libvorbis: fix latest security bugs

* got patches from redhat
* bump PR

diff --git a/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch b/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
new file mode 100644 (file)
index 0000000..5fb5b2a
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
@@ -0,0 +1,36 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/res0.c
+===================================================================
+--- libvorbis-1.2.0/lib/res0.c (revision 14597)
++++ libvorbis-1.2.0/lib/res0.c (revision 14598)
+@@ -223,6 +223,20 @@
+   for(j=0;j<acc;j++)
+     if(info->booklist[j]>=ci->books)goto errout;
+ 
++  /* verify the phrasebook is not specifying an impossible or
++     inconsistent partitioning scheme. */
++  {
++    int entries = ci->book_param[info->groupbook]->entries;
++    int dim = ci->book_param[info->groupbook]->dim;
++    int partvals = 1;
++    while(dim>0){
++      partvals *= info->partitions;
++      if(partvals > entries) goto errout;
++      dim--;
++    }
++    if(partvals != entries) goto errout;
++  }
++
+   return(info);
+  errout:
+   res0_free_info(info);
+@@ -263,7 +277,7 @@
+     }
+   }
+ 
+-  look->partvals=rint(pow((float)look->parts,(float)dim));
++  look->partvals=look->phrasebook->entries;
+   look->stages=maxstage;
+   look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+   for(j=0;j<look->partvals;j++){

diff --git a/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch b/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
new file mode 100644 (file)
index 0000000..b9d6b7a
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c     (revision 14601)
++++ libvorbis-1.2.0/lib/codebook.c     (revision 14602)
+@@ -225,7 +225,7 @@
+       int quantvals=0;
+       switch(s->maptype){
+       case 1:
+-      quantvals=_book_maptype1_quantvals(s);
++      quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+       break;
+       case 2:
+       quantvals=s->entries*s->dim;

diff --git a/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch b/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
new file mode 100644 (file)
index 0000000..d912c57
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c     (revision 14603)
++++ libvorbis-1.2.0/lib/codebook.c     (revision 14604)
+@@ -159,6 +159,8 @@
+   s->entries=oggpack_read(opb,24);
+   if(s->entries==-1)goto _eofout;
+ 
++  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+   /* codeword ordering.... length ordered or unordered? */
+   switch((int)oggpack_read(opb,1)){
+   case 0:

diff --git a/packages/libvorbis/libvorbis_1.2.0.bb b/packages/libvorbis/libvorbis_1.2.0.bb
index 79b79e8..30031ad 100644 (file)
--- a/packages/libvorbis/libvorbis_1.2.0.bb
+++ b/packages/libvorbis/libvorbis_1.2.0.bb
@@ -4,8 +4,13 @@ DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \
 that is free of intellectual property restrictions. libvorbis \
 is the main vorbis codec library."
 LICENSE = "BSD"
+PR = "1"
 
-SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz \
+          file://r14598-CVE-2008-1420.patch;patch=1 \
+          file://r14602-CVE-2008-1419.patch;patch=1 \
+          file://r14602-CVE-2008-1423.patch;patch=1 \
+         "
 
 inherit autotools  pkgconfig