rpms
/
flac
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:i10c-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'i10c-beta' and 'c9' have entirely different histories.
i10c-beta ... c9

6 changed files with 316 additions and 55 deletions
Show Stats

2
.flac.metadata
Unescape View File

@ -1 +1 @@
a8c36ac8c6e2df8611aab9590bb9e6bdf646c0e1 SOURCES/flac-1.4.3.tar.xz 6ac2e8f1dd18c9b0214c4d81bd70cdc1e943cffe SOURCES/flac-1.3.3.tar.xz

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/flac-1.4.3.tar.xz SOURCES/flac-1.3.3.tar.xz

23
SOURCES/flac-cve-2020-0499.patch
Unescape View File

@ -0,0 +1,23 @@
commit 2e7931c27eb15e387da440a37f12437e35b22dd4
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Mon Oct 7 12:55:58 2019 +1100
libFLAC/bitreader.c: Fix out-of-bounds read
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
Testcase: fuzzer_decoder-5670265022840832
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
index 5e4b5918..3df4d02c 100644
--- a/src/libFLAC/bitreader.c
+++ b/src/libFLAC/bitreader.c
@@ -869,7 +869,7 @@ incomplete_lsbs:
cwords = br->consumed_words;
words = br->words;
ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
- b = br->buffer[cwords] << br->consumed_bits;
+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
} while(cwords >= words && val < end);
}

182
SOURCES/flac-cve-2020-22219.patch
Unescape View File

@ -0,0 +1,182 @@
commit 21fe95ee828b0b9b944f6aa0bb02d24fbb981815
Author: Martijn van Beurden <mvanb1@gmail.com>
Date: Wed Aug 3 13:52:19 2022 +0200
Add and use _nofree variants of safe_realloc functions
Parts of the code use realloc like
x = safe_realloc(x, somesize);
when this is the case, the safe_realloc variant used must free the
old memory block in case it fails, otherwise it will leak. However,
there are also instances in the code where handling is different:
if (0 == (x = safe_realloc(y, somesize)))
return false
in this case, y should not be freed, as y is not set to NULL we
could encounter double frees. Here the safe_realloc_nofree
functions are used.
diff --git a/include/share/alloc.h b/include/share/alloc.h
index 9b53b010..74f444d6 100644
--- a/include/share/alloc.h
+++ b/include/share/alloc.h
@@ -161,17 +161,30 @@ static inline void *safe_realloc_(void *ptr, size_t size)
free(oldptr);
return newptr;
}
-static inline void *safe_realloc_add_2op_(void *ptr, size_t size1, size_t size2)
+static inline void *safe_realloc_nofree_add_2op_(void *ptr, size_t size1, size_t size2)
+{
+ size2 += size1;
+ if(size2 < size1)
+ return 0;
+ return realloc(ptr, size2);
+}
+
+static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3)
{
size2 += size1;
if(size2 < size1) {
free(ptr);
return 0;
}
- return realloc(ptr, size2);
+ size3 += size2;
+ if(size3 < size2) {
+ free(ptr);
+ return 0;
+ }
+ return safe_realloc_(ptr, size3);
}
-static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3)
+static inline void *safe_realloc_nofree_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3)
{
size2 += size1;
if(size2 < size1)
@@ -182,7 +195,7 @@ static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2,
return realloc(ptr, size3);
}
-static inline void *safe_realloc_add_4op_(void *ptr, size_t size1, size_t size2, size_t size3, size_t size4)
+static inline void *safe_realloc_nofree_add_4op_(void *ptr, size_t size1, size_t size2, size_t size3, size_t size4)
{
size2 += size1;
if(size2 < size1)
@@ -207,6 +220,15 @@ static inline void *safe_realloc_mul_2op_(void *ptr, size_t size1, size_t size2)
return safe_realloc_(ptr, size1*size2);
}
+static inline void *safe_realloc_nofree_mul_2op_(void *ptr, size_t size1, size_t size2)
+{
+ if(!size1 || !size2)
+ return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */
+ if(size1 > SIZE_MAX / size2)
+ return 0;
+ return realloc(ptr, size1*size2);
+}
+
/* size1 * (size2 + size3) */
static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t size2, size_t size3)
{
@@ -220,4 +242,15 @@ static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t size2,
return safe_realloc_mul_2op_(ptr, size1, size2);
}
+/* size1 * (size2 + size3) */
+static inline void *safe_realloc_nofree_muladd2_(void *ptr, size_t size1, size_t size2, size_t size3)
+{
+ if(!size1 || (!size2 && !size3))
+ return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */
+ size2 += size3;
+ if(size2 < size3)
+ return 0;
+ return safe_realloc_nofree_mul_2op_(ptr, size1, size2);
+}
+
#endif
diff --git a/src/flac/encode.c b/src/flac/encode.c
index a7d1f7b2..b82ced76 100644
--- a/src/flac/encode.c
+++ b/src/flac/encode.c
@@ -1734,10 +1734,10 @@ static void static_metadata_clear(static_metadata_t *m)
static FLAC__bool static_metadata_append(static_metadata_t *m, FLAC__StreamMetadata *d, FLAC__bool needs_delete)
{
void *x;
- if(0 == (x = safe_realloc_muladd2_(m->metadata, sizeof(*m->metadata), /*times (*/m->num_metadata, /*+*/1/*)*/)))
+ if(0 == (x = safe_realloc_nofree_muladd2_(m->metadata, sizeof(*m->metadata), /*times (*/m->num_metadata, /*+*/1/*)*/)))
return false;
m->metadata = (FLAC__StreamMetadata**)x;
- if(0 == (x = safe_realloc_muladd2_(m->needs_delete, sizeof(*m->needs_delete), /*times (*/m->num_metadata, /*+*/1/*)*/)))
+ if(0 == (x = safe_realloc_nofree_muladd2_(m->needs_delete, sizeof(*m->needs_delete), /*times (*/m->num_metadata, /*+*/1/*)*/)))
return false;
m->needs_delete = (FLAC__bool*)x;
m->metadata[m->num_metadata] = d;
diff --git a/src/flac/foreign_metadata.c b/src/flac/foreign_metadata.c
index 9a1fb96c..c86dff42 100644
--- a/src/flac/foreign_metadata.c
+++ b/src/flac/foreign_metadata.c
@@ -74,7 +74,7 @@ static FLAC__bool copy_data_(FILE *fin, FILE *fout, size_t size, const char **er
static FLAC__bool append_block_(foreign_metadata_t *fm, FLAC__off_t offset, FLAC__uint32 size, const char **error)
{
- foreign_block_t *fb = safe_realloc_muladd2_(fm->blocks, sizeof(foreign_block_t), /*times (*/fm->num_blocks, /*+*/1/*)*/);
+ foreign_block_t *fb = safe_realloc_nofree_muladd2_(fm->blocks, sizeof(foreign_block_t), /*times (*/fm->num_blocks, /*+*/1/*)*/);
if(fb) {
fb[fm->num_blocks].offset = offset;
fb[fm->num_blocks].size = size;
diff --git a/src/libFLAC/bitwriter.c b/src/libFLAC/bitwriter.c
index 79ab8649..8865a2f4 100644
--- a/src/libFLAC/bitwriter.c
+++ b/src/libFLAC/bitwriter.c
@@ -133,7 +133,7 @@ FLAC__bool bitwriter_grow_(FLAC__BitWriter *bw, uint32_t bits_to_add)
FLAC__ASSERT(new_capacity > bw->capacity);
FLAC__ASSERT(new_capacity >= bw->words + ((bw->bits + bits_to_add + FLAC__BITS_PER_WORD - 1) / FLAC__BITS_PER_WORD));
- new_buffer = safe_realloc_mul_2op_(bw->buffer, sizeof(bwword), /*times*/new_capacity);
+ new_buffer = safe_realloc_nofree_mul_2op_(bw->buffer, sizeof(bwword), /*times*/new_capacity);
if(new_buffer == 0)
return false;
bw->buffer = new_buffer;
diff --git a/src/libFLAC/metadata_object.c b/src/libFLAC/metadata_object.c
index 7cc8ee9f..2c7da8db 100644
--- a/src/libFLAC/metadata_object.c
+++ b/src/libFLAC/metadata_object.c
@@ -98,7 +98,7 @@ static FLAC__bool free_copy_bytes_(FLAC__byte **to, const FLAC__byte *from, uint
/* realloc() failure leaves entry unchanged */
static FLAC__bool ensure_null_terminated_(FLAC__byte **entry, uint32_t length)
{
- FLAC__byte *x = safe_realloc_add_2op_(*entry, length, /*+*/1);
+ FLAC__byte *x = safe_realloc_nofree_add_2op_(*entry, length, /*+*/1);
if (x != NULL) {
x[length] = '\0';
*entry = x;
diff --git a/src/plugin_common/tags.c b/src/plugin_common/tags.c
index e9227444..ffd846b6 100644
--- a/src/plugin_common/tags.c
+++ b/src/plugin_common/tags.c
@@ -317,7 +317,7 @@ FLAC__bool FLAC_plugin__tags_add_tag_utf8(FLAC__StreamMetadata *tags, const char
const size_t value_len = strlen(value);
const size_t separator_len = strlen(separator);
FLAC__byte *new_entry;
- if(0 == (new_entry = safe_realloc_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1)))
+ if(0 == (new_entry = safe_realloc_nofree_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1)))
return false;
memcpy(new_entry+entry->length, separator, separator_len);
entry->length += separator_len;
diff --git a/src/share/utf8/iconvert.c b/src/share/utf8/iconvert.c
index 8ab53c10..876c06e8 100644
--- a/src/share/utf8/iconvert.c
+++ b/src/share/utf8/iconvert.c
@@ -149,7 +149,7 @@ int iconvert(const char *fromcode, const char *tocode,
iconv_close(cd1);
return ret;
}
- newbuf = safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
+ newbuf = safe_realloc_nofree_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
if (!newbuf)
goto fail;
ob = (ob - utfbuf) + newbuf;

28
SOURCES/flac-cve-2021-0561.patch
Unescape View File

@ -0,0 +1,28 @@
commit e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
Author: Neelkamal Semwal <neelkamal.semwal@ittiam.com>
Date: Fri Dec 18 22:28:36 2020 +0530
libFlac: Exit at EOS in verify mode
When verify mode is enabled, once decoder flags end of stream,
encode processing is considered complete.
CVE-2021-0561
Signed-off-by: Ralph Giles <giles@thaumas.net>
diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
index 4c91247f..7109802c 100644
--- a/src/libFLAC/stream_encoder.c
+++ b/src/libFLAC/stream_encoder.c
@@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder *encoder, uint32_t samples, FLAC
encoder->private_->verify.needs_magic_hack = true;
}
else {
- if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) {
+ if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)
+ || (!is_last_block
+ && (FLAC__stream_encoder_get_verify_decoder_state(encoder) == FLAC__STREAM_DECODER_END_OF_STREAM))) {
FLAC__bitwriter_release_buffer(encoder->private_->frame);
FLAC__bitwriter_clear(encoder->private_->frame);
if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA)

134
SPECS/flac.spec
Unescape View File

@ -1,15 +1,36 @@
# Disable if you don't need xmms
%global with_xmms !0%{?rhel}
%if %{with_xmms}
%define xmms_inputdir %(xmms-config --input-plugin-dir 2>/dev/null || echo %{_libdir}/xmms/General)
%endif
Summary: An encoder/decoder for the Free Lossless Audio Codec Summary: An encoder/decoder for the Free Lossless Audio Codec
Name: flac Name: flac
Version: 1.4.3 Version: 1.3.3
Release: 5%{?dist} Release: 10%{?dist}.1
License: BSD-3-Clause AND GPL-2.0-or-later AND GFDL-1.1-or-later License: BSD and GPLv2+ and GFDL
Source0: https://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz Source0: https://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
URL: https://www.xiph.org/flac/ URL: https://www.xiph.org/flac/
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires: libogg-devel BuildRequires: libogg-devel
BuildRequires: gcc gcc-c++ automake autoconf libtool gettext-devel doxygen BuildRequires: gcc gcc-c++ automake autoconf libtool gettext-devel doxygen
%if %{with_xmms}
BuildRequires: xmms-devel desktop-file-utils
Source1: xmms-flac.desktop
%endif
%ifarch %{ix86}
# 2.0 supports symbol visibility
BuildRequires: nasm >= 2.0
%endif
BuildRequires: make BuildRequires: make
Patch1: flac-cve-2020-0499.patch
# handle end-of-stream when encoding with verification
Patch2: flac-cve-2021-0561.patch
# don't free memory that is still used after realloc() error
Patch3: flac-cve-2020-22219.patch
%description %description
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC
is similar to Ogg Vorbis, but lossless. The FLAC project consists of is similar to Ogg Vorbis, but lossless. The FLAC project consists of
@ -23,8 +44,6 @@ This package contains the command-line tools and documentation.
%package libs %package libs
Summary: Libraries for the Free Lossless Audio Codec Summary: Libraries for the Free Lossless Audio Codec
Obsoletes: flac < 1.2.1-11 Obsoletes: flac < 1.2.1-11
# xmms-flac dropped in 1.3.3-8
Obsoletes: xmms-flac < 1.3.3-8
%description libs %description libs
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC
@ -44,15 +63,38 @@ Requires: pkgconfig
This package contains all the files needed to develop applications that This package contains all the files needed to develop applications that
will use the Free Lossless Audio Codec. will use the Free Lossless Audio Codec.
%if %{with_xmms}
%package -n xmms-flac
Summary: XMMS plugin needed to play FLAC (Free Lossless Audio Codec) files
# The entire FLAC sources are covered by multiple licenses, but the xmms plugin
# is only GPLv2+
License: GPLv2+
%description -n xmms-flac
FLAC is a Free Lossless Audio Codec. The FLAC format supports streaming,
seeking, and archival, and gives 25-75% compression on typical CD audio.
This is the input plugin for XMMS to be able to read FLAC files.
%endif
%prep %prep
%setup -q %setup -q
%patch1 -p1 -b .cve-2020-0499
%patch2 -p1 -b .cve-2021-0561
%patch3 -p1 -b .cve-2020-22219
%build %build
# use our libtool to avoid problems with RPATH # use our libtool to avoid problems with RPATH
./autogen.sh -V ./autogen.sh -V
# -funroll-loops makes encoding about 10% faster
export CFLAGS="%{optflags} -funroll-loops"
%configure \ %configure \
--htmldir=%{_docdir}/flac/html \ --htmldir=%{_docdir}/flac/html \
%if %{with_xmms}
--enable-xmms-plugin \
%else
--disable-xmms-plugin \
%endif
--disable-silent-rules \ --disable-silent-rules \
--disable-thorough-tests --disable-thorough-tests
@ -61,8 +103,20 @@ will use the Free Lossless Audio Codec.
%install %install
%make_install %make_install
rm -r %{buildroot}%{_docdir}/flac %if %{with_xmms}
desktop-file-install --dir=%{buildroot}%{_datadir}/applications %{SOURCE1}
%endif
# split documentation
mv %{buildroot}%{_docdir}/flac* ./flac-doc
mkdir -p flac-doc-devel
mv flac-doc{/html/api,-devel}
rm flac-doc/FLAC.tag
rm %{buildroot}%{_libdir}/*.la rm %{buildroot}%{_libdir}/*.la
%if %{with_xmms}
rm %{buildroot}%{xmms_inputdir}/*.la
%endif
%check %check
make check make check
@ -70,69 +124,43 @@ make check
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%files %files
%doc flac-doc/*
%{_bindir}/flac %{_bindir}/flac
%{_bindir}/metaflac %{_bindir}/metaflac
%{_mandir}/man1/* %{_mandir}/man1/*
%files libs %files libs
%doc AUTHORS README.md CHANGELOG.md %doc AUTHORS COPYING* README
%license COPYING.* %{_libdir}/libFLAC.so.8*
%{_libdir}/libFLAC.so.12* %{_libdir}/libFLAC++.so.6*
%{_libdir}/libFLAC++.so.10*
%files devel %files devel
%doc doc/api %doc flac-doc-devel/*
%{_includedir}/* %{_includedir}/*
%{_libdir}/*.so %{_libdir}/*.so
%{_libdir}/pkgconfig/* %{_libdir}/pkgconfig/*
%{_datadir}/aclocal/*.m4 %{_datadir}/aclocal/*.m4
%changelog %if %{with_xmms}
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.4.3-5 %files -n xmms-flac
- Rebuilt for MSVSphere 10 %license COPYING.GPL
%{_datadir}/applications/xmms-flac.desktop
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.4.3-5 %{xmms_inputdir}/libxmms-flac.so
- Bump release for June 2024 mass rebuild %endif
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-3 %changelog
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Aug 31 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.3.3-10.el9_2.1
- don't free memory that is still used after realloc() error (CVE-2020-22219)
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 27 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.4.3-1
- update to 1.4.3
- convert license tag to SPDX
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Oct 24 2022 Miroslav Lichvar <mlichvar@redhat.com> 1.4.2-1
- update to 1.4.2
* Mon Sep 26 2022 Miroslav Lichvar <mlichvar@redhat.com> 1.4.1-1
- update to 1.4.1
* Mon Sep 12 2022 Miroslav Lichvar <mlichvar@redhat.com> 1.4.0-1
- update to 1.4.0
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Feb 24 2022 Miroslav Lichvar <mlichvar@redhat.com> 1.3.4-1
- update to 1.3.4 (CVE-2021-0561)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.3-10 * Thu May 05 2022 Miroslav Lichvar <mlichvar@redhat.com> 1.3.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - handle end-of-stream when encoding with verification (CVE-2021-0561)
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.3-9 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon May 31 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.3.3-8 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.3-8
- drop xmms plugin (#1965618) - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Feb 19 2021 Adam Jackson <ajax@redhat.com> - 1.3.3-7 * Fri Feb 19 2021 Adam Jackson <ajax@redhat.com> - 1.3.3-7
- Fix the previous change to actually build in RHEL - Fix the previous change to actually build in RHEL

Write Preview
Loading…
Cancel
Save