Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libvorbis: update to 1.3.6

Browse source 
Resolves CVEs:
2018-5146
2017-14632
2017-14633

Signed-off-by: Ian Leonard <antonlacon@gmail.com>
This commit is contained in:
Ian Leonard 2018-04-07 12:28:32 -07:00
parent c750f17fff
commit da040815fa
2 changed files with 3 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libs/libvorbis/Makefile
View file

@ -6,12 +6,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libvorbis
PKG_VERSION:=1.3.5
PKG_RELEASE:=2
PKG_VERSION:=1.3.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/
PKG_HASH:=54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1
PKG_HASH:=af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=BSD-3-Clause

12
libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch
View file

@ -1,12 +0,0 @@
--- a/lib/info.c
+++ b/lib/info.c
@@ -583,7 +583,8 @@ int vorbis_analysis_headerout(vorbis_dsp
oggpack_buffer opb;
private_state *b=v->backend_state;
- if(!b||vi->channels<=0){
+ if(!b||vi->channels<=0||vi->channels>255){
+ b = NULL;
ret=OV_EFAULT;
goto err_out;
}