[pkgsrc/pkgsrc-2008Q1]: pkgsrc/audio/libvorbis Pullup ticket 2393 - requested...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/audio/libvorbis Pullup ticket 2393 - requested...
From: ghen <ghen%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:57:03 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/00402e420fef
branches:  pkgsrc-2008Q1
changeset: 540369:00402e420fef
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Thu May 22 13:54:10 2008 +0000

description:
Pullup ticket 2393 - requested by drochner
security fixes for libvorbis

- pkgsrc/audio/libvorbis/Makefile                       1.47
- pkgsrc/audio/libvorbis/distinfo                       1.15
- pkgsrc/audio/libvorbis/patches/patch-aa               1.3
- pkgsrc/audio/libvorbis/patches/patch-ab               1.3

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed May 14 16:36:18 UTC 2008

   Modified Files:
           pkgsrc/audio/libvorbis: Makefile distinfo
   Added Files:
           pkgsrc/audio/libvorbis/patches: patch-aa patch-ab

   Log Message:
   pull some patches from upstream CVS to fix integer overflows /
   buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423),
   bump PKGREVISION

diffstat:

 audio/libvorbis/Makefile         |   3 ++-
 audio/libvorbis/distinfo         |   4 +++-
 audio/libvorbis/patches/patch-aa |  34 ++++++++++++++++++++++++++++++++++
 audio/libvorbis/patches/patch-ab |  22 ++++++++++++++++++++++
 4 files changed, 61 insertions(+), 2 deletions(-)

diffs (88 lines):

diff -r 023114c92e91 -r 00402e420fef audio/libvorbis/Makefile
--- a/audio/libvorbis/Makefile  Thu May 22 13:46:33 2008 +0000
+++ b/audio/libvorbis/Makefile  Thu May 22 13:54:10 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2007/07/28 07:58:48 wiz Exp $
+# $NetBSD: Makefile,v 1.46.6.1 2008/05/22 13:54:10 ghen Exp $
 
 DISTNAME=      libvorbis-1.2.0
+PKGREVISION=   1
 CATEGORIES=    devel audio
 MASTER_SITES=  http://downloads.xiph.org/releases/vorbis/
 
diff -r 023114c92e91 -r 00402e420fef audio/libvorbis/distinfo
--- a/audio/libvorbis/distinfo  Thu May 22 13:46:33 2008 +0000
+++ b/audio/libvorbis/distinfo  Thu May 22 13:54:10 2008 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.14 2007/07/28 07:58:48 wiz Exp $
+$NetBSD: distinfo,v 1.14.6.1 2008/05/22 13:54:10 ghen Exp $
 
 SHA1 (libvorbis-1.2.0.tar.gz) = 6ff5f9d9d71cc385ee180171cc21af5653b76a16
 RMD160 (libvorbis-1.2.0.tar.gz) = 54bf2b48943e283f003cd5dfb4bf9e519b6a817d
 Size (libvorbis-1.2.0.tar.gz) = 1494373 bytes
+SHA1 (patch-aa) = 8d6d491a75531eb0527da6218eeb123692ae747e
+SHA1 (patch-ab) = 07c6ef26df0adf1abce4b96a6aff512ed1d6597a
diff -r 023114c92e91 -r 00402e420fef audio/libvorbis/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libvorbis/patches/patch-aa  Thu May 22 13:54:10 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-aa,v 1.2.36.1 2008/05/22 13:54:10 ghen Exp $
+
+--- ./lib/res0.c.orig  2007-07-24 02:09:47.000000000 +0200
++++ ./lib/res0.c
+@@ -223,6 +223,20 @@ vorbis_info_residue *res0_unpack(vorbis_
+   for(j=0;j<acc;j++)
+     if(info->booklist[j]>=ci->books)goto errout;
+ 
++  /* verify the phrasebook is not specifying an impossible or
++     inconsistent partitioning scheme. */
++  {
++    int entries = ci->book_param[info->groupbook]->entries;
++    int dim = ci->book_param[info->groupbook]->dim;
++    int partvals = 1;
++    while(dim>0){
++      partvals *= info->partitions;
++      if(partvals > entries) goto errout;
++      dim--;
++    }
++    if(partvals != entries) goto errout;
++  }
++
+   return(info);
+  errout:
+   res0_free_info(info);
+@@ -263,7 +277,7 @@ vorbis_look_residue *res0_look(vorbis_ds
+     }
+   }
+ 
+-  look->partvals=rint(pow((float)look->parts,(float)dim));
++  look->partvals=look->phrasebook->entries;
+   look->stages=maxstage;
+   look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+   for(j=0;j<look->partvals;j++){
diff -r 023114c92e91 -r 00402e420fef audio/libvorbis/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libvorbis/patches/patch-ab  Thu May 22 13:54:10 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.2.36.1 2008/05/22 13:54:10 ghen Exp $
+
+--- ./lib/codebook.c.orig      2008-05-14 18:17:20.000000000 +0200
++++ ./lib/codebook.c
+@@ -159,6 +159,8 @@ int vorbis_staticbook_unpack(oggpack_buf
+   s->entries=oggpack_read(opb,24);
+   if(s->entries==-1)goto _eofout;
+ 
++  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+   /* codeword ordering.... length ordered or unordered? */
+   switch((int)oggpack_read(opb,1)){
+   case 0:
+@@ -225,7 +227,7 @@ int vorbis_staticbook_unpack(oggpack_buf
+       int quantvals=0;
+       switch(s->maptype){
+       case 1:
+-      quantvals=_book_maptype1_quantvals(s);
++      quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+       break;
+       case 2:
+       quantvals=s->entries*s->dim;

Prev by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/doc Pullup ticket #2391.
Next by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/mtr Pullup ticket 2395 - requested by tron
Previous by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/doc Pullup ticket #2391.
Next by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/mtr Pullup ticket 2395 - requested by tron
Indexes:

Home | Main Index | Thread Index | Old Index