diff options
author | Alexis Ballier <aballier@gentoo.org> | 2008-05-17 10:51:30 +0000 |
---|---|---|
committer | Alexis Ballier <aballier@gentoo.org> | 2008-05-17 10:51:30 +0000 |
commit | 405e03eb07d820b5acfa75d0d85757b3ad32f9c6 (patch) | |
tree | 3cc5bf40b659e6c3a1255b138f0cf9e80c088aaa /media-libs/libvorbis | |
parent | fix ChangeLog header (diff) | |
download | gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.tar.gz gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.tar.bz2 gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.zip |
Add fixes for various security issues, bug #222085
(Portage version: 2.1.5)
Diffstat (limited to 'media-libs/libvorbis')
5 files changed, 133 insertions, 1 deletions
diff --git a/media-libs/libvorbis/ChangeLog b/media-libs/libvorbis/ChangeLog index e8ce2288687b..451e46393ab4 100644 --- a/media-libs/libvorbis/ChangeLog +++ b/media-libs/libvorbis/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-libs/libvorbis # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/libvorbis/ChangeLog,v 1.92 2008/03/10 21:37:59 lu_zero Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/libvorbis/ChangeLog,v 1.93 2008/05/17 10:51:30 aballier Exp $ + +*libvorbis-1.2.0-r1 (17 May 2008) + + 17 May 2008; Alexis Ballier <aballier@gentoo.org> + +files/libvorbis-1.2.0-CVE-2008-1419.patch, + +files/libvorbis-1.2.0-CVE-2008-1420.patch, + +files/libvorbis-1.2.0-CVE-2008-1423.patch, +libvorbis-1.2.0-r1.ebuild: + Add fixes for various security issues, bug #222085 10 Mar 2008; Luca Barbato <lu_zero@gentoo.org> libvorbis-1.2.0.ebuild: Remove more insanity diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch new file mode 100644 index 000000000000..34d8c520c561 --- /dev/null +++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch @@ -0,0 +1,15 @@ +https://trac.xiph.org/changeset/14602
+https://bugzilla.redhat.com/show_bug.cgi?id=440700
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1419
+
+Index: /trunk/vorbis/lib/codebook.c
+===================================================================
+--- /trunk/vorbis/lib/codebook.c (revision 13293)
++++ /trunk/vorbis/lib/codebook.c (revision 14602)
+@@ -226,5 +226,5 @@
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch new file mode 100644 index 000000000000..a0405e5246e2 --- /dev/null +++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch @@ -0,0 +1,34 @@ +http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1420
+https://bugzilla.redhat.com/show_bug.cgi?id=440706
+https://trac.xiph.org/changeset/14598
+
+Index: /trunk/vorbis/lib/res0.c
+===================================================================
+--- /trunk/vorbis/lib/res0.c (revision 13578)
++++ /trunk/vorbis/lib/res0.c (revision 14598)
+@@ -224,4 +224,18 @@
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+@@ -264,5 +278,5 @@
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch new file mode 100644 index 000000000000..d0e79b4dce10 --- /dev/null +++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch @@ -0,0 +1,15 @@ +http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1423
+https://bugzilla.redhat.com/show_bug.cgi?id=440709
+https://trac.xiph.org/changeset/14604
+
+Index: /trunk/vorbis/lib/codebook.c
+===================================================================
+--- /trunk/vorbis/lib/codebook.c (revision 14602)
++++ /trunk/vorbis/lib/codebook.c (revision 14604)
+@@ -159,4 +159,6 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
++
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
+
+ /* codeword ordering.... length ordered or unordered? */
diff --git a/media-libs/libvorbis/libvorbis-1.2.0-r1.ebuild b/media-libs/libvorbis/libvorbis-1.2.0-r1.ebuild new file mode 100644 index 000000000000..07b460f39c2c --- /dev/null +++ b/media-libs/libvorbis/libvorbis-1.2.0-r1.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libvorbis/libvorbis-1.2.0-r1.ebuild,v 1.1 2008/05/17 10:51:30 aballier Exp $ + +inherit libtool flag-o-matic eutils toolchain-funcs + +DESCRIPTION="the Ogg Vorbis sound file format library" +HOMEPAGE="http://xiph.org/vorbis" +SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="doc" + +RDEPEND=">=media-libs/libogg-1" +DEPEND="${RDEPEND} + dev-util/pkgconfig" + +src_unpack() { + unpack ${A} + cd "${S}" + + elibtoolize + + epunt_cxx #74493 + + # Insane. + sed -i -e "s:-O20::g" -e "s:-mfused-madd::g" configure + sed -i -e "s:-mcpu=750::g" configure + epatch "${FILESDIR}/${P}-CVE-2008-1419.patch" + epatch "${FILESDIR}/${P}-CVE-2008-1420.patch" + epatch "${FILESDIR}/${P}-CVE-2008-1423.patch" +} + +src_compile() { + # gcc-3.4 and k6 with -ftracer causes code generation problems #49472 + if [[ "$(gcc-major-version)$(gcc-minor-version)" == "34" ]]; then + is-flag -march=k6* && filter-flags -ftracer + is-flag -mtune=k6* && filter-flags -ftracer + replace-flags -Os -O2 + fi + + econf + emake || die "emake failed." +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed." + + rm -rf "${D}"/usr/share/doc/${P} + + dodoc AUTHORS CHANGES README todo.txt + + if use doc; then + docinto txt + dodoc doc/*.txt + dohtml -r doc + fi +} |