From: Gustavo Zacarias Date: Tue, 25 Nov 2014 12:58:06 +0000 (-0300) Subject: flac: add security patches X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=71d3b5c10809703f92ece708558fb9324f6c1336;p=buildroot.git flac: add security patches Fixes: CVE-2014-9028 - Heap buffer write overflow CVE-2014-8962 - Heap buffer read overflow Patches are upstream part of the upcoming 1.3.1 release. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- diff --git a/package/flac/0001-fix-altivec-logic.patch b/package/flac/0001-fix-altivec-logic.patch new file mode 100644 index 0000000000..a1ac8a1fdd --- /dev/null +++ b/package/flac/0001-fix-altivec-logic.patch @@ -0,0 +1,32 @@ +From d65ede3e874c79348efc85cf3a185c170046c4c8 Mon Sep 17 00:00:00 2001 +From: Gustavo Zacarias +Date: Wed, 4 Dec 2013 13:31:28 -0300 +Subject: [PATCH] Fix Makefile.am altivec logic + +Besides SPE (FSL e500v? cores) there are other powerpc processors +that don't support altivec instructions so only enable them when it's +100% sure that the target has it. + +Signed-off-by: Gustavo Zacarias +Signed-off-by: Erik de Castro Lopo +--- + src/libFLAC/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/libFLAC/Makefile.am b/src/libFLAC/Makefile.am +index 247e33c..258de40 100644 +--- a/src/libFLAC/Makefile.am ++++ b/src/libFLAC/Makefile.am +@@ -47,8 +47,7 @@ CPUCFLAGS = -faltivec -force_cpusubtype_ALL -DFLAC__NO_ASM + else + # Linux-gcc for PPC does not have -force_cpusubtype_ALL, it is Darwin-specific + CPUCFLAGS = +-if FLaC__CPU_PPC_SPE +-else ++if FLaC__USE_ALTIVEC + CPUCFLAGS += -maltivec -mabi=altivec + endif + #@@@ PPC optimizations temporarily disabled +-- +1.8.3.2 + diff --git a/package/flac/0002-fix-CVE-2014-9028.patch b/package/flac/0002-fix-CVE-2014-9028.patch new file mode 100644 index 0000000000..5a25ecf580 --- /dev/null +++ b/package/flac/0002-fix-CVE-2014-9028.patch @@ -0,0 +1,34 @@ +From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Wed, 19 Nov 2014 19:35:59 -0800 +Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow. + +A file provided by the reporters caused the stream decoder to write to +un-allocated heap space resulting in a segfault. The solution is to +error out (by returning false from read_residual_partitioned_rice_()) +instead of trying to continue to decode. + +Fixes: CVE-2014-9028 +Reported-by: Michele Spagnuolo, + Google Security Team +--- + src/libFLAC/stream_decoder.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index 88a656d..54e84d4 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -2736,7 +2736,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne + if(decoder->private_->frame.header.blocksize < predictor_order) { + send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); + decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; +- return true; ++ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */ ++ return false; + } + } + else { +-- +1.7.2.5 + diff --git a/package/flac/0003-fix-CVE-2014-8962.patch b/package/flac/0003-fix-CVE-2014-8962.patch new file mode 100644 index 0000000000..563100e186 --- /dev/null +++ b/package/flac/0003-fix-CVE-2014-8962.patch @@ -0,0 +1,40 @@ +From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Tue, 18 Nov 2014 07:20:25 -0800 +Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow. + +This is CVE-2014-8962. + +Reported-by: Michele Spagnuolo, + Google Security Team +--- + src/libFLAC/stream_decoder.c | 6 +++++- + 1 files changed, 5 insertions(+), 1 deletions(-) + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index cb66fe2..88a656d 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC = + * + ***********************************************************************/ + +-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; ++static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; + + /*********************************************************************** + * +@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder) + id = 0; + continue; + } ++ ++ if(id >= 3) ++ return false; ++ + if(x == ID3V2_TAG_[id]) { + id++; + i = 0; +-- +1.7.2.5 + diff --git a/package/flac/flac-01-fix-altivec-logic.patch b/package/flac/flac-01-fix-altivec-logic.patch deleted file mode 100644 index a1ac8a1fdd..0000000000 --- a/package/flac/flac-01-fix-altivec-logic.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d65ede3e874c79348efc85cf3a185c170046c4c8 Mon Sep 17 00:00:00 2001 -From: Gustavo Zacarias -Date: Wed, 4 Dec 2013 13:31:28 -0300 -Subject: [PATCH] Fix Makefile.am altivec logic - -Besides SPE (FSL e500v? cores) there are other powerpc processors -that don't support altivec instructions so only enable them when it's -100% sure that the target has it. - -Signed-off-by: Gustavo Zacarias -Signed-off-by: Erik de Castro Lopo ---- - src/libFLAC/Makefile.am | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/libFLAC/Makefile.am b/src/libFLAC/Makefile.am -index 247e33c..258de40 100644 ---- a/src/libFLAC/Makefile.am -+++ b/src/libFLAC/Makefile.am -@@ -47,8 +47,7 @@ CPUCFLAGS = -faltivec -force_cpusubtype_ALL -DFLAC__NO_ASM - else - # Linux-gcc for PPC does not have -force_cpusubtype_ALL, it is Darwin-specific - CPUCFLAGS = --if FLaC__CPU_PPC_SPE --else -+if FLaC__USE_ALTIVEC - CPUCFLAGS += -maltivec -mabi=altivec - endif - #@@@ PPC optimizations temporarily disabled --- -1.8.3.2 -