summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Owens <ndowens@artixlinux.org>2020-10-25 15:49:46 +0000
committerNathan Owens <ndowens@artixlinux.org>2020-10-25 20:38:52 +0000
commit96dab7be3a162cfe4f2af13de0d5385f4ae47520 (patch)
tree9e81f734fab17662d6addda5be538b296547f659
parent60c5b0f127e002057c3e057b59da6178808d59d4 (diff)
downloadpackages-96dab7be3a162cfe4f2af13de0d5385f4ae47520.tar.gz
packages-96dab7be3a162cfe4f2af13de0d5385f4ae47520.tar.bz2
packages-96dab7be3a162cfe4f2af13de0d5385f4ae47520.tar.xz
packages-96dab7be3a162cfe4f2af13de0d5385f4ae47520.zip
user/libvorbis: Upgrade to 1.3.7
-rw-r--r--user/libvorbis/APKBUILD16
-rw-r--r--user/libvorbis/CVE-2017-14160-and-2018-10393.patch27
-rw-r--r--user/libvorbis/CVE-2018-10392.patch25
3 files changed, 9 insertions, 59 deletions
diff --git a/user/libvorbis/APKBUILD b/user/libvorbis/APKBUILD
index 1dd35bf77..10e5afe9a 100644
--- a/user/libvorbis/APKBUILD
+++ b/user/libvorbis/APKBUILD
@@ -1,21 +1,21 @@
# Maintainer:
pkgname=libvorbis
-pkgver=1.3.6
+pkgver=1.3.7
pkgrel=0
pkgdesc="Vorbis audio codec library"
url="https://xiph.org/vorbis/"
arch="all"
-options="!check" # Test suite doesn't compile.
license="BSD-3-Clause"
depends=""
makedepends="libogg-dev"
subpackages="$pkgname-dev $pkgname-doc"
source="https://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz
- CVE-2017-14160-and-2018-10393.patch
- CVE-2018-10392.patch
"
# secfixes:
+# 1.3.7-r0:
+# - CVE-2018-10392
+# - CVE-2018-10393
# 1.3.6-r1:
# - CVE-2018-10392
# 1.3.5-r4:
@@ -36,10 +36,12 @@ build() {
make
}
+check() {
+ make check
+}
+
package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132 libvorbis-1.3.6.tar.xz
-332081da5dd8fb28ee70dfbc123e7fcef279317ee977be9da97e97a105e788da452c33097bf597f369fea0e49749f876a93d6af0fa2fa20405acbc57771c89a9 CVE-2017-14160-and-2018-10393.patch
-294de5e0c40b64d495df7f53196260be5ffaba11c75fc4a1a54ec0c058eeba4793c1ef685c8cf866195a2972c91a7a896df5f05f478b7f25a564abb3f82f331f CVE-2018-10392.patch"
+sha512sums="bbf5f11f623d959b3ba98d6b52806521b0b918b59b867f0658c153ea1013293364eead4987e9e71f8798021379310860a2e548fcf89d10caf23d45e41aba45cd libvorbis-1.3.7.tar.xz"
diff --git a/user/libvorbis/CVE-2017-14160-and-2018-10393.patch b/user/libvorbis/CVE-2017-14160-and-2018-10393.patch
deleted file mode 100644
index 3a7097ec7..000000000
--- a/user/libvorbis/CVE-2017-14160-and-2018-10393.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Wed, 9 May 2018 14:56:59 -0700
-Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
-
----
- lib/psy.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/psy.c b/lib/psy.c
-index 422c6f1..1310123 100644
---- a/lib/psy.c
-+++ b/lib/psy.c
-@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
- for (i = 0, x = 0.f;; i++, x += 1.f) {
-
- lo = b[i] >> 16;
-- if( lo>=0 ) break;
- hi = b[i] & 0xffff;
-+ if( lo>=0 ) break;
-+ if( hi>=n ) break;
-
- tN = N[hi] + N[-lo];
- tX = X[hi] - X[-lo];
---
-2.22.0
-
diff --git a/user/libvorbis/CVE-2018-10392.patch b/user/libvorbis/CVE-2018-10392.patch
deleted file mode 100644
index a12038a94..000000000
--- a/user/libvorbis/CVE-2018-10392.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Thu, 17 May 2018 16:19:19 -0700
-Subject: [PATCH] Sanity check number of channels in setup.
-
-Fixes #2335.
----
- lib/vorbisenc.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
-index 4fc7b62..64a51b5 100644
---- a/lib/vorbisenc.c
-+++ b/lib/vorbisenc.c
-@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
- highlevel_encode_setup *hi=&ci->hi;
-
- if(ci==NULL)return(OV_EINVAL);
-+ if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
- if(!hi->impulse_block_p)i0=1;
-
- /* too low/high an ATH floater is nonsensical, but doesn't break anything */
---
-2.22.0
-