diff options
| author | dai9ah <dai9ah@protonmail.com> | 2018-02-15 23:33:52 +0200 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-02-27 14:31:55 +0000 |
| commit | 29cff9d10275a6ccef556496c68890e438c82a5d (patch) | |
| tree | 769e3c69d5c84a8fd4aa11d9adf9a7b249932e1d /main/libvorbis | |
| parent | a7669109b617e502f0ac338550bc8bcdd9b89ea0 (diff) | |
| download | aports-29cff9d10275a6ccef556496c68890e438c82a5d.tar.bz2 aports-29cff9d10275a6ccef556496c68890e438c82a5d.tar.xz | |
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8516
Diffstat (limited to 'main/libvorbis')
| -rw-r--r-- | main/libvorbis/APKBUILD | 12 | ||||
| -rw-r--r-- | main/libvorbis/CVE-2017-14632.patch | 10 | ||||
| -rw-r--r-- | main/libvorbis/CVE-2017-14633.patch | 11 |
3 files changed, 31 insertions, 2 deletions
diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD index cc3beb7d52..6df8c760c7 100644 --- a/main/libvorbis/APKBUILD +++ b/main/libvorbis/APKBUILD @@ -1,23 +1,29 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libvorbis pkgver=1.3.5 -pkgrel=2 +pkgrel=3 pkgdesc="Vorbis codec library" url="http://www.xiph.org/ogg/vorbis/" arch="all" license="custom" +license="BSD-3-License" subpackages="$pkgname-dev $pkgname-doc" depends= depends_dev="libogg-dev" makedepends="$depends_dev" source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.gz CVE-2017-14160.patch + CVE-2017-14632.patch + CVE-2017-14633.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: # 1.3.5-r3: +# - CVE-2017-14632 +# - CVE-2017-14633 +# 1.3.5-r2: # - CVE-2017-14160 build() { @@ -38,4 +44,6 @@ package() { install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING } sha512sums="6c729a227143abc744a779ec4d4ce9932cd1234e301b766cb5111c3894b7cd866f0267590c7864afd3841ac0d4ae2eb2386e8d14345b7c41c8ce35e996e3656c libvorbis-1.3.5.tar.gz -4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch" +4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch +656db69d915fb30e26b6370a9b6f7c2c1f1caaec7051eb13602983935d716ae78a1a3ceaa901d63e2a2169cf00c50d90a86530d461fd53191d545e8d82dbae92 CVE-2017-14632.patch +1b4b1a6a31feca7e9cabc9274149788f0134a3be7575d530092e42864ff6f6d129f923282da7378d29d953e6be4519b3aa7f782e2cca70a623024c7c050614f1 CVE-2017-14633.patch" diff --git a/main/libvorbis/CVE-2017-14632.patch b/main/libvorbis/CVE-2017-14632.patch new file mode 100644 index 0000000000..f935cc68fd --- /dev/null +++ b/main/libvorbis/CVE-2017-14632.patch @@ -0,0 +1,10 @@ +--- a/lib/info.c ++++ b/lib/info.c +@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp + private_state *b=v->backend_state; + + if(!b||vi->channels<=0){ ++ b = NULL; + ret=OV_EFAULT; + goto err_out; + } diff --git a/main/libvorbis/CVE-2017-14633.patch b/main/libvorbis/CVE-2017-14633.patch new file mode 100644 index 0000000000..76af2652c8 --- /dev/null +++ b/main/libvorbis/CVE-2017-14633.patch @@ -0,0 +1,11 @@ +--- a/lib/info.c ++++ b/lib/info.c +@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp + oggpack_buffer opb; + private_state *b=v->backend_state; + +- if(!b||vi->channels<=0){ ++ if(!b||vi->channels<=0||vi->channels>256){ + b = NULL; + ret=OV_EFAULT; + goto err_out; |