diff options
| author | prspkt <prspkt@protonmail.com> | 2018-03-16 20:51:06 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-07-30 10:28:24 +0200 |
| commit | d306aa6cfcff4a7559cb685f450de8970e6cc399 (patch) | |
| tree | e1596bbc198ef10e9729e422beeae07e923dfd58 | |
| parent | d5a8238bf36d48e617f3b48558be114ca2c788d8 (diff) | |
| download | alpine_aports-d306aa6cfcff4a7559cb685f450de8970e6cc399.tar.bz2 alpine_aports-d306aa6cfcff4a7559cb685f450de8970e6cc399.tar.xz alpine_aports-d306aa6cfcff4a7559cb685f450de8970e6cc399.zip | |
main/libvorbis: upgrade to 1.3.6, enable tests
fixes #8672
| -rw-r--r-- | main/libvorbis/APKBUILD | 31 | ||||
| -rw-r--r-- | main/libvorbis/CVE-2017-14632.patch | 10 | ||||
| -rw-r--r-- | main/libvorbis/CVE-2017-14633.patch | 11 |
3 files changed, 16 insertions, 36 deletions
diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD index 6df8c760c7..58411ac47f 100644 --- a/main/libvorbis/APKBUILD +++ b/main/libvorbis/APKBUILD | |||
| @@ -1,25 +1,22 @@ | |||
| 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
| 2 | pkgname=libvorbis | 2 | pkgname=libvorbis |
| 3 | pkgver=1.3.5 | 3 | pkgver=1.3.6 |
| 4 | pkgrel=3 | 4 | pkgrel=0 |
| 5 | pkgdesc="Vorbis codec library" | 5 | pkgdesc="Vorbis codec library" |
| 6 | url="http://www.xiph.org/ogg/vorbis/" | 6 | url="https://xiph.org/vorbis" |
| 7 | arch="all" | 7 | arch="all" |
| 8 | license="custom" | 8 | license="BSD-3-Clause" |
| 9 | license="BSD-3-License" | ||
| 10 | subpackages="$pkgname-dev $pkgname-doc" | 9 | subpackages="$pkgname-dev $pkgname-doc" |
| 11 | depends= | 10 | depends= |
| 12 | depends_dev="libogg-dev" | 11 | depends_dev="libogg-dev" |
| 13 | makedepends="$depends_dev" | 12 | makedepends="$depends_dev" |
| 14 | source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.gz | 13 | source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz |
| 15 | CVE-2017-14160.patch | 14 | CVE-2017-14160.patch" |
| 16 | CVE-2017-14632.patch | ||
| 17 | CVE-2017-14633.patch | ||
| 18 | " | ||
| 19 | |||
| 20 | builddir="$srcdir/$pkgname-$pkgver" | 15 | builddir="$srcdir/$pkgname-$pkgver" |
| 21 | 16 | ||
| 22 | # secfixes: | 17 | # secfixes: |
| 18 | # 1.3.6-r0: | ||
| 19 | # - CVE-2018-5146 | ||
| 23 | # 1.3.5-r3: | 20 | # 1.3.5-r3: |
| 24 | # - CVE-2017-14632 | 21 | # - CVE-2017-14632 |
| 25 | # - CVE-2017-14633 | 22 | # - CVE-2017-14633 |
| @@ -37,13 +34,17 @@ build() { | |||
| 37 | make || return 1 | 34 | make || return 1 |
| 38 | } | 35 | } |
| 39 | 36 | ||
| 37 | check() { | ||
| 38 | cd "$builddir" | ||
| 39 | make -j1 check | ||
| 40 | } | ||
| 41 | |||
| 40 | package() { | 42 | package() { |
| 41 | cd "$builddir" | 43 | cd "$builddir" |
| 42 | make DESTDIR="$pkgdir" install || return 1 | 44 | make DESTDIR="$pkgdir" install || return 1 |
| 43 | 45 | ||
| 44 | install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING | 46 | install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING |
| 45 | } | 47 | } |
| 46 | sha512sums="6c729a227143abc744a779ec4d4ce9932cd1234e301b766cb5111c3894b7cd866f0267590c7864afd3841ac0d4ae2eb2386e8d14345b7c41c8ce35e996e3656c libvorbis-1.3.5.tar.gz | 48 | |
| 47 | 4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch | 49 | sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132 libvorbis-1.3.6.tar.xz |
| 48 | 656db69d915fb30e26b6370a9b6f7c2c1f1caaec7051eb13602983935d716ae78a1a3ceaa901d63e2a2169cf00c50d90a86530d461fd53191d545e8d82dbae92 CVE-2017-14632.patch | 50 | 4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch" |
| 49 | 1b4b1a6a31feca7e9cabc9274149788f0134a3be7575d530092e42864ff6f6d129f923282da7378d29d953e6be4519b3aa7f782e2cca70a623024c7c050614f1 CVE-2017-14633.patch" | ||
diff --git a/main/libvorbis/CVE-2017-14632.patch b/main/libvorbis/CVE-2017-14632.patch deleted file mode 100644 index f935cc68fd..0000000000 --- a/main/libvorbis/CVE-2017-14632.patch +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | --- a/lib/info.c | ||
| 2 | +++ b/lib/info.c | ||
| 3 | @@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp | ||
| 4 | private_state *b=v->backend_state; | ||
| 5 | |||
| 6 | if(!b||vi->channels<=0){ | ||
| 7 | + b = NULL; | ||
| 8 | ret=OV_EFAULT; | ||
| 9 | goto err_out; | ||
| 10 | } | ||
diff --git a/main/libvorbis/CVE-2017-14633.patch b/main/libvorbis/CVE-2017-14633.patch deleted file mode 100644 index 76af2652c8..0000000000 --- a/main/libvorbis/CVE-2017-14633.patch +++ /dev/null | |||
| @@ -1,11 +0,0 @@ | |||
| 1 | --- a/lib/info.c | ||
| 2 | +++ b/lib/info.c | ||
| 3 | @@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp | ||
| 4 | oggpack_buffer opb; | ||
| 5 | private_state *b=v->backend_state; | ||
| 6 | |||
| 7 | - if(!b||vi->channels<=0){ | ||
| 8 | + if(!b||vi->channels<=0||vi->channels>256){ | ||
| 9 | b = NULL; | ||
| 10 | ret=OV_EFAULT; | ||
| 11 | goto err_out; | ||