From da040815fa3faf2534f9871412a1c48a8f6d1336 Mon Sep 17 00:00:00 2001 From: Ian Leonard Date: Sat, 7 Apr 2018 12:28:32 -0700 Subject: [PATCH] libvorbis: update to 1.3.6 Resolves CVEs: 2018-5146 2017-14632 2017-14633 Signed-off-by: Ian Leonard --- libs/libvorbis/Makefile | 6 +++--- .../patches/100-CVE-2017-14632-CVE-2017-14633.patch | 12 ------------ 2 files changed, 3 insertions(+), 15 deletions(-) delete mode 100644 libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch diff --git a/libs/libvorbis/Makefile b/libs/libvorbis/Makefile index 550954e029..d4e29fce9f 100644 --- a/libs/libvorbis/Makefile +++ b/libs/libvorbis/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libvorbis -PKG_VERSION:=1.3.5 -PKG_RELEASE:=2 +PKG_VERSION:=1.3.6 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/ -PKG_HASH:=54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1 +PKG_HASH:=af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415 PKG_MAINTAINER:=Ted Hess PKG_LICENSE:=BSD-3-Clause diff --git a/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch b/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch deleted file mode 100644 index 84601ff9b4..0000000000 --- a/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/lib/info.c -+++ b/lib/info.c -@@ -583,7 +583,8 @@ int vorbis_analysis_headerout(vorbis_dsp - oggpack_buffer opb; - private_state *b=v->backend_state; - -- if(!b||vi->channels<=0){ -+ if(!b||vi->channels<=0||vi->channels>255){ -+ b = NULL; - ret=OV_EFAULT; - goto err_out; - } -- 2.30.2