Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/flac.git#73f4071b023b2cfdde017aaf32b75beeafb5592b
This commit is contained in:
DistroBaker
parent
1eaf96df7a
commit
90d899289e
23
flac-cve-2020-0499.patch
Normal file
23
flac-cve-2020-0499.patch
Normal file
@ -0,0 +1,23 @@
|
||||
commit 2e7931c27eb15e387da440a37f12437e35b22dd4
|
||||
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Mon Oct 7 12:55:58 2019 +1100
|
||||
|
||||
libFLAC/bitreader.c: Fix out-of-bounds read
|
||||
|
||||
Credit: Oss-Fuzz
|
||||
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
|
||||
Testcase: fuzzer_decoder-5670265022840832
|
||||
|
||||
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
|
||||
index 5e4b5918..3df4d02c 100644
|
||||
--- a/src/libFLAC/bitreader.c
|
||||
+++ b/src/libFLAC/bitreader.c
|
||||
@@ -869,7 +869,7 @@ incomplete_lsbs:
|
||||
cwords = br->consumed_words;
|
||||
words = br->words;
|
||||
ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
|
||||
- b = br->buffer[cwords] << br->consumed_bits;
|
||||
+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
|
||||
} while(cwords >= words && val < end);
|
||||
}
|
||||
|
||||
10
flac.spec
10
flac.spec
@ -8,7 +8,7 @@
|
||||
Summary: An encoder/decoder for the Free Lossless Audio Codec
|
||||
Name: flac
|
||||
Version: 1.3.3
|
||||
Release: 3.1%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: BSD and GPLv2+ and GFDL
|
||||
Source0: https://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
|
||||
URL: https://www.xiph.org/flac/
|
||||
@ -23,6 +23,9 @@ Source1: xmms-flac.desktop
|
||||
# 2.0 supports symbol visibility
|
||||
BuildRequires: nasm >= 2.0
|
||||
%endif
|
||||
BuildRequires: make
|
||||
|
||||
Patch1: flac-cve-2020-0499.patch
|
||||
|
||||
%description
|
||||
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC
|
||||
@ -71,6 +74,7 @@ This is the input plugin for XMMS to be able to read FLAC files.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1 -b .cve-2020-0499
|
||||
|
||||
%build
|
||||
# use our libtool to avoid problems with RPATH
|
||||
@ -139,8 +143,8 @@ make check
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Dec 19 2020 Petr Šabata <contyk@redhat.com> - 1.3.3-3.1
|
||||
- Bump for gcc11
|
||||
* Thu Jan 07 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.3.3-4
|
||||
- fix out-of-bounds read in decoder (CVE-2020-0499)
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
Loading…
Reference in New Issue
Block a user