commit vlc for openSUSE:Factory

h_root Mon, 08 Feb 2016 00:48:07 -0800

Hello community,

here is the log from the commit of package vlc for openSUSE:Factory checked in 
at 2016-02-08 09:47:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vlc (Old)
 and      /work/SRC/openSUSE:Factory/.vlc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "vlc"

Changes:
--------
--- /work/SRC/openSUSE:Factory/vlc/vlc.changes  2016-01-09 23:13:50.000000000 
+0100
+++ /work/SRC/openSUSE:Factory/.vlc.new/vlc.changes     2016-02-08 
09:47:57.000000000 +0100
@@ -1,0 +2,6 @@
+Fri Feb  5 09:07:03 UTC 2016 - dims...@opensuse.org
+
+- Add vlc-CVE-2015-5949.patch: demux: mp4: correctly match release
+  function (boo#965227, CVE-2015-5949).
+
+-------------------------------------------------------------------

New:
----
  vlc-CVE-2015-5949.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ vlc.spec ++++++
--- /var/tmp/diff_new_pack.cxgxd1/_old  2016-02-08 09:47:58.000000000 +0100
+++ /var/tmp/diff_new_pack.cxgxd1/_new  2016-02-08 09:47:58.000000000 +0100
@@ -47,6 +47,8 @@
 Patch2:         vlc-qt5.5-mousepointer.patch
 Patch3:         0001-no-return-in-non-void.patch
 Patch4:         vlc-2.2.0-fix_deinterlace_mmx.patch
+# PATCH-FIX-UPSTREAM vlc-CVE-2015-5949.patch boo#965227 CVE-2015-5949 
dims...@opensuse.org -- demux: mp4: correctly match release function
+Patch5:         vlc-CVE-2015-5949.patch
 BuildRequires:  Mesa-devel
 BuildRequires:  SDL-devel >= 1.2.10
 BuildRequires:  aalib-devel
@@ -313,6 +315,7 @@
 %patch4
 %endif
 %endif
+%patch5 -p1
 
 ### Fix up sources for LUA 5.3
 if pkg-config --atleast-version 5.3 lua; then

++++++ vlc-CVE-2015-5949.patch ++++++
>From ce91452460a75d7424b165c4dc8db98114c3cbd9 Mon Sep 17 00:00:00 2001
From: Francois Cartegnie <fcarteg...@free.fr>
Date: Mon, 3 Aug 2015 15:17:32 +0200
Subject: [PATCH 1/1] demux: mp4: correctly match release function

Signed-off-by: Jean-Baptiste Kempf <j...@videolan.org>
---
 modules/demux/mp4/libmp4.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 331262b..f220e51 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -3643,6 +3643,11 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box )
     {
         for( i_index = 0; ; i_index++ )
         {
+            if ( MP4_Box_Function[i_index].i_parent &&
+                 p_box->p_father &&
+                 p_box->p_father->i_type != MP4_Box_Function[i_index].i_parent 
)
+                continue;
+
             if( ( MP4_Box_Function[i_index].i_type == p_box->i_type )||
                 ( MP4_Box_Function[i_index].i_type == 0 ) )
             {
-- 
1.7.10.4

commit vlc for openSUSE:Factory

Reply via email to