--- /dev/null
+From d65ede3e874c79348efc85cf3a185c170046c4c8 Mon Sep 17 00:00:00 2001
+From: Gustavo Zacarias <gustavo@zacarias.com.ar>
+Date: Wed, 4 Dec 2013 13:31:28 -0300
+Subject: [PATCH] Fix Makefile.am altivec logic
+
+Besides SPE (FSL e500v? cores) there are other powerpc processors
+that don't support altivec instructions so only enable them when it's
+100% sure that the target has it.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
+---
+ src/libFLAC/Makefile.am | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/libFLAC/Makefile.am b/src/libFLAC/Makefile.am
+index 247e33c..258de40 100644
+--- a/src/libFLAC/Makefile.am
++++ b/src/libFLAC/Makefile.am
+@@ -47,8 +47,7 @@ CPUCFLAGS = -faltivec -force_cpusubtype_ALL -DFLAC__NO_ASM
+ else
+ # Linux-gcc for PPC does not have -force_cpusubtype_ALL, it is Darwin-specific
+ CPUCFLAGS =
+-if FLaC__CPU_PPC_SPE
+-else
++if FLaC__USE_ALTIVEC
+ CPUCFLAGS += -maltivec -mabi=altivec
+ endif
+ #@@@ PPC optimizations temporarily disabled
+--
+1.8.3.2
+
--- /dev/null
+From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 19 Nov 2014 19:35:59 -0800
+Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow.
+
+A file provided by the reporters caused the stream decoder to write to
+un-allocated heap space resulting in a segfault. The solution is to
+error out (by returning false from read_residual_partitioned_rice_())
+instead of trying to continue to decode.
+
+Fixes: CVE-2014-9028
+Reported-by: Michele Spagnuolo,
+ Google Security Team <mikispag@google.com>
+---
+ src/libFLAC/stream_decoder.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index 88a656d..54e84d4 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -2736,7 +2736,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
+ if(decoder->private_->frame.header.blocksize < predictor_order) {
+ send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
+ decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
+- return true;
++ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
++ return false;
+ }
+ }
+ else {
+--
+1.7.2.5
+
--- /dev/null
+From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 18 Nov 2014 07:20:25 -0800
+Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow.
+
+This is CVE-2014-8962.
+
+Reported-by: Michele Spagnuolo,
+ Google Security Team <mikispag@google.com>
+---
+ src/libFLAC/stream_decoder.c | 6 +++++-
+ 1 files changed, 5 insertions(+), 1 deletions(-)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index cb66fe2..88a656d 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
+ *
+ ***********************************************************************/
+
+-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
++static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+
+ /***********************************************************************
+ *
+@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
+ id = 0;
+ continue;
+ }
++
++ if(id >= 3)
++ return false;
++
+ if(x == ID3V2_TAG_[id]) {
+ id++;
+ i = 0;
+--
+1.7.2.5
+
+++ /dev/null
-From d65ede3e874c79348efc85cf3a185c170046c4c8 Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Wed, 4 Dec 2013 13:31:28 -0300
-Subject: [PATCH] Fix Makefile.am altivec logic
-
-Besides SPE (FSL e500v? cores) there are other powerpc processors
-that don't support altivec instructions so only enable them when it's
-100% sure that the target has it.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
----
- src/libFLAC/Makefile.am | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/libFLAC/Makefile.am b/src/libFLAC/Makefile.am
-index 247e33c..258de40 100644
---- a/src/libFLAC/Makefile.am
-+++ b/src/libFLAC/Makefile.am
-@@ -47,8 +47,7 @@ CPUCFLAGS = -faltivec -force_cpusubtype_ALL -DFLAC__NO_ASM
- else
- # Linux-gcc for PPC does not have -force_cpusubtype_ALL, it is Darwin-specific
- CPUCFLAGS =
--if FLaC__CPU_PPC_SPE
--else
-+if FLaC__USE_ALTIVEC
- CPUCFLAGS += -maltivec -mabi=altivec
- endif
- #@@@ PPC optimizations temporarily disabled
---
-1.8.3.2
-
projects / buildroot.git / commitdiff