Date: Tue, 25 Nov 2014 21:40:17 +0000 (UTC) From: Christian Weisgerber <naddy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r373432 - in head/audio/flac: . files Message-ID: <201411252140.sAPLeH2h000572@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: naddy Date: Tue Nov 25 21:40:17 2014 New Revision: 373432 URL: https://svnweb.freebsd.org/changeset/ports/373432 QAT: https://qat.redports.org/buildarchive/r373432/ Log: Add upstream patches for CVE-2014-8962: Heap buffer read overflow CVE-2014-9028: Heap buffer write overflow Security: a33addf6-74e6-11e4-a615-f8b156b6dcc8 Added: head/audio/flac/files/patch-src_libFLAC_stream__decoder.c (contents, props changed) Modified: head/audio/flac/Makefile Modified: head/audio/flac/Makefile ============================================================================== --- head/audio/flac/Makefile Tue Nov 25 20:55:22 2014 (r373431) +++ head/audio/flac/Makefile Tue Nov 25 21:40:17 2014 (r373432) @@ -3,7 +3,7 @@ PORTNAME= flac PORTVERSION= 1.3.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= audio MASTER_SITES= http://downloads.xiph.org/releases/flac/ Added: head/audio/flac/files/patch-src_libFLAC_stream__decoder.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/audio/flac/files/patch-src_libFLAC_stream__decoder.c Tue Nov 25 21:40:17 2014 (r373432) @@ -0,0 +1,32 @@ +--- src/libFLAC/stream_decoder.c.orig 2013-05-26 09:30:33 UTC ++++ src/libFLAC/stream_decoder.c +@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC + * + ***********************************************************************/ + +-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; ++static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; + + /*********************************************************************** + * +@@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe + id = 0; + continue; + } ++ ++ if(id >= 3) ++ return false; ++ + if(x == ID3V2_TAG_[id]) { + id++; + i = 0; +@@ -2705,7 +2709,8 @@ FLAC__bool read_residual_partitioned_ric + if(decoder->private_->frame.header.blocksize < predictor_order) { + send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); + decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; +- return true; ++ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */ ++ return false; + } + } + else {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411252140.sAPLeH2h000572>