Date: Sun, 28 Jun 2020 21:52:02 +0000 (UTC) From: Christian Weisgerber <naddy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r540732 - in head/audio/libvorbis: . files Message-ID: <202006282152.05SLq2dK052799@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: naddy Date: Sun Jun 28 21:52:02 2020 New Revision: 540732 URL: https://svnweb.freebsd.org/changeset/ports/540732 Log: Pick fixes for two security vulnerabilities from upstream repository: CVE-2017-14160: Fix bounds check on very low sample rates. CVE-2018-10392: Sanity check number of channels in setup. These were committed upstream two years ago, but there has been no release since. Reported by: T.J. Townsend <tj@openbsd.org> Security: 4200d5f5-b985-11ea-b08a-f8b156b6dcc8 Added: head/audio/libvorbis/files/patch-lib_psy.c (contents, props changed) head/audio/libvorbis/files/patch-lib_vorbisenc.c (contents, props changed) Modified: head/audio/libvorbis/Makefile Modified: head/audio/libvorbis/Makefile ============================================================================== --- head/audio/libvorbis/Makefile Sun Jun 28 21:47:34 2020 (r540731) +++ head/audio/libvorbis/Makefile Sun Jun 28 21:52:02 2020 (r540732) @@ -3,6 +3,7 @@ PORTNAME= libvorbis PORTVERSION= 1.3.6 +PORTREVISION= 1 PORTEPOCH= 3 CATEGORIES= audio MASTER_SITES= https://downloads.xiph.org/releases/vorbis/ \ Added: head/audio/libvorbis/files/patch-lib_psy.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/audio/libvorbis/files/patch-lib_psy.c Sun Jun 28 21:52:02 2020 (r540732) @@ -0,0 +1,15 @@ +CVE-2017-14160: fix bounds check on very low sample rates. +https://gitlab.xiph.org/xiph/vorbis/-/commit/018ca26dece618457dd13585cad52941193c4a25 +--- lib/psy.c.orig 2020-06-28 19:37:27 UTC ++++ lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; Added: head/audio/libvorbis/files/patch-lib_vorbisenc.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/audio/libvorbis/files/patch-lib_vorbisenc.c Sun Jun 28 21:52:02 2020 (r540732) @@ -0,0 +1,12 @@ +CVE-2018-10392: Sanity check number of channels in setup. +https://gitlab.xiph.org/xiph/vorbis/-/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b +--- lib/vorbisenc.c.orig 2020-06-28 19:38:54 UTC ++++ lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006282152.05SLq2dK052799>