Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=dca0325188db6d7d53063a1a565a5ace09529bdc
commit dca0325188db6d7d53063a1a565a5ace09529bdc
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date: Thu May 22 14:09:55 2008 +0200
libvorbis-1.2.0-2-i686
- added CVE-2008-14{19,20,23}.patch
- closes #3093
diff --git a/source/lib/libvorbis/CVE-2008-1419.patch
b/source/lib/libvorbis/CVE-2008-1419.patch
new file mode 100644
index 0000000..fd73f23
--- /dev/null
+++ b/source/lib/libvorbis/CVE-2008-1419.patch
@@ -0,0 +1,13 @@
+Index: lib/codebook.c
+===================================================================
+--- lib/codebook.c (revision 14601)
++++ lib/codebook.c (revision 14602)
+@@ -225,7 +225,7 @@
+ int quantvals=0;
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
+ quantvals=s->entries*s->dim;
diff --git a/source/lib/libvorbis/CVE-2008-1420.patch
b/source/lib/libvorbis/CVE-2008-1420.patch
new file mode 100644
index 0000000..819cbf0
--- /dev/null
+++ b/source/lib/libvorbis/CVE-2008-1420.patch
@@ -0,0 +1,34 @@
+Index: lib/res0.c
+===================================================================
+--- lib/res0.c (revision 14597)
++++ lib/res0.c (revision 14598)
+@@ -223,6 +223,20 @@
+ for(j=0;j<acc;j++)
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+ res0_free_info(info);
+@@ -263,7 +277,7 @@
+ }
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+ for(j=0;j<look->partvals;j++){
diff --git a/source/lib/libvorbis/CVE-2008-1423.patch
b/source/lib/libvorbis/CVE-2008-1423.patch
new file mode 100644
index 0000000..8c7c479
--- /dev/null
+++ b/source/lib/libvorbis/CVE-2008-1423.patch
@@ -0,0 +1,13 @@
+Index: lib/codebook.c
+===================================================================
+--- lib/codebook.c (revision 14603)
++++ lib/codebook.c (revision 14604)
+@@ -159,6 +159,8 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
+
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+ /* codeword ordering.... length ordered or unordered? */
+ switch((int)oggpack_read(opb,1)){
+ case 0:
diff --git a/source/lib/libvorbis/FrugalBuild b/source/lib/libvorbis/FrugalBuild
index d8dc87e..38acd41 100644
--- a/source/lib/libvorbis/FrugalBuild
+++ b/source/lib/libvorbis/FrugalBuild
@@ -4,15 +4,19 @@
pkgname=libvorbis
pkgver=1.2.0
-pkgrel=1
+pkgrel=2
pkgdesc="Vorbis codec library"
url="http://www.vorbis.com/";
groups=('lib')
archs=('i686' 'x86_64' 'ppc')
depends=('glibc' 'libogg')
up2date="lynx -dump http://www.xiph.org/downloads/|grep libvorbis-|Flasttar"
-source=(http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.gz)
-sha1sums=('6ff5f9d9d71cc385ee180171cc21af5653b76a16')
+source=(http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.gz \
+ CVE-2008-1419.patch CVE-2008-1420.patch CVE-2008-1423.patch)
+sha1sums=('6ff5f9d9d71cc385ee180171cc21af5653b76a16' \
+ '4631f34d2586864aee96bdf93eb52ddd4c7aceaa' \
+ 'ee5f3d023f6d9d756c433f7ce4af5d88996d2ab3' \
+ '85b32994f2d2ebff248020857d4d44ecd7afeb85')
build()
{
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
