[oe-commits] org.oe.dev libvorbis: fix latest security bugs
woglinde2 commit
oe at amethyst.openembedded.net
Fri May 16 15:32:16 UTC 2008
libvorbis: fix latest security bugs
* got patches from redhat
* bump PR
Author: woglinde2 at openembedded.org
Branch: org.openembedded.dev
Revision: a5324bd0638da4faba37d7b92ff362d19510c2fc
ViewMTN: http://monotone.openembedded.org/revision/info/a5324bd0638da4faba37d7b92ff362d19510c2fc
Files:
1
packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
packages/libvorbis/libvorbis_1.2.0.bb
Diffs:
#
# mt diff -r7db65abec72e59e0ca9b24041f9fb0d0842609d2 -ra5324bd0638da4faba37d7b92ff362d19510c2fc
#
#
#
# add_file "packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch"
# content [ec459887766b9e73366d3a0f3260ade1dc2744d5]
#
# add_file "packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch"
# content [964472dc7dbc73363842030f3a9b0700c91af74b]
#
# add_file "packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch"
# content [c8978e0da9d97ab55c448b5313df449944f9e2c2]
#
# patch "packages/libvorbis/libvorbis_1.2.0.bb"
# from [bfa924d59a88e448f8484e94e5e5d7e031c148bc]
# to [208ac81629fd76130cfdf371e567291473b004e1]
#
============================================================
--- packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch ec459887766b9e73366d3a0f3260ade1dc2744d5
+++ packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch ec459887766b9e73366d3a0f3260ade1dc2744d5
@@ -0,0 +1,36 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/res0.c
+===================================================================
+--- libvorbis-1.2.0/lib/res0.c (revision 14597)
++++ libvorbis-1.2.0/lib/res0.c (revision 14598)
+@@ -223,6 +223,20 @@
+ for(j=0;j<acc;j++)
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+ res0_free_info(info);
+@@ -263,7 +277,7 @@
+ }
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+ for(j=0;j<look->partvals;j++){
============================================================
--- packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch 964472dc7dbc73363842030f3a9b0700c91af74b
+++ packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch 964472dc7dbc73363842030f3a9b0700c91af74b
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c (revision 14601)
++++ libvorbis-1.2.0/lib/codebook.c (revision 14602)
+@@ -225,7 +225,7 @@
+ int quantvals=0;
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
+ quantvals=s->entries*s->dim;
============================================================
--- packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch c8978e0da9d97ab55c448b5313df449944f9e2c2
+++ packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch c8978e0da9d97ab55c448b5313df449944f9e2c2
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c (revision 14603)
++++ libvorbis-1.2.0/lib/codebook.c (revision 14604)
+@@ -159,6 +159,8 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
+
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+ /* codeword ordering.... length ordered or unordered? */
+ switch((int)oggpack_read(opb,1)){
+ case 0:
============================================================
--- packages/libvorbis/libvorbis_1.2.0.bb bfa924d59a88e448f8484e94e5e5d7e031c148bc
+++ packages/libvorbis/libvorbis_1.2.0.bb 208ac81629fd76130cfdf371e567291473b004e1
@@ -4,8 +4,13 @@ LICENSE = "BSD"
that is free of intellectual property restrictions. libvorbis \
is the main vorbis codec library."
LICENSE = "BSD"
+PR = "1"
-SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz \
+ file://r14598-CVE-2008-1420.patch;patch=1 \
+ file://r14602-CVE-2008-1419.patch;patch=1 \
+ file://r14602-CVE-2008-1423.patch;patch=1 \
+ "
inherit autotools pkgconfig
More information about the Openembedded-commits
mailing list