Mail archive
alpine-aports

[alpine-aports] [PATCH v3.3] main/libass: security fixes

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Mon, 19 Dec 2016 11:16:23 +0000

CVE-2016-7969, CVE-2016-7970, CVE-2016-7972
---
 main/libass/APKBUILD            | 44 +++++++++++++++++++++++++++++++++--------
 main/libass/CVE-2016-7969.patch | 16 +++++++++++++++
 main/libass/CVE-2016-7970.patch | 14 +++++++++++++
 main/libass/CVE-2016-7972.patch | 13 ++++++++++++
 4 files changed, 79 insertions(+), 8 deletions(-)
 create mode 100644 main/libass/CVE-2016-7969.patch
 create mode 100644 main/libass/CVE-2016-7970.patch
 create mode 100644 main/libass/CVE-2016-7972.patch
diff --git a/main/libass/APKBUILD b/main/libass/APKBUILD
index c048a2e..1680ca8 100644
--- a/main/libass/APKBUILD
+++ b/main/libass/APKBUILD
_at_@ -1,10 +1,11 @@
 # Contributor: Łukasz Jendrysik <scadu_at_yandex.com>
 # Contributor: Carlo Landmeter <clandmeter_at_gmail.com>
 # Contributor: Sören Tempel <soeren+alpine_at_soeren-tempel.net>
+# Contributor: Sergey Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=libass
 pkgver=0.13.0
-pkgrel=0
+pkgrel=1
 pkgdesc="A portable library for SSA/ASS subtitles rendering"
 url="https://github.com/libass/libass"
 arch="all"
_at_@ -13,11 +14,29 @@ depends=""
 depends_dev="enca-dev fontconfig-dev fribidi-dev freetype-dev"
 makedepends="$depends_dev"
 subpackages="$pkgname-dev"
-source="http://github.com/$pkgname/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.xz"
+source="http://github.com/$pkgname/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.xz
+	CVE-2016-7969.patch
+	CVE-2016-7970.patch
+	CVE-2016-7972.patch
+	"
+
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+	local i
+
+	cd "$builddir" || return 1
+
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || _failed="$_failed $i";;
+		esac
+	done
+}
+
 
-_builddir="$srcdir"/$pkgname-$pkgver
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
_at_@ -31,10 +50,19 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
-md5sums="8e6a506b4e5a637764183083421dc827  libass-0.13.0.tar.xz"
-sha256sums="e0071a3b2e95411c8d474014678368e3f0b852f7d663e0564b344e7335eb0671  libass-0.13.0.tar.xz"
-sha512sums="0253d0cd306603b2721bd128ad6eb050c74f1ee415145f238f3a10c4041b054bf94857f4c0043a6578c4fd0865e809e25fa9f61071631ba647c731c13418627f  libass-0.13.0.tar.xz"
+md5sums="8e6a506b4e5a637764183083421dc827  libass-0.13.0.tar.xz
+1c8b3d6cd2ffc1a459fbc105689cd57f  CVE-2016-7969.patch
+389d3d9db24f3cc2c1eadb7f8013de98  CVE-2016-7970.patch
+1a727bfe2faf3f60dee6dd5e4fc1f17c  CVE-2016-7972.patch"
+sha256sums="e0071a3b2e95411c8d474014678368e3f0b852f7d663e0564b344e7335eb0671  libass-0.13.0.tar.xz
+983c9583e734dd0370b34013c1701a322ec1235bebae35e6d3c080a1c97adb0d  CVE-2016-7969.patch
+d4e6c18c6ee0655bd17f8dd620872d7a0b818d5c9fae6152ff15308123ff8871  CVE-2016-7970.patch
+547f3c756988f0962612bf5ac9b7b4771b04a60f86cd7774fd21dc026a9c6980  CVE-2016-7972.patch"
+sha512sums="0253d0cd306603b2721bd128ad6eb050c74f1ee415145f238f3a10c4041b054bf94857f4c0043a6578c4fd0865e809e25fa9f61071631ba647c731c13418627f  libass-0.13.0.tar.xz
+277154b43386c03b5d85a5a4166580ef66676c869cf600bb1f027380a7e50a26c4a7c2508570cc8121956ba78d8544ee372ce7b8f74c11faef5ce9651211f4cd  CVE-2016-7969.patch
+080027ac5f4d776ac678b34f9d69ec236f72ffb46a5afc5db532367854dd1b384530cebf2a3a8e7ab9347b8b5cd63d3d2ea7059427953e9b803ddaaa980fc142  CVE-2016-7970.patch
+daaccc308fbec8147ec89a71d82e003817bf25a43f90e573819d001c57ee011fedc05663f8eb095220db4ac58b7e383ac18f454c292979535983fba4ccf09ffa  CVE-2016-7972.patch"
diff --git a/main/libass/CVE-2016-7969.patch b/main/libass/CVE-2016-7969.patch
new file mode 100644
index 0000000..fb68bbd
--- /dev/null
+++ b/main/libass/CVE-2016-7969.patch
_at_@ -0,0 +1,16 @@
+Based on https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26
+
+diff -ru libass-0.13.0.orig/libass/ass_render.c libass-0.13.0/libass/ass_render.c
+--- libass-0.13.0.orig/libass/ass_render.c
++++ libass-0.13.0/libass/ass_render.c
+_at_@ -1609,7 +1609,9 @@
+                         ((s3 - 1)->bbox.xMax + (s3 - 1)->pos.x) -
+                         (w->bbox.xMin + w->pos.x));
+ 
+-                    if (DIFF(l1_new, l2_new) < DIFF(l1, l2)) {
++                    if (DIFF(l1_new, l2_new) < DIFF(l1, l2) && w > text_info->glyphs) {
++                        if (w->linebreak)
++                            text_info->n_lines--;
+                         w->linebreak = 1;
+                         s2->linebreak = 0;
+                         exit = 0;
diff --git a/main/libass/CVE-2016-7970.patch b/main/libass/CVE-2016-7970.patch
new file mode 100644
index 0000000..d7e229d
--- /dev/null
+++ b/main/libass/CVE-2016-7970.patch
_at_@ -0,0 +1,14 @@
+Based on https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75
+
+diff -ru libass-0.13.0.orig/libass/ass_blur.c libass-0.13.0/libass/ass_blur.c
+--- libass-0.13.0.orig/libass/ass_blur.c
++++ libass-0.13.0/libass/ass_blur.c
+_at_@ -744,7 +744,7 @@
+         (  17 -  126 * mul +  273 * mul2 -  164 * mul3) / 12096,
+     };
+ 
+-    double mat_freq[13];
++    double mat_freq[14];
+     memcpy(mat_freq, kernel, sizeof(kernel));
+     memset(mat_freq + 4, 0, sizeof(mat_freq) - sizeof(kernel));
+     int n = 6;
diff --git a/main/libass/CVE-2016-7972.patch b/main/libass/CVE-2016-7972.patch
new file mode 100644
index 0000000..91f2cbe
--- /dev/null
+++ b/main/libass/CVE-2016-7972.patch
_at_@ -0,0 +1,13 @@
+Based on https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
+
+diff -ru libass-0.13.0.orig/libass/ass_shaper.c libass-0.13.0/libass/ass_shaper.c
+--- libass-0.13.0.orig/libass/ass_shaper.c
++++ libass-0.13.0/libass/ass_shaper.c
+_at_@ -100,6 +100,7 @@
+             !ASS_REALLOC_ARRAY(shaper->emblevels, new_size) ||
+             !ASS_REALLOC_ARRAY(shaper->cmap, new_size))
+             return false;
++        shaper->n_glyphs = new_size;
+     }
+     return true;
+ }
-- 
2.6.6
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Mon Dec 19 2016 - 11:16:23 GMT