debian/0000775000000000000000000000000012703757134007201 5ustar debian/control0000664000000000000000000000312012676532140010575 0ustar Source: libebml Section: devel Priority: optional Maintainer: Debian Multimedia Maintainers Uploaders: Sam Hocevar (Debian packages) , Rico Tzschichholz , Matteo F. Vescovi Build-Depends: debhelper (>= 9) Standards-Version: 3.9.4 Homepage: http://dl.matroska.org/downloads/libebml/ Vcs-Git: git://anonscm.debian.org/pkg-multimedia/libebml.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-multimedia/libebml.git Package: libebml4 Section: libs Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Description: access library for the EBML format (shared library) The libebml library allows one to read and write files using EBML (the Extensible Binary Meta Language), a binary pendant to XML. Using libebml makes it easier to extend a file format without breaking support in older parsers. . This package contains the shared library needed to run applications that use libebml. Package: libebml-dev Section: libdevel Architecture: any Multi-Arch: same Depends: libebml4 (= ${binary:Version}), ${misc:Depends} Description: access library for the EBML format (development files) The libebml library allows one to read and write files using EBML (the Extensible Binary Meta Language), a binary pendant to XML. Using libebml makes it easier to extend a file format without breaking support in older parsers. . This package contains the header files and static libraries needed to compile applications that use libebml. debian/docs0000664000000000000000000000000012676532140010037 0ustar debian/libebml-dev.dirs0000664000000000000000000000002412676532140012237 0ustar usr/lib usr/include debian/changelog0000664000000000000000000002206512703757134011060 0ustar libebml (1.3.0-2+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Marc Deslauriers Thu, 14 Apr 2016 14:15:56 -0400 libebml (1.3.0-2+deb8u1) jessie-security; urgency=medium * Non-maintainer upload. * Add CVE-2015-8789.patch. Fix use-after-free vulnerability in the EbmlMaster::Read function. * Add CVE-2015-8790.patch. Fix EbmlUnicodeString::UpdateFromUTF8 function that allowed context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string. * Add CVE-2015-8791.patch. Fix EbmlElement::ReadCodedSizeValue function that allowed context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id. -- Markus Koschany Tue, 29 Mar 2016 18:58:48 +0200 libebml (1.3.0-2) unstable; urgency=low * Upload to unstable (Closes: #720182) -- Matteo F. Vescovi Mon, 19 Aug 2013 15:48:15 +0200 libebml (1.3.0-1) experimental; urgency=low * New upstream release - debian/: SONAME bump libebml3 => libebml4 * debian/control: Standards-Version bumped to 3.9.4 * debian/control: Vcs-* URLs updated -- Matteo F. Vescovi Sat, 29 Jun 2013 15:04:57 +0200 libebml (1.2.2-2) unstable; urgency=low * Team upload. [ Matteo F. Vescovi ] * debian/control: uploader's email address changed [ Alessio Treglia ] * Introduce Multiarch. -- Alessio Treglia Tue, 14 Feb 2012 11:31:58 +0100 libebml (1.2.2-1) unstable; urgency=low * New upstream release -- Matteo F. Vescovi Wed, 05 Oct 2011 13:46:42 +0200 libebml (1.2.1-1) unstable; urgency=low * Team upload. * New upstream release (Closes: #631803): - fix the constructor of CRTError in StdIOCallback - fix the size returned by MemIOCallback::read() when reaching the end of the buffer - add a macro to define signed integer elements that have a default value * Correct maintainer's name. * Bump Standards. * Remove useless shlibs:Depends macro from -DEV's Depends field. * Fix small errors in the packages description. * Remove unnecessary debian/dirs file. -- Alessio Treglia Tue, 28 Jun 2011 10:12:23 +0200 libebml (1.2.0-2) unstable; urgency=low * Team upload. [ Rico Tzschichholz ] * add myself to uploaders [ Fabian Greffrath ] * Remove myself from Uploaders. [ Reinhard Tartler ] * upload to unstable -- Reinhard Tartler Sat, 05 Mar 2011 17:54:36 +0100 libebml (1.2.0-1) experimental; urgency=low [ Rico Tzschichholz ] * New upstream release * debian/control,debian/libebml3.install: + bump library soname to libebml3 * debian/control: + bump standard version to 3.9.1 [ Reinhard Tartler ] * upload to experimental -- Reinhard Tartler Fri, 18 Feb 2011 20:54:15 +0100 libebml (1.0.0-1) experimental; urgency=low [ Reinhard Tartler ] * remove generated files from branch * add .gitignore file * bump shlips * remove debian/patches/010_propagate_cflags.diff hack * remove debian/patches/020_invalid_cast.diff, applied upstream * remove debian/patches/030_g++-4.3.diff, merged upstream * don't create usr/include in libebml0 package [ Fabian Greffrath ] * Add debian/watch. * Add debian/gbp.conf. * Imported Upstream version 1.0.0 (Closes: #582238). [ Reinhard Tartler ] * prepare new upload * convert to Source Format 3.0 (quilt) * update Vcs- headers [ Fabian Greffrath ] * Remove useless debian/*.dirs. * Bump library soname to libebml2. * Convert Debian packaging to dh 7. * Add myself to Uploaders. * Bump Standards-Version to 3.8.4. * Fix weak-library-dev-dependency. * Fix debhelper-but-no-misc-depends. * Wrap lines in debian/control. * Fix duplicate-short-description. * Fix old-fsf-address-in-copyright-file. -- Fabian Greffrath Tue, 08 Jun 2010 23:13:59 +0200 libebml (0.8.0-1) unstable; urgency=low * new upstream release. (Closes: 582238). -- Eric Dantan Rzewnicki Sat, 29 May 2010 09:54:09 -0400 libebml (0.7.7-3.1) unstable; urgency=low * Non-maintainer upload. * Update debian/copyright (Closes: 465252). * Add debian/patches/030_g++-4.3.diff to fix g++-4.3 FTBFS (Closes: 455184). -- Pierre Habouzit Tue, 18 Mar 2008 23:58:01 +0100 libebml (0.7.7-3) unstable; urgency=low * No upstream version in a long time. Distributing shared libraries now. * debian/rules: + No longer build _pic.a library. * debian/control: + Add libebml0 package. * debian/compat: + Set compat to 5. -- Sam Hocevar (Debian packages) Thu, 15 Mar 2007 17:28:01 +0100 libebml (0.7.7-2) unstable; urgency=low * debian/control: + Set pkg-multimedia-maintainers as main maintainer. + Added Vcs fields. + Set policy to 3.7.2. -- Sam Hocevar (Debian packages) Thu, 15 Mar 2007 02:35:26 +0100 libebml (0.7.7-1) unstable; urgency=low * New upstream release. * This release fixes a file corruption issue (Closes: #360644). -- Sam Hocevar (Debian packages) Mon, 3 Apr 2006 22:18:57 +0200 libebml (0.7.6-3) unstable; urgency=low * Switched patch system to quilt. * debian/control: + Build-depend on quilt. * 010_propagate_cflags.diff: (new patch from old diff.gz) propagate custom CXXFLAGS to the build process. * 020_invalid_cast.diff: (new patch from old diff.gz) cast pointers to uintptr_t instead of unsigned long. -- Sam Hocevar (Debian packages) Thu, 30 Mar 2006 17:14:29 +0200 libebml (0.7.6-2) unstable; urgency=low * debian/compat: set level to 4. -- Sam Hocevar (Debian packages) Sat, 26 Nov 2005 20:01:04 +0100 libebml (0.7.6-1) unstable; urgency=low * New upstream release. -- Sam Hocevar (Debian packages) Sun, 30 Oct 2005 15:49:31 +0100 libebml (0.7.5-1) unstable; urgency=low * New upstream release. * debian/control: + Set policy to 3.6.2.1. * src/EbmlFloat.cpp: + Fixed amd64 FTBFS (Closes: #300548). -- Sam Hocevar (Debian packages) Fri, 15 Jul 2005 13:46:53 +0300 libebml (0.7.3-1) unstable; urgency=low * New upstream release (Closes: #288715, #290687). * ebml/EbmlCrc32.h: cast pointer to uintptr_t before doing arithmetic operations on it (Closes: #284881). -- Sam Hocevar (Debian packages) Sat, 12 Mar 2005 16:24:35 +0100 libebml (0.7.1-1) unstable; urgency=medium * New upstream release (Closes: #271897). -- Sam Hocevar (Debian packages) Fri, 17 Sep 2004 11:38:18 +0200 libebml (0.7.0-2) unstable; urgency=low * debian/control: + Set policy to 3.6.1.1. -- Sam Hocevar (Debian packages) Sat, 24 Jul 2004 13:52:21 +0200 libebml (0.7.0-1) unstable; urgency=low * New upstream release. -- Sam Hocevar (Debian packages) Mon, 26 Apr 2004 22:22:03 +0200 libebml (0.6.3-1) unstable; urgency=low * New upstream release. -- Sam Hocevar (Debian packages) Tue, 6 Jan 2004 21:07:21 +0100 libebml (0.6.2-1) unstable; urgency=low * New upstream release. -- Sam Hocevar (Debian packages) Tue, 4 Nov 2003 11:14:30 +0100 libebml (0.6.0-2) unstable; urgency=low * Fixed upstream's braindamaged use of DEB_BUILD_OPTIONS. -- Sam Hocevar (Debian packages) Wed, 15 Oct 2003 09:00:42 +0200 libebml (0.6.0-1) unstable; urgency=low * New upstream release. -- Sam Hocevar (Debian packages) Sun, 12 Oct 2003 16:50:58 +0200 libebml (0.5.0-4) unstable; urgency=low * Used "cvs2cl --utc --no-wrap -w --stdout -g -z9" to generate an upstream changelog (Closes: #208599). -- Sam Hocevar (Debian packages) Fri, 5 Sep 2003 09:26:58 +0200 libebml (0.5.0-3) unstable; urgency=low * make/linux/Makefile: + Fixed $(CUSTOMFLAGS) so that the PIC lib gets built. * debian/control: + Set policy to 3.6.1.0. -- Sam Hocevar (Debian packages) Tue, 2 Sep 2003 21:12:08 +0200 libebml (0.5.0-2) unstable; urgency=low * debian/control: + Downgraded debhelper build-dependency to allow easier backporting. + Enhanced the long description. -- Sam Hocevar (Debian packages) Thu, 14 Aug 2003 11:06:11 +0200 libebml (0.5.0-1) unstable; urgency=low * New upstream release. * debian/control: + Set policy to 3.6.0. No changes required. + Set debhelper build-dependency to (>= 4.0) because of debian/compat. -- Sam Hocevar (Debian packages) Thu, 7 Aug 2003 14:54:50 +0200 libebml (0.4.4+cvs.20030622-1) unstable; urgency=low * First Debian release (Closes: #198706). * debian/control: + Set policy to 3.5.10. + Rephrased upstream's long description. * debian/rules: + Ship PIC libraries so that application plugins can be linked with us. -- Sam Hocevar (Debian packages) Wed, 25 Jun 2003 05:22:08 +0200 debian/libebml4.install0000664000000000000000000000002212676532140012252 0ustar /usr/lib/*/*.so.* debian/source/0000775000000000000000000000000012676532140010476 5ustar debian/source/format0000664000000000000000000000001412676532140011704 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212676532140010374 0ustar 9 debian/patches/0000775000000000000000000000000012676532140010625 5ustar debian/patches/CVE-2015-8790.patch0000664000000000000000000000600412676532140013255 0ustar From: Markus Koschany Date: Thu, 24 Mar 2016 16:46:18 +0100 Subject: CVE-2015-8790 The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. Origin: https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b --- src/EbmlUnicodeString.cpp | 60 +++++++++++++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/src/EbmlUnicodeString.cpp b/src/EbmlUnicodeString.cpp index 56c5606..e9b91f5 100644 --- a/src/EbmlUnicodeString.cpp +++ b/src/EbmlUnicodeString.cpp @@ -47,6 +47,21 @@ START_LIBEBML_NAMESPACE // ===================== UTFstring class =================== +static unsigned int UTFCharLength(uint8 lead) +{ + if (lead < 0x80) + return 1; + else if ((lead >> 5) == 0x6) + return 2; + else if ((lead >> 4) == 0xe) + return 3; + else if ((lead >> 3) == 0x1e) + return 4; + else + // Invalid size? + return 0; +} + UTFstring::UTFstring() :_Length(0) ,_Data(NULL) @@ -143,39 +158,38 @@ void UTFstring::UpdateFromUTF8() delete [] _Data; // find the size of the final UCS-2 string size_t i; - for (_Length=0, i=0; i(UTF8string[i]); - if (lead < 0x80) - i++; - else if ((lead >> 5) == 0x6) - i += 2; - else if ((lead >> 4) == 0xe) - i += 3; - else if ((lead >> 3) == 0x1e) - i += 4; + const size_t SrcLength = UTF8string.length(); + for (_Length=0, i=0; i(UTF8string[i])); + if ((CharLength >= 1) && (CharLength <= 4)) + i += CharLength; else // Invalid size? break; } _Data = new wchar_t[_Length+1]; size_t j; - for (j=0, i=0; i(UTF8string[i]); - if (lead < 0x80) { + for (j=0, i=0; i(UTF8string[i]); + const unsigned int CharLength = UTFCharLength(lead); + if ((CharLength < 1) || (CharLength > 4)) + // Invalid char? + break; + + if ((i + CharLength) > SrcLength) + // Guard against invalid memory access beyond the end of the + // source buffer. + break; + + if (CharLength == 1) _Data[j] = lead; - i++; - } else if ((lead >> 5) == 0x6) { + else if (CharLength == 2) _Data[j] = ((lead & 0x1F) << 6) + (UTF8string[i+1] & 0x3F); - i += 2; - } else if ((lead >> 4) == 0xe) { + else if (CharLength == 3) _Data[j] = ((lead & 0x0F) << 12) + ((UTF8string[i+1] & 0x3F) << 6) + (UTF8string[i+2] & 0x3F); - i += 3; - } else if ((lead >> 3) == 0x1e) { + else if (CharLength == 4) _Data[j] = ((lead & 0x07) << 18) + ((UTF8string[i+1] & 0x3F) << 12) + ((UTF8string[i+2] & 0x3F) << 6) + (UTF8string[i+3] & 0x3F); - i += 4; - } else - // Invalid char? - break; + i += CharLength; } _Data[j] = 0; } debian/patches/CVE-2015-8789.patch0000664000000000000000000000436312676532140013273 0ustar From: Markus Koschany Date: Thu, 24 Mar 2016 16:45:07 +0100 Subject: CVE-2015-8789 Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. Reviewed by upstream: https://github.com/Matroska-Org/libebml/issues/14 Origin: https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24 Origin: https://github.com/Matroska-Org/libebml/commit/95ff31de88f478e152adf9b6d876ba7354b24c80 --- src/EbmlMaster.cpp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/EbmlMaster.cpp b/src/EbmlMaster.cpp index ea2d63a..1718866 100644 --- a/src/EbmlMaster.cpp +++ b/src/EbmlMaster.cpp @@ -425,8 +425,13 @@ void EbmlMaster::Read(EbmlStream & inDataStream, const EbmlSemanticContext & sCo if (IsFiniteSize()) MaxSizeToRead = GetEndPosition() - ElementLevelA->GetEndPosition(); // even if it's the default value if (!AllowDummyElt && ElementLevelA->IsDummy()) { - ElementLevelA->SkipData(inDataStream, sContext); - delete ElementLevelA; // forget this unknown element + if (ElementLevelA->IsFiniteSize()) { + ElementLevelA->SkipData(inDataStream, sContext); + delete ElementLevelA; // forget this unknown element + } else { + delete ElementLevelA; // forget this unknown element + break; + } } else { // more logical to do it afterward ElementList.push_back(ElementLevelA); @@ -434,7 +439,17 @@ void EbmlMaster::Read(EbmlStream & inDataStream, const EbmlSemanticContext & sCo ElementLevelA->Read(inDataStream, EBML_CONTEXT(ElementLevelA), UpperEltFound, FoundElt, AllowDummyElt, ReadFully); // just in case - ElementLevelA->SkipData(inDataStream, EBML_CONTEXT(ElementLevelA)); + if (ElementLevelA->IsFiniteSize()) + ElementLevelA->SkipData(inDataStream, EBML_CONTEXT(ElementLevelA)); + else + break; + } + + if (UpperEltFound) { + --UpperEltFound; + if (UpperEltFound > 0 || MaxSizeToRead <= 0) + goto processCrc; + ElementLevelA = FoundElt; } if (UpperEltFound > 0) { debian/patches/series0000664000000000000000000000007412676532140012043 0ustar CVE-2015-8789.patch CVE-2015-8791.patch CVE-2015-8790.patch debian/patches/CVE-2015-8791.patch0000664000000000000000000000206312676532140013257 0ustar From: Markus Koschany Date: Thu, 24 Mar 2016 16:45:29 +0100 Subject: CVE-2015-8791 The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. Origin: https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90 --- src/EbmlElement.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/EbmlElement.cpp b/src/EbmlElement.cpp index 4b96d06..0969468 100644 --- a/src/EbmlElement.cpp +++ b/src/EbmlElement.cpp @@ -149,6 +149,11 @@ uint64 ReadCodedSizeValue(const binary * InBuffer, uint32 & BufferSize, uint64 & // ID found PossibleSizeLength = SizeIdx + 1; SizeBitMask >>= SizeIdx; + + // Guard against invalid memory accesses with incomplete IDs. + if (PossibleSizeLength > BufferSize) + break; + for (SizeIdx = 0; SizeIdx < PossibleSizeLength; SizeIdx++) { PossibleSize[SizeIdx] = InBuffer[SizeIdx]; } debian/libebml-dev.files0000664000000000000000000000003512676532140012402 0ustar usr/include/* usr/lib/lib*.a debian/copyright0000664000000000000000000000704612676532140011140 0ustar This package was debianized by Moritz Bunkus on Mon, 21 Apr 2003 12:49:33 +0200. It was downloaded from http://dl.matroska.org/downloads/libebml/ Upstream Author: Steve Lhomme Files: debian/* Copyright: © 2003 Moritz Bunkus © 2010 Fabian Greffrath License: GPL-2+ The Debian packaging licensed under the GPL version 2, or (at your option) any later version, see below. Files: src/IOCallback.cpp src/StdIOCallback.cpp Copyright: (C) 2002-2004 Ingo Ralf Blum. All rights reserved. License: LGPL-2.1 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA . See http://www.matroska.org/license/lgpl/ for LGPL licensing information. . Contact license@matroska.org if any conditions of this licensing are not clear to you. Files: src/MemIOCallback.cpp Copyright: (C) 2003 Jory Stone. All rights reserved. License: LGPL-2.1 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA . See http://www.matroska.org/license/lgpl/ for LGPL licensing information. . Contact license@matroska.org if any conditions of this licensing are not clear to you. Files: * Copyright: (C) 2002-2005 Steve Lhomme. All rights reserved. License: LGPL-2.1 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA . See http://www.matroska.org/license/lgpl/ for LGPL licensing information. . Contact license@matroska.org if any conditions of this licensing are not clear to you. On Debian systems, the full text of the LGPL v2.1 can be found in /usr/share/common-licenses/LGPL-2.1, and of the GPL v2 in /usr/share/common-licenses/GPL-2. debian/watch0000664000000000000000000000011212676532140010221 0ustar version=3 http://dl.matroska.org/downloads/libebml/libebml-(.*)\.tar\.bz2 debian/libebml-dev.install0000664000000000000000000000005412676532140012747 0ustar /usr/include /usr/lib/*/*.a /usr/lib/*/*.so debian/gbp.conf0000664000000000000000000000025012676532140010612 0ustar [DEFAULT] upstream-branch = upstream debian-branch = master upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True compression = bzip2 debian/rules0000775000000000000000000000041712676532140010260 0ustar #!/usr/bin/make -f DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) %: dh $@ --sourcedirectory=make/linux override_dh_auto_install: dh_auto_install -- prefix=$(CURDIR)/debian/tmp/usr \ libdir=$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)