]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 42a8098)
libvorbis: upgrade 1.3.6 -> 1.3.7
authorWang Mingyu <wangmy@cn.fujitsu.com>
Wed, 8 Jul 2020 08:52:39 +0000 (16:52 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 12 Jul 2020 11:20:38 +0000 (12:20 +0100)
CVE-2017-14160.patch
CVE-2018-10392.patch
removed since they are included in 1.3.7

-License-Update: Copyright year updated to 2020.

license text: URL of Xiph.Org Foundation changed to https://xiph.org/

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch [deleted file] patch | blob | history
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch [deleted file] patch | blob | history
meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb [moved from meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb with 61% similarity] patch | blob | history

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
deleted file mode 100644 (file)
index b7603c3..0000000
--- a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Wed, 9 May 2018 14:56:59 -0700
-Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
-
----
-CVE: CVE-2017-14160 CVE-2018-10393
-
-Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/018ca26d...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
----
- lib/psy.c |    3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/psy.c b/lib/psy.c
-index 422c6f1..1310123 100644
---- a/lib/psy.c
-+++ b/lib/psy.c
-@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
-   for (i = 0, x = 0.f;; i++, x += 1.f) {
-     lo = b[i] >> 16;
--    if( lo>=0 ) break;
-     hi = b[i] & 0xffff;
-+    if( lo>=0 ) break;
-+    if( hi>=n ) break;
-     tN = N[hi] + N[-lo];
-     tX = X[hi] - X[-lo];
--- 
-1.7.9.5
-
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
deleted file mode 100644 (file)
index b7936b4..0000000
--- a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Thu, 17 May 2018 16:19:19 -0700
-Subject: [PATCH] Sanity check number of channels in setup.
-
-Fixes #2335.
-
----
-CVE: CVE-2018-10392
-
-Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/112d3bd...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
-
- lib/vorbisenc.c |    1 +
- 1 file changed, 1 insertion(+)
-
-
-diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
-index 4fc7b62..64a51b5 100644
---- a/lib/vorbisenc.c
-+++ b/lib/vorbisenc.c
-@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
-   highlevel_encode_setup *hi=&ci->hi;
-   if(ci==NULL)return(OV_EINVAL);
-+  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
-   if(!hi->impulse_block_p)i0=1;
-   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
--- 
-1.7.9.5
-
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb
similarity index 61%
rename from meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb
rename to meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb
index 1a3cdc22696ffb1e69a073a63e16bb93627ca042..c5c10348c646d357b2a66a320b055ce4e4ec3595 100644 (file)
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.7.bb
@@ -6,16 +6,14 @@ HOMEPAGE = "http://www.vorbis.com/"
 BUGTRACKER = "https://trac.xiph.org"
 SECTION = "libs"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=70c7063491d2d9f76a098d62ed5134f1 \
-                    file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
+LIC_FILES_CHKSUM = "file://COPYING;md5=73d9c8942c60b846c3bad13cc6c2e520 \
+                    file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=c95a4ac2b4125f00a9acf61449ebb843"
 DEPENDS = "libogg"
 
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
            file://0001-configure-Check-for-clang.patch \
-           file://CVE-2018-10392.patch \
-           file://CVE-2017-14160.patch \
           "
-SRC_URI[md5sum] = "b7d1692f275c73e7833ed1cc2697cd65"
-SRC_URI[sha256sum] = "af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415"
+SRC_URI[md5sum] = "50902641d358135f06a8392e61c9ac77"
+SRC_URI[sha256sum] = "b33cc4934322bcbf6efcbacf49e3ca01aadbea4114ec9589d1b1e9d20f72954b"
 
 inherit autotools pkgconfig
Mirror of the official openembedded-core repository