summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Heinold <heinold@inf.fu-berlin.de>2008-05-16 15:28:55 +0000
committerHenning Heinold <heinold@inf.fu-berlin.de>2008-05-16 15:28:55 +0000
commite59191af5bc39b3ad744059da92f7c398b227c3e (patch)
tree780ffa0890bae5e8d0dfa7dc886fdb0cc0e78fa0
parent8127998b8a4cfcf4e0e1dd60362bbfff74aa4360 (diff)
libvorbis: fix latest security bugs
* got patches from redhat * bump PR
-rw-r--r--packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch36
-rw-r--r--packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch15
-rw-r--r--packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch15
-rw-r--r--packages/libvorbis/libvorbis_1.2.0.bb7
4 files changed, 72 insertions, 1 deletions
diff --git a/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch b/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
new file mode 100644
index 0000000000..5fb5b2acda
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
@@ -0,0 +1,36 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/res0.c
+===================================================================
+--- libvorbis-1.2.0/lib/res0.c (revision 14597)
++++ libvorbis-1.2.0/lib/res0.c (revision 14598)
+@@ -223,6 +223,20 @@
+ for(j=0;j<acc;j++)
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+ res0_free_info(info);
+@@ -263,7 +277,7 @@
+ }
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+ for(j=0;j<look->partvals;j++){
diff --git a/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch b/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
new file mode 100644
index 0000000000..b9d6b7adb5
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c (revision 14601)
++++ libvorbis-1.2.0/lib/codebook.c (revision 14602)
+@@ -225,7 +225,7 @@
+ int quantvals=0;
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
+ quantvals=s->entries*s->dim;
diff --git a/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch b/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
new file mode 100644
index 0000000000..d912c57f79
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c (revision 14603)
++++ libvorbis-1.2.0/lib/codebook.c (revision 14604)
+@@ -159,6 +159,8 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
+
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+ /* codeword ordering.... length ordered or unordered? */
+ switch((int)oggpack_read(opb,1)){
+ case 0:
diff --git a/packages/libvorbis/libvorbis_1.2.0.bb b/packages/libvorbis/libvorbis_1.2.0.bb
index 79b79e8f49..30031ad5e8 100644
--- a/packages/libvorbis/libvorbis_1.2.0.bb
+++ b/packages/libvorbis/libvorbis_1.2.0.bb
@@ -4,8 +4,13 @@ DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \
that is free of intellectual property restrictions. libvorbis \
is the main vorbis codec library."
LICENSE = "BSD"
+PR = "1"
-SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz \
+ file://r14598-CVE-2008-1420.patch;patch=1 \
+ file://r14602-CVE-2008-1419.patch;patch=1 \
+ file://r14602-CVE-2008-1423.patch;patch=1 \
+ "
inherit autotools pkgconfig