diff options
| author | Christian Weisgerber <naddy@FreeBSD.org> | 2020-06-28 21:52:02 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@FreeBSD.org> | 2020-06-28 21:52:02 +0000 |
| commit | 7b5e4f228f582e7d58d9be2f42b8bb1342a13c40 (patch) | |
| tree | 5526412e13b68b32424d611cbcaf1667e4fa0295 /audio/libvorbis | |
| parent | 65becbe58aaf15b6cd45be2453ade9a1cb5825d4 (diff) | |
| download | ports-7b5e4f228f582e7d58d9be2f42b8bb1342a13c40.tar.gz ports-7b5e4f228f582e7d58d9be2f42b8bb1342a13c40.zip | |
Pick fixes for two security vulnerabilities from upstream repository:
CVE-2017-14160: Fix bounds check on very low sample rates.
CVE-2018-10392: Sanity check number of channels in setup.
These were committed upstream two years ago, but there has been no
release since.
Reported by: T.J. Townsend <tj@openbsd.org>
Security: 4200d5f5-b985-11ea-b08a-f8b156b6dcc8
Notes
Notes:
svn path=/head/; revision=540732
Diffstat (limited to 'audio/libvorbis')
| -rw-r--r-- | audio/libvorbis/Makefile | 1 | ||||
| -rw-r--r-- | audio/libvorbis/files/patch-lib_psy.c | 15 | ||||
| -rw-r--r-- | audio/libvorbis/files/patch-lib_vorbisenc.c | 12 |
3 files changed, 28 insertions, 0 deletions
diff --git a/audio/libvorbis/Makefile b/audio/libvorbis/Makefile index 9c9123a7f930..038100fb22a7 100644 --- a/audio/libvorbis/Makefile +++ b/audio/libvorbis/Makefile @@ -3,6 +3,7 @@ PORTNAME= libvorbis PORTVERSION= 1.3.6 +PORTREVISION= 1 PORTEPOCH= 3 CATEGORIES= audio MASTER_SITES= https://downloads.xiph.org/releases/vorbis/ \ diff --git a/audio/libvorbis/files/patch-lib_psy.c b/audio/libvorbis/files/patch-lib_psy.c new file mode 100644 index 000000000000..90aae7d8c12a --- /dev/null +++ b/audio/libvorbis/files/patch-lib_psy.c @@ -0,0 +1,15 @@ +CVE-2017-14160: fix bounds check on very low sample rates. +https://gitlab.xiph.org/xiph/vorbis/-/commit/018ca26dece618457dd13585cad52941193c4a25 +--- lib/psy.c.orig 2020-06-28 19:37:27 UTC ++++ lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; diff --git a/audio/libvorbis/files/patch-lib_vorbisenc.c b/audio/libvorbis/files/patch-lib_vorbisenc.c new file mode 100644 index 000000000000..c5e63a872086 --- /dev/null +++ b/audio/libvorbis/files/patch-lib_vorbisenc.c @@ -0,0 +1,12 @@ +CVE-2018-10392: Sanity check number of channels in setup. +https://gitlab.xiph.org/xiph/vorbis/-/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b +--- lib/vorbisenc.c.orig 2020-06-28 19:38:54 UTC ++++ lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ |