From 96dab7be3a162cfe4f2af13de0d5385f4ae47520 Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Sun, 25 Oct 2020 15:49:46 +0000 Subject: user/libvorbis: Upgrade to 1.3.7 --- user/libvorbis/APKBUILD | 16 +++++++------ user/libvorbis/CVE-2017-14160-and-2018-10393.patch | 27 ---------------------- user/libvorbis/CVE-2018-10392.patch | 25 -------------------- 3 files changed, 9 insertions(+), 59 deletions(-) delete mode 100644 user/libvorbis/CVE-2017-14160-and-2018-10393.patch delete mode 100644 user/libvorbis/CVE-2018-10392.patch diff --git a/user/libvorbis/APKBUILD b/user/libvorbis/APKBUILD index 1dd35bf77..10e5afe9a 100644 --- a/user/libvorbis/APKBUILD +++ b/user/libvorbis/APKBUILD @@ -1,21 +1,21 @@ # Maintainer: pkgname=libvorbis -pkgver=1.3.6 +pkgver=1.3.7 pkgrel=0 pkgdesc="Vorbis audio codec library" url="https://xiph.org/vorbis/" arch="all" -options="!check" # Test suite doesn't compile. license="BSD-3-Clause" depends="" makedepends="libogg-dev" subpackages="$pkgname-dev $pkgname-doc" source="https://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz - CVE-2017-14160-and-2018-10393.patch - CVE-2018-10392.patch " # secfixes: +# 1.3.7-r0: +# - CVE-2018-10392 +# - CVE-2018-10393 # 1.3.6-r1: # - CVE-2018-10392 # 1.3.5-r4: @@ -36,10 +36,12 @@ build() { make } +check() { + make check +} + package() { make DESTDIR="$pkgdir" install } -sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132 libvorbis-1.3.6.tar.xz -332081da5dd8fb28ee70dfbc123e7fcef279317ee977be9da97e97a105e788da452c33097bf597f369fea0e49749f876a93d6af0fa2fa20405acbc57771c89a9 CVE-2017-14160-and-2018-10393.patch -294de5e0c40b64d495df7f53196260be5ffaba11c75fc4a1a54ec0c058eeba4793c1ef685c8cf866195a2972c91a7a896df5f05f478b7f25a564abb3f82f331f CVE-2018-10392.patch" +sha512sums="bbf5f11f623d959b3ba98d6b52806521b0b918b59b867f0658c153ea1013293364eead4987e9e71f8798021379310860a2e548fcf89d10caf23d45e41aba45cd libvorbis-1.3.7.tar.xz" diff --git a/user/libvorbis/CVE-2017-14160-and-2018-10393.patch b/user/libvorbis/CVE-2017-14160-and-2018-10393.patch deleted file mode 100644 index 3a7097ec7..000000000 --- a/user/libvorbis/CVE-2017-14160-and-2018-10393.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 -From: Thomas Daede -Date: Wed, 9 May 2018 14:56:59 -0700 -Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. - ---- - lib/psy.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/psy.c b/lib/psy.c -index 422c6f1..1310123 100644 ---- a/lib/psy.c -+++ b/lib/psy.c -@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, - for (i = 0, x = 0.f;; i++, x += 1.f) { - - lo = b[i] >> 16; -- if( lo>=0 ) break; - hi = b[i] & 0xffff; -+ if( lo>=0 ) break; -+ if( hi>=n ) break; - - tN = N[hi] + N[-lo]; - tX = X[hi] - X[-lo]; --- -2.22.0 - diff --git a/user/libvorbis/CVE-2018-10392.patch b/user/libvorbis/CVE-2018-10392.patch deleted file mode 100644 index a12038a94..000000000 --- a/user/libvorbis/CVE-2018-10392.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 -From: Thomas Daede -Date: Thu, 17 May 2018 16:19:19 -0700 -Subject: [PATCH] Sanity check number of channels in setup. - -Fixes #2335. ---- - lib/vorbisenc.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c -index 4fc7b62..64a51b5 100644 ---- a/lib/vorbisenc.c -+++ b/lib/vorbisenc.c -@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ - highlevel_encode_setup *hi=&ci->hi; - - if(ci==NULL)return(OV_EINVAL); -+ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); - if(!hi->impulse_block_p)i0=1; - - /* too low/high an ATH floater is nonsensical, but doesn't break anything */ --- -2.22.0 - -- cgit v1.2.3-70-g09d2