diff options
author | Tilman Sauerbeck <tilman@crux.nu> | 2012-03-03 11:00:39 +0100 |
---|---|---|
committer | Tilman Sauerbeck <tilman@crux.nu> | 2012-03-03 11:04:13 +0100 |
commit | de101aa168cb54fda6898cbb0e0296d4ca77db63 (patch) | |
tree | 5bb0ded143b78c7c598c0ff561c91a3bcee3030f /libvorbis | |
parent | 59fbb278070041323a708e81fd2bb6c052af66a5 (diff) | |
download | opt-de101aa168cb54fda6898cbb0e0296d4ca77db63.tar.gz opt-de101aa168cb54fda6898cbb0e0296d4ca77db63.tar.xz |
[notify] libvorbis: fixed buffer overflow.
See CVE-2012-0444 for details.
Diffstat (limited to 'libvorbis')
-rw-r--r-- | libvorbis/.md5sum | 1 | ||||
-rw-r--r-- | libvorbis/Pkgfile | 5 | ||||
-rw-r--r-- | libvorbis/libvorbis.diff | 24 |
3 files changed, 28 insertions, 2 deletions
diff --git a/libvorbis/.md5sum b/libvorbis/.md5sum index c59354f7d..ed13677ee 100644 --- a/libvorbis/.md5sum +++ b/libvorbis/.md5sum @@ -1 +1,2 @@ 798a4211221073c1409f26eac4567e8b libvorbis-1.3.2.tar.bz2 +da63af101889342f87cf33f15924adc4 libvorbis.diff diff --git a/libvorbis/Pkgfile b/libvorbis/Pkgfile index bf54e9ba2..85344b128 100644 --- a/libvorbis/Pkgfile +++ b/libvorbis/Pkgfile @@ -5,11 +5,12 @@ name=libvorbis version=1.3.2 -release=1 -source=(http://downloads.xiph.org/releases/vorbis/$name-$version.tar.bz2) +release=2 +source=(http://downloads.xiph.org/releases/vorbis/$name-$version.tar.bz2 $name.diff) build() { cd $name-$version + patch -p3 -i $SRC/$name.diff ./configure --prefix=/usr make make DESTDIR=$PKG install diff --git a/libvorbis/libvorbis.diff b/libvorbis/libvorbis.diff new file mode 100644 index 000000000..938a9ca8d --- /dev/null +++ b/libvorbis/libvorbis.diff @@ -0,0 +1,24 @@ +# Stolen from Mozilla, with minor adjustments. +# Author: Timothy B. Terriberry <tterribe@vt.edu> + +diff --git a/media/libvorbis/lib/floor1.c b/media/libvorbis/lib/floor1.c +--- a/media/libvorbis/lib/floor1.c ++++ b/media/libvorbis/lib/floor1.c +@@ -162,16 +162,17 @@ static vorbis_info_floor *floor1_unpack + + /* read the post list */ + info->mult=oggpack_read(opb,2)+1; /* only 1,2,3,4 legal now */ + rangebits=oggpack_read(opb,4); + if(rangebits<0)goto err_out; + + for(j=0,k=0;j<info->partitions;j++){ + count+=info->class_dim[info->partitionclass[j]]; ++ if(count>VIF_POSIT) goto err_out; + for(;k<count;k++){ + int t=info->postlist[k+2]=oggpack_read(opb,rangebits); + if(t<0 || t>=(1<<rangebits)) + goto err_out; + } + } + info->postlist[0]=0; + info->postlist[1]=1<<rangebits; |