diff --git a/.flac.metadata b/.flac.metadata new file mode 100644 index 0000000..ade0cf2 --- /dev/null +++ b/.flac.metadata @@ -0,0 +1 @@ +a136e5748f8fb1e6c524c75000a765fc63bb7b1b SOURCES/flac-1.3.0.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1cbc8dd --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/flac-1.3.0.tar.xz diff --git a/SOURCES/flac-1.3.0-cve-2014-8962.patch b/SOURCES/flac-1.3.0-cve-2014-8962.patch new file mode 100644 index 0000000..a2e90d5 --- /dev/null +++ b/SOURCES/flac-1.3.0-cve-2014-8962.patch @@ -0,0 +1,35 @@ +commit 5b3033a2b355068c11fe637e14ac742d273f076e +Author: Erik de Castro Lopo +Date: Tue Nov 18 07:20:25 2014 -0800 + + src/libFLAC/stream_decoder.c : Fix buffer read overflow. + + This is CVE-2014-8962. + + Reported-by: Michele Spagnuolo, + Google Security Team + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index cb66fe2..88a656d 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC = + * + ***********************************************************************/ + +-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; ++static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; + + /*********************************************************************** + * +@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder) + id = 0; + continue; + } ++ ++ if(id >= 3) ++ return false; ++ + if(x == ID3V2_TAG_[id]) { + id++; + i = 0; diff --git a/SOURCES/flac-1.3.0-cve-2014-9028.patch b/SOURCES/flac-1.3.0-cve-2014-9028.patch new file mode 100644 index 0000000..c0d793c --- /dev/null +++ b/SOURCES/flac-1.3.0-cve-2014-9028.patch @@ -0,0 +1,108 @@ +Merged four commits: + +commit fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 +Author: Erik de Castro Lopo +Date: Wed Nov 19 19:35:59 2014 -0800 + + src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow. + + A file provided by the reporters caused the stream decoder to write to + un-allocated heap space resulting in a segfault. The solution is to + error out (by returning false from read_residual_partitioned_rice_()) + instead of trying to continue to decode. + + Fixes: CVE-2014-9028 + Reported-by: Michele Spagnuolo, + Google Security Team + +commit 5a365996d739bdf4711af51d9c2c71c8a5e14660 +Author: Erik de Castro Lopo +Date: Thu Nov 27 11:55:11 2014 +1100 + + src/libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow. + + This fix is closely related to the fix for CVE-2014-9028. When that + fix went public Miroslav Lichvar noticed a similar potential problem + spot in the same function and was able to craft a file to trigger a + heap write overflow. + + Reported-by : Miroslav Lichvar + +commit b4b2910bdca010808ccf2799f55562fa91f4347b +Author: Erik de Castro Lopo +Date: Wed Dec 10 18:54:16 2014 +1100 + + src/libFLAC/stream_decoder.c : Fix seek bug. + + Janne Hyvärinen reported a problem with seeking as a result of the + fix for CVE-2014-9028. This is a different solution to the issue + that should not adversely affect seeking. + + This version of the fix for the above CVE has been extensively fuzz + tested using afl (http://lcamtuf.coredump.cx/afl/). + + Reported-by: Janne Hyvärinen + +commit fed0dfa1086296df0af41ca8f0c6430d5ac75c87 +Author: Miroslav Lichvar +Date: Mon Dec 15 15:46:12 2014 +0100 + + src/libFLAC/stream_decoder.c : Rework fix for seeking bug. + + To avoid crash caused by an unbound LPC decoding when predictor order is + larger than blocksize, the sanity check needs to be moved to the subframe + decoding functions. + + Signed-off-by: Erik de Castro Lopo + +diff -up flac-1.3.0/src/libFLAC/stream_decoder.c.cve-2014-9028 flac-1.3.0/src/libFLAC/stream_decoder.c +--- flac-1.3.0/src/libFLAC/stream_decoder.c.cve-2014-9028 2015-03-27 16:59:10.898884915 +0100 ++++ flac-1.3.0/src/libFLAC/stream_decoder.c 2015-03-27 17:00:34.879125031 +0100 +@@ -2550,6 +2550,11 @@ FLAC__bool read_subframe_fixed_(FLAC__St + case FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2: + if(!FLAC__bitreader_read_raw_uint32(decoder->private_->input, &u32, FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ORDER_LEN)) + return false; /* read_callback_ sets the state for us */ ++ if(decoder->private_->frame.header.blocksize >> u32 < order) { ++ send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); ++ decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; ++ return true; ++ } + subframe->entropy_coding_method.data.partitioned_rice.order = u32; + subframe->entropy_coding_method.data.partitioned_rice.contents = &decoder->private_->partitioned_rice_contents[channel]; + break; +@@ -2629,6 +2634,11 @@ FLAC__bool read_subframe_lpc_(FLAC__Stre + case FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2: + if(!FLAC__bitreader_read_raw_uint32(decoder->private_->input, &u32, FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ORDER_LEN)) + return false; /* read_callback_ sets the state for us */ ++ if(decoder->private_->frame.header.blocksize >> u32 < order) { ++ send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); ++ decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; ++ return true; ++ } + subframe->entropy_coding_method.data.partitioned_rice.order = u32; + subframe->entropy_coding_method.data.partitioned_rice.contents = &decoder->private_->partitioned_rice_contents[channel]; + break; +@@ -2704,21 +2714,8 @@ FLAC__bool read_residual_partitioned_ric + const unsigned plen = is_extended? FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_PARAMETER_LEN : FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_PARAMETER_LEN; + const unsigned pesc = is_extended? FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_ESCAPE_PARAMETER : FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ESCAPE_PARAMETER; + +- /* sanity checks */ +- if(partition_order == 0) { +- if(decoder->private_->frame.header.blocksize < predictor_order) { +- send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); +- decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; +- return true; +- } +- } +- else { +- if(partition_samples < predictor_order) { +- send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); +- decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; +- return true; +- } +- } ++ /* invalid predictor and partition orders mush be handled in the callers */ ++ FLAC__ASSERT(partition_order > 0? partition_samples >= predictor_order : decoder->private_->frame.header.blocksize >= predictor_order); + + if(!FLAC__format_entropy_coding_method_partitioned_rice_contents_ensure_size(partitioned_rice_contents, flac_max(6u, partition_order))) { + decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; diff --git a/SOURCES/flac-metaflac_strcat.patch b/SOURCES/flac-metaflac_strcat.patch new file mode 100644 index 0000000..78f534e --- /dev/null +++ b/SOURCES/flac-metaflac_strcat.patch @@ -0,0 +1,29 @@ +From 78055800dd8fd2563e9248fcafda81a211fcc4d2 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Mon, 3 Jun 2013 12:54:59 +0200 +Subject: [PATCH 1/2] metaflac : Fix local_strcat() to terminate string + correctly. + +The NUL char is written at incorrect place when the destination string +is longer than 0, which causes memory corruption. It was broken by +commit 2d6354ff2a618a79d40edbd4f208b4b07c5422f1. +--- + src/metaflac/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/metaflac/utils.c b/src/metaflac/utils.c +index 097537b..8a31daa 100644 +--- a/src/metaflac/utils.c ++++ b/src/metaflac/utils.c +@@ -75,7 +75,7 @@ void local_strcat(char **dest, const char *source) + *dest = safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1); + if(0 == *dest) + die("out of memory growing string"); +- safe_strncpy((*dest)+ndest, source, ndest + nsource + 1); ++ safe_strncpy((*dest)+ndest, source, nsource + 1); + } + + static inline int local_isprint(int c) +-- +1.8.1.4 + diff --git a/SOURCES/flac-no_rice_asm.patch b/SOURCES/flac-no_rice_asm.patch new file mode 100644 index 0000000..18d4fdb --- /dev/null +++ b/SOURCES/flac-no_rice_asm.patch @@ -0,0 +1,27 @@ +From 4e5a0bacf021737fb1a8366ad07dc66f3286b1be Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Mon, 3 Jun 2013 13:25:47 +0200 +Subject: [PATCH 2/2] Don't use + FLAC__bitreader_read_rice_signed_block_asm_ia32_bswap. + +It seems to be slower than the C function. +--- + src/libFLAC/stream_decoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index f987c27..bc9c715 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -400,7 +400,7 @@ static FLAC__StreamDecoderInitStatus init_stream_internal_( + #ifdef FLAC__CPU_IA32 + FLAC__ASSERT(decoder->private_->cpuinfo.type == FLAC__CPUINFO_TYPE_IA32); + #ifdef FLAC__HAS_NASM +-#if 1 /*@@@@@@ OPT: not clearly faster, needs more testing */ ++#if 0 /*@@@@@@ OPT: not clearly faster, needs more testing */ + if(decoder->private_->cpuinfo.data.ia32.bswap) + decoder->private_->local_bitreader_read_rice_signed_block = FLAC__bitreader_read_rice_signed_block_asm_ia32_bswap; + #endif +-- +1.8.1.4 + diff --git a/SPECS/flac.spec b/SPECS/flac.spec new file mode 100644 index 0000000..bcdbe53 --- /dev/null +++ b/SPECS/flac.spec @@ -0,0 +1,286 @@ +Summary: An encoder/decoder for the Free Lossless Audio Codec +Name: flac +Version: 1.3.0 +Release: 5%{?dist} +License: BSD and GPLv2+ and GFDL +Group: Applications/Multimedia + +Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz +URL: http://www.xiph.org/flac/ + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +BuildRequires: libogg-devel +BuildRequires: automake autoconf libtool gettext-devel doxygen +%ifarch %{ix86} +# 2.0 supports symbol visibility +BuildRequires: nasm >= 2.0 +%endif + +Patch1: flac-metaflac_strcat.patch +Patch2: flac-no_rice_asm.patch +Patch3: flac-1.3.0-cve-2014-8962.patch +Patch4: flac-1.3.0-cve-2014-9028.patch + +%description +FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC +is similar to Ogg Vorbis, but lossless. The FLAC project consists of +the stream format, reference encoders and decoders in library form, +flac, a command-line program to encode and decode FLAC files, metaflac, +a command-line metadata editor for FLAC files and input plugins for +various music players. + +This package contains the command-line tools and documentation. + +%package libs +Summary: Libraries for the Free Lossless Audio Codec +Group: System Environment/Libraries +Obsoletes: flac < 1.2.1-11 + +%description libs +FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC +is similar to Ogg Vorbis, but lossless. The FLAC project consists of +the stream format, reference encoders and decoders in library form, +flac, a command-line program to encode and decode FLAC files, metaflac, +a command-line metadata editor for FLAC files and input plugins for +various music players. + +This package contains the FLAC libraries. + +%package devel +Summary: Development libraries and header files from FLAC +Group: Development/Libraries +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description devel +This package contains all the files needed to develop applications that +will use the Free Lossless Audio Codec. + +%prep +%setup -q +%patch1 -p1 -b .metaflac-strcat +%patch2 -p1 -b .no_rice_asm +%patch3 -p1 -b .cve-2014-8962 +%patch4 -p1 -b .cve-2014-9028 + +%build +# use our libtool to avoid problems with RPATH +./autogen.sh -V + +# -funroll-loops makes encoding about 10% faster +export CFLAGS="%{optflags} -funroll-loops" +%configure \ + --disable-xmms-plugin \ + --disable-silent-rules \ + --disable-thorough-tests + +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} + +# split documentation +mv %{buildroot}%{_docdir}/flac* ./flac-doc +mkdir -p flac-doc-devel +mv flac-doc{/html/api,-devel} +rm flac-doc/FLAC.tag + +rm %{buildroot}%{_libdir}/*.la + +%check +make -C test check FLAC__TEST_LEVEL=0 &> /dev/null + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%files +%doc flac-doc/* +%{_bindir}/flac +%{_bindir}/metaflac +%{_mandir}/man1/* + +%files libs +%doc AUTHORS COPYING* README +%{_libdir}/*.so.* + +%files devel +%doc flac-doc-devel/* +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/* +%{_datadir}/aclocal/*.m4 + +%changelog +* Fri Mar 27 2015 Miroslav Lichvar 1.3.0-5 +- fix buffer overflow when processing ID3v2 metadata (CVE-2014-8962) +- fix buffer overflow with invalid blocksize (CVE-2014-9028) + +* Fri Jan 24 2014 Daniel Mach - 1.3.0-4 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.3.0-3 +- Mass rebuild 2013-12-27 + +* Mon Jun 03 2013 Miroslav Lichvar 1.3.0-2 +- fix memory corruption in metaflac (#969259) +- disable slower assembly code + +* Tue May 28 2013 Miroslav Lichvar 1.3.0-1 +- update to 1.3.0 + +* Tue Apr 02 2013 Miroslav Lichvar 1.3.0-0.2.pre3 +- update to 1.3.0pre3 + +* Tue Mar 05 2013 Miroslav Lichvar 1.3.0-0.1.pre1 +- update to 1.3.0pre1 +- make some dependencies arch-specific + +* Wed Feb 13 2013 Fedora Release Engineering - 1.2.1-13.20121204gita43f56 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Dec 06 2012 Kalev Lember - 1.2.1-12.20121204gita43f56 +- Added self-obsoletes to help multilib upgrades + +* Tue Dec 04 2012 Miroslav Lichvar 1.2.1-11.20121204gita43f56 +- update to 20121204gita43f56 +- create libs subpackage +- split documentation to base and devel subpackages +- drop defattr macros +- add GFDL to License tag + +* Thu Jul 19 2012 Fedora Release Engineering - 1.2.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 1.2.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Dec 9 2011 Peter Robinson - 1.2.1-8 +- Rebuild to fix FTBFS + +* Tue Feb 08 2011 Fedora Release Engineering - 1.2.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jul 24 2009 Fedora Release Engineering - 1.2.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Feb 24 2009 Fedora Release Engineering - 1.2.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Mar 17 2008 Miroslav Lichvar 1.2.1-4 +- speed up decoding +- CFLAGS cleanup + +* Tue Feb 19 2008 Fedora Release Engineering - 1.2.1-3 +- Autorebuild for GCC 4.3 + +* Tue Jan 29 2008 Miroslav Lichvar 1.2.1-2 +- fix building with gcc-4.3 +- reenable some assembly optimizations +- hide private libFLAC symbols (#285961) +- update license tag +- add %%check +- remove -maltivec from CFLAGS + +* Mon Sep 17 2007 - Bastien Nocera - 1.2.1-1 +- Update to 1.2.1 + +* Wed Sep 12 2007 - Bastien Nocera - 1.2.0-3 +- Make a few functions hidden, to try and avoid textrels +- Disable optimisations on x86 for the same reason + (#285961) + +* Tue Sep 11 2007 - Bastien Nocera - 1.2.0-2 +- Update GNU stack patch to cover all the NASM sources used + +* Mon Sep 10 2007 - Bastien Nocera - 1.2.0-1 +- Update for 1.20 and drop obsolete patches (#285161) + +* Fri Aug 24 2007 Adam Jackson - 1.1.4-5 +- Rebuild for build ID + +* Thu Apr 12 2007 - Bastien Nocera - 1.1.4-4 +- The byteSwap symbol shouldn't be global, reported by Joe Orton + (#215920) + +* Wed Feb 14 2007 - Bastien Nocera - 1.1.4-3 +- Also include the new pkgconfig files + +* Wed Feb 14 2007 - Bastien Nocera - 1.1.4-2 +- Update link-ogg patch for 1.1.4 + +* Wed Feb 14 2007 - Bastien Nocera - 1.1.4-1 +- Update to upstream 1.1.4 + +* Tue Feb 13 2007 - Bastien Nocera - 1.1.3-2 +- A few fixes from the the Fedora merge review +- Remove the static library + +* Tue Feb 13 2007 - Bastien Nocera - 1.1.3-1 +- Update with work from Matthias Clasen up + to upstream 1.1.3 (#229462) +- Remove xmmx-flac Obsolete, as we don't ship the xmms plugin + +* Wed Jul 12 2006 Jesse Keating - 1.1.2-27 +- rebuild +- Try building w/ glib2-devel + +* Wed Jun 7 2006 Jeremy Katz - 1.1.2-26 +- rebuild for -devel deps + +* Fri Feb 10 2006 Jesse Keating - 1.1.2-25.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.1.2-25.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Apr 21 2005 Warren Togami - 1.1.2-25 +- Fix buildreqs (#154649 thias) +- obsolete older xmms-flac + +* Mon Apr 4 2005 Elliot Lee - 1.1.2-24 +- Removed xmms-flac subpackage + +* Tue Mar 29 2005 John (J5) Palmieri 1.1.2-2 +- Rebuild (flac picked up a dependancy on it's older version) + +* Mon Mar 28 2005 John (J5) Palmieri 1.1.2-1 +- Update to upstream version 1.1.2 +- Replace flac-1.1.0-libtool.patch with flac-1.1.2-libtool.patch + +* Wed Mar 02 2005 John (J5) Palmieri 1.1.0-9 +- rebuild for gcc 4.0 + +* Wed Feb 23 2005 Colin Walters 1.1.0-8 +- New patch flac-1.1.0-gnu-stack.patch from Ulrich Drepper to mark asm + as not requiring an executable stack + +* Thu Jul 15 2004 Tim Waugh 1.1.0-7 +- Fixed warnings in shipped m4 file. + +* Mon Jun 21 2004 Colin Walters 1.1.0-6 +- BuildRequire glib-devel for xmms plugin +- BuildRequire nasm + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Sun Apr 04 2004 Warren Togami 1.1.0-4 +- #119551 flac-xmms -> xmms-flac to match fedora.us and freshrpms.net +- Obsoletes flac-libs to upgrade smoothly from fedora.us + +* Thu Mar 11 2004 Bill Nottingham 1.1.0-3 +- fix x86_64 linkage (#117893) + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Aug 6 2003 Bill Nottingham 1.1.0-1 +- initial build