Bump Buildroot Version to buildroot 2019_02_6

2019-10-25 11:46:00 +02:00
parent e07322a5a8
commit c1075f68da
549 changed files with 6692 additions and 4165 deletions
--- a/bsp/buildroot/package/faad2/0001-syntax.c-check-for-syntax-element-inconsistencies.patch
+++ b/bsp/buildroot/package/faad2/0001-syntax.c-check-for-syntax-element-inconsistencies.patch
@@ -0,0 +1,64 @@
+From 466b01d504d7e45f1e9169ac90b3e34ab94aed14 Mon Sep 17 00:00:00 2001
+From: Hugo Lefeuvre <hle@debian.org>
+Date: Mon, 25 Feb 2019 10:49:03 +0100
+Subject: [PATCH] syntax.c: check for syntax element inconsistencies
+
+Implicit channel mapping reconfiguration is explicitely forbidden by
+ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such
+files and reject them. FAAD2 does not perform any kind of checks
+regarding this.
+
+This leads to security vulnerabilities when processing crafted AAC
+files performing such reconfigurations.
+
+Add checks to decode_sce_lfe and decode_cpe to make sure such
+inconsistencies are detected as early as possible.
+
+These checks first read hDecoder->frame: if this is not the first
+frame then we make sure that the syntax element at the same position
+in the previous frame also had element_id id_syn_ele. If not, return
+21 as this is a fatal file structure issue.
+
+This patch addresses CVE-2018-20362 (fixes #26) and possibly other
+related issues.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 466b01d504d7
+
+ libfaad/syntax.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/libfaad/syntax.c b/libfaad/syntax.c
+index f8e808c269c0..e7fb11381e46 100644
+--- a/libfaad/syntax.c
+++ b/libfaad/syntax.c
+@@ -344,6 +344,12 @@ static void decode_sce_lfe(NeAACDecStruct *hDecoder,
+        can become 2 when some form of Parametric Stereo coding is used
+     */
+ 
+    if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
+        /* element inconsistency */
+        hInfo->error = 21;
+        return;
+    }
+
+     /* save the syntax element id */
+     hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
+ 
+@@ -395,6 +401,12 @@ static void decode_cpe(NeAACDecStruct *hDecoder, NeAACDecFrameInfo *hInfo, bitfi
+         return;
+     }
+ 
+    if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
+        /* element inconsistency */
+        hInfo->error = 21;
+        return;
+    }
+
+     /* save the syntax element id */
+     hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
+ 
+-- 
+2.20.1
+