summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexis Ballier <aballier@gentoo.org>2008-05-17 10:51:30 +0000
committerAlexis Ballier <aballier@gentoo.org>2008-05-17 10:51:30 +0000
commit405e03eb07d820b5acfa75d0d85757b3ad32f9c6 (patch)
tree3cc5bf40b659e6c3a1255b138f0cf9e80c088aaa /media-libs/libvorbis/files
parentfix ChangeLog header (diff)
downloadgentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.tar.gz
gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.tar.bz2
gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.zip
Add fixes for various security issues, bug #222085
(Portage version: 2.1.5)
Diffstat (limited to 'media-libs/libvorbis/files')
-rw-r--r--media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch15
-rw-r--r--media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch34
-rw-r--r--media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch15
3 files changed, 64 insertions, 0 deletions
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch
new file mode 100644
index 000000000000..34d8c520c561
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch
@@ -0,0 +1,15 @@
+https://trac.xiph.org/changeset/14602
+https://bugzilla.redhat.com/show_bug.cgi?id=440700
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1419
+
+Index: /trunk/vorbis/lib/codebook.c
+===================================================================
+--- /trunk/vorbis/lib/codebook.c (revision 13293)
++++ /trunk/vorbis/lib/codebook.c (revision 14602)
+@@ -226,5 +226,5 @@
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch
new file mode 100644
index 000000000000..a0405e5246e2
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch
@@ -0,0 +1,34 @@
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1420
+https://bugzilla.redhat.com/show_bug.cgi?id=440706
+https://trac.xiph.org/changeset/14598
+
+Index: /trunk/vorbis/lib/res0.c
+===================================================================
+--- /trunk/vorbis/lib/res0.c (revision 13578)
++++ /trunk/vorbis/lib/res0.c (revision 14598)
+@@ -224,4 +224,18 @@
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+@@ -264,5 +278,5 @@
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch
new file mode 100644
index 000000000000..d0e79b4dce10
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch
@@ -0,0 +1,15 @@
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1423
+https://bugzilla.redhat.com/show_bug.cgi?id=440709
+https://trac.xiph.org/changeset/14604
+
+Index: /trunk/vorbis/lib/codebook.c
+===================================================================
+--- /trunk/vorbis/lib/codebook.c (revision 14602)
++++ /trunk/vorbis/lib/codebook.c (revision 14604)
+@@ -159,4 +159,6 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
++
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
+
+ /* codeword ordering.... length ordered or unordered? */