head	1.2;
access;
symbols
	pkgsrc-2019Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2019.09.14.13.34.06;	author nia;	state dead;
branches;
next	1.1;
commitid	eVf0rNgIks360ZCB;

1.1
date	2019.07.11.09.03.35;	author nia;	state Exp;
branches
	1.1.2.1;
next	;
commitid	qSHZgz87hSXGABuB;

1.1.2.1
date	2019.07.11.09.03.35;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	CfDYJ95yh410fSuB;

1.1.2.2
date	2019.07.13.11.12.03;	author bsiegert;	state Exp;
branches;
next	;
commitid	CfDYJ95yh410fSuB;


desc
@@


1.2
log
@faad2: Update to 2.9.0

Changes:

[ Krzysztof Nikiel ]

    Build system fixes and code clean-up

[ LoRd_MuldeR ]

    Fix compiler warnings and code indentation
    Fix compilation with GCC <= 4.7.3
    MSVC solution file clean-up

[ Cameron Cawley ]

    Fix compilation with GCC 4.7.4
    Fix compilation with MinGW

[ Michael Fink ]

    MSVC 2017 project file update

[ Hugo Lefeuvre ]

    Fix crash with unsupported MP4 files (NULL pointer dereference,
    division by zero)
    CVE-2019-6956: ps_dec: sanitize iid_index before mixing
    CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
    CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
    parametric stereo (PS)
    CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
    CVE-2018-20358: syntax.c: check for syntax element inconsistencies
    CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
    CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
    borders

[ Hugo Beauzée-Luyssen ]

    CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows

[ Filip Roséen ]

    Prevent crash on SCE followed by CPE

[ Gianfranco Costamagna ]

    Fix linking with GCC 9 and "-Wl,--as-needed"

[ Fabian Greffrath ]

    Enable the frontend to be built reproducibly
@
text
@$NetBSD: patch-CVE-2018-20194,v 1.1 2019/07/11 09:03:35 nia Exp $

user passed f_table_lim contains frequency band borders. Frequency
bands are groups of consecutive QMF channels. This means that their
bounds, as provided by f_table_lim, should never exceed MAX_M (maximum
number of QMF channels). c.f. ISO/IEC 14496-3:2001

FAAD2 does not verify this, leading to security issues when
processing files defining f_table_lim with values > MAX_M.

This patch sanitizes the values of f_table_lim so that they can be safely
used as index for Q_M_lim and G_lim arrays.

Fixes CVE-2018-20194.

Upstream commit:
https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3.patch

--- libfaad/sbr_hfadj.c.orig	2017-07-06 19:16:40.000000000 +0000
+++ libfaad/sbr_hfadj.c
@@@@ -485,6 +485,12 @@@@ static void calculate_gain(sbr_info *sbr
             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
 
+            if (ml1 > MAX_M)
+                ml1 = MAX_M;
+
+            if (ml2 > MAX_M)
+                ml2 = MAX_M;
+
 
             /* calculate the accumulated E_orig and E_curr over the limiter band */
             for (m = ml1; m < ml2; m++)
@@@@ -949,6 +955,12 @@@@ static void calculate_gain(sbr_info *sbr
             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
 
+            if (ml1 > MAX_M)
+                ml1 = MAX_M;
+
+            if (ml2 > MAX_M)
+                ml2 = MAX_M;
+
 
             /* calculate the accumulated E_orig and E_curr over the limiter band */
             for (m = ml1; m < ml2; m++)
@@@@ -1193,6 +1205,12 @@@@ static void calculate_gain(sbr_info *sbr
             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
 
+            if (ml1 > MAX_M)
+                ml1 = MAX_M;
+
+            if (ml2 > MAX_M)
+                ml2 = MAX_M;
+
 
             /* calculate the accumulated E_orig and E_curr over the limiter band */
             for (m = ml1; m < ml2; m++)
@


1.1
log
@faad2: Backport some security fixes from upstream.

CVE-2018-20194:
https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3.patch

CVE-2018-20362:
https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14.patch

Misc buffer overflows:
https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174.patch
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-CVE-2018-20194 was added on branch pkgsrc-2019Q2 on 2019-07-13 11:12:03 +0000
@
text
@d1 59
@


1.1.2.2
log
@Pullup ticket #5996 - requested by nia
audio/faad2: security fix

Revisions pulled up:
- audio/faad2/Makefile                                          1.53
- audio/faad2/distinfo                                          1.27
- audio/faad2/patches/patch-CVE-2018-20194                      1.1
- audio/faad2/patches/patch-CVE-2018-20362                      1.1
- audio/faad2/patches/patch-libfaad_bits.c                      1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Jul 11 09:03:35 UTC 2019

   Modified Files:
   	pkgsrc/audio/faad2: Makefile distinfo
   Added Files:
   	pkgsrc/audio/faad2/patches: patch-CVE-2018-20194 patch-CVE-2018-20362
   	    patch-libfaad_bits.c

   Log Message:
   faad2: Backport some security fixes from upstream.

   CVE-2018-20194:
   https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3.patch

   CVE-2018-20362:
   https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14.patch

   Misc buffer overflows:
   https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174.patch
@
text
@a0 59
$NetBSD: patch-CVE-2018-20194,v 1.1 2019/07/11 09:03:35 nia Exp $

user passed f_table_lim contains frequency band borders. Frequency
bands are groups of consecutive QMF channels. This means that their
bounds, as provided by f_table_lim, should never exceed MAX_M (maximum
number of QMF channels). c.f. ISO/IEC 14496-3:2001

FAAD2 does not verify this, leading to security issues when
processing files defining f_table_lim with values > MAX_M.

This patch sanitizes the values of f_table_lim so that they can be safely
used as index for Q_M_lim and G_lim arrays.

Fixes CVE-2018-20194.

Upstream commit:
https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3.patch

--- libfaad/sbr_hfadj.c.orig	2017-07-06 19:16:40.000000000 +0000
+++ libfaad/sbr_hfadj.c
@@@@ -485,6 +485,12 @@@@ static void calculate_gain(sbr_info *sbr
             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
 
+            if (ml1 > MAX_M)
+                ml1 = MAX_M;
+
+            if (ml2 > MAX_M)
+                ml2 = MAX_M;
+
 
             /* calculate the accumulated E_orig and E_curr over the limiter band */
             for (m = ml1; m < ml2; m++)
@@@@ -949,6 +955,12 @@@@ static void calculate_gain(sbr_info *sbr
             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
 
+            if (ml1 > MAX_M)
+                ml1 = MAX_M;
+
+            if (ml2 > MAX_M)
+                ml2 = MAX_M;
+
 
             /* calculate the accumulated E_orig and E_curr over the limiter band */
             for (m = ml1; m < ml2; m++)
@@@@ -1193,6 +1205,12 @@@@ static void calculate_gain(sbr_info *sbr
             ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
             ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
 
+            if (ml1 > MAX_M)
+                ml1 = MAX_M;
+
+            if (ml2 > MAX_M)
+                ml2 = MAX_M;
+
 
             /* calculate the accumulated E_orig and E_curr over the limiter band */
             for (m = ml1; m < ml2; m++)
@