[oe-commits] org.oe.dev libvorbis: fix latest security bugs

woglinde2 commit oe at amethyst.openembedded.net
Fri May 16 15:32:16 UTC 2008 

libvorbis: fix latest security bugs
* got patches from redhat
* bump PR

Author: woglinde2 at openembedded.org
Branch: org.openembedded.dev
Revision: a5324bd0638da4faba37d7b92ff362d19510c2fc
ViewMTN: http://monotone.openembedded.org/revision/info/a5324bd0638da4faba37d7b92ff362d19510c2fc
Files:
1
packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
packages/libvorbis/libvorbis_1.2.0.bb
Diffs:

#
# mt diff -r7db65abec72e59e0ca9b24041f9fb0d0842609d2 -ra5324bd0638da4faba37d7b92ff362d19510c2fc
#
#
#
# add_file "packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch"
#  content [ec459887766b9e73366d3a0f3260ade1dc2744d5]
# 
# add_file "packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch"
#  content [964472dc7dbc73363842030f3a9b0700c91af74b]
# 
# add_file "packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch"
#  content [c8978e0da9d97ab55c448b5313df449944f9e2c2]
# 
# patch "packages/libvorbis/libvorbis_1.2.0.bb"
#  from [bfa924d59a88e448f8484e94e5e5d7e031c148bc]
#    to [208ac81629fd76130cfdf371e567291473b004e1]
#
============================================================
--- packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch	ec459887766b9e73366d3a0f3260ade1dc2744d5
+++ packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch	ec459887766b9e73366d3a0f3260ade1dc2744d5
@@ -0,0 +1,36 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/res0.c
+===================================================================
+--- libvorbis-1.2.0/lib/res0.c	(revision 14597)
++++ libvorbis-1.2.0/lib/res0.c	(revision 14598)
+@@ -223,6 +223,20 @@
+   for(j=0;j<acc;j++)
+     if(info->booklist[j]>=ci->books)goto errout;
+ 
++  /* verify the phrasebook is not specifying an impossible or
++     inconsistent partitioning scheme. */
++  {
++    int entries = ci->book_param[info->groupbook]->entries;
++    int dim = ci->book_param[info->groupbook]->dim;
++    int partvals = 1;
++    while(dim>0){
++      partvals *= info->partitions;
++      if(partvals > entries) goto errout;
++      dim--;
++    }
++    if(partvals != entries) goto errout;
++  }
++
+   return(info);
+  errout:
+   res0_free_info(info);
+@@ -263,7 +277,7 @@
+     }
+   }
+ 
+-  look->partvals=rint(pow((float)look->parts,(float)dim));
++  look->partvals=look->phrasebook->entries;
+   look->stages=maxstage;
+   look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+   for(j=0;j<look->partvals;j++){
============================================================
--- packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch	964472dc7dbc73363842030f3a9b0700c91af74b
+++ packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch	964472dc7dbc73363842030f3a9b0700c91af74b
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c	(revision 14601)
++++ libvorbis-1.2.0/lib/codebook.c	(revision 14602)
+@@ -225,7 +225,7 @@
+       int quantvals=0;
+       switch(s->maptype){
+       case 1:
+-	quantvals=_book_maptype1_quantvals(s);
++	quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ 	break;
+       case 2:
+ 	quantvals=s->entries*s->dim;
============================================================
--- packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch	c8978e0da9d97ab55c448b5313df449944f9e2c2
+++ packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch	c8978e0da9d97ab55c448b5313df449944f9e2c2
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c	(revision 14603)
++++ libvorbis-1.2.0/lib/codebook.c	(revision 14604)
+@@ -159,6 +159,8 @@
+   s->entries=oggpack_read(opb,24);
+   if(s->entries==-1)goto _eofout;
+ 
++  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+   /* codeword ordering.... length ordered or unordered? */
+   switch((int)oggpack_read(opb,1)){
+   case 0:
============================================================
--- packages/libvorbis/libvorbis_1.2.0.bb	bfa924d59a88e448f8484e94e5e5d7e031c148bc
+++ packages/libvorbis/libvorbis_1.2.0.bb	208ac81629fd76130cfdf371e567291473b004e1
@@ -4,8 +4,13 @@ LICENSE = "BSD"
 that is free of intellectual property restrictions. libvorbis \
 is the main vorbis codec library."
 LICENSE = "BSD"
+PR = "1"
 
-SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz \
+	   file://r14598-CVE-2008-1420.patch;patch=1 \
+	   file://r14602-CVE-2008-1419.patch;patch=1 \
+	   file://r14602-CVE-2008-1423.patch;patch=1 \
+	  "
 
 inherit autotools  pkgconfig

More information about the Openembedded-commits mailing list