commit de101aa168cb54fda6898cbb0e0296d4ca77db63
Author: Tilman Sauerbeck <tilman(a)crux.nu>
Date: Sat Mar 3 11:00:39 2012 +0100
[notify] libvorbis: fixed buffer overflow.
See CVE-2012-0444 for details.
diff --git a/libvorbis/.md5sum b/libvorbis/.md5sum
index c59354f..ed13677 100644
--- a/libvorbis/.md5sum
+++ b/libvorbis/.md5sum
@@ -1 +1,2 @@
798a4211221073c1409f26eac4567e8b libvorbis-1.3.2.tar.bz2
+da63af101889342f87cf33f15924adc4 libvorbis.diff
diff --git a/libvorbis/Pkgfile b/libvorbis/Pkgfile
index bf54e9b..85344b1 100644
--- a/libvorbis/Pkgfile
+++ b/libvorbis/Pkgfile
@@ -5,11 +5,12 @@
name=libvorbis
version=1.3.2
-release=1
-source=(http://downloads.xiph.org/releases/vorbis/$name-$version.tar.bz2)
+release=2
+source=(http://downloads.xiph.org/releases/vorbis/$name-$version.tar.bz2 $name.diff)
build() {
cd $name-$version
+ patch -p3 -i $SRC/$name.diff
./configure --prefix=/usr
make
make DESTDIR=$PKG install
diff --git a/libvorbis/libvorbis.diff b/libvorbis/libvorbis.diff
new file mode 100644
index 0000000..938a9ca
--- /dev/null
+++ b/libvorbis/libvorbis.diff
@@ -0,0 +1,24 @@
+# Stolen from Mozilla, with minor adjustments.
+# Author: Timothy B. Terriberry <tterribe(a)vt.edu>
+
+diff --git a/media/libvorbis/lib/floor1.c b/media/libvorbis/lib/floor1.c
+--- a/media/libvorbis/lib/floor1.c
++++ b/media/libvorbis/lib/floor1.c
+@@ -162,16 +162,17 @@ static vorbis_info_floor *floor1_unpack
+
+ /* read the post list */
+ info->mult=oggpack_read(opb,2)+1; /* only 1,2,3,4 legal now */
+ rangebits=oggpack_read(opb,4);
+ if(rangebits<0)goto err_out;
+
+ for(j=0,k=0;j<info->partitions;j++){
+ count+=info->class_dim[info->partitionclass[j]];
++ if(count>VIF_POSIT) goto err_out;
+ for(;k<count;k++){
+ int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
+ if(t<0 || t>=(1<<rangebits))
+ goto err_out;
+ }
+ }
+ info->postlist[0]=0;
+ info->postlist[1]=1<<rangebits;