Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libebml for openSUSE:Factory checked
in at 2021-03-02 14:42:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libebml (Old)
and /work/SRC/openSUSE:Factory/.libebml.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libebml"
Tue Mar 2 14:42:53 2021 rev:49 rq:874592 version:1.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/libebml/libebml.changes 2021-01-06
19:55:52.436996060 +0100
+++ /work/SRC/openSUSE:Factory/.libebml.new.2378/libebml.changes
2021-03-02 15:18:48.981684917 +0100
@@ -1,0 +2,7 @@
+Tue Feb 23 11:47:12 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 1.4.2:
+ * Fixed several heap overflow bugs in the `ReadData` functions of
+ various data type classes. This fixes CVE-2021-3405.
+
+-------------------------------------------------------------------
Old:
----
libebml-1.4.1.tar.xz
New:
----
libebml-1.4.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libebml.spec ++++++
--- /var/tmp/diff_new_pack.jJXhwd/_old 2021-03-02 15:18:49.521685269 +0100
+++ /var/tmp/diff_new_pack.jJXhwd/_new 2021-03-02 15:18:49.525685272 +0100
@@ -18,7 +18,7 @@
%define soname 5
Name: libebml
-Version: 1.4.1
+Version: 1.4.2
Release: 0
Summary: Library to parse EBML (Extensible Binary Markup Language) files
License: LGPL-2.1-or-later
++++++ libebml-1.4.1.tar.xz -> libebml-1.4.2.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/CMakeLists.txt
new/libebml-1.4.2/CMakeLists.txt
--- old/libebml-1.4.1/CMakeLists.txt 2021-01-04 15:18:57.000000000 +0100
+++ new/libebml-1.4.2/CMakeLists.txt 2021-02-18 12:42:59.000000000 +0100
@@ -1,6 +1,6 @@
cmake_minimum_required(VERSION 3.1.2)
-project(ebml VERSION 1.4.1)
+project(ebml VERSION 1.4.2)
option(DISABLE_PKGCONFIG "Disable PkgConfig module generation" OFF)
option(DISABLE_CMAKE_CONFIG "Disable CMake package config module generation"
OFF)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/ChangeLog new/libebml-1.4.2/ChangeLog
--- old/libebml-1.4.1/ChangeLog 2021-01-04 15:18:57.000000000 +0100
+++ new/libebml-1.4.2/ChangeLog 2021-02-18 12:42:59.000000000 +0100
@@ -1,3 +1,10 @@
+2021-02-18 Moritz Bunkus <mo@bunkus.online>
+
+ * Release v1.4.2.
+
+ * Fixed several heap overflow bugs in the `ReadData` functions of
+ various data type classes. This fixes CVE-2021-3405.
+
2021-01-04 Moritz Bunkus <mo@bunkus.online>
* Release v1.4.1.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/ebml/EbmlVersion.h
new/libebml-1.4.2/ebml/EbmlVersion.h
--- old/libebml-1.4.1/ebml/EbmlVersion.h 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/ebml/EbmlVersion.h 2021-02-18 12:42:59.000000000
+0100
@@ -42,7 +42,7 @@
START_LIBEBML_NAMESPACE
-#define LIBEBML_VERSION 0x010401
+#define LIBEBML_VERSION 0x010402
extern const EBML_DLL_API std::string EbmlCodeVersion;
extern const EBML_DLL_API std::string EbmlCodeDate;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/libebml.proj
new/libebml-1.4.2/libebml.proj
--- old/libebml-1.4.1/libebml.proj 2021-01-04 15:18:57.000000000 +0100
+++ new/libebml-1.4.2/libebml.proj 2021-02-18 12:42:59.000000000 +0100
@@ -13,7 +13,7 @@
LIB ebml
{
- PROJECT_VERSION 1.4.1
+ PROJECT_VERSION 1.4.2
USE libebml_coremake_automake
INCLUDE .
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlBinary.cpp
new/libebml-1.4.2/src/EbmlBinary.cpp
--- old/libebml-1.4.1/src/EbmlBinary.cpp 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/src/EbmlBinary.cpp 2021-02-18 12:42:59.000000000
+0100
@@ -97,7 +97,7 @@
return 0;
}
- Data = static_cast<binary *>(malloc(GetSize()));
+ Data = (GetSize() < SIZE_MAX) ? static_cast<binary *>(malloc(GetSize())) :
nullptr;
if (Data == nullptr)
throw CRTError(std::string("Error allocating data"));
SetValueIsSet();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlCrc32.cpp
new/libebml-1.4.2/src/EbmlCrc32.cpp
--- old/libebml-1.4.1/src/EbmlCrc32.cpp 2021-01-04 15:18:57.000000000 +0100
+++ new/libebml-1.4.2/src/EbmlCrc32.cpp 2021-02-18 12:42:59.000000000 +0100
@@ -232,20 +232,18 @@
filepos_t EbmlCrc32::ReadData(IOCallback & input, ScopeMode ReadFully)
{
- if (ReadFully != SCOPE_NO_DATA) {
- auto Buffer = new (std::nothrow) binary[GetSize()];
- if (Buffer == nullptr) {
- // impossible to read, skip it
- input.setFilePointer(GetSize(), seek_current);
- } else {
- input.readFully(Buffer, GetSize());
+ if (ReadFully == SCOPE_NO_DATA)
+ return GetSize();
- memcpy((void *)&m_crc_final, Buffer, 4);
- delete [] Buffer;
- SetValueIsSet();
- }
+ if (GetSize() != 4) {
+ // impossible to read, skip it
+ input.setFilePointer(GetSize(), seek_current);
+ return GetSize();
}
+ input.readFully(&m_crc_final, GetSize());
+ SetValueIsSet();
+
return GetSize();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlDate.cpp
new/libebml-1.4.2/src/EbmlDate.cpp
--- old/libebml-1.4.1/src/EbmlDate.cpp 2021-01-04 15:18:57.000000000 +0100
+++ new/libebml-1.4.2/src/EbmlDate.cpp 2021-02-18 12:42:59.000000000 +0100
@@ -51,6 +51,12 @@
return GetSize();
assert(GetSize() == 8);
+ if (GetSize() != 8) {
+ // impossible to read, skip it
+ input.setFilePointer(GetSize(), seek_current);
+ return GetSize();
+ }
+
binary Buffer[8];
input.readFully(Buffer, GetSize());
@@ -59,7 +65,6 @@
myDate = b64;
SetValueIsSet();
-
return GetSize();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlFloat.cpp
new/libebml-1.4.2/src/EbmlFloat.cpp
--- old/libebml-1.4.1/src/EbmlFloat.cpp 2021-01-04 15:18:57.000000000 +0100
+++ new/libebml-1.4.2/src/EbmlFloat.cpp 2021-02-18 12:42:59.000000000 +0100
@@ -112,28 +112,35 @@
*/
filepos_t EbmlFloat::ReadData(IOCallback & input, ScopeMode ReadFully)
{
- if (ReadFully != SCOPE_NO_DATA) {
- binary Buffer[20];
- assert(GetSize() <= 20);
- input.readFully(Buffer, GetSize());
+ if (ReadFully == SCOPE_NO_DATA)
+ return GetSize();
- if (GetSize() == 4) {
- big_int32 TmpRead;
- TmpRead.Eval(Buffer);
- auto tmpp = int32(TmpRead);
- float val;
- memcpy(&val, &tmpp, 4);
- Value = static_cast<double>(val);
- SetValueIsSet();
- } else if (GetSize() == 8) {
- big_int64 TmpRead;
- TmpRead.Eval(Buffer);
- auto tmpp = int64(TmpRead);
- double val;
- memcpy(&val, &tmpp, 8);
- Value = val;
- SetValueIsSet();
- }
+ assert(GetSize() == 4 || GetSize() == 8);
+ if (GetSize() != 4 && GetSize() != 8) {
+ // impossible to read, skip it
+ input.setFilePointer(GetSize(), seek_current);
+ return GetSize();
+ }
+
+ binary Buffer[8];
+ input.readFully(Buffer, GetSize());
+
+ if (GetSize() == 4) {
+ big_int32 TmpRead;
+ TmpRead.Eval(Buffer);
+ auto tmpp = int32(TmpRead);
+ float val;
+ memcpy(&val, &tmpp, 4);
+ Value = static_cast<double>(val);
+ SetValueIsSet();
+ } else {
+ big_int64 TmpRead;
+ TmpRead.Eval(Buffer);
+ auto tmpp = int64(TmpRead);
+ double val;
+ memcpy(&val, &tmpp, 8);
+ Value = val;
+ SetValueIsSet();
}
return GetSize();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlSInteger.cpp
new/libebml-1.4.2/src/EbmlSInteger.cpp
--- old/libebml-1.4.1/src/EbmlSInteger.cpp 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/src/EbmlSInteger.cpp 2021-02-18 12:42:59.000000000
+0100
@@ -133,22 +133,28 @@
filepos_t EbmlSInteger::ReadData(IOCallback & input, ScopeMode ReadFully)
{
- if (ReadFully != SCOPE_NO_DATA) {
- binary Buffer[8];
- input.readFully(Buffer, GetSize());
+ if (ReadFully == SCOPE_NO_DATA)
+ return GetSize();
- uint64 TempValue = Buffer[0] & 0x80 ? std::numeric_limits<uint64>::max() :
0;
+ if (GetSize() > 8) {
+ // impossible to read, skip it
+ input.setFilePointer(GetSize(), seek_current);
+ return GetSize();
+ }
- for (unsigned int i=0; i<GetSize(); i++) {
- TempValue <<= 8;
- TempValue |= Buffer[i];
- }
+ binary Buffer[8];
+ input.readFully(Buffer, GetSize());
- Value = ToSigned(TempValue);
+ uint64 TempValue = Buffer[0] & 0x80 ? std::numeric_limits<uint64>::max() : 0;
- SetValueIsSet();
+ for (unsigned int i=0; i<GetSize(); i++) {
+ TempValue <<= 8;
+ TempValue |= Buffer[i];
}
+ Value = ToSigned(TempValue);
+
+ SetValueIsSet();
return GetSize();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlString.cpp
new/libebml-1.4.2/src/EbmlString.cpp
--- old/libebml-1.4.1/src/EbmlString.cpp 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/src/EbmlString.cpp 2021-02-18 12:42:59.000000000
+0100
@@ -137,24 +137,25 @@
filepos_t EbmlString::ReadData(IOCallback & input, ScopeMode ReadFully)
{
- if (ReadFully != SCOPE_NO_DATA) {
- if (GetSize() == 0) {
- Value = "";
- SetValueIsSet();
+ if (ReadFully == SCOPE_NO_DATA)
+ return GetSize();
+
+ if (GetSize() == 0) {
+ Value = "";
+ SetValueIsSet();
+ } else {
+ auto Buffer = (GetSize() + 1 < std::numeric_limits<std::size_t>::max()) ?
new (std::nothrow) char[GetSize() + 1] : nullptr;
+ if (Buffer == nullptr) {
+ // unable to store the data, skip it
+ input.setFilePointer(GetSize(), seek_current);
} else {
- auto Buffer = new (std::nothrow) char[GetSize() + 1];
- if (Buffer == nullptr) {
- // unable to store the data, skip it
- input.setFilePointer(GetSize(), seek_current);
- } else {
- input.readFully(Buffer, GetSize());
- if (Buffer[GetSize()-1] != '\0') {
- Buffer[GetSize()] = '\0';
- }
- Value = Buffer;
- delete [] Buffer;
- SetValueIsSet();
+ input.readFully(Buffer, GetSize());
+ if (Buffer[GetSize()-1] != '\0') {
+ Buffer[GetSize()] = '\0';
}
+ Value = Buffer;
+ delete [] Buffer;
+ SetValueIsSet();
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlUInteger.cpp
new/libebml-1.4.2/src/EbmlUInteger.cpp
--- old/libebml-1.4.1/src/EbmlUInteger.cpp 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/src/EbmlUInteger.cpp 2021-02-18 12:42:59.000000000
+0100
@@ -127,18 +127,25 @@
filepos_t EbmlUInteger::ReadData(IOCallback & input, ScopeMode ReadFully)
{
- if (ReadFully != SCOPE_NO_DATA) {
- binary Buffer[8];
- input.readFully(Buffer, GetSize());
- Value = 0;
+ if (ReadFully == SCOPE_NO_DATA)
+ return GetSize();
- for (unsigned int i=0; i<GetSize(); i++) {
- Value <<= 8;
- Value |= Buffer[i];
- }
- SetValueIsSet();
+ if (GetSize() > 8) {
+ // impossible to read, skip it
+ input.setFilePointer(GetSize(), seek_current);
+ return GetSize();
}
+ binary Buffer[8];
+ input.readFully(Buffer, GetSize());
+ Value = 0;
+
+ for (unsigned int i=0; i<GetSize(); i++) {
+ Value <<= 8;
+ Value |= Buffer[i];
+ }
+ SetValueIsSet();
+
return GetSize();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlUnicodeString.cpp
new/libebml-1.4.2/src/EbmlUnicodeString.cpp
--- old/libebml-1.4.1/src/EbmlUnicodeString.cpp 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/src/EbmlUnicodeString.cpp 2021-02-18 12:42:59.000000000
+0100
@@ -302,25 +302,26 @@
*/
filepos_t EbmlUnicodeString::ReadData(IOCallback & input, ScopeMode ReadFully)
{
- if (ReadFully != SCOPE_NO_DATA) {
- if (GetSize() == 0) {
- Value = UTFstring::value_type(0);
- SetValueIsSet();
- } else {
- auto Buffer = new (std::nothrow) char[GetSize()+1];
- if (Buffer == nullptr) {
- // impossible to read, skip it
- input.setFilePointer(GetSize(), seek_current);
- } else {
- input.readFully(Buffer, GetSize());
- if (Buffer[GetSize()-1] != 0) {
- Buffer[GetSize()] = 0;
- }
+ if (ReadFully == SCOPE_NO_DATA)
+ return GetSize();
- Value.SetUTF8(Buffer); // implicit conversion to std::string
- delete [] Buffer;
- SetValueIsSet();
+ if (GetSize() == 0) {
+ Value = UTFstring::value_type(0);
+ SetValueIsSet();
+ } else {
+ auto Buffer = (GetSize() + 1 < std::numeric_limits<std::size_t>::max()) ?
new (std::nothrow) char[GetSize()+1] : nullptr;
+ if (Buffer == nullptr) {
+ // impossible to read, skip it
+ input.setFilePointer(GetSize(), seek_current);
+ } else {
+ input.readFully(Buffer, GetSize());
+ if (Buffer[GetSize()-1] != 0) {
+ Buffer[GetSize()] = 0;
}
+
+ Value.SetUTF8(Buffer); // implicit conversion to std::string
+ delete [] Buffer;
+ SetValueIsSet();
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libebml-1.4.1/src/EbmlVersion.cpp
new/libebml-1.4.2/src/EbmlVersion.cpp
--- old/libebml-1.4.1/src/EbmlVersion.cpp 2021-01-04 15:18:57.000000000
+0100
+++ new/libebml-1.4.2/src/EbmlVersion.cpp 2021-02-18 12:42:59.000000000
+0100
@@ -38,7 +38,7 @@
START_LIBEBML_NAMESPACE
-const std::string EbmlCodeVersion = "1.4.1";
+const std::string EbmlCodeVersion = "1.4.2";
// Up to version 1.3.3 this library exported a build date string. As
// this made the build non-reproducible, replace it by a placeholder to
