Security update to 1.3.6:

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec.
2018-03-16 21:44:10 +00:00 · 2018-03-16 21:44:10 +00:00 · 5a634508a0
commit 5a634508a0
parent 0dca8747e3
4 changed files with 12 additions and 11 deletions
--- a/audio/libvorbis/Makefile
+++ b/audio/libvorbis/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.41 2016/03/11 20:11:39 naddy Exp $
+# $OpenBSD: Makefile,v 1.42 2018/03/16 21:44:10 naddy Exp $

 COMMENT=	audio compression codec library

-DISTNAME=	libvorbis-1.3.5
+DISTNAME=	libvorbis-1.3.6
 CATEGORIES=    	audio
 HOMEPAGE=	https://www.xiph.org/vorbis/
 SHARED_LIBS +=  vorbis               9.0      # 4.8
@ -15,6 +15,7 @@ MAINTAINER=	Christian Weisgerber <naddy@openbsd.org>
 PERMIT_PACKAGE_CDROM=	Yes

 MASTER_SITES=	http://downloads.xiph.org/releases/vorbis/
+EXTRACT_SUFX=	.tar.xz

 WANTLIB=	m ogg
 LIB_DEPENDS=	audio/libogg
--- a/audio/libvorbis/distinfo
+++ b/audio/libvorbis/distinfo
@ -1,2 +1,2 @@
-SHA256 (libvorbis-1.3.5.tar.gz) = bvvOzdPl378JA0G0hdqdF26yUNiT4+s3jEKKLbODAc4=
-SIZE (libvorbis-1.3.5.tar.gz) = 1638779
+SHA256 (libvorbis-1.3.6.tar.xz) = rwC7WnhOfJ5p9Wgj3kY3w1BkPe7a8zPQ+obs26b8tBU=
+SIZE (libvorbis-1.3.6.tar.xz) = 1195388
--- a/audio/libvorbis/patches/patch-configure
+++ b/audio/libvorbis/patches/patch-configure
@ -1,7 +1,8 @@
-$OpenBSD: patch-configure,v 1.16 2015/03/14 20:56:14 naddy Exp $
--- configure.orig	Thu Feb 26 23:09:49 2015
-+++ configure	Thu Mar  5 16:51:32 2015
-@@ -12672,7 +12672,7 @@ if test -z "$GCC"; then
+$OpenBSD: patch-configure,v 1.17 2018/03/16 21:44:10 naddy Exp $
+Index: configure
+--- configure.orig
+++ configure
+@@ -12721,7 +12721,7 @@ if test -z "$GCC"; then
 		PROFILE="-v -xpg -g -xO4 -fast -native -fsimple -xcg92 -Dsuncc" ;;
 	*)
 		DEBUG="-g"
@ -10,7 +11,7 @@ $OpenBSD: patch-configure,v 1.16 2015/03/14 20:56:14 naddy Exp $
 		PROFILE="-g -p" ;;
         esac
 else
-@@ -12816,9 +12816,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.$
+@@ -12865,9 +12865,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.$
 		CFLAGS="-O3 -Wall -W -ffast-math -D_REENTRANT -fsigned-char"
 		PROFILE="-pg -g -O3 -ffast-math -D_REENTRANT -fsigned-char";;
  	*)
--- a/audio/libvorbis/pkg/PLIST
+++ b/audio/libvorbis/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.12 2015/03/14 20:56:14 naddy Exp $
+@comment $OpenBSD: PLIST,v 1.13 2018/03/16 21:44:10 naddy Exp $
 include/vorbis/
 include/vorbis/codec.h
 include/vorbis/vorbisenc.h
@ -15,7 +15,6 @@ lib/libvorbisfile.la
 lib/pkgconfig/vorbis.pc
 lib/pkgconfig/vorbisenc.pc
 lib/pkgconfig/vorbisfile.pc
-share/aclocal/
 share/aclocal/vorbis.m4
 share/doc/libvorbis/
 share/doc/libvorbis/doxygen-build.stamp