Hello community, here is the log from the commit of package opus for openSUSE:Factory checked in at 2017-01-24 10:27:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opus (Old) and /work/SRC/openSUSE:Factory/.opus.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opus" Changes: -------- --- /work/SRC/openSUSE:Factory/opus/opus.changes 2016-08-15 10:30:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.opus.new/opus.changes 2017-01-24 10:27:37.399561795 +0100 @@ -1,0 +2,8 @@ +Mon Jan 16 20:56:54 UTC 2017 - zai...@opensuse.org + +- Fix CVE-2017-0381 (boo#1020102), opus: remote code execution + vulnerability in silk/NLSF_stabilize.c. +- Add opus-NLSF-not-negative.patch: Ensure that NLSF cannot be + negative when computing a min distance between them. + +------------------------------------------------------------------- New: ---- opus-NLSF-not-negative.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opus.spec ++++++ --- /var/tmp/diff_new_pack.TsuyN3/_old 2017-01-24 10:27:37.859496558 +0100 +++ /var/tmp/diff_new_pack.TsuyN3/_new 2017-01-24 10:27:37.863495990 +0100 @@ -1,7 +1,7 @@ # # spec file for package opus # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2012 Pascal Bleser <pascal.ble...@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -27,6 +27,8 @@ Url: http://opus-codec.org/ Source: http://downloads.xiph.org/releases/opus/%{name}-%{version}.tar.gz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM opus-NLSF-not-negative.patch CVE-2017-0381 boo#1020102 zai...@opensuse.org -- Ensure that NLSF cannot be negative when computing a min distance between them. +Patch0: opus-NLSF-not-negative.patch BuildRequires: pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -66,6 +68,7 @@ %prep %setup -q +%patch0 -p1 %build %configure \ ++++++ opus-NLSF-not-negative.patch ++++++ >From 79e8f527b0344b0897a65be35e77f7885bd99409 Mon Sep 17 00:00:00 2001 From: Felicia Lim <f...@google.com> Date: Thu, 28 Jul 2016 15:21:19 +0200 Subject: [PATCH] Ensure that NLSF cannot be negative when computing a min distance between them Signed-off-by: Jean-Marc Valin <jmva...@jmvalin.ca> --- silk/NLSF_stabilize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/silk/NLSF_stabilize.c b/silk/NLSF_stabilize.c index 1fa1ea3..8f3426b 100644 --- a/silk/NLSF_stabilize.c +++ b/silk/NLSF_stabilize.c @@ -130,7 +130,7 @@ void silk_NLSF_stabilize( /* Keep delta_min distance between the NLSFs */ for( i = 1; i < L; i++ ) - NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], NLSF_Q15[i-1] + NDeltaMin_Q15[i] ); + NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], silk_ADD_SAT16( NLSF_Q15[i-1], NDeltaMin_Q15[i] ) ); /* Last NLSF should be no higher than 1 - NDeltaMin[L] */ NLSF_Q15[L-1] = silk_min_int( NLSF_Q15[L-1], (1<<15) - NDeltaMin_Q15[L] ); -- 2.1.4
