From e408a1ad1a359d037188ea51cc2b0aa052218846 Mon Sep 17 00:00:00 2001
From: prspkt <prspkt@protonmail.com>
Date: Fri, 16 Mar 2018 20:51:06 +0000
Subject: main/libvorbis: upgrade to 1.3.6, enable tests

fixes #8670
---
 main/libvorbis/APKBUILD             | 31 ++++++++++++++++++-------------
 main/libvorbis/CVE-2017-14632.patch | 10 ----------
 main/libvorbis/CVE-2017-14633.patch | 11 -----------
 3 files changed, 18 insertions(+), 34 deletions(-)
 delete mode 100644 main/libvorbis/CVE-2017-14632.patch
 delete mode 100644 main/libvorbis/CVE-2017-14633.patch

(limited to 'main/libvorbis')

diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD
index 27e6dd203e..7af3554f85 100644
--- a/main/libvorbis/APKBUILD
+++ b/main/libvorbis/APKBUILD
@@ -1,28 +1,30 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libvorbis
-pkgver=1.3.5
-pkgrel=5
+pkgver=1.3.6
+pkgrel=0
 pkgdesc="Vorbis codec library"
-url="https://xiph.org/vorbis/"
+url="https://xiph.org/vorbis"
 arch="all"
-options="!check" # Test suite doesn't compile.
 license="BSD-3-Clause"
 subpackages="$pkgname-dev $pkgname-doc"
 makedepends="libogg-dev"
-source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.gz
-	CVE-2017-14160.patch
-	CVE-2017-14632.patch
-	CVE-2017-14633.patch
-	"
+source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz
+	CVE-2017-14160.patch"
 builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   1.3.6-r0:
+#   - CVE-2018-5146
 #   1.3.5-r4:
 #   - CVE-2017-14632
 #   - CVE-2017-14633
 #   1.3.5-r3:
 #   - CVE-2017-14160
 
+prepare() {
+	default_prepare
+}
+
 build() {
 	cd "$builddir"
 	./configure \
@@ -35,12 +37,15 @@ build() {
 	make
 }
 
+check() {
+	cd "$builddir"
+	make -j1 check
+}
+
 package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="6c729a227143abc744a779ec4d4ce9932cd1234e301b766cb5111c3894b7cd866f0267590c7864afd3841ac0d4ae2eb2386e8d14345b7c41c8ce35e996e3656c  libvorbis-1.3.5.tar.gz
-4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e  CVE-2017-14160.patch
-656db69d915fb30e26b6370a9b6f7c2c1f1caaec7051eb13602983935d716ae78a1a3ceaa901d63e2a2169cf00c50d90a86530d461fd53191d545e8d82dbae92  CVE-2017-14632.patch
-1b4b1a6a31feca7e9cabc9274149788f0134a3be7575d530092e42864ff6f6d129f923282da7378d29d953e6be4519b3aa7f782e2cca70a623024c7c050614f1  CVE-2017-14633.patch"
+sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132  libvorbis-1.3.6.tar.xz
+4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e  CVE-2017-14160.patch"
diff --git a/main/libvorbis/CVE-2017-14632.patch b/main/libvorbis/CVE-2017-14632.patch
deleted file mode 100644
index f935cc68fd..0000000000
--- a/main/libvorbis/CVE-2017-14632.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/lib/info.c
-+++ b/lib/info.c
-@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp
-   private_state *b=v->backend_state;
- 
-   if(!b||vi->channels<=0){
-+    b = NULL;
-     ret=OV_EFAULT;
-     goto err_out;
-   }
diff --git a/main/libvorbis/CVE-2017-14633.patch b/main/libvorbis/CVE-2017-14633.patch
deleted file mode 100644
index 76af2652c8..0000000000
--- a/main/libvorbis/CVE-2017-14633.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/lib/info.c
-+++ b/lib/info.c
-@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp
-   oggpack_buffer opb;
-   private_state *b=v->backend_state;
- 
--  if(!b||vi->channels<=0){
-+  if(!b||vi->channels<=0||vi->channels>256){
-     b = NULL;
-     ret=OV_EFAULT;
-     goto err_out;
-- 
cgit v1.2.3