diff options
author | dai9ah <dai9ah@protonmail.com> | 2018-02-15 23:33:52 +0200 |
---|---|---|
committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2018-02-18 23:27:48 +0100 |
commit | 40cdf3534fef3e22e6fbce05a34ff18b125d8ea9 (patch) | |
tree | 2b319e86148fc7c18323dca75cecc3b13c874ed2 | |
parent | fe5066c55875bf3c0436139ed70a40c784889bae (diff) | |
download | aports-40cdf3534fef3e22e6fbce05a34ff18b125d8ea9.tar.bz2 aports-40cdf3534fef3e22e6fbce05a34ff18b125d8ea9.tar.xz |
main/libvorbis: security fix
-rw-r--r-- | main/libvorbis/APKBUILD | 19 | ||||
-rw-r--r-- | main/libvorbis/CVE-2017-14632.patch | 10 | ||||
-rw-r--r-- | main/libvorbis/CVE-2017-14633.patch | 11 |
3 files changed, 34 insertions, 6 deletions
diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD index 7e59e64635..13ec373234 100644 --- a/main/libvorbis/APKBUILD +++ b/main/libvorbis/APKBUILD @@ -5,35 +5,42 @@ pkgrel=4 pkgdesc="Vorbis codec library" url="https://xiph.org/vorbis/" arch="all" -options="!check" # Test suite doesn't compile. +options="!check" # Test suite doesn't compile. license="BSD-3-License" subpackages="$pkgname-dev $pkgname-doc" makedepends="libogg-dev" source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.gz CVE-2017-14160.patch + CVE-2017-14632.patch + CVE-2017-14633.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 1.3.5-r4: +# - CVE-2017-14632 +# - CVE-2017-14633 # 1.3.5-r3: # - CVE-2017-14160 build() { cd "$builddir" - ./configure \ --build=$CBUILD \ --host=$CHOST \ - --prefix=/usr + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var make } package() { cd "$builddir" - make DESTDIR="$pkgdir" install - install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING } sha512sums="6c729a227143abc744a779ec4d4ce9932cd1234e301b766cb5111c3894b7cd866f0267590c7864afd3841ac0d4ae2eb2386e8d14345b7c41c8ce35e996e3656c libvorbis-1.3.5.tar.gz -4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch" +4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch +656db69d915fb30e26b6370a9b6f7c2c1f1caaec7051eb13602983935d716ae78a1a3ceaa901d63e2a2169cf00c50d90a86530d461fd53191d545e8d82dbae92 CVE-2017-14632.patch +1b4b1a6a31feca7e9cabc9274149788f0134a3be7575d530092e42864ff6f6d129f923282da7378d29d953e6be4519b3aa7f782e2cca70a623024c7c050614f1 CVE-2017-14633.patch" diff --git a/main/libvorbis/CVE-2017-14632.patch b/main/libvorbis/CVE-2017-14632.patch new file mode 100644 index 0000000000..f935cc68fd --- /dev/null +++ b/main/libvorbis/CVE-2017-14632.patch @@ -0,0 +1,10 @@ +--- a/lib/info.c ++++ b/lib/info.c +@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp + private_state *b=v->backend_state; + + if(!b||vi->channels<=0){ ++ b = NULL; + ret=OV_EFAULT; + goto err_out; + } diff --git a/main/libvorbis/CVE-2017-14633.patch b/main/libvorbis/CVE-2017-14633.patch new file mode 100644 index 0000000000..76af2652c8 --- /dev/null +++ b/main/libvorbis/CVE-2017-14633.patch @@ -0,0 +1,11 @@ +--- a/lib/info.c ++++ b/lib/info.c +@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp + oggpack_buffer opb; + private_state *b=v->backend_state; + +- if(!b||vi->channels<=0){ ++ if(!b||vi->channels<=0||vi->channels>256){ + b = NULL; + ret=OV_EFAULT; + goto err_out; |