aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorprspkt <prspkt@protonmail.com>2020-07-05 00:47:06 +0300
committerLeo <thinkabit.ukim@gmail.com>2020-07-04 22:53:50 +0000
commit7949785cc3641c3b10d47094891a572dc812c908 (patch)
tree068a98a7bf3ed1a05f94caf32bcf337773c60581
parentacffb77dabbe2dbe6d9e86808c0d7473f7f73334 (diff)
downloadaports-7949785cc3641c3b10d47094891a572dc812c908.tar.gz
aports-7949785cc3641c3b10d47094891a572dc812c908.tar.bz2
aports-7949785cc3641c3b10d47094891a572dc812c908.tar.xz
main/libvorbis: upgrade to 1.3.7
* Add static subpackage. * Use https for source url. * Patches are now upstream, remove.
-rw-r--r--main/libvorbis/APKBUILD17
-rw-r--r--main/libvorbis/CVE-2017-14160.patch58
-rw-r--r--main/libvorbis/CVE-2018-10392.patch25
-rw-r--r--main/libvorbis/CVE-2018-10393.patch27
4 files changed, 5 insertions, 122 deletions
diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD
index fcd9067c7a..3d5f80b907 100644
--- a/main/libvorbis/APKBUILD
+++ b/main/libvorbis/APKBUILD
@@ -1,18 +1,14 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libvorbis
-pkgver=1.3.6
-pkgrel=2
+pkgver=1.3.7
+pkgrel=0
pkgdesc="Vorbis codec library"
url="https://xiph.org/vorbis"
arch="all"
license="BSD-3-Clause"
-subpackages="$pkgname-dev $pkgname-doc"
+subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
makedepends="libogg-dev"
-source="http://downloads.xiph.org/releases/vorbis/libvorbis-$pkgver.tar.xz
- CVE-2017-14160.patch
- CVE-2018-10392.patch
- CVE-2018-10393.patch
- "
+source="https://downloads.xiph.org/releases/vorbis/libvorbis-$pkgver.tar.xz"
# secfixes:
# 1.3.6-r2:
@@ -47,7 +43,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132 libvorbis-1.3.6.tar.xz
-4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch
-a60d45144882bc72c3f4937a34baa5e2bda80a3a858b858637fee508755349b616690519e013ff6aafa7e8ff85fd1d0687a3e748b0e8bce25df1abeece97dc36 CVE-2018-10392.patch
-aaa8c09458ad20d45392c99781130ba815f839484b65c61e404198bae570e12401c2cf612f9c4f0b3932cc9e5eac0b066d515950425afa6eb2d6db7cc67731a6 CVE-2018-10393.patch"
+sha512sums="bbf5f11f623d959b3ba98d6b52806521b0b918b59b867f0658c153ea1013293364eead4987e9e71f8798021379310860a2e548fcf89d10caf23d45e41aba45cd libvorbis-1.3.7.tar.xz"
diff --git a/main/libvorbis/CVE-2017-14160.patch b/main/libvorbis/CVE-2017-14160.patch
deleted file mode 100644
index 9ad9d18f75..0000000000
--- a/main/libvorbis/CVE-2017-14160.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 98a60969315dba8c1e8231f561e1551670bc80ae Mon Sep 17 00:00:00 2001
-Message-Id: <98a60969315dba8c1e8231f561e1551670bc80ae.1511192857.git.agx@sigxcpu.org>
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
-Date: Wed, 15 Nov 2017 13:12:00 +0100
-Subject: [PATCH] CVE-2017-14160: make sure we don't overflow
-
----
- lib/psy.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/lib/psy.c b/lib/psy.c
-index 422c6f1e..8bbf6cf3 100644
---- a/lib/psy.c
-+++ b/lib/psy.c
-@@ -599,7 +599,7 @@ static void bark_noise_hybridmp(int n,const long *b,
- XY[i] = tXY;
- }
-
-- for (i = 0, x = 0.f;; i++, x += 1.f) {
-+ for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
-
- lo = b[i] >> 16;
- if( lo>=0 ) break;
-@@ -621,12 +621,11 @@ static void bark_noise_hybridmp(int n,const long *b,
- noise[i] = R - offset;
- }
-
-- for ( ;; i++, x += 1.f) {
-+ for ( ; i < n; i++, x += 1.f) {
-
- lo = b[i] >> 16;
- hi = b[i] & 0xffff;
- if(hi>=n)break;
--
- tN = N[hi] - N[lo];
- tX = X[hi] - X[lo];
- tXX = XX[hi] - XX[lo];
-@@ -651,7 +650,7 @@ static void bark_noise_hybridmp(int n,const long *b,
-
- if (fixed <= 0) return;
-
-- for (i = 0, x = 0.f;; i++, x += 1.f) {
-+ for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
- hi = i + fixed / 2;
- lo = hi - fixed;
- if(lo>=0)break;
-@@ -670,7 +669,7 @@ static void bark_noise_hybridmp(int n,const long *b,
-
- if (R - offset < noise[i]) noise[i] = R - offset;
- }
-- for ( ;; i++, x += 1.f) {
-+ for ( ; i < n; i++, x += 1.f) {
-
- hi = i + fixed / 2;
- lo = hi - fixed;
---
-2.15.0
-
diff --git a/main/libvorbis/CVE-2018-10392.patch b/main/libvorbis/CVE-2018-10392.patch
deleted file mode 100644
index 3d3a16cdea..0000000000
--- a/main/libvorbis/CVE-2018-10392.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Thu, 17 May 2018 16:19:19 -0700
-Subject: [PATCH] Sanity check number of channels in setup.
-
-Fixes #2335.
----
- lib/vorbisenc.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
-index 4fc7b62..64a51b5 100644
---- a/lib/vorbisenc.c
-+++ b/lib/vorbisenc.c
-@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
- highlevel_encode_setup *hi=&ci->hi;
-
- if(ci==NULL)return(OV_EINVAL);
-+ if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
- if(!hi->impulse_block_p)i0=1;
-
- /* too low/high an ATH floater is nonsensical, but doesn't break anything */
---
-libgit2 0.26.0
-
diff --git a/main/libvorbis/CVE-2018-10393.patch b/main/libvorbis/CVE-2018-10393.patch
deleted file mode 100644
index c61247a508..0000000000
--- a/main/libvorbis/CVE-2018-10393.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Wed, 9 May 2018 14:56:59 -0700
-Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
-
----
- lib/psy.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/psy.c b/lib/psy.c
-index 422c6f1e..13101230 100644
---- a/lib/psy.c
-+++ b/lib/psy.c
-@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
- for (i = 0, x = 0.f;; i++, x += 1.f) {
-
- lo = b[i] >> 16;
-- if( lo>=0 ) break;
- hi = b[i] & 0xffff;
-+ if( lo>=0 ) break;
-+ if( hi>=n ) break;
-
- tN = N[hi] + N[-lo];
- tX = X[hi] - X[-lo];
---
-2.18.0
-