Request 5004 (accepted)

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Overview

Request 5004 (accepted)

- Update version to 2.9.1
* Include stdio.h in libfaad/ps_dec.c for stderr (Michael Fink)
* Fix Tille -> Title typo in frontend/mp4read.c (Alexander Thomas)
* Build system fixes and code clean-up
* Fix compiler warnings and code indentation
* Fix compilation with GCC <= 4.7.3
* MSVC solution file clean-up
* Fix compilation with GCC 4.7.4
* Fix compilation with MinGW
* MSVC 2017 project file update
* Fix crash with unsupported MP4 files (NULL pointer dereference,
* division by zero)
* CVE-2019-6956: ps_dec: sanitize iid_index before mixing
* CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
* CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
* parametric stereo (PS)
* CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
* CVE-2018-20358: syntax.c: check for syntax element inconsistencies
* CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
* CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
* borders
* CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
* Prevent crash on SCE followed by CPE
* Fix linking with GCC 9 and "-Wl,--as-needed"
* Enable the frontend to be built reproducibly
- Drop patches: Fix-a-couple-buffer-overflows.patch,
syntax.c-check-for-syntax-element-inconsistencies.patch
sbr_hfadj-sanitize-frequency-band-borders.patch
merged by upstream.
- Drop faad2-pic-fix.patch, all files are non-existent which need to be patched. (forwarded request 5003 from hillwood)

Created by hillwood about 4 years ago
In state accepted
Package maintainers: detrei and mantre

Submit faad2

Submit package Staging / faad2 to package Essentials / faad2

faad2.changes Changed

@@ -1,4 +1,38 @@
 -------------------------------------------------------------------
+Thu Feb 13 08:58:00 UTC 2020 - Hillwood Yang <hillwood@opensuse.org>
+
+- Update version to 2.9.1
+  * Include stdio.h in libfaad/ps_dec.c for stderr (Michael Fink)
+  * Fix Tille -> Title typo in frontend/mp4read.c (Alexander Thomas)
+  * Build system fixes and code clean-up 
+  * Fix compiler warnings and code indentation
+  * Fix compilation with GCC <= 4.7.3
+  * MSVC solution file clean-up
+  * Fix compilation with GCC 4.7.4
+  * Fix compilation with MinGW
+  * MSVC 2017 project file update
+  * Fix crash with unsupported MP4 files (NULL pointer dereference,
+  * division by zero)
+  * CVE-2019-6956: ps_dec: sanitize iid_index before mixing
+  * CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
+  * CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
+  * parametric stereo (PS)
+  * CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
+  * CVE-2018-20358: syntax.c: check for syntax element inconsistencies
+  * CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
+  * CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
+  * borders
+  * CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
+  * Prevent crash on SCE followed by CPE
+  * Fix linking with GCC 9 and "-Wl,--as-needed"
+  * Enable the frontend to be built reproducibly
+- Drop patches: Fix-a-couple-buffer-overflows.patch,
+                syntax.c-check-for-syntax-element-inconsistencies.patch
+                sbr_hfadj-sanitize-frequency-band-borders.patch
+  merged by upstream.
+- Drop faad2-pic-fix.patch, all files are non-existent which need to be patched.
+
+-------------------------------------------------------------------
 Thu Aug 29 15:40:36 UTC 2019 - Bjørn Lie <zaitor@opensuse.org>
 
 - Add patches from debian fixing CVE-2018-20194 and CVE-2018-20362

faad2.spec Changed

@@ -6,26 +6,23 @@
 %define major      2
 %define lib        libfaad
 %define libname    %{lib}%{major}
+%define _version   2_9_1
 
 %bcond_with    xmms
 # mpeg4ip is built without gmp4player, it makes no sense to build the plugin
 %bcond_with mpeg4ip
 
 Name:           faad2
-Version:        2.8.8
+Version:        2.9.1
 Release:        1
 License:        GPL-2.0+
 Summary:        C library and frontend for decoding MPEG2/4 AAC
 Summary(de):    C Bibliothek und Frontend zum Decodieren von MPEG2/4 AAC
 Url:            http://www.audiocoding.com/
 Group:          Productivity/Multimedia/Video/Editors and Convertors
-Source0:        http://downloads.sourceforge.net/project/faac/%{name}-src/%{name}-%{version}/%{name}-%{version}.tar.gz
+Source0:        https://github.com/knik0/faad2/archive/%{_version}/%{name}-%{version}.tar.gz
 Patch0:         %{name}-visibility.patch
 Patch1:         faad2-PACKAGE_VERSION.patch
-Patch2:         faad2-pic-fix.patch
-Patch3:         Fix-a-couple-buffer-overflows.patch
-Patch4:         syntax.c-check-for-syntax-element-inconsistencies.patch
-Patch5:         sbr_hfadj-sanitize-frequency-band-borders.patch
 Requires:       %{libname} = %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{with mpeg4ip}
@@ -120,13 +117,9 @@
 %endif
 
 %prep
-%setup -q
+%setup -q -n %{name}-%{_version}
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
 
 %build
 autoreconf -ifv
@@ -152,7 +145,8 @@
 
 %files
 %defattr(-, root, root)
-%doc AUTHORS COPYING ChangeLog NEWS README TODO
+%doc AUTHORS ChangeLog NEWS README TODO
+%license COPYING
 %{_bindir}/faad
 %{_mandir}/man1/faad.1.gz

Fix-a-couple-buffer-overflows.patch Deleted

@@ -1,40 +0,0 @@
-From: =?utf-8?q?Hugo_Beauz=C3=A9e-Luyssen?= <hugo@beauzee.fr>
-Date: Fri, 7 Jun 2019 20:02:57 +0200
-Subject: Fix a couple buffer overflows
-
-https://hackerone.com/reports/502816
-https://hackerone.com/reports/507858
----
- libfaad/bits.c   | 5 ++++-
- libfaad/syntax.c | 2 ++
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/libfaad/bits.c b/libfaad/bits.c
-index dc14d7a..4c0de24 100644
---- a/libfaad/bits.c
-+++ b/libfaad/bits.c
-@@ -167,7 +167,10 @@ void faad_resetbits(bitfile *ld, int bits)
-     int words = bits >> 5;
-     int remainder = bits & 0x1F;
- 
--    ld->bytes_left = ld->buffer_size - words*4;
-+    if (ld->buffer_size < words * 4)
-+        ld->bytes_left = 0;
-+    else
-+        ld->bytes_left = ld->buffer_size - words*4;
- 
-     if (ld->bytes_left >= 4)
-     {
-diff --git a/libfaad/syntax.c b/libfaad/syntax.c
-index e7fb113..c992543 100644
---- a/libfaad/syntax.c
-+++ b/libfaad/syntax.c
-@@ -2304,6 +2304,8 @@ static uint8_t excluded_channels(bitfile *ld, drc_info *drc)
-     while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
-         DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1)
-     {
-+        if (i >= MAX_CHANNELS - num_excl_chan - 7)
-+            return n;
-         for (i = num_excl_chan; i < num_excl_chan+7; i++)
-         {
-             drc->exclude_mask[i] = faad_get1bit(ld

faad2-PACKAGE_VERSION.patch Changed

@@ -1,21 +1,12 @@
---- a/frontend/main.c
-+++ b/frontend/main.c
-@@ -1194,7 +1194,6 @@ int main(int argc, char *argv[])
-     NeAACDecGetVersion(&faad_id_string, &faad_copyright_string);
- 
-     faad_fprintf(stderr, " *********** Ahead Software MPEG-4 AAC Decoder V%s ******************\n\n", faad_id_string);
--    faad_fprintf(stderr, " Build: %s\n", __DATE__);
-     faad_fprintf(stderr, "%s", faad_copyright_string);
-     if (cap & FIXED_POINT_CAP)
-         faad_fprintf(stderr, " Fixed point version\n");
---- a/include/neaacdec.h
-+++ b/include/neaacdec.h
-@@ -67,7 +67,7 @@ extern "C" {
+diff -Nur faad2-2_9_1/include/neaacdec.h faad2-2_9_1-new/include/neaacdec.h
+--- faad2-2_9_1/include/neaacdec.h	2020-02-13 18:22:42.051817000 +0800
++++ faad2-2_9_1-new/include/neaacdec.h	2020-02-13 19:18:47.643268316 +0800
+@@ -69,7 +69,7 @@
    #define NEAACDECAPI
  #endif
  
 -#define FAAD2_VERSION "unknown"
-+#define FAAD2_VERSION "2.8.6"
++#define FAAD2_VERSION "2.9.1"
  
  /* object types for AAC */
  #define MAIN       1

faad2-pic-fix.patch Deleted

faad2-visibility.patch Changed

@@ -1,6 +1,6 @@
-diff -Nur faad2-2.8.5/configure.ac faad2-2.8.5-new/configure.ac
---- faad2-2.8.5/configure.ac	2017-09-30 15:42:38.000000000 +0800
-+++ faad2-2.8.5-new/configure.ac	2017-10-09 16:21:20.093673596 +0800
+diff -Nur faad2-2_9_1/configure.ac faad2-2_9_1-new/configure.ac
+--- faad2-2_9_1/configure.ac	2019-11-04 18:22:03.000000000 +0800
++++ faad2-2_9_1-new/configure.ac	2020-02-13 16:49:34.294512000 +0800
 @@ -16,7 +16,9 @@
  AC_SUBST(LIBTOOL_DEPS)
  
@@ -12,7 +12,7 @@
  AM_PROG_CC_C_O
  AC_PROG_CPP
  dnl disable for mpeg4ip plugin
-@@ -75,43 +77,7 @@
+@@ -75,46 +77,7 @@
  fi
  ])
  
@@ -33,7 +33,9 @@
 -  ac_cv_c99_lrintf,
 -[
 -lrintf_save_CFLAGS=$CFLAGS
--CFLAGS="-O -lm"
+-lrintf_save_LIBS=$LIBS
+-CFLAGS="-O"
+-LIBS="-lm"
 -AC_TRY_LINK([
 -#define         _ISOC9X_SOURCE  1
 -#define         _ISOC99_SOURCE  1
@@ -44,6 +46,7 @@
 -], if (!lrintf(3.14159)) lrintf(2.7183);, ac_cv_c99_lrintf=yes, ac_cv_c99_lrintf=no)
 -
 -CFLAGS=$lrintf_save_CFLAGS
+-LIBS=$lrintf_save_LIBS
 -
 -])
 -
@@ -57,9 +60,9 @@
  
  MY_CHECK_TYPEDEF_FROM_INCLUDE([float32_t temp],
          [#include <sys/types.h>,
-diff -Nur faad2-2.8.5/include/neaacdec.h faad2-2.8.5-new/include/neaacdec.h
---- faad2-2.8.5/include/neaacdec.h	2017-07-20 18:12:08.000000000 +0800
-+++ faad2-2.8.5-new/include/neaacdec.h	2017-10-09 16:18:42.381314655 +0800
+diff -Nur faad2-2_9_1/include/neaacdec.h faad2-2_9_1-new/include/neaacdec.h
+--- faad2-2_9_1/include/neaacdec.h	2019-11-04 18:22:03.000000000 +0800
++++ faad2-2_9_1-new/include/neaacdec.h	2020-02-13 16:50:25.338189000 +0800
 @@ -31,6 +31,8 @@
  #ifndef __NEAACDEC_H__
  #define __NEAACDEC_H__
@@ -69,10 +72,10 @@
  #ifdef __cplusplus
  extern "C" {
  #endif /* __cplusplus */
-@@ -262,5 +264,6 @@
- #ifdef __cplusplus
+@@ -257,4 +259,6 @@
  }
  #endif /* __cplusplus */
-+#pragma GCC visibility pop
  
++#pragma GCC visibility pop
++
  #endif

sbr_hfadj-sanitize-frequency-band-borders.patch Deleted

@@ -1,67 +0,0 @@
-From 6b4a7cde30f2e2cb03e78ef476cc73179cfffda3 Mon Sep 17 00:00:00 2001
-From: Hugo Lefeuvre <hle@debian.org>
-Date: Thu, 11 Apr 2019 09:34:07 +0200
-Subject: [PATCH 10/10] sbr_hfadj: sanitize frequency band borders
-
-user passed f_table_lim contains frequency band borders. Frequency
-bands are groups of consecutive QMF channels. This means that their
-bounds, as provided by f_table_lim, should never exceed MAX_M (maximum
-number of QMF channels). c.f. ISO/IEC 14496-3:2001
-
-FAAD2 does not verify this, leading to security issues when
-processing files defining f_table_lim with values > MAX_M.
-
-This patch sanitizes the values of f_table_lim so that they can be safely
-used as index for Q_M_lim and G_lim arrays.
-
-Fixes #21 (CVE-2018-20194).
----
- libfaad/sbr_hfadj.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/libfaad/sbr_hfadj.c b/libfaad/sbr_hfadj.c
-index 3f310b8..dda1ce8 100644
---- a/libfaad/sbr_hfadj.c
-+++ b/libfaad/sbr_hfadj.c
-@@ -485,6 +485,12 @@ static void calculate_gain(sbr_info *sbr, sbr_hfadj_info *adj, uint8_t ch)
-             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
-             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
- 
-+            if (ml1 > MAX_M)
-+                ml1 = MAX_M;
-+
-+            if (ml2 > MAX_M)
-+                ml2 = MAX_M;
-+
- 
-             /* calculate the accumulated E_orig and E_curr over the limiter band */
-             for (m = ml1; m < ml2; m++)
-@@ -949,6 +955,12 @@ static void calculate_gain(sbr_info *sbr, sbr_hfadj_info *adj, uint8_t ch)
-             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
-             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
- 
-+            if (ml1 > MAX_M)
-+                ml1 = MAX_M;
-+
-+            if (ml2 > MAX_M)
-+                ml2 = MAX_M;
-+
- 
-             /* calculate the accumulated E_orig and E_curr over the limiter band */
-             for (m = ml1; m < ml2; m++)
-@@ -1193,6 +1205,12 @@ static void calculate_gain(sbr_info *sbr, sbr_hfadj_info *adj, uint8_t ch)
-             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
-             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
- 
-+            if (ml1 > MAX_M)
-+                ml1 = MAX_M;
-+
-+            if (ml2 > MAX_M)
-+                ml2 = MAX_M;
-+
- 
-             /* calculate the accumulated E_orig and E_curr over the limiter band */
-             for (m = ml1; m < ml2; m++)
--- 
-2.20.1
-

syntax.c-check-for-syntax-element-inconsistencies.patch Deleted

@@ -1,60 +0,0 @@
-From 466b01d504d7e45f1e9169ac90b3e34ab94aed14 Mon Sep 17 00:00:00 2001
-From: Hugo Lefeuvre <hle@debian.org>
-Date: Mon, 25 Feb 2019 10:49:03 +0100
-Subject: [PATCH 09/10] syntax.c: check for syntax element inconsistencies
-
-Implicit channel mapping reconfiguration is explicitely forbidden by
-ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such
-files and reject them. FAAD2 does not perform any kind of checks
-regarding this.
-
-This leads to security vulnerabilities when processing crafted AAC
-files performing such reconfigurations.
-
-Add checks to decode_sce_lfe and decode_cpe to make sure such
-inconsistencies are detected as early as possible.
-
-These checks first read hDecoder->frame: if this is not the first
-frame then we make sure that the syntax element at the same position
-in the previous frame also had element_id id_syn_ele. If not, return
-21 as this is a fatal file structure issue.
-
-This patch addresses CVE-2018-20362 (fixes #26) and possibly other
-related issues.
----
- libfaad/syntax.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/libfaad/syntax.c b/libfaad/syntax.c
-index f8e808c..e7fb113 100644
---- a/libfaad/syntax.c
-+++ b/libfaad/syntax.c
-@@ -344,6 +344,12 @@ static void decode_sce_lfe(NeAACDecStruct *hDecoder,
-        can become 2 when some form of Parametric Stereo coding is used
-     */
- 
-+    if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
-+        /* element inconsistency */
-+        hInfo->error = 21;
-+        return;
-+    }
-+
-     /* save the syntax element id */
-     hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
- 
-@@ -395,6 +401,12 @@ static void decode_cpe(NeAACDecStruct *hDecoder, NeAACDecFrameInfo *hInfo, bitfi
-         return;
-     }
- 
-+    if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
-+        /* element inconsistency */
-+        hInfo->error = 21;
-+        return;
-+    }
-+
-     /* save the syntax element id */
-     hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
- 
--- 
-2.20.1
-

faad2-2.8.8.tar.gz -> faad2-2.9.1.tar.gz Changed

Build Results
RPM Lint

Refresh

Mentioned Issues (17)

CVE-2018-19502
CVE-2018-19503
CVE-2018-19504
CVE-2018-20194
CVE-2018-20195
CVE-2018-20196
CVE-2018-20197
CVE-2018-20198
CVE-2018-20199
CVE-2018-20357
CVE-2018-20358
CVE-2018-20359
CVE-2018-20360
CVE-2018-20361
CVE-2018-20362
CVE-2019-15296
CVE-2019-6956

Comments for request 5004 0

Request History

hillwood created request about 4 years ago

hillwood accepted request about 4 years ago