libvorbis: add patches for CVE-2017-14632 and CVE-2017-14633

patches via Debian, originally from upstream
c1c2831fc7
a79ec216cd

Closes: #11657 [via git-merge-pr]
This commit is contained in:
Helmut Pozimski 2018-02-15 19:59:45 +01:00 committed by Toyam Cox
parent 24bba09b4b
commit 2f2c5d85d6
3 changed files with 26 additions and 1 deletions

View File

@ -0,0 +1,10 @@
--- lib/info.c
+++ lib/info.c
@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp
private_state *b=v->backend_state;
if(!b||vi->channels<=0){
+ b = NULL;
ret=OV_EFAULT;
goto err_out;
}

View File

@ -0,0 +1,11 @@
--- lib/info.c
+++ lib/info.c
@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp
oggpack_buffer opb;
private_state *b=v->backend_state;
- if(!b||vi->channels<=0){
+ if(!b||vi->channels<=0||vi->channels>256){
b = NULL;
ret=OV_EFAULT;
goto err_out;

View File

@ -1,7 +1,7 @@
# Template file for 'libvorbis'.
pkgname=libvorbis
version=1.3.5
revision=1
revision=2
build_style=gnu-configure
hostmakedepends="automake libtool pkg-config"
makedepends="libogg-devel"
@ -16,6 +16,10 @@ pre_configure() {
autoreconf -fi -I m4
}
post_install() {
vlicense COPYING
}
libvorbis-devel_package() {
depends="libogg-devel libvorbis>=${version}_${revision}"
short_desc+=" - development files"