[arch-commits] Commit in flac/trunk (5 files)
Eric Bélanger
eric at archlinux.org
Fri Nov 28 01:50:50 UTC 2014
Date: Friday, November 28, 2014 @ 02:50:49
Author: eric
Revision: 227160
upgpkg: flac 1.3.1-1
Upstream update, Remove old patches
Modified:
flac/trunk/PKGBUILD
Deleted:
flac/trunk/flac-CVE-2014-8962.patch
flac/trunk/flac-CVE-2014-9028.patch
flac/trunk/flac-divby0.patch
flac/trunk/flac-realloc.patch
--------------------------+
PKGBUILD | 21 +++-----------------
flac-CVE-2014-8962.patch | 40 --------------------------------------
flac-CVE-2014-9028.patch | 34 --------------------------------
flac-divby0.patch | 47 ---------------------------------------------
flac-realloc.patch | 15 --------------
5 files changed, 4 insertions(+), 153 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-11-27 18:46:41 UTC (rev 227159)
+++ PKGBUILD 2014-11-28 01:50:49 UTC (rev 227160)
@@ -3,8 +3,8 @@
pkgbase=flac
pkgname=('flac' 'flac-doc')
-pkgver=1.3.0
-pkgrel=5
+pkgver=1.3.1
+pkgrel=1
arch=('i686' 'x86_64')
url="http://flac.sourceforge.net/"
license=('BSD' 'GPL')
@@ -11,22 +11,9 @@
depends=('gcc-libs' 'libogg')
makedepends=('nasm' 'doxygen')
options=('!makeflags')
-source=(http://downloads.xiph.org/releases/flac/${pkgbase}-${pkgver}.tar.xz
- flac-realloc.patch flac-divby0.patch flac-CVE-2014-8962.patch flac-CVE-2014-9028.patch)
-sha1sums=('a136e5748f8fb1e6c524c75000a765fc63bb7b1b'
- '22bf08219c289d747f399e351c701d0f195d3ce0'
- 'ceecf0603895267eda112c1cf85e3096e3d3acde'
- 'f78547bc7a085a47273ad85c3ec86a2960739944'
- '18f7a66fc0faf857e3c82b462619acf5b5a19af4')
+source=(http://downloads.xiph.org/releases/flac/${pkgbase}-${pkgver}.tar.xz)
+sha1sums=('38e17439d11be26207e4af0ff50973815694b26f')
-prepare() {
- cd ${pkgbase}-${pkgver}
- patch -p1 -i "${srcdir}/flac-realloc.patch"
- patch -p1 -i "${srcdir}/flac-divby0.patch"
- patch -p1 -i "${srcdir}/flac-CVE-2014-8962.patch"
- patch -p1 -i "${srcdir}/flac-CVE-2014-9028.patch"
-}
-
build() {
cd ${pkgbase}-${pkgver}
./configure --prefix=/usr --disable-sse
Deleted: flac-CVE-2014-8962.patch
===================================================================
--- flac-CVE-2014-8962.patch 2014-11-27 18:46:41 UTC (rev 227159)
+++ flac-CVE-2014-8962.patch 2014-11-28 01:50:49 UTC (rev 227160)
@@ -1,40 +0,0 @@
-From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd at mega-nerd.com>
-Date: Tue, 18 Nov 2014 07:20:25 -0800
-Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow.
-
-This is CVE-2014-8962.
-
-Reported-by: Michele Spagnuolo,
- Google Security Team <mikispag at google.com>
----
- src/libFLAC/stream_decoder.c | 6 +++++-
- 1 files changed, 5 insertions(+), 1 deletions(-)
-
-diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
-index cb66fe2..88a656d 100644
---- a/src/libFLAC/stream_decoder.c
-+++ b/src/libFLAC/stream_decoder.c
-@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
- *
- ***********************************************************************/
-
--static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
-+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
-
- /***********************************************************************
- *
-@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
- id = 0;
- continue;
- }
-+
-+ if(id >= 3)
-+ return false;
-+
- if(x == ID3V2_TAG_[id]) {
- id++;
- i = 0;
---
-1.7.2.5
-
Deleted: flac-CVE-2014-9028.patch
===================================================================
--- flac-CVE-2014-9028.patch 2014-11-27 18:46:41 UTC (rev 227159)
+++ flac-CVE-2014-9028.patch 2014-11-28 01:50:49 UTC (rev 227160)
@@ -1,34 +0,0 @@
-From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd at mega-nerd.com>
-Date: Wed, 19 Nov 2014 19:35:59 -0800
-Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow.
-
-A file provided by the reporters caused the stream decoder to write to
-un-allocated heap space resulting in a segfault. The solution is to
-error out (by returning false from read_residual_partitioned_rice_())
-instead of trying to continue to decode.
-
-Fixes: CVE-2014-9028
-Reported-by: Michele Spagnuolo,
- Google Security Team <mikispag at google.com>
----
- src/libFLAC/stream_decoder.c | 3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
-index 88a656d..54e84d4 100644
---- a/src/libFLAC/stream_decoder.c
-+++ b/src/libFLAC/stream_decoder.c
-@@ -2736,7 +2736,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
- if(decoder->private_->frame.header.blocksize < predictor_order) {
- send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
- decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
-- return true;
-+ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
-+ return false;
- }
- }
- else {
---
-1.7.2.5
-
Deleted: flac-divby0.patch
===================================================================
--- flac-divby0.patch 2014-11-27 18:46:41 UTC (rev 227159)
+++ flac-divby0.patch 2014-11-28 01:50:49 UTC (rev 227160)
@@ -1,47 +0,0 @@
-From 9443151da38d25430f0683dfdcd7f6076ecabe0a Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd at mega-nerd.com>
-Date: Tue, 8 Jul 2014 18:25:11 +1000
-Subject: [PATCH] src/flac/utils.c : Make sure get_console_width() returns value > 0.
-
-Previous version of get_console_width() may return 0 which will result in
-a division by 0 in stats_print_name():
-
- console_width = get_console_width();
- len = strlen_console(name)+2;
- console_chars_left = console_width - (len % console_width);
-
-Bug-report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739613
-Patch-from: lvqcl <lvqcl.mail at gmail.com>
----
- src/flac/utils.c | 7 +++++--
- 1 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/flac/utils.c b/src/flac/utils.c
-index 557477e..52b2c43 100644
---- a/src/flac/utils.c
-+++ b/src/flac/utils.c
-@@ -176,7 +176,7 @@ static int console_chars_left;
-
- int get_console_width(void)
- {
-- int width = 80;
-+ int width = 0;
- #if defined _WIN32
- width = win_get_console_width();
- #elif defined __EMX__
-@@ -185,8 +185,11 @@ int get_console_width(void)
- width = s[0];
- #elif defined GWINSZ_IN_SYS_IOCTL
- struct winsize w;
-- if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &w) != -1) width = w.ws_col;
-+ if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &w) != -1)
-+ width = w.ws_col;
- #endif
-+ if (width <= 0)
-+ width = 80;
- return width;
- }
-
---
-1.7.2.5
-
Deleted: flac-realloc.patch
===================================================================
--- flac-realloc.patch 2014-11-27 18:46:41 UTC (rev 227159)
+++ flac-realloc.patch 2014-11-28 01:50:49 UTC (rev 227160)
@@ -1,15 +0,0 @@
-X-Git-Url: http://git.xiph.org/?p=flac.git;a=blobdiff_plain;f=src%2Fmetaflac%2Futils.c;h=8a31daaddd47f8ea2d7b1e66445d180b4151e0db;hp=097537b2d39ea302269a16e7da9bc413e02ffb6e;hb=606fdfcaece19d3e05434bde57c289102a369069;hpb=d42c04260bf9e27cbb8c61a5529ecab3b20e25ff
-
-diff --git a/src/metaflac/utils.c b/src/metaflac/utils.c
-index 097537b..8a31daa 100644
---- a/src/metaflac/utils.c
-+++ b/src/metaflac/utils.c
-@@ -75,7 +75,7 @@ void local_strcat(char **dest, const char *source)
- *dest = safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1);
- if(0 == *dest)
- die("out of memory growing string");
-- safe_strncpy((*dest)+ndest, source, ndest + nsource + 1);
-+ safe_strncpy((*dest)+ndest, source, nsource + 1);
- }
-
- static inline int local_isprint(int c)
More information about the arch-commits
mailing list