gnu: libvorbis: Ungraft.
* gnu/packages/xiph.scm (libvorbis): Update to 1.3.6. [replacement]: Remove field. [source]: Remove patches. (libvorbis-1.3.6): Remove variable.master
Mark H Weaver
parent
1cbdfede76
commit
96c7fde7dd
|
|
@ -864,8 +864,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/libusb-0.1-disable-tests.patch \
|
%D%/packages/patches/libusb-0.1-disable-tests.patch \
|
||||||
%D%/packages/patches/libusb-for-axoloti.patch \
|
%D%/packages/patches/libusb-for-axoloti.patch \
|
||||||
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
|
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
|
||||||
%D%/packages/patches/libvorbis-CVE-2017-14632.patch \
|
|
||||||
%D%/packages/patches/libvorbis-CVE-2017-14633.patch \
|
|
||||||
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
|
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
|
||||||
%D%/packages/patches/libxslt-generated-ids.patch \
|
%D%/packages/patches/libxslt-generated-ids.patch \
|
||||||
%D%/packages/patches/libxt-guix-search-paths.patch \
|
%D%/packages/patches/libxt-guix-search-paths.patch \
|
||||||
|
|
|
||||||
|
|
@ -1,63 +0,0 @@
|
||||||
Fix CVE-2017-14632:
|
|
||||||
|
|
||||||
https://gitlab.xiph.org/xiph/vorbis/issues/2328
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
|
|
||||||
|
|
||||||
Patch copied from upstream source repository:
|
|
||||||
|
|
||||||
https://gitlab.xiph.org/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f
|
|
||||||
|
|
||||||
From c1c2831fc7306d5fbd7bc800324efd12b28d327f Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
|
|
||||||
Date: Wed, 15 Nov 2017 18:22:59 +0100
|
|
||||||
Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb
|
|
||||||
if not initialized
|
|
||||||
|
|
||||||
If the number of channels is not within the allowed range
|
|
||||||
we call oggback_writeclear altough it's not initialized yet.
|
|
||||||
|
|
||||||
This fixes
|
|
||||||
|
|
||||||
=23371== Invalid free() / delete / delete[] / realloc()
|
|
||||||
==23371== at 0x4C2CE1B: free (vg_replace_malloc.c:530)
|
|
||||||
==23371== by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
|
|
||||||
==23371== by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
|
|
||||||
==23371== by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
|
|
||||||
==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
|
|
||||||
==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
|
|
||||||
==23371== by 0x10D82A: open_output_file (sox.c:1556)
|
|
||||||
==23371== by 0x10D82A: process (sox.c:1753)
|
|
||||||
==23371== by 0x10D82A: main (sox.c:3012)
|
|
||||||
==23371== Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd
|
|
||||||
==23371== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
|
|
||||||
==23371== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
|
|
||||||
==23371== by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
|
|
||||||
==23371== by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
|
|
||||||
==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
|
|
||||||
==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
|
|
||||||
==23371== by 0x10D82A: open_output_file (sox.c:1556)
|
|
||||||
==23371== by 0x10D82A: process (sox.c:1753)
|
|
||||||
==23371== by 0x10D82A: main (sox.c:3012)
|
|
||||||
|
|
||||||
as seen when using the testcase from CVE-2017-11333 with
|
|
||||||
008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
|
|
||||||
there before.
|
|
||||||
---
|
|
||||||
lib/info.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/lib/info.c b/lib/info.c
|
|
||||||
index 7bc4ea4..8d0b2ed 100644
|
|
||||||
--- a/lib/info.c
|
|
||||||
+++ b/lib/info.c
|
|
||||||
@@ -589,6 +589,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
|
|
||||||
private_state *b=v->backend_state;
|
|
||||||
|
|
||||||
if(!b||vi->channels<=0||vi->channels>256){
|
|
||||||
+ b = NULL;
|
|
||||||
ret=OV_EFAULT;
|
|
||||||
goto err_out;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.15.1
|
|
||||||
|
|
||||||
|
|
@ -1,43 +0,0 @@
|
||||||
Fix CVE-2017-14633:
|
|
||||||
|
|
||||||
https://gitlab.xiph.org/xiph/vorbis/issues/2329
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
|
|
||||||
|
|
||||||
Patch copied from upstream source repository:
|
|
||||||
|
|
||||||
https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
|
|
||||||
|
|
||||||
From a79ec216cd119069c68b8f3542c6a425a74ab993 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
|
|
||||||
Date: Tue, 31 Oct 2017 18:32:46 +0100
|
|
||||||
Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
|
|
||||||
|
|
||||||
Otherwise
|
|
||||||
|
|
||||||
for(i=0;i<vi->channels;i++){
|
|
||||||
/* the encoder setup assumes that all the modes used by any
|
|
||||||
specific bitrate tweaking use the same floor */
|
|
||||||
int submap=info->chmuxlist[i];
|
|
||||||
|
|
||||||
overreads later in mapping0_forward since chmuxlist is a fixed array of
|
|
||||||
256 elements max.
|
|
||||||
---
|
|
||||||
lib/info.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/info.c b/lib/info.c
|
|
||||||
index fe759ed..7bc4ea4 100644
|
|
||||||
--- a/lib/info.c
|
|
||||||
+++ b/lib/info.c
|
|
||||||
@@ -588,7 +588,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
|
|
||||||
oggpack_buffer opb;
|
|
||||||
private_state *b=v->backend_state;
|
|
||||||
|
|
||||||
- if(!b||vi->channels<=0){
|
|
||||||
+ if(!b||vi->channels<=0||vi->channels>256){
|
|
||||||
ret=OV_EFAULT;
|
|
||||||
goto err_out;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.15.1
|
|
||||||
|
|
||||||
|
|
@ -80,17 +80,14 @@ periodic timestamps for seeking.")
|
||||||
(define libvorbis
|
(define libvorbis
|
||||||
(package
|
(package
|
||||||
(name "libvorbis")
|
(name "libvorbis")
|
||||||
(version "1.3.5")
|
(version "1.3.6")
|
||||||
(replacement libvorbis-1.3.6)
|
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "http://downloads.xiph.org/releases/vorbis/"
|
(uri (string-append "http://downloads.xiph.org/releases/vorbis/"
|
||||||
"libvorbis-" version ".tar.xz"))
|
"libvorbis-" version ".tar.xz"))
|
||||||
(patches (search-patches "libvorbis-CVE-2017-14633.patch"
|
|
||||||
"libvorbis-CVE-2017-14632.patch"))
|
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"1lg1n3a6r41492r7in0fpvzc7909mc5ir9z0gd3qh2pz4yalmyal"))))
|
"05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(propagated-inputs `(("libogg" ,libogg)))
|
(propagated-inputs `(("libogg" ,libogg)))
|
||||||
(arguments `(#:configure-flags '("LDFLAGS=-lm")
|
(arguments `(#:configure-flags '("LDFLAGS=-lm")
|
||||||
|
|
@ -106,18 +103,6 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
|
||||||
"See COPYING in the distribution."))
|
"See COPYING in the distribution."))
|
||||||
(home-page "https://xiph.org/vorbis/")))
|
(home-page "https://xiph.org/vorbis/")))
|
||||||
|
|
||||||
;; For CVE-2018-5146.
|
|
||||||
(define-public libvorbis-1.3.6
|
|
||||||
(package/inherit libvorbis
|
|
||||||
(version "1.3.6")
|
|
||||||
(source (origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (string-append "http://downloads.xiph.org/releases/vorbis/"
|
|
||||||
"libvorbis-" version ".tar.xz"))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))))
|
|
||||||
|
|
||||||
(define libtheora
|
(define libtheora
|
||||||
(package
|
(package
|
||||||
(name "libtheora")
|
(name "libtheora")
|
||||||
|
|
|
||||||
Reference in New Issue