From 709c4d66e0b107ca606941b988bad717c0b45d9b Mon Sep 17 00:00:00 2001
From: Denys Dmytriyenko <denis@denix.org>
Date: Tue, 17 Mar 2009 14:32:59 -0400
Subject: rename packages/ to recipes/ per earlier agreement

See links below for more details:
http://thread.gmane.org/gmane.comp.handhelds.openembedded/21326
http://thread.gmane.org/gmane.comp.handhelds.openembedded/21816

Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Acked-by: Mike Westerhof <mwester@dls.net>
Acked-by: Philip Balister <philip@balister.org>
Acked-by: Khem Raj <raj.khem@gmail.com>
Acked-by: Marcin Juszkiewicz <hrw@openembedded.org>
Acked-by: Koen Kooi <koen@openembedded.org>
Acked-by: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
---
 recipes/libvorbis/libvorbis/m4.patch               | 11 +++++++
 .../libvorbis/libvorbis/r14598-CVE-2008-1420.patch | 36 ++++++++++++++++++++++
 .../libvorbis/libvorbis/r14602-CVE-2008-1419.patch | 15 +++++++++
 .../libvorbis/libvorbis/r14602-CVE-2008-1423.patch | 15 +++++++++
 recipes/libvorbis/libvorbis_1.0.1.bb               | 32 +++++++++++++++++++
 recipes/libvorbis/libvorbis_1.2.0.bb               | 35 +++++++++++++++++++++
 6 files changed, 144 insertions(+)
 create mode 100644 recipes/libvorbis/libvorbis/m4.patch
 create mode 100644 recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
 create mode 100644 recipes/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
 create mode 100644 recipes/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
 create mode 100644 recipes/libvorbis/libvorbis_1.0.1.bb
 create mode 100644 recipes/libvorbis/libvorbis_1.2.0.bb

(limited to 'recipes/libvorbis')

diff --git a/recipes/libvorbis/libvorbis/m4.patch b/recipes/libvorbis/libvorbis/m4.patch
new file mode 100644
index 0000000000..797a6b62a5
--- /dev/null
+++ b/recipes/libvorbis/libvorbis/m4.patch
@@ -0,0 +1,11 @@
+--- libvorbis-1.0.1/vorbis.m4.orig	2002-08-14 20:25:39 +0200
++++ libvorbis-1.0.1/vorbis.m4	2004-08-12 12:58:13 +0200
+@@ -6,7 +6,7 @@
+ dnl XIPH_PATH_VORBIS([ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]])
+ dnl Test for libvorbis, and define VORBIS_CFLAGS and VORBIS_LIBS
+ dnl
+-AC_DEFUN(XIPH_PATH_VORBIS,
++AC_DEFUN([XIPH_PATH_VORBIS],
+ [dnl 
+ dnl Get the cflags and libraries
+ dnl
diff --git a/recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch b/recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
new file mode 100644
index 0000000000..5fb5b2acda
--- /dev/null
+++ b/recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
@@ -0,0 +1,36 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/res0.c
+===================================================================
+--- libvorbis-1.2.0/lib/res0.c	(revision 14597)
++++ libvorbis-1.2.0/lib/res0.c	(revision 14598)
+@@ -223,6 +223,20 @@
+   for(j=0;j<acc;j++)
+     if(info->booklist[j]>=ci->books)goto errout;
+ 
++  /* verify the phrasebook is not specifying an impossible or
++     inconsistent partitioning scheme. */
++  {
++    int entries = ci->book_param[info->groupbook]->entries;
++    int dim = ci->book_param[info->groupbook]->dim;
++    int partvals = 1;
++    while(dim>0){
++      partvals *= info->partitions;
++      if(partvals > entries) goto errout;
++      dim--;
++    }
++    if(partvals != entries) goto errout;
++  }
++
+   return(info);
+  errout:
+   res0_free_info(info);
+@@ -263,7 +277,7 @@
+     }
+   }
+ 
+-  look->partvals=rint(pow((float)look->parts,(float)dim));
++  look->partvals=look->phrasebook->entries;
+   look->stages=maxstage;
+   look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+   for(j=0;j<look->partvals;j++){
diff --git a/recipes/libvorbis/libvorbis/r14602-CVE-2008-1419.patch b/recipes/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
new file mode 100644
index 0000000000..b9d6b7adb5
--- /dev/null
+++ b/recipes/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c	(revision 14601)
++++ libvorbis-1.2.0/lib/codebook.c	(revision 14602)
+@@ -225,7 +225,7 @@
+       int quantvals=0;
+       switch(s->maptype){
+       case 1:
+-	quantvals=_book_maptype1_quantvals(s);
++	quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ 	break;
+       case 2:
+ 	quantvals=s->entries*s->dim;
diff --git a/recipes/libvorbis/libvorbis/r14602-CVE-2008-1423.patch b/recipes/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
new file mode 100644
index 0000000000..d912c57f79
--- /dev/null
+++ b/recipes/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c	(revision 14603)
++++ libvorbis-1.2.0/lib/codebook.c	(revision 14604)
+@@ -159,6 +159,8 @@
+   s->entries=oggpack_read(opb,24);
+   if(s->entries==-1)goto _eofout;
+ 
++  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+   /* codeword ordering.... length ordered or unordered? */
+   switch((int)oggpack_read(opb,1)){
+   case 0:
diff --git a/recipes/libvorbis/libvorbis_1.0.1.bb b/recipes/libvorbis/libvorbis_1.0.1.bb
new file mode 100644
index 0000000000..8a2d17a0ad
--- /dev/null
+++ b/recipes/libvorbis/libvorbis_1.0.1.bb
@@ -0,0 +1,32 @@
+SECTION = "libs"
+DEPENDS = "libogg"
+DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \
+that is free of intellectual property restrictions. libvorbis \
+is the main vorbis codec library."
+LICENSE = "BSD"
+PR = "r2"
+
+SRC_URI = "http://www.vorbis.com/files/${PV}/unix/libvorbis-${PV}.tar.gz \
+file://m4.patch;patch=1"
+
+inherit autotools  pkgconfig
+
+# vorbisfile.c reveals a problem in the gcc register spilling for the
+# thumb instruction set...
+FULL_OPTIMIZATION_thumb = "-O0"
+
+EXTRA_OECONF = "--with-ogg-libraries=${STAGING_LIBDIR} \
+	        --with-ogg-includes=${STAGING_INCDIR}"
+
+do_stage () {
+	oe_libinstall -a -so -C lib libvorbis ${STAGING_LIBDIR}
+	oe_libinstall -a -so -C lib libvorbisfile ${STAGING_LIBDIR}
+	oe_libinstall -a -so -C lib libvorbisenc ${STAGING_LIBDIR}
+
+	install -d ${STAGING_INCDIR}/vorbis
+	install -m 0644 include/vorbis/vorbisenc.h \
+			include/vorbis/vorbisfile.h \
+			include/vorbis/codec.h ${STAGING_INCDIR}/vorbis/
+	install -d ${STAGING_DATADIR}/aclocal
+	install -m 0644 vorbis.m4 ${STAGING_DATADIR}/aclocal/
+}
diff --git a/recipes/libvorbis/libvorbis_1.2.0.bb b/recipes/libvorbis/libvorbis_1.2.0.bb
new file mode 100644
index 0000000000..30031ad5e8
--- /dev/null
+++ b/recipes/libvorbis/libvorbis_1.2.0.bb
@@ -0,0 +1,35 @@
+SECTION = "libs"
+DEPENDS = "libogg"
+DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \
+that is free of intellectual property restrictions. libvorbis \
+is the main vorbis codec library."
+LICENSE = "BSD"
+PR = "1"
+
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz \
+	   file://r14598-CVE-2008-1420.patch;patch=1 \
+	   file://r14602-CVE-2008-1419.patch;patch=1 \
+	   file://r14602-CVE-2008-1423.patch;patch=1 \
+	  "
+
+inherit autotools  pkgconfig
+
+# vorbisfile.c reveals a problem in the gcc register spilling for the
+# thumb instruction set...
+FULL_OPTIMIZATION_thumb = "-O0"
+
+EXTRA_OECONF = "--with-ogg-libraries=${STAGING_LIBDIR} \
+	        --with-ogg-includes=${STAGING_INCDIR}"
+
+do_stage () {
+	oe_libinstall -a -so -C lib libvorbis ${STAGING_LIBDIR}
+	oe_libinstall -a -so -C lib libvorbisfile ${STAGING_LIBDIR}
+	oe_libinstall -a -so -C lib libvorbisenc ${STAGING_LIBDIR}
+
+	install -d ${STAGING_INCDIR}/vorbis
+	install -m 0644 include/vorbis/vorbisenc.h \
+			include/vorbis/vorbisfile.h \
+			include/vorbis/codec.h ${STAGING_INCDIR}/vorbis/
+	install -d ${STAGING_DATADIR}/aclocal
+	install -m 0644 vorbis.m4 ${STAGING_DATADIR}/aclocal/
+}
-- 
cgit 1.2.3-korg