diff options
| author |   Wang Mingyu <wangmy@cn.fujitsu.com> | 2020-07-08 16:52:39 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-07-12 12:20:38 +0100 |
| commit | 75f97f7f8a9a8b4c029f9fbfe1d1c3a43f6ebb4b (patch) | |
| tree | faeeebec3b4bcbc0075e6f71a646553be2a9c5ec | |
| parent | 42a809829c434460f6f838d5c56ef93a14eeef0c (diff) | |
| download | openembedded-core-contrib-75f97f7f8a9a8b4c029f9fbfe1d1c3a43f6ebb4b.tar.gz | |
libvorbis: upgrade 1.3.6 -> 1.3.7
CVE-2017-14160.patch
CVE-2018-10392.patch
removed since they are included in 1.3.7
-License-Update: Copyright year updated to 2020.
license text: URL of Xiph.Org Foundation changed to https://xiph.org/
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb (renamed from meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb) | 10 |
3 files changed, 4 insertions, 74 deletions
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch deleted file mode 100644 index b7603c3b13..0000000000 --- a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 -From: Thomas Daede <daede003@umn.edu> -Date: Wed, 9 May 2018 14:56:59 -0700 -Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. - ---- -CVE: CVE-2017-14160 CVE-2018-10393 - -Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/018ca26d...] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- ---- - lib/psy.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/psy.c b/lib/psy.c -index 422c6f1..1310123 100644 ---- a/lib/psy.c -+++ b/lib/psy.c -@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, - for (i = 0, x = 0.f;; i++, x += 1.f) { - - lo = b[i] >> 16; -- if( lo>=0 ) break; - hi = b[i] & 0xffff; -+ if( lo>=0 ) break; -+ if( hi>=n ) break; - - tN = N[hi] + N[-lo]; - tX = X[hi] - X[-lo]; --- -1.7.9.5 - diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch deleted file mode 100644 index b7936b4b4d..0000000000 --- a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 -From: Thomas Daede <daede003@umn.edu> -Date: Thu, 17 May 2018 16:19:19 -0700 -Subject: [PATCH] Sanity check number of channels in setup. - -Fixes #2335. - ---- -CVE: CVE-2018-10392 - -Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/112d3bd...] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- - - lib/vorbisenc.c | 1 + - 1 file changed, 1 insertion(+) - - -diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c -index 4fc7b62..64a51b5 100644 ---- a/lib/vorbisenc.c -+++ b/lib/vorbisenc.c -@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ - highlevel_encode_setup *hi=&ci->hi; - - if(ci==NULL)return(OV_EINVAL); -+ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); - if(!hi->impulse_block_p)i0=1; - - /* too low/high an ATH floater is nonsensical, but doesn't break anything */ --- -1.7.9.5 - diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb index 1a3cdc2269..c5c10348c6 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb @@ -6,16 +6,14 @@ HOMEPAGE = "http://www.vorbis.com/" BUGTRACKER = "https://trac.xiph.org" SECTION = "libs" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=70c7063491d2d9f76a098d62ed5134f1 \ - file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" +LIC_FILES_CHKSUM = "file://COPYING;md5=73d9c8942c60b846c3bad13cc6c2e520 \ + file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=c95a4ac2b4125f00a9acf61449ebb843" DEPENDS = "libogg" SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://0001-configure-Check-for-clang.patch \ - file://CVE-2018-10392.patch \ - file://CVE-2017-14160.patch \ " -SRC_URI[md5sum] = "b7d1692f275c73e7833ed1cc2697cd65" -SRC_URI[sha256sum] = "af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415" +SRC_URI[md5sum] = "50902641d358135f06a8392e61c9ac77" +SRC_URI[sha256sum] = "b33cc4934322bcbf6efcbacf49e3ca01aadbea4114ec9589d1b1e9d20f72954b" inherit autotools pkgconfig |