rpms/flac
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 1.3.1 (CVE-2014-8962, CVE-2014-9028)

Browse Source
This commit is contained in:
Miroslav Lichvar 2014-11-27 13:52:49 +01:00
parent 06694822f2
commit f353dfe66f
6 changed files with 39 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
/flac-1.3.0.tar.xz /flac-1.3.1.tar.xz

32
flac-cflags.patch Normal file
View File

@ -0,0 +1,32 @@
diff -up flac-1.3.1/configure.ac.cflags flac-1.3.1/configure.ac
--- flac-1.3.1/configure.ac.cflags 2014-11-27 03:45:33.598155763 +0100
+++ flac-1.3.1/configure.ac 2014-11-27 13:45:18.092749862 +0100
@@ -352,8 +352,7 @@ if test "x$debug" = xtrue; then
CFLAGS="-g $CFLAGS"
else
CPPFLAGS="-DNDEBUG $CPPFLAGS"
- CFLAGS=$(echo "$CFLAGS" | sed 's/-O2//;s/-g//')
- CFLAGS="-O3 -funroll-loops $CFLAGS"
+ CFLAGS="$user_cflags"
fi
XIPH_GCC_VERSION
@@ -363,7 +362,6 @@ if test x$ac_cv_c_compiler_gnu = xyes ;
CXXFLAGS="$CXXFLAGS -Wall -Wextra -Wcast-align -Wshadow -Wwrite-strings -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wsign-promo -Wundef -Wunreachable-code " # -Wcast-qual -Wbad-function-cast -Wwrite-strings -Woverloaded-virtual -Wmissing-declarations
XIPH_ADD_CFLAGS([-Wdeclaration-after-statement])
- XIPH_ADD_CFLAGS([-D_FORTIFY_SOURCE=2])
AC_LANG_PUSH([C++])
XIPH_ADD_CXXFLAGS([-Weffc++])
@@ -385,10 +383,6 @@ if test x$ac_cv_c_compiler_gnu = xyes ;
XIPH_ADD_CFLAGS([-fgnu89-inline])
fi
- if test "x$asm_optimisation$sse_os" = "xyesyes" ; then
- XIPH_ADD_CFLAGS([-msse2])
- fi
-
fi
XIPH_ADD_CFLAGS([-Wextra])

29
flac-metaflac_strcat.patch
View File

@ -1,29 +0,0 @@
From 78055800dd8fd2563e9248fcafda81a211fcc4d2 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 3 Jun 2013 12:54:59 +0200
Subject: [PATCH 1/2] metaflac : Fix local_strcat() to terminate string
correctly.
The NUL char is written at incorrect place when the destination string
is longer than 0, which causes memory corruption. It was broken by
commit 2d6354ff2a618a79d40edbd4f208b4b07c5422f1.
---
src/metaflac/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/metaflac/utils.c b/src/metaflac/utils.c
index 097537b..8a31daa 100644
--- a/src/metaflac/utils.c
+++ b/src/metaflac/utils.c
@@ -75,7 +75,7 @@ void local_strcat(char **dest, const char *source)
*dest = safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1);
if(0 == *dest)
die("out of memory growing string");
- safe_strncpy((*dest)+ndest, source, ndest + nsource + 1);
+ safe_strncpy((*dest)+ndest, source, nsource + 1);
}
static inline int local_isprint(int c)
--
1.8.1.4

27
flac-no_rice_asm.patch
View File

@ -1,27 +0,0 @@
From 4e5a0bacf021737fb1a8366ad07dc66f3286b1be Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 3 Jun 2013 13:25:47 +0200
Subject: [PATCH 2/2] Don't use
FLAC__bitreader_read_rice_signed_block_asm_ia32_bswap.
It seems to be slower than the C function.
---
src/libFLAC/stream_decoder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index f987c27..bc9c715 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -400,7 +400,7 @@ static FLAC__StreamDecoderInitStatus init_stream_internal_(
#ifdef FLAC__CPU_IA32
FLAC__ASSERT(decoder->private_->cpuinfo.type == FLAC__CPUINFO_TYPE_IA32);
#ifdef FLAC__HAS_NASM
-#if 1 /*@@@@@@ OPT: not clearly faster, needs more testing */
+#if 0 /*@@@@@@ OPT: not clearly faster, needs more testing */
if(decoder->private_->cpuinfo.data.ia32.bswap)
decoder->private_->local_bitreader_read_rice_signed_block = FLAC__bitreader_read_rice_signed_block_asm_ia32_bswap;
#endif
--
1.8.1.4

11
flac.spec
View File

@ -1,6 +1,6 @@
Summary: An encoder/decoder for the Free Lossless Audio Codec Summary: An encoder/decoder for the Free Lossless Audio Codec
Name: flac Name: flac
Version: 1.3.0 Version: 1.3.1
Release: 5%{?dist} Release: 5%{?dist}
License: BSD and GPLv2+ and GFDL License: BSD and GPLv2+ and GFDL
Group: Applications/Multimedia Group: Applications/Multimedia
@ -8,6 +8,9 @@ Group: Applications/Multimedia
Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
URL: http://www.xiph.org/flac/ URL: http://www.xiph.org/flac/
# use our CFLAGS and don't force SSE intrinsics
Patch1: flac-cflags.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires: libogg-devel BuildRequires: libogg-devel
@ -17,9 +20,6 @@ BuildRequires: automake autoconf libtool gettext-devel doxygen
BuildRequires: nasm >= 2.0 BuildRequires: nasm >= 2.0
%endif %endif
Patch1: flac-metaflac_strcat.patch
Patch2: flac-no_rice_asm.patch
%description %description
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC
is similar to Ogg Vorbis, but lossless. The FLAC project consists of is similar to Ogg Vorbis, but lossless. The FLAC project consists of
@ -57,8 +57,7 @@ will use the Free Lossless Audio Codec.
%prep %prep
%setup -q %setup -q
%patch1 -p1 -b .metaflac-strcat %patch1 -p1 -b .cflags
%patch2 -p1 -b .no_rice_asm
%build %build
# use our libtool to avoid problems with RPATH # use our libtool to avoid problems with RPATH

2
sources
View File

@ -1 +1 @@
13b5c214cee8373464d3d65dee362cdd flac-1.3.0.tar.xz b9922c9a0378c88d3e901b234f852698 flac-1.3.1.tar.xz