libvorbis: CVE-2017-14160 CVE-2018-10393

CVE-2017-14160: fix bounds check on very low sample rates. (From OE-Core rev: 0b0409ab6ef27599feeb2fc8a82150305b91f26b) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> 2018-07-22 12:11:27 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-29 15:23:50 +0100
commit: 6a87904a3886b61d420f0449771b83127281759e (patch)
tree: c3980710bf29d6e9320a35d0f21011dad1cc3c37
parent: 874976be9aea8856b25df347be540d5d54e538b8 (diff)
download: poky-6a87904a3886b61d420f0449771b83127281759e.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
new file mode 100644
index 0000000000..7564d92879
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
@@ -0,0 +1,33 @@
+From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Wed, 9 May 2018 14:56:59 -0700
+Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
+CVE: CVE-2017-14160
+CVE: CVE-2018-10393
+Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
+Signed-off-by: Thomas Daede <daede003@umn.edu>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/psy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
+++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
+    if( lo>=0 ) break;
+    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];
+-- 
+2.7.4
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 20f887c252..1a49e593a6 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -9,12 +9,14 @@ LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \
                    file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
 DEPENDS = "libogg"
+PR = "r1"
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
           file://0001-configure-Check-for-clang.patch \
           file://CVE-2017-14633.patch \
           file://CVE-2017-14632.patch \
           file://CVE-2018-5146.patch \
+           file://CVE-2017-14160.patch \
          "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
author	Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>	2018-07-22 12:11:27 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-29 15:23:50 +0100
commit	6a87904a3886b61d420f0449771b83127281759e (patch)
tree	c3980710bf29d6e9320a35d0f21011dad1cc3c37
parent	874976be9aea8856b25df347be540d5d54e538b8 (diff)
download	poky-6a87904a3886b61d420f0449771b83127281759e.tar.gz

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch new file mode 100644 index 0000000000..7564d92879 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
@@ -0,0 +1,33 @@
		1	From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
		2	From: Thomas Daede <daede003@umn.edu>
		3	Date: Wed, 9 May 2018 14:56:59 -0700
		4	Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
		5
		6	CVE: CVE-2017-14160
		7	CVE: CVE-2018-10393
		8	Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
		9
		10	Signed-off-by: Thomas Daede <daede003@umn.edu>
		11	Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
		12	---
		13	lib/psy.c \| 3 ++-
		14	1 file changed, 2 insertions(+), 1 deletion(-)
		15
		16	diff --git a/lib/psy.c b/lib/psy.c
		17	index 422c6f1..1310123 100644
		18	--- a/lib/psy.c
		19	+++ b/lib/psy.c
		20	@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
		21	for (i = 0, x = 0.f;; i++, x += 1.f) {
		22
		23	lo = b[i] >> 16;
		24	- if( lo>=0 ) break;
		25	hi = b[i] & 0xffff;
		26	+ if( lo>=0 ) break;
		27	+ if( hi>=n ) break;
		28
		29	tN = N[hi] + N[-lo];
		30	tX = X[hi] - X[-lo];
		31	--
		32	2.7.4
		33


diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 20f887c252..1a49e593a6 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -9,12 +9,14 @@ LICENSE = "BSD"
9	LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \	9	LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \
10	file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"	10	file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
11	DEPENDS = "libogg"	11	DEPENDS = "libogg"
		12	PR = "r1"
12		13
13	SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \	14	SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
14	file://0001-configure-Check-for-clang.patch \	15	file://0001-configure-Check-for-clang.patch \
15	file://CVE-2017-14633.patch \	16	file://CVE-2017-14633.patch \
16	file://CVE-2017-14632.patch \	17	file://CVE-2017-14632.patch \
17	file://CVE-2018-5146.patch \	18	file://CVE-2018-5146.patch \
		19	file://CVE-2017-14160.patch \
18	"	20	"
19	SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"	21	SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
20	SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"	22	SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"