libvorbis: update to 1.3.6

Resolves CVEs:
2018-5146
2017-14632
2017-14633

Signed-off-by: Ian Leonard <antonlacon@gmail.com>

diff --git a/libs/libvorbis/Makefile b/libs/libvorbis/Makefile
index 550954e0292db4e3b14b2f5680960c19cf6af0bc..d4e29fce9f1b8c03d033f2ca46f5e84ef986fb82 100644 (file)
--- a/libs/libvorbis/Makefile
+++ b/libs/libvorbis/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvorbis
-PKG_VERSION:=1.3.5
-PKG_RELEASE:=2
+PKG_VERSION:=1.3.6
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/
-PKG_HASH:=54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1
+PKG_HASH:=af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415
 PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
 
 PKG_LICENSE:=BSD-3-Clause

diff --git a/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch b/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch
deleted file mode 100644 (file)
index 84601ff..0000000
--- a/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/lib/info.c
-+++ b/lib/info.c
-@@ -583,7 +583,8 @@ int vorbis_analysis_headerout(vorbis_dsp
-   oggpack_buffer opb;
-   private_state *b=v->backend_state;
- 
--  if(!b||vi->channels<=0){
-+  if(!b||vi->channels<=0||vi->channels>255){
-+    b = NULL;
-     ret=OV_EFAULT;
-     goto err_out;
-   }