Add upstream patches for

CVE-2014-8962: Heap buffer read overflow
CVE-2014-9028: Heap buffer write overflow

Security:	a33addf6-74e6-11e4-a615-f8b156b6dcc8

2 files changed, 33 insertions, 1 deletions

diff --git a/audio/flac/Makefile b/audio/flac/Makefile
index c44e1dec6fec..b28194b1f81b 100644
--- a/audio/flac/Makefile
+++ b/audio/flac/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	flac
 PORTVERSION=	1.3.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	audio
 MASTER_SITES=	http://downloads.xiph.org/releases/flac/
 
diff --git a/audio/flac/files/patch-src_libFLAC_stream__decoder.c b/audio/flac/files/patch-src_libFLAC_stream__decoder.c
new file mode 100644
index 000000000000..bdff2c3b1966
--- /dev/null
+++ b/audio/flac/files/patch-src_libFLAC_stream__decoder.c
@@ -0,0 +1,32 @@
+--- src/libFLAC/stream_decoder.c.orig	2013-05-26 09:30:33 UTC
++++ src/libFLAC/stream_decoder.c
+@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC 
+  *
+  ***********************************************************************/
+ 
+-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
++static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+ 
+ /***********************************************************************
+  *
+@@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe
+ 			id = 0;
+ 			continue;
+ 		}
++
++		if(id >= 3)
++			return false;
++
+ 		if(x == ID3V2_TAG_[id]) {
+ 			id++;
+ 			i = 0;
+@@ -2705,7 +2709,8 @@ FLAC__bool read_residual_partitioned_ric
+ 		if(decoder->private_->frame.header.blocksize < predictor_order) {
+ 			send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
+ 			decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
+-			return true;
++			/* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
++			return false;
+ 		}
+ 	}
+ 	else {