From patchwork Sun Jan 12 22:25:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1221888 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=kjz95iYZ; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47wrqT0GHHz9s29 for ; Mon, 13 Jan 2020 09:24:21 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 8E0F320012; Sun, 12 Jan 2020 22:24:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEFuqSUxRl8B; Sun, 12 Jan 2020 22:24:15 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id BF7BC2035B; Sun, 12 Jan 2020 22:24:15 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 18F371BF3F6 for ; Sun, 12 Jan 2020 22:24:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 145F42035B for ; Sun, 12 Jan 2020 22:24:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKhHt7USvhVN for ; Sun, 12 Jan 2020 22:24:12 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by silver.osuosl.org (Postfix) with ESMTPS id 2C63420012 for ; Sun, 12 Jan 2020 22:24:12 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id q10so6739144wrm.11 for ; Sun, 12 Jan 2020 14:24:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uI2gXry1dJVdCt1ABHzN4vJvFV7OgpsZsQzyiuYJBTA=; b=kjz95iYZ8wBui8x8uKP7USdYyHY1zhpRSqZBhqy4LrQrhgqJxpiOCBbEIi4crPdq7k baqDfB6mz0X4KZxrva8cDda7ZZlIr7cDtD/4YCQrRXmO4QS/OvbgdUv/Ib2qjAu8Nz1g XVOVo9IKpEO6xH1nbKc/I40FQlv0S4KrXC1AuyucX139ujWcNug08qJQwasMpNuTblYI 9SN8qccSG6B0ozX6UsbJ8P8nI+o4vC/Ptgzu0g7K/VxCxKJ4IY4PwOiQg0wcm8zn/JuP tphrRRchcen23qk6skEunXMWXnXM6rNOPie+dyBS75A/vH+UZycuB3nuYnYvpm87BGnR 5jIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uI2gXry1dJVdCt1ABHzN4vJvFV7OgpsZsQzyiuYJBTA=; b=aMqCLaSRPKOo6PYIqmqHTYHVEW5bSUOJm8e4D9xck6B5S3SQl0UmSB7HhqQvQlSsvh RnrQg1pSlJ2NrLveR8gopK9XiRr27rht1CAyrvlr7fUkR2sbRsjCmA+mwMJZ/N+Oxtuv gbHwbgbw7RzM1VafHelxyua6GRbujLLiWFodcyTYNKiUkExbduJIuPiLStvlMUCfS74D OI/YAvAEiwAAsFkIFdeuk9BLwvnXNF0QhQxu85r26XYvrZ+81n6GXFIcyDfZosCqfF1I kHqXS9JSZ5z1zN1hd9CuvUAo/yhwusOXS8AIXvpjPZSYCR2XidxcDUbmkY2q9O7vilpS S2vA== X-Gm-Message-State: APjAAAUZJfRAFl5CJzVhWYk+ejw6cv+T7P/83npPgM5tvFWm6/+QIqWa 17EQkwecF6II6XqoO2kDjc/tKGee X-Google-Smtp-Source: APXvYqzw+0yf4LZDXq3OPCe+4lbP6DNxKpQQKrbI3g/5if44WQ1t5USn532YDldOHoD9I9LB/JUTnA== X-Received: by 2002:a5d:4281:: with SMTP id k1mr15481564wrq.72.1578867850286; Sun, 12 Jan 2020 14:24:10 -0800 (PST) Received: from kali.home (lfbn-ren-1-602-70.w81-53.abo.wanadoo.fr. [81.53.179.70]) by smtp.gmail.com with ESMTPSA id u8sm11815436wmm.15.2020.01.12.14.24.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Jan 2020 14:24:09 -0800 (PST) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Sun, 12 Jan 2020 23:25:08 +0100 Message-Id: <20200112222508.3727142-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/faad2: bump to version 2.9.1 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - Switch site to github to get latest release - Remove all patches (already in version) Signed-off-by: Fabrice Fontaine --- ...k-for-syntax-element-inconsistencies.patch | 64 ----------------- ...fadj-sanitize-frequency-band-borders.patch | 71 ------------------- .../0003-Fix-a-couple-buffer-overflows.patch | 50 ------------- ...prevent-crash-on-SCE-followed-by-CPE.patch | 54 -------------- package/faad2/faad2.hash | 5 +- package/faad2/faad2.mk | 7 +- 6 files changed, 5 insertions(+), 246 deletions(-) delete mode 100644 package/faad2/0001-syntax.c-check-for-syntax-element-inconsistencies.patch delete mode 100644 package/faad2/0002-sbr_hfadj-sanitize-frequency-band-borders.patch delete mode 100644 package/faad2/0003-Fix-a-couple-buffer-overflows.patch delete mode 100644 package/faad2/0004-add-patch-to-prevent-crash-on-SCE-followed-by-CPE.patch diff --git a/package/faad2/0001-syntax.c-check-for-syntax-element-inconsistencies.patch b/package/faad2/0001-syntax.c-check-for-syntax-element-inconsistencies.patch deleted file mode 100644 index de97dbbaf0..0000000000 --- a/package/faad2/0001-syntax.c-check-for-syntax-element-inconsistencies.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 466b01d504d7e45f1e9169ac90b3e34ab94aed14 Mon Sep 17 00:00:00 2001 -From: Hugo Lefeuvre -Date: Mon, 25 Feb 2019 10:49:03 +0100 -Subject: [PATCH] syntax.c: check for syntax element inconsistencies - -Implicit channel mapping reconfiguration is explicitely forbidden by -ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such -files and reject them. FAAD2 does not perform any kind of checks -regarding this. - -This leads to security vulnerabilities when processing crafted AAC -files performing such reconfigurations. - -Add checks to decode_sce_lfe and decode_cpe to make sure such -inconsistencies are detected as early as possible. - -These checks first read hDecoder->frame: if this is not the first -frame then we make sure that the syntax element at the same position -in the previous frame also had element_id id_syn_ele. If not, return -21 as this is a fatal file structure issue. - -This patch addresses CVE-2018-20362 (fixes #26) and possibly other -related issues. - -Signed-off-by: Baruch Siach ---- -Upstream status: commit 466b01d504d7 - - libfaad/syntax.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/libfaad/syntax.c b/libfaad/syntax.c -index f8e808c269c0..e7fb11381e46 100644 ---- a/libfaad/syntax.c -+++ b/libfaad/syntax.c -@@ -344,6 +344,12 @@ static void decode_sce_lfe(NeAACDecStruct *hDecoder, - can become 2 when some form of Parametric Stereo coding is used - */ - -+ if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) { -+ /* element inconsistency */ -+ hInfo->error = 21; -+ return; -+ } -+ - /* save the syntax element id */ - hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele; - -@@ -395,6 +401,12 @@ static void decode_cpe(NeAACDecStruct *hDecoder, NeAACDecFrameInfo *hInfo, bitfi - return; - } - -+ if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) { -+ /* element inconsistency */ -+ hInfo->error = 21; -+ return; -+ } -+ - /* save the syntax element id */ - hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele; - --- -2.20.1 - diff --git a/package/faad2/0002-sbr_hfadj-sanitize-frequency-band-borders.patch b/package/faad2/0002-sbr_hfadj-sanitize-frequency-band-borders.patch deleted file mode 100644 index 9c580f9339..0000000000 --- a/package/faad2/0002-sbr_hfadj-sanitize-frequency-band-borders.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 6b4a7cde30f2e2cb03e78ef476cc73179cfffda3 Mon Sep 17 00:00:00 2001 -From: Hugo Lefeuvre -Date: Thu, 11 Apr 2019 09:34:07 +0200 -Subject: [PATCH] sbr_hfadj: sanitize frequency band borders - -user passed f_table_lim contains frequency band borders. Frequency -bands are groups of consecutive QMF channels. This means that their -bounds, as provided by f_table_lim, should never exceed MAX_M (maximum -number of QMF channels). c.f. ISO/IEC 14496-3:2001 - -FAAD2 does not verify this, leading to security issues when -processing files defining f_table_lim with values > MAX_M. - -This patch sanitizes the values of f_table_lim so that they can be safely -used as index for Q_M_lim and G_lim arrays. - -Fixes #21 (CVE-2018-20194). - -Signed-off-by: Baruch Siach ---- -Upstream status: commit 6b4a7cde30f2e - - libfaad/sbr_hfadj.c | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/libfaad/sbr_hfadj.c b/libfaad/sbr_hfadj.c -index 3f310b8190d7..dda1ce8e249b 100644 ---- a/libfaad/sbr_hfadj.c -+++ b/libfaad/sbr_hfadj.c -@@ -485,6 +485,12 @@ static void calculate_gain(sbr_info *sbr, sbr_hfadj_info *adj, uint8_t ch) - ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k]; - ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1]; - -+ if (ml1 > MAX_M) -+ ml1 = MAX_M; -+ -+ if (ml2 > MAX_M) -+ ml2 = MAX_M; -+ - - /* calculate the accumulated E_orig and E_curr over the limiter band */ - for (m = ml1; m < ml2; m++) -@@ -949,6 +955,12 @@ static void calculate_gain(sbr_info *sbr, sbr_hfadj_info *adj, uint8_t ch) - ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k]; - ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1]; - -+ if (ml1 > MAX_M) -+ ml1 = MAX_M; -+ -+ if (ml2 > MAX_M) -+ ml2 = MAX_M; -+ - - /* calculate the accumulated E_orig and E_curr over the limiter band */ - for (m = ml1; m < ml2; m++) -@@ -1193,6 +1205,12 @@ static void calculate_gain(sbr_info *sbr, sbr_hfadj_info *adj, uint8_t ch) - ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k]; - ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1]; - -+ if (ml1 > MAX_M) -+ ml1 = MAX_M; -+ -+ if (ml2 > MAX_M) -+ ml2 = MAX_M; -+ - - /* calculate the accumulated E_orig and E_curr over the limiter band */ - for (m = ml1; m < ml2; m++) --- -2.20.1 - diff --git a/package/faad2/0003-Fix-a-couple-buffer-overflows.patch b/package/faad2/0003-Fix-a-couple-buffer-overflows.patch deleted file mode 100644 index 6ae7608771..0000000000 --- a/package/faad2/0003-Fix-a-couple-buffer-overflows.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 942c3e0aee748ea6fe97cb2c1aa5893225316174 Mon Sep 17 00:00:00 2001 -From: Fabian Greffrath -Date: Mon, 10 Jun 2019 13:58:40 +0200 -Subject: [PATCH] Fix a couple buffer overflows - -https://hackerone.com/reports/502816 -https://hackerone.com/reports/507858 - -https://github.com/videolan/vlc/blob/master/contrib/src/faad2/faad2-fix-overflows.patch - -Signed-off-by: Baruch Siach ---- -Upstream status: commit 942c3e0aee748ea6 - - libfaad/bits.c | 5 ++++- - libfaad/syntax.c | 2 ++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/libfaad/bits.c b/libfaad/bits.c -index dc14d7a03952..4c0de24a5d9c 100644 ---- a/libfaad/bits.c -+++ b/libfaad/bits.c -@@ -167,7 +167,10 @@ void faad_resetbits(bitfile *ld, int bits) - int words = bits >> 5; - int remainder = bits & 0x1F; - -- ld->bytes_left = ld->buffer_size - words*4; -+ if (ld->buffer_size < words * 4) -+ ld->bytes_left = 0; -+ else -+ ld->bytes_left = ld->buffer_size - words*4; - - if (ld->bytes_left >= 4) - { -diff --git a/libfaad/syntax.c b/libfaad/syntax.c -index e7fb11381e46..c9925435dbd0 100644 ---- a/libfaad/syntax.c -+++ b/libfaad/syntax.c -@@ -2304,6 +2304,8 @@ static uint8_t excluded_channels(bitfile *ld, drc_info *drc) - while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld - DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1) - { -+ if (i >= MAX_CHANNELS - num_excl_chan - 7) -+ return n; - for (i = num_excl_chan; i < num_excl_chan+7; i++) - { - drc->exclude_mask[i] = faad_get1bit(ld --- -2.20.1 - diff --git a/package/faad2/0004-add-patch-to-prevent-crash-on-SCE-followed-by-CPE.patch b/package/faad2/0004-add-patch-to-prevent-crash-on-SCE-followed-by-CPE.patch deleted file mode 100644 index b759b037e0..0000000000 --- a/package/faad2/0004-add-patch-to-prevent-crash-on-SCE-followed-by-CPE.patch +++ /dev/null @@ -1,54 +0,0 @@ -From f1f8e002622196de3aa650163e5dc2888ebc7a63 Mon Sep 17 00:00:00 2001 -From: Fabian Greffrath -Date: Mon, 10 Jun 2019 13:59:49 +0200 -Subject: [PATCH] add patch to prevent crash on SCE followed by CPE - -hDecoder->element_alloced denotes whether or not we have allocated memory for -usage in terms of the specified channel element. Given that it previously only -had two states (1 meaning allocated, and 0 meaning not allocated), it would not -allocate enough memory for parsing a CPE it if is preceeded by a SCE (and -therefor crash). - -These changes fixes the issue by making sure that we allocate additional memory -if so is necessary, and the set of values for hDecoder->element_alloced[n] is -now: - - 0 = nothing allocated - 1 = allocated enough for SCE - 2 = allocated enough for CPE - -All branches that depend on hDecoder->element_alloced[n] prior to this patch -only checks if the value is, or is not, zero. The added state, 2, is therefor -correctly handled automatically. - -https://github.com/videolan/vlc/blob/master/contrib/src/faad2/faad2-fix-cpe-reconstruction.patch - -Signed-off-by: Baruch Siach ---- -Upstream status: commit f1f8e002622196d - libfaad/specrec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libfaad/specrec.c b/libfaad/specrec.c -index 9797d6e79468..0e72207fc9c0 100644 ---- a/libfaad/specrec.c -+++ b/libfaad/specrec.c -@@ -1109,13 +1109,13 @@ uint8_t reconstruct_channel_pair(NeAACDecStruct *hDecoder, ic_stream *ics1, ic_s - #ifdef PROFILE - int64_t count = faad_get_ts(); - #endif -- if (hDecoder->element_alloced[hDecoder->fr_ch_ele] == 0) -+ if (hDecoder->element_alloced[hDecoder->fr_ch_ele] != 2) - { - retval = allocate_channel_pair(hDecoder, cpe->channel, (uint8_t)cpe->paired_channel); - if (retval > 0) - return retval; - -- hDecoder->element_alloced[hDecoder->fr_ch_ele] = 1; -+ hDecoder->element_alloced[hDecoder->fr_ch_ele] = 2; - } - - /* dequantisation and scaling */ --- -2.20.1 - diff --git a/package/faad2/faad2.hash b/package/faad2/faad2.hash index 2c6acee3d7..1a03bc9b7b 100644 --- a/package/faad2/faad2.hash +++ b/package/faad2/faad2.hash @@ -1,6 +1,3 @@ -# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.8.0/ (used by upstream): -md5 28f6116efdbe9378269f8a6221767d1f faad2-2.8.8.tar.gz -sha1 0d49c516d4a83c39053a9bd214fddba72cbc34ad faad2-2.8.8.tar.gz # Locally computed -sha256 985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d faad2-2.8.8.tar.gz +sha256 7fa33cff76abdda5a220ca5de0b2e05a77354f3b97f735193c2940224898aa9a faad2-2.9.1.tar.gz sha256 d3baf3a54943cf12a994c85867a18dec84f810901b2f2878ddfd77efcc3c150f COPYING diff --git a/package/faad2/faad2.mk b/package/faad2/faad2.mk index 27daadfc12..9ec9d8f52c 100644 --- a/package/faad2/faad2.mk +++ b/package/faad2/faad2.mk @@ -4,13 +4,14 @@ # ################################################################################ -FAAD2_VERSION_MAJOR = 2.8 -FAAD2_VERSION = $(FAAD2_VERSION_MAJOR).8 -FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION_MAJOR).0 +FAAD2_VERSION = 2.9.1 +FAAD2_SITE = $(call github,knik0,faad2,$(subst .,_,$(FAAD2_VERSION))) FAAD2_LICENSE = GPL-2.0 FAAD2_LICENSE_FILES = COPYING # frontend/faad calls frexp() FAAD2_CONF_ENV = LIBS=-lm FAAD2_INSTALL_STAGING = YES +# From git +FAAD2_AUTORECONF = YES $(eval $(autotools-package))