diff options
-rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch | 33 | ||||
-rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb | 2 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch new file mode 100644 index 0000000000..7564d92879 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 | ||
2 | From: Thomas Daede <daede003@umn.edu> | ||
3 | Date: Wed, 9 May 2018 14:56:59 -0700 | ||
4 | Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. | ||
5 | |||
6 | CVE: CVE-2017-14160 | ||
7 | CVE: CVE-2018-10393 | ||
8 | Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 | ||
9 | |||
10 | Signed-off-by: Thomas Daede <daede003@umn.edu> | ||
11 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
12 | --- | ||
13 | lib/psy.c | 3 ++- | ||
14 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/lib/psy.c b/lib/psy.c | ||
17 | index 422c6f1..1310123 100644 | ||
18 | --- a/lib/psy.c | ||
19 | +++ b/lib/psy.c | ||
20 | @@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, | ||
21 | for (i = 0, x = 0.f;; i++, x += 1.f) { | ||
22 | |||
23 | lo = b[i] >> 16; | ||
24 | - if( lo>=0 ) break; | ||
25 | hi = b[i] & 0xffff; | ||
26 | + if( lo>=0 ) break; | ||
27 | + if( hi>=n ) break; | ||
28 | |||
29 | tN = N[hi] + N[-lo]; | ||
30 | tX = X[hi] - X[-lo]; | ||
31 | -- | ||
32 | 2.7.4 | ||
33 | |||
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 20f887c252..1a49e593a6 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb | |||
@@ -9,12 +9,14 @@ LICENSE = "BSD" | |||
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ |
10 | file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" | 10 | file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" |
11 | DEPENDS = "libogg" | 11 | DEPENDS = "libogg" |
12 | PR = "r1" | ||
12 | 13 | ||
13 | SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ | 14 | SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ |
14 | file://0001-configure-Check-for-clang.patch \ | 15 | file://0001-configure-Check-for-clang.patch \ |
15 | file://CVE-2017-14633.patch \ | 16 | file://CVE-2017-14633.patch \ |
16 | file://CVE-2017-14632.patch \ | 17 | file://CVE-2017-14632.patch \ |
17 | file://CVE-2018-5146.patch \ | 18 | file://CVE-2018-5146.patch \ |
19 | file://CVE-2017-14160.patch \ | ||
18 | " | 20 | " |
19 | SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" | 21 | SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" |
20 | SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" | 22 | SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" |