summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
Diffstat (limited to 'user')
-rw-r--r--user/alsa-lib/APKBUILD8
-rw-r--r--user/alsa-lib/dlmisc_c.patch29
-rw-r--r--user/alsa-utils/APKBUILD4
-rw-r--r--user/bind/APKBUILD30
-rw-r--r--user/genext2fs/APKBUILD36
-rw-r--r--user/giblib/APKBUILD7
-rw-r--r--user/gnu-netcat/APKBUILD32
-rw-r--r--user/libseccomp/APKBUILD46
-rw-r--r--user/libseccomp/remove-redefinition-prctl.patch10
-rw-r--r--user/vorbis-tools/APKBUILD37
-rw-r--r--user/vorbis-tools/vorbis-tools-CVE-2015-6749.patch41
-rw-r--r--user/vorbis-tools/vorbis-tools-cve9638-cve9639.patch77
-rw-r--r--user/vorbis-tools/vorbis-tools-cve9640.patch29
13 files changed, 366 insertions, 20 deletions
diff --git a/user/alsa-lib/APKBUILD b/user/alsa-lib/APKBUILD
index 49f14066e..7cdf1108e 100644
--- a/user/alsa-lib/APKBUILD
+++ b/user/alsa-lib/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=alsa-lib
-pkgver=1.2.2
+pkgver=1.2.4
pkgrel=0
pkgdesc="Linux sound support system"
url="https://www.alsa-project.org/wiki/Main_Page"
@@ -13,6 +13,7 @@ source="ftp://ftp.alsa-project.org/pub/lib/$pkgname-$pkgver.tar.bz2
ucm_add_limits_h.patch
remove-test.patch
type_compat.patch
+ dlmisc_c.patch
"
build() {
@@ -43,7 +44,8 @@ package() {
make -j1 DESTDIR="$pkgdir" install
}
-sha512sums="d21adb3ff998918c7d1820f9ce2aaf4202dd45ccb87cb092d49da8b2402b6ddaad06325be0fd59f17393a5d9958e3743bfccb4b14bdb947a42e7d791d73c7033 alsa-lib-1.2.2.tar.bz2
+sha512sums="12086952dc8f16f1cb6946517858e17b1c3276aeda9ff5703a84bb38aa78eb4c4e9cb4485c5b3f21f174fdbd976b3bcbbc481e85cb2460652858490df51ae844 alsa-lib-1.2.4.tar.bz2
3b37652d50809443b5f8e80f8d447108195b0cd66fd917805bb393fc091584b6f3dad4414f568742b61745617e7a695862058a0a0f93dcc31e4c97177a520352 ucm_add_limits_h.patch
0ce3c2b8a0a70e2dffb6d633b95c4aae74504cd694fe1507cbc409d931b5f733935b22de45e4adcf5a507587c9f80c60a6f0e798aac2ca2fbf0cbcdef0080079 remove-test.patch
-bdcfa3d5fcc055fb6732922679e21689fc2ac19462fe7b72d16862c98ef8c995c3dd5becc4987ba417068e6b0e561bec7e6284d5f0a414e2966c8e00ac304fa8 type_compat.patch"
+bdcfa3d5fcc055fb6732922679e21689fc2ac19462fe7b72d16862c98ef8c995c3dd5becc4987ba417068e6b0e561bec7e6284d5f0a414e2966c8e00ac304fa8 type_compat.patch
+cfb008272df3f08fc9a3fcd086b199b3d7e88663cb60806aa67b01aea62cbd98bd63e468a34b66f0f18520e4a5bab0ac6db33aef58316f7ba329abfab0ebedee dlmisc_c.patch"
diff --git a/user/alsa-lib/dlmisc_c.patch b/user/alsa-lib/dlmisc_c.patch
new file mode 100644
index 000000000..b88dd3c29
--- /dev/null
+++ b/user/alsa-lib/dlmisc_c.patch
@@ -0,0 +1,29 @@
+From ad8c8e5503980295dd8e5e54a6285d2d7e32eb1e Mon Sep 17 00:00:00 2001
+From: Jaroslav Kysela <perex@perex.cz>
+Date: Thu, 22 Oct 2020 20:57:32 +0200
+Subject: [PATCH] dlmisc: the snd_plugin_dir_set / snd_plugin_dir must be
+ declared even for \!DL_ORIGIN_AVAILABLE
+
+Fixes: 8580c081c2 ("dlsym: add support for ALSA_PLUGIN_DIR environment variable")
+BugLink: https://github.com/alsa-project/alsa-lib/issues/91
+Signed-off-by: Jaroslav Kysela <perex@perex.cz>
+---
+ src/dlmisc.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/dlmisc.c b/src/dlmisc.c
+index c9517c55..f20eb593 100644
+--- a/src/dlmisc.c
++++ b/src/dlmisc.c
+@@ -42,11 +42,9 @@
+ #ifndef PIC
+ struct snd_dlsym_link *snd_dlsym_start = NULL;
+ #endif
+-#ifdef DL_ORIGIN_AVAILABLE
+ static int snd_plugin_dir_set = 0;
+ static char *snd_plugin_dir = NULL;
+ #endif
+-#endif
+
+ #if defined(DL_ORIGIN_AVAILABLE) && defined(HAVE_LIBPTHREAD)
+ static pthread_mutex_t snd_dlpath_mutex = PTHREAD_MUTEX_INITIALIZER;
diff --git a/user/alsa-utils/APKBUILD b/user/alsa-utils/APKBUILD
index 569e8d6a4..cab801ab0 100644
--- a/user/alsa-utils/APKBUILD
+++ b/user/alsa-utils/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Max Rees <maxcrees@me.com>
pkgname=alsa-utils
-pkgver=1.2.2
+pkgver=1.2.4
pkgrel=0
pkgdesc="Advanced Linux Sound Architecture (ALSA) utilities"
url="https://www.alsa-project.org/wiki/Main_Page"
@@ -36,7 +36,7 @@ package() {
install -Dm644 ../alsa.confd "$pkgdir"/etc/conf.d/alsa
}
-sha512sums="30598c658f3f2ad71a5ce7911b09ae13add54b293bcf3bebb053371d84a91528bd64fd376f167456b2e27e2546a2279019678e099247513e5142b283af756fd9 alsa-utils-1.2.2.tar.bz2
+sha512sums="13080abda55269513b3751044dac292d695e273073a62d74ed4a32c68f448a2b015fe16604650821a6398b6ef6a7b6008cb9f0b7fb7f4ee1fa2b4eb2dcf29770 alsa-utils-1.2.4.tar.bz2
817215be6e9f103a8a187df5b1142c4d2e952f547a64579a9b8cfa58bd762d6a55bde75c0f66f018c0597744d07ccdb08216f7b368db464e36667cecedcc00f3 alsaconf.patch
7bf743024d7c5caed2fbf8af5cee73bcc569a7bab0bd6459541d3704cc6a7456d588b600b690e7406e122deaf0316dd1f67219a267bec4dff3f6c0f120edaae4 alsa.initd
6e716e6230fd3d2c33e3cb2dbf572d632c9ac6452c1768388bea7d3ca22f7c72cf6bcd702580f45cb9089983582011c8b04cbdb4420d14fb988167b1391ea547 alsa.confd"
diff --git a/user/bind/APKBUILD b/user/bind/APKBUILD
index 04cd2de05..2b39c5f1f 100644
--- a/user/bind/APKBUILD
+++ b/user/bind/APKBUILD
@@ -4,7 +4,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Dan Theisen <djt@hxx.in>
pkgname=bind
-pkgver=9.14.12
+pkgver=9.16.8
_p=${pkgver#*_p}
_ver=${pkgver%_p*}
_major=${pkgver%%.*}
@@ -25,10 +25,10 @@ license="ISC AND Apache-2.0 AND OpenSSL AND BSD-2-Clause AND BSD-3-Clause AND BS
pkgusers="named"
pkggroups="named"
depends=""
-makedepends="bash openssl-dev libcap-dev perl linux-headers bsd-compat-headers libxml2-dev json-c-dev py3-ply"
+makedepends="bash openssl-dev libcap-dev perl linux-headers bsd-compat-headers libxml2-dev json-c-dev py3-ply libuv-dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc $pkgname-tools"
install="$pkgname.pre-install"
-source="https://ftp.isc.org/isc/${pkgname}${_major}/$_ver/$pkgname-$_ver.tar.gz
+source="https://ftp.isc.org/isc/${pkgname}${_major}/$_ver/$pkgname-$_ver.tar.xz
bind.so_bsdcompat.patch
named.initd
named.confd
@@ -41,6 +41,14 @@ source="https://ftp.isc.org/isc/${pkgname}${_major}/$_ver/$pkgname-$_ver.tar.gz
builddir="$srcdir/$pkgname-$_ver"
# secfixes:
+# 9.16.8-r0:
+# - CVE-2020-8620
+# - CVE-2020-8621
+# - CVE-2020-8622
+# - CVE-2020-8623
+# - CVE-2020-8624
+# - CVE-2020-8618
+# - CVE-2020-8619
# 9.14.9-r0:
# - CVE-2019-6477
# 9.14.7-r0:
@@ -79,13 +87,13 @@ prepare() {
export CFLAGS="$CFLAGS -D_GNU_SOURCE"
# Adjusting PATHs in manpages
- for i in bin/named/named.8 bin/check/named-checkconf.8 bin/rndc/rndc.8; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}"
- done
+ for i in bin/named/named.rst bin/check/named-checkconf.rst bin/rndc/rndc.rst; do
+ sed -i \
+ -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
+ -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
+ -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
+ "$i"
+done
}
build() {
@@ -153,7 +161,7 @@ tools() {
done
}
-sha512sums="f4e6c50cbe8fdb44cdd8e30b4560b6fe2fccd0fd5bde527a897a66e85065265da0d0aceb95af42d5568dea95d59e68574e5a486bbb7e6c5d0af275538c353ddf bind-9.14.12.tar.gz
+sha512sums="803af842b4f83c16556036f3a2a52b4aeab4781bafb35385b786a3331cf17ef6148c23928f6903fd371337ba92870d7a8548f5d178b805d160d0af34af45fee7 bind-9.16.8.tar.xz
7167dccdb2833643dfdb92994373d2cc087e52ba23b51bd68bd322ff9aca6744f01fa9d8a4b9cd8c4ce471755a85c03ec956ec0d8a1d4fae02124ddbed6841f6 bind.so_bsdcompat.patch
196c0a3b43cf89e8e3547d7fb63a93ff9a3306505658dfd9aa78e6861be6b226580b424dd3dd44b955b2d9f682b1dc62c457f3ac29ce86200ef070140608c015 named.initd
127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf named.confd
diff --git a/user/genext2fs/APKBUILD b/user/genext2fs/APKBUILD
new file mode 100644
index 000000000..ac59e8e22
--- /dev/null
+++ b/user/genext2fs/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Nathan <ndowens@artixlinux.org>
+# Maintainer: Nathan <ndowens@artixlinux.org>
+pkgname=genext2fs
+pkgver=1.5.0
+pkgrel=0
+pkgdesc="ext2 filesystem generator for embedded systems"
+url="https://github.com/bestouff/genext2fs"
+arch="all"
+license="GPL-2.0+"
+depends=""
+makedepends="autoconf automake libarchive-dev"
+subpackages="$pkgname-doc"
+source=""$pkgname-$pkgver.tar.gz::https://github.com/bestouff/genext2fs/archive/v$pkgver.tar.gz
+
+prepare() {
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --enable-libarchive
+ make
+}
+
+check() {
+ make check
+}
+
+package() {
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="628994f4f5f6d534a42e16db5322e36addb227d0e0ee589ebebbbb6beda9c53774186a932d04fcb978fde1cbe534b8335fdbfea256aecd2d873c03bc5892a8ce genext2fs-1.5.0.tar.gz"
diff --git a/user/giblib/APKBUILD b/user/giblib/APKBUILD
index 85f255925..9754a38df 100644
--- a/user/giblib/APKBUILD
+++ b/user/giblib/APKBUILD
@@ -1,16 +1,15 @@
-# Maintainer:
+# Maintainer: Nathan <ndowens@artixlinux.org>
pkgname=giblib
pkgver=1.2.4
-pkgrel=11
+pkgrel=12
pkgdesc="Graphics library built atop Imlib2"
url="http://linuxbrit.co.uk/details.html"
arch="all"
license="MIT-feh"
-subpackages="$pkgname-doc $pkgname-dev"
depends=""
depends_dev="freetype-dev imlib2-dev libx11-dev libxext-dev zlib-dev"
makedepends="$depends_dev"
-subpackages="$pkgname-doc"
+subpackages="$pkgname-doc $pkgname-dev"
source="http://distfiles.gentoo.org/distfiles/$pkgname-$pkgver.tar.gz"
prepare() {
diff --git a/user/gnu-netcat/APKBUILD b/user/gnu-netcat/APKBUILD
new file mode 100644
index 000000000..d6a02a122
--- /dev/null
+++ b/user/gnu-netcat/APKBUILD
@@ -0,0 +1,32 @@
+# Contributor: Nathan <ndowens@artixlinux.org>
+# Maintainer: Nathan <ndowens@artixlinux.org>
+pkgname=gnu-netcat
+pkgver=0.7.1
+pkgrel=0
+pkgdesc="GNU rewrite of netcat"
+url="http://netcat.sourceforge.net" # No HTTPS
+arch="all"
+license="GPL-2.0+"
+depends=""
+makedepends="texinfo"
+subpackages="$pkgname-doc"
+source="https://downloads.sourceforge.net/sourceforge/netcat/netcat-$pkgver.tar.bz2"
+builddir="$srcdir/netcat-$pkgver"
+
+build() {
+ ./configure \
+ --prefix=/usr \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info
+ make
+}
+
+check() {
+ make check
+}
+
+package() {
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="283c02f849c3bb62615a5ccb7796192804dafcecb34f3c6b553cbc12c715654963b81e253762923c6069be9768b93dde576a392b89b167912c323354f1376e83 netcat-0.7.1.tar.bz2"
diff --git a/user/libseccomp/APKBUILD b/user/libseccomp/APKBUILD
new file mode 100644
index 000000000..3a26c908a
--- /dev/null
+++ b/user/libseccomp/APKBUILD
@@ -0,0 +1,46 @@
+# Maintainer: Nathan <ndowens@artixlinux.org>
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Contributor: Dan Williams <dan@ma.ssive.co>
+pkgname=libseccomp
+pkgver=2.5.0
+pkgrel=0
+pkgdesc="An interface to the Linux Kernel's syscall filtering mechanism"
+url="https://github.com/seccomp/libseccomp"
+arch="all"
+license="LGPL-2.1+"
+depends=""
+makedepends="linux-headers gperf"
+checkdepends="bash cmd:which"
+subpackages="$pkgname-dev $pkgname-doc"
+source="https://github.com/seccomp/libseccomp/releases/download/v$pkgver/libseccomp-$pkgver.tar.gz
+ remove-redefinition-prctl.patch
+ "
+
+# secfixes:
+# 2.4.0-r0:
+# - CVE-2019-9893
+
+build() {
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --enable-static \
+ --localstatedir=/var
+ make
+}
+
+check() {
+ make check
+}
+
+package() {
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="00ef5aeb4db8dafb546ae680b2d6d9b6aeed008df805d0f28f9dd15c074ff6ea7a5e5131ab503825b8011c59aa23046baedd5849ca040aa73352f43ab2d602ae libseccomp-2.5.0.tar.gz
+f2c31dcafdc9a1ad78e32e76b75e1c1603071eaa3f979e1f2483b879a34ad07e0a4ef3642196a695415cdf81e1ed2bf325175872fb4e203ef9d0e668c287493f remove-redefinition-prctl.patch"
diff --git a/user/libseccomp/remove-redefinition-prctl.patch b/user/libseccomp/remove-redefinition-prctl.patch
new file mode 100644
index 000000000..2ea88fe05
--- /dev/null
+++ b/user/libseccomp/remove-redefinition-prctl.patch
@@ -0,0 +1,10 @@
+--- ./src/system.c.orig
++++ ./src/system.c
+@@ -21,7 +21,6 @@
+
+ #include <stdlib.h>
+ #include <errno.h>
+-#include <sys/prctl.h>
+
+ #include <seccomp.h>
+
diff --git a/user/vorbis-tools/APKBUILD b/user/vorbis-tools/APKBUILD
new file mode 100644
index 000000000..410eda1ff
--- /dev/null
+++ b/user/vorbis-tools/APKBUILD
@@ -0,0 +1,37 @@
+# Contributor: Nathan <ndowens@artixlinux.org>
+# Maintainer: Nathan <ndowens@artixlinux.org>
+pkgname=vorbis-tools
+pkgver=1.4.0
+pkgrel=0
+pkgdesc="Tools for Ogg-Vorbis"
+url="https://www.xiph.org/vorbis"
+arch="all"
+license="GPL-2.0+"
+depends=""
+makedepends="curl-dev flac-dev libvorbis-dev
+ libao-dev speex-dev"
+subpackages="$pkgname-lang $pkgname-doc"
+source="http://downloads.xiph.org/releases/vorbis/vorbis-tools-$pkgver.tar.gz
+ vorbis-tools-CVE-2015-6749.patch
+ vorbis-tools-cve9638-cve9639.patch
+ vorbis-tools-cve9640.patch"
+
+build() {
+ ./configure \
+ --prefix=/usr \
+ --enable-vcut
+ make
+}
+
+check() {
+ make check
+}
+
+package() {
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="d2473f2e8e6726b5a5083f567797ae42bbb7fa3f26aec3f7b83e641e028c64726299f71a9d75258595a53cf29c18acb84841bcbc39509258d2c8df859e4e3b99 vorbis-tools-1.4.0.tar.gz
+c1faa062e7035770db533383ebb3ae18efaf167f7a103c12cef81418da4be43545e368eab2915c243c03354c3bf0b8dbb198da90e7eaa59c8e00f1461c65b601 vorbis-tools-CVE-2015-6749.patch
+bcf5ae147de547f6463f3000e06398a8b4db326b44eab02bf314ca8ae3b90c45bd25481fb76ccbf39d9a2798a6c9fadb48600f393b6436f01f95ce2a20c04fe8 vorbis-tools-cve9638-cve9639.patch
+3bb8a50309f2657a99662039818040abf345d540915543cf35c3e5855d865fd33bf4bbaf296882662e6b11570199a054c7d34cfdd44ef69f9d3c9f45f4d8671f vorbis-tools-cve9640.patch"
diff --git a/user/vorbis-tools/vorbis-tools-CVE-2015-6749.patch b/user/vorbis-tools/vorbis-tools-CVE-2015-6749.patch
new file mode 100644
index 000000000..78e3c810e
--- /dev/null
+++ b/user/vorbis-tools/vorbis-tools-CVE-2015-6749.patch
@@ -0,0 +1,41 @@
+From 04815d3e1bfae3a6cdfb2c25358a5a72b61299f7 Mon Sep 17 00:00:00 2001
+From: Mark Harris <mark.hsj@gmail.com>
+Date: Sun, 30 Aug 2015 05:54:46 -0700
+Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input
+
+Fixes #2212
+---
+ oggenc/audio.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/oggenc/audio.c b/oggenc/audio.c
+index 477da8c..4921fb9 100644
+--- a/oggenc/audio.c
++++ b/oggenc/audio.c
+@@ -245,8 +245,8 @@ static int aiff_permute_matrix[6][6] =
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+ int aifc; /* AIFC or AIFF? */
+- unsigned int len;
+- unsigned char *buffer;
++ unsigned int len, readlen;
++ unsigned char buffer[22];
+ unsigned char buf2[8];
+ aiff_fmt format;
+ aifffile *aiff = malloc(sizeof(aifffile));
+@@ -269,9 +269,9 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ return 0; /* Weird common chunk */
+ }
+
+- buffer = alloca(len);
+-
+- if(fread(buffer,1,len,in) < len)
++ readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++ if(fread(buffer,1,readlen,in) < readlen ||
++ (len > readlen && !seek_forward(in, len-readlen)))
+ {
+ fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
+ return 0;
+--
+2.5.0
+
diff --git a/user/vorbis-tools/vorbis-tools-cve9638-cve9639.patch b/user/vorbis-tools/vorbis-tools-cve9638-cve9639.patch
new file mode 100644
index 000000000..80238b741
--- /dev/null
+++ b/user/vorbis-tools/vorbis-tools-cve9638-cve9639.patch
@@ -0,0 +1,77 @@
+... in order to prevent a division by zero (CVE-2014-9638) and integer
+overflow (CVE-2014-9639).
+
+Bug: https://trac.xiph.org/ticket/2136
+Bug: https://trac.xiph.org/ticket/2137
+---
+ oggenc/audio.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/oggenc/audio.c b/oggenc/audio.c
+index 477da8c..1167f1b 100644
+--- a/oggenc/audio.c
++++ b/oggenc/audio.c
+@@ -13,6 +13,7 @@
+ #include <config.h>
+ #endif
+
++#include <limits.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -251,6 +252,7 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ aiff_fmt format;
+ aifffile *aiff = malloc(sizeof(aifffile));
+ int i;
++ long channels;
+
+ if(buf[11]=='C')
+ aifc=1;
+@@ -277,11 +279,17 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ return 0;
+ }
+
+- format.channels = READ_U16_BE(buffer);
++ format.channels = channels = READ_U16_BE(buffer);
+ format.totalframes = READ_U32_BE(buffer+2);
+ format.samplesize = READ_U16_BE(buffer+6);
+ format.rate = (int)read_IEEE80(buffer+8);
+
++ if(channels <= 0L || SHRT_MAX < channels)
++ {
++ fprintf(stderr, _("Warning: Unsupported count of channels in AIFF header\n"));
++ return 0;
++ }
++
+ aiff->bigendian = 1;
+
+ if(aifc)
+@@ -416,6 +424,7 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen)
+ wav_fmt format;
+ wavfile *wav = malloc(sizeof(wavfile));
+ int i;
++ long channels;
+
+ /* Ok. At this point, we know we have a WAV file. Now we have to detect
+ * whether we support the subtype, and we have to find the actual data
+@@ -453,12 +462,18 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen)
+ }
+
+ format.format = READ_U16_LE(buf);
+- format.channels = READ_U16_LE(buf+2);
++ format.channels = channels = READ_U16_LE(buf+2);
+ format.samplerate = READ_U32_LE(buf+4);
+ format.bytespersec = READ_U32_LE(buf+8);
+ format.align = READ_U16_LE(buf+12);
+ format.samplesize = READ_U16_LE(buf+14);
+
++ if(channels <= 0L || SHRT_MAX < channels)
++ {
++ fprintf(stderr, _("Warning: Unsupported count of channels in WAV header\n"));
++ return 0;
++ }
++
+ if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */
+ {
+ if(len<40)
+--
diff --git a/user/vorbis-tools/vorbis-tools-cve9640.patch b/user/vorbis-tools/vorbis-tools-cve9640.patch
new file mode 100644
index 000000000..97d18e0db
--- /dev/null
+++ b/user/vorbis-tools/vorbis-tools-cve9640.patch
@@ -0,0 +1,29 @@
+Index: vorbis-tools/oggenc/oggenc.c
+===================================================================
+--- vorbis-tools/oggenc/oggenc.c (revision 19116)
++++ vorbis-tools/oggenc/oggenc.c (revision 19117)
+@@ -98,4 +98,6 @@
+ 0,0,0.f,
+ 0, 0, 0, 0, 0};
++ input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
++ N_("RAW file reader")};
+
+ int i;
+@@ -240,6 +242,4 @@
+ if(opt.rawmode)
+ {
+- input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+- N_("RAW file reader")};
+
+ enc_opts.rate=opt.raw_samplerate;
+Index: vorbis-tools/oggenc/skeleton.h
+===================================================================
+--- vorbis-tools/oggenc/skeleton.h (revision 19116)
++++ vorbis-tools/oggenc/skeleton.h (revision 19117)
+@@ -42,5 +42,5 @@
+ ogg_int64_t start_granule; /* start granule value */
+ ogg_uint32_t preroll; /* preroll */
+- unsigned char granule_shift; // a 8-bit field /* 1 byte value holding the granule shift */
++ unsigned char granule_shift; /* 1 byte value holding the granule shift */
+ char *message_header_fields; /* holds all the message header fields */
+ /* current total size of the message header fields, for realloc purpose, initially zero */