[arch-commits] Commit in flac/trunk (3 files)
Eric BĂ©langer
eric at archlinux.org
Wed Nov 26 01:55:42 UTC 2014
Date: Wednesday, November 26, 2014 @ 02:55:42
Author: eric
Revision: 227108
upgpkg: flac 1.3.0-5
Add CVE patch (close FS#42898)
Added:
flac/trunk/flac-CVE-2014-8962.patch
flac/trunk/flac-CVE-2014-9028.patch
Modified:
flac/trunk/PKGBUILD
--------------------------+
PKGBUILD | 10 +++++++---
flac-CVE-2014-8962.patch | 40 ++++++++++++++++++++++++++++++++++++++++
flac-CVE-2014-9028.patch | 34 ++++++++++++++++++++++++++++++++++
3 files changed, 81 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-11-26 00:58:25 UTC (rev 227107)
+++ PKGBUILD 2014-11-26 01:55:42 UTC (rev 227108)
@@ -4,7 +4,7 @@
pkgbase=flac
pkgname=('flac' 'flac-doc')
pkgver=1.3.0
-pkgrel=4
+pkgrel=5
arch=('i686' 'x86_64')
url="http://flac.sourceforge.net/"
license=('BSD' 'GPL')
@@ -12,15 +12,19 @@
makedepends=('nasm' 'doxygen')
options=('!makeflags')
source=(http://downloads.xiph.org/releases/flac/${pkgbase}-${pkgver}.tar.xz
- flac-realloc.patch flac-divby0.patch)
+ flac-realloc.patch flac-divby0.patch flac-CVE-2014-8962.patch flac-CVE-2014-9028.patch)
sha1sums=('a136e5748f8fb1e6c524c75000a765fc63bb7b1b'
'22bf08219c289d747f399e351c701d0f195d3ce0'
- 'ceecf0603895267eda112c1cf85e3096e3d3acde')
+ 'ceecf0603895267eda112c1cf85e3096e3d3acde'
+ 'f78547bc7a085a47273ad85c3ec86a2960739944'
+ '18f7a66fc0faf857e3c82b462619acf5b5a19af4')
prepare() {
cd ${pkgbase}-${pkgver}
patch -p1 -i "${srcdir}/flac-realloc.patch"
patch -p1 -i "${srcdir}/flac-divby0.patch"
+ patch -p1 -i "${srcdir}/flac-CVE-2014-8962.patch"
+ patch -p1 -i "${srcdir}/flac-CVE-2014-9028.patch"
}
build() {
Added: flac-CVE-2014-8962.patch
===================================================================
--- flac-CVE-2014-8962.patch (rev 0)
+++ flac-CVE-2014-8962.patch 2014-11-26 01:55:42 UTC (rev 227108)
@@ -0,0 +1,40 @@
+From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd at mega-nerd.com>
+Date: Tue, 18 Nov 2014 07:20:25 -0800
+Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow.
+
+This is CVE-2014-8962.
+
+Reported-by: Michele Spagnuolo,
+ Google Security Team <mikispag at google.com>
+---
+ src/libFLAC/stream_decoder.c | 6 +++++-
+ 1 files changed, 5 insertions(+), 1 deletions(-)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index cb66fe2..88a656d 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
+ *
+ ***********************************************************************/
+
+-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
++static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+
+ /***********************************************************************
+ *
+@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
+ id = 0;
+ continue;
+ }
++
++ if(id >= 3)
++ return false;
++
+ if(x == ID3V2_TAG_[id]) {
+ id++;
+ i = 0;
+--
+1.7.2.5
+
Added: flac-CVE-2014-9028.patch
===================================================================
--- flac-CVE-2014-9028.patch (rev 0)
+++ flac-CVE-2014-9028.patch 2014-11-26 01:55:42 UTC (rev 227108)
@@ -0,0 +1,34 @@
+From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd at mega-nerd.com>
+Date: Wed, 19 Nov 2014 19:35:59 -0800
+Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow.
+
+A file provided by the reporters caused the stream decoder to write to
+un-allocated heap space resulting in a segfault. The solution is to
+error out (by returning false from read_residual_partitioned_rice_())
+instead of trying to continue to decode.
+
+Fixes: CVE-2014-9028
+Reported-by: Michele Spagnuolo,
+ Google Security Team <mikispag at google.com>
+---
+ src/libFLAC/stream_decoder.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index 88a656d..54e84d4 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -2736,7 +2736,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
+ if(decoder->private_->frame.header.blocksize < predictor_order) {
+ send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
+ decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
+- return true;
++ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
++ return false;
+ }
+ }
+ else {
+--
+1.7.2.5
+
More information about the arch-commits
mailing list