,12 @@
 Name:		faad2
 Epoch:		1
 Version:	2.6.1
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	GPLv2+
 Group:		Applications/Multimedia
 URL:		http://www.audiocoding.com/faad2.html
 Source:		http://download.sourceforge.net/faac/%{name}-%{version}.tar.gz
+Patch0:		%{name}-cve-2008-4201.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires:	gcc-c++
 BuildRequires:	id3lib-devel
@@ -66,6 +67,7 @@
 
 %prep
 %setup -q -n %{name}
+%patch0 -p1 -b .cve
 find . -name "*.c" -o -name "*.h" | xargs chmod 644
 
 for f in AUTHORS COPYING ChangeLog NEWS README* TODO ; do
@@ -117,6 +119,9 @@
 %{xmmsinputplugindir}/libmp4.so
 
 %changelog
+* Mon Nov 10 2008 Dominik Mierzejewski <dominik [AT] greysector [DOT] net> 1:2.6.1-6
+- fix CVE-2008-4201
+
 * Sat Oct 18 2008 Dominik Mierzejewski <dominik [AT] greysector [DOT] net> 1:2.6.1-5
 - add Obsoletes: for xmms-aac to ensure smooth upgrade from Freshrpms
 - add some additional docs for xmms-faad2

