Update to latest stable upstream release, fixing security issues (CVE-2015-8789, CVE-2015-8790 and CVE-2015-8791). No incompatible ABI or API changes.
Highlights from upstream changelog:
- EbmlMaster::Read(): When the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting in memory access after freeing it and multiple attempts to free the same memory address during destruction. Fixes the issue reported as Cisco TALOS-CAN-0037.
- EbmlElement::ReadCodedSizeValue(): Fixed an invalid memory access. When reading a EBML variable length integer value a read access beyond the end of the available buffer was possible if fewer bytes were available than indicated by the first byte resulting in a heap information leak.
- EbmlUnicodeString::UpdateFromUTF8(): Fixed an invalid memory access. When reading from a UTF-8 string in which the length indicated by a UTF-8 character's first byte exceeds the string's actual number of bytes the parser would access beyond the end of the string resulting in a heap information leak. Fixes the issue reported as Cisco TALOS-CAN-0036.
- EbmlElement::FindNextElement(): Handle EOF when reading the element size properly.
- EbmlString::ValidateSize(): only allow the same maximum size as EbmlBinary.
- EbmlElement::Render(): doesn't catch exceptions anymore. Instead exceptions generated from the IOCallback class (e.g. if a write failed) are propagated to the caller.
- build system: switched the build system from hand-crafted Makefiles to an autoconf/automake-based system. A pkg-config file will be installed as well; its name is »libebml«. Patch by Jan Engelhardt email@example.com.
- EbmlMaster::Read(): when reading with SCOPE_ALL_DATA only those elements that could successfully be read will be kept (e.g. defective block groups will be dropped).
- EbmlMemoryStream: add a new class for safe memory access that throws exception on failures.
- EbmlMaster: Fixed read() trying to calculate the end position of elements with an unknown size. This avoids endless loops and assertions in certain cases. See https://trac.bunkus.org/ticket/1089
Please login to add feedback.