packages/libass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 Update to 0.17.1

Browse Source 
From: @lyn1001 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2023-04-28 06:13:23 +00:00 committed by Gitee
commit 76670bc904
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 7 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2020-36430.patch
View File

@ -1,40 +0,0 @@
From 017137471d0043e0321e377ed8da48e45a3ec632 Mon Sep 17 00:00:00 2001
From: Oleg Oshmyan <chortos@inbox.lv>
Date: Tue, 27 Oct 2020 15:46:04 +0200
Subject: [PATCH] decode_font: fix subtraction broken by change to unsigned
type
This caused a one-byte buffer overwrite and an assertion failure.
Regression in commit 910211f1c0078e37546f73e95306724358b89be2.
Discovered by OSS-Fuzz.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26678.
---
libass/ass.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libass/ass.c b/libass/ass.c
index 428a332ff..5be09a7cf 100644
--- a/libass/ass.c
+++ b/libass/ass.c
@@ -857,7 +857,7 @@ static int decode_font(ASS_Track *track)
ass_msg(track->library, MSGL_ERR, "Bad encoded data size");
goto error_decode_font;
}
- buf = malloc(size / 4 * 3 + FFMAX(size % 4 - 1, 0));
+ buf = malloc(size / 4 * 3 + FFMAX(size % 4, 1) - 1);
if (!buf)
goto error_decode_font;
q = buf;
@@ -871,7 +871,7 @@ static int decode_font(ASS_Track *track)
q = decode_chars(p, q, 3);
}
dsize = q - buf;
- assert(dsize == size / 4 * 3 + FFMAX(size % 4 - 1, 0));
+ assert(dsize == size / 4 * 3 + FFMAX(size % 4, 1) - 1);
if (track->library->extract_fonts) {
ass_add_font(track->library, track->parser_priv->fontname,

BIN
libass-0.15.0.tar.xz
View File

Binary file not shown.

BIN
libass-0.17.1.tar.xz Normal file
View File

Binary file not shown.

13
libass.spec
View File

@ -1,6 +1,6 @@
Name: libass
Version: 0.15.0
Release: 2
Version: 0.17.1
Release: 1
Summary: Portable subtitle renderer for the ASS/SSA subtitle format
License: ISC
URL: https://github.com/libass
@ -9,8 +9,6 @@ Source0: https://github.com/libass/libass/releases/download/%{version}/li
BuildRequires: gcc nasm pkgconfig(fontconfig) >= 2.10.92 pkgconfig(freetype2) >= 9.10.3
BuildRequires: pkgconfig(fribidi) >= 0.19.0 pkgconfig(harfbuzz) >= 0.9.5 pkgconfig(libpng) >= 1.2.0
Patch0: CVE-2020-36430.patch
%description
libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha)
subtitle format. It is mostly compatible with VSFilter.
@ -44,11 +42,11 @@ make check
%files
%defattr(-,root,root)
%license COPYING
%{_libdir}/*.so.*
%{_libdir}/*.so.9*
%files devel
%defattr(-,root,root)
%{_includedir}/*
%{_includedir}/ass
%{_libdir}/*.so
%{_libdir}/pkgconfig/libass.pc
@ -57,6 +55,9 @@ make check
%doc Changelog
%changelog
* Fri Apr 28 2023 liyanan <thistleslyn@163.com> - 0.17.1-1
- Update to 0.17.1
* Thu Jul 29 2021 houyingchao <houyingchao@huawei.com> - 0.15.0-2
- Fix CVE-2020-36430