add upstream patches for CVE-2017-14160 and CVE-2018-10392

ok naddy
2020-06-28 20:03:51 +00:00 · 2020-06-28 20:03:51 +00:00 · 5804de0e7e
commit 5804de0e7e
parent 251fc4fd02
4 changed files with 43 additions and 5 deletions
--- a/audio/libvorbis/Makefile
+++ b/audio/libvorbis/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.44 2019/07/12 20:43:35 sthen Exp $
+# $OpenBSD: Makefile,v 1.45 2020/06/28 20:03:51 tj Exp $

 COMMENT=	audio compression codec library

 DISTNAME=	libvorbis-1.3.6
+REVISION=	0
 CATEGORIES=    	audio
 HOMEPAGE=	https://www.xiph.org/vorbis/
 SHARED_LIBS +=  vorbis               9.0      # 4.8
--- a/audio/libvorbis/patches/patch-lib_psy_c
+++ b/audio/libvorbis/patches/patch-lib_psy_c
@ -0,0 +1,20 @@
+$OpenBSD: patch-lib_psy_c,v 1.5 2020/06/28 20:03:51 tj Exp $
+
+CVE-2017-14160
+
+https://github.com/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
+
+Index: lib/psy.c
+--- lib/psy.c.orig
+++ lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
+    if( lo>=0 ) break;
+    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];
--- a/audio/libvorbis/patches/patch-lib_vorbisenc_c
+++ b/audio/libvorbis/patches/patch-lib_vorbisenc_c
@ -0,0 +1,17 @@
+$OpenBSD: patch-lib_vorbisenc_c,v 1.1 2020/06/28 20:03:51 tj Exp $
+
+CVE-2018-10392
+
+https://github.com/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
+
+Index: lib/vorbisenc.c
+--- lib/vorbisenc.c.orig
+++ lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+   if(ci==NULL)return(OV_EINVAL);
+  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+   if(!hi->impulse_block_p)i0=1;
+ 
+   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
--- a/audio/libvorbis/pkg/PLIST
+++ b/audio/libvorbis/pkg/PLIST
@ -1,15 +1,15 @@
-@comment $OpenBSD: PLIST,v 1.13 2018/03/16 21:44:10 naddy Exp $
+@comment $OpenBSD: PLIST,v 1.14 2020/06/28 20:03:51 tj Exp $
 include/vorbis/
 include/vorbis/codec.h
 include/vorbis/vorbisenc.h
 include/vorbis/vorbisfile.h
-lib/libvorbis.a
+@static-lib lib/libvorbis.a
 lib/libvorbis.la
@lib lib/libvorbis.so.${LIBvorbis_VERSION}
-lib/libvorbisenc.a
+@static-lib lib/libvorbisenc.a
 lib/libvorbisenc.la
@lib lib/libvorbisenc.so.${LIBvorbisenc_VERSION}
-lib/libvorbisfile.a
+@static-lib lib/libvorbisfile.a
 lib/libvorbisfile.la
@lib lib/libvorbisfile.so.${LIBvorbisfile_VERSION}
 lib/pkgconfig/vorbis.pc