diff options
author | Max Rees <maxcrees@me.com> | 2019-06-21 15:05:02 -0400 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2019-06-21 15:05:02 -0400 |
commit | 332e0a40fabc1c4047a631273e5d5df46cbf4bb2 (patch) | |
tree | 17db29564fefac7e83f4057b3fccea7a08a2b7da /user | |
parent | e68b9aaaa8d272c4b456ac1c02980b52be56467c (diff) | |
download | packages-332e0a40fabc1c4047a631273e5d5df46cbf4bb2.tar.gz packages-332e0a40fabc1c4047a631273e5d5df46cbf4bb2.tar.bz2 packages-332e0a40fabc1c4047a631273e5d5df46cbf4bb2.tar.xz packages-332e0a40fabc1c4047a631273e5d5df46cbf4bb2.zip |
user/flac: patch for CVE-2017-6888
Diffstat (limited to 'user')
-rw-r--r-- | user/flac/APKBUILD | 15 | ||||
-rw-r--r-- | user/flac/CVE-2017-6888.patch | 27 |
2 files changed, 35 insertions, 7 deletions
diff --git a/user/flac/APKBUILD b/user/flac/APKBUILD index 0588e8fc2..363d5b3ac 100644 --- a/user/flac/APKBUILD +++ b/user/flac/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=flac pkgver=1.3.2 -pkgrel=2 +pkgrel=3 pkgdesc="Free Lossless Audio Codec" url="https://xiph.org/flac/" arch="all" @@ -11,11 +11,13 @@ subpackages="$pkgname-dev $pkgname-doc" depends= makedepends="libogg-dev" source="https://downloads.xiph.org/releases/flac/flac-${pkgver}.tar.xz - " + CVE-2017-6888.patch" -build() { - cd "$builddir" +# secfixes: +# 1.3.2-r3: +# - CVE-2017-6888 +build() { local _arch_conf case "${CARCH}" in ppc*) _arch_conf="--enable-altivec" ;; @@ -37,16 +39,15 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install install -Dm0644 COPYING.Xiph \ "$pkgdir"/usr/share/licenses/$pkgname/COPYING.Xiph } -sha512sums="63910e8ebbe508316d446ffc9eb6d02efbd5f47d29d2ea7864da9371843c8e671854db6e89ba043fe08aef1845b8ece70db80f1cce853f591ca30d56ef7c3a15 flac-1.3.2.tar.xz" +sha512sums="63910e8ebbe508316d446ffc9eb6d02efbd5f47d29d2ea7864da9371843c8e671854db6e89ba043fe08aef1845b8ece70db80f1cce853f591ca30d56ef7c3a15 flac-1.3.2.tar.xz +ea241ba68a4e8d91d5db555ec8c459cff48ad8c3de511d0a92d4feb8b946a2173422015fdc9604240035ef315132fe4062ab3e6d4bc2d79aa1aed18defa32301 CVE-2017-6888.patch" diff --git a/user/flac/CVE-2017-6888.patch b/user/flac/CVE-2017-6888.patch new file mode 100644 index 000000000..080160bfb --- /dev/null +++ b/user/flac/CVE-2017-6888.patch @@ -0,0 +1,27 @@ +From 4f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo <erikd@mega-nerd.com> +Date: Sat, 8 Apr 2017 18:34:49 +1000 +Subject: [PATCH] stream_decoder.c: Fix a memory leak + +Leak reported by Secunia Research. +--- + src/libFLAC/stream_decoder.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index 14d5fe7f..a5527511 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -1753,6 +1753,9 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre + } + memset (obj->comments[i].entry, 0, obj->comments[i].length) ; + if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) { ++ /* Current i-th entry is bad, so we delete it. */ ++ free (obj->comments[i].entry) ; ++ obj->comments[i].entry = NULL ; + obj->num_comments = i; + goto skip; + } +-- +2.11.0 + |