From eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 Mon Sep 17 00:00:00 2001 From: Dave Cobbley Date: Tue, 14 Aug 2018 10:05:37 -0700 Subject: [Subtree] Removing import-layers directory As part of the move to subtrees, need to bring all the import layers content to the top level. Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f Signed-off-by: Dave Cobbley Signed-off-by: Brad Bishop --- .../libvorbis/0001-configure-Check-for-clang.patch | 56 ++++++++++++ .../libvorbis/libvorbis/CVE-2017-14632.patch | 62 +++++++++++++ .../libvorbis/libvorbis/CVE-2017-14633.patch | 42 +++++++++ .../libvorbis/libvorbis/CVE-2018-5146.patch | 100 +++++++++++++++++++++ .../libvorbis/libvorbis_1.3.5.bb | 22 +++++ 5 files changed, 282 insertions(+) create mode 100644 poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch create mode 100644 poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch create mode 100644 poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch create mode 100644 poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch create mode 100644 poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb (limited to 'poky/meta/recipes-multimedia/libvorbis') diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch new file mode 100644 index 000000000..7dad0cd8a --- /dev/null +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch @@ -0,0 +1,56 @@ +From 44b4511784f9b51c514dff4ceb3cbeaf9c374d08 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 22 Mar 2017 16:06:55 +0000 +Subject: [PATCH] configure: Check for clang + +Disable gcc specific options if using clang + +Signed-off-by: Khem Raj +--- +Upstream-Status: Pending + + configure.ac | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index eddd02d..00ecba5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -93,6 +93,16 @@ AC_ARG_ENABLE(examples, + + AM_CONDITIONAL(BUILD_EXAMPLES, [test "x$enable_examples" = xyes]) + ++AC_MSG_CHECKING([whether C compiler is clang]) ++$CC -x c /dev/null -dM -E > conftest.txt 2>&1 ++if grep "__clang__" conftest.txt >/dev/null 2>&1; then ++ AC_SUBST([CC_CLANG], [1]) ++ AC_MSG_RESULT([yes]) ++ else ++ AC_SUBST([CC_CLANG], [0]) ++ AC_MSG_RESULT([no]) ++fi ++ + dnl -------------------------------------------------- + dnl Set build flags based on environment + dnl -------------------------------------------------- +@@ -127,10 +137,15 @@ else + AC_MSG_RESULT([$GCC_VERSION]) + case $host in + *86-*-linux*) ++ if test "$CC_CLANG" = "1"; then ++ ieeefp="" ++ else ++ ieefp="-mno-ieee-fp" ++ fi + DEBUG="-g -Wall -Wextra -D_REENTRANT -D__NO_MATH_INLINES -fsigned-char" +- CFLAGS="-O3 -ffast-math -mno-ieee-fp -D_REENTRANT -fsigned-char" ++ CFLAGS="-O3 -ffast-math -D_REENTRANT -fsigned-char ${ieefp}" + # PROFILE="-Wall -Wextra -pg -g -O3 -ffast-math -D_REENTRANT -fsigned-char -fno-inline -static" +- PROFILE="-Wall -Wextra -pg -g -O3 -ffast-math -mno-ieee-fp -D_REENTRANT -fsigned-char -fno-inline" ++ PROFILE="-Wall -Wextra -pg -g -O3 -ffast-math ${ieefp} -D_REENTRANT -fsigned-char -fno-inline" + + # glibc < 2.1.3 has a serious FP bug in the math inline header + # that will cripple Vorbis. Look to see if the magic FP stack +-- +1.8.3.1 + diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch new file mode 100644 index 000000000..4036b966f --- /dev/null +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch @@ -0,0 +1,62 @@ +From 39704ce16835e5c019bb03f6a94dc1f0677406c5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Guido=20G=C3=BCnther?= +Date: Wed, 15 Nov 2017 18:22:59 +0100 +Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb + if not initialized + +If the number of channels is not within the allowed range +we call oggback_writeclear altough it's not initialized yet. + +This fixes + + =23371== Invalid free() / delete / delete[] / realloc() + ==23371== at 0x4C2CE1B: free (vg_replace_malloc.c:530) + ==23371== by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2) + ==23371== by 0x84B96EE: vorbis_analysis_headerout (info.c:652) + ==23371== by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) + ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x10D82A: open_output_file (sox.c:1556) + ==23371== by 0x10D82A: process (sox.c:1753) + ==23371== by 0x10D82A: main (sox.c:3012) + ==23371== Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd + ==23371== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298) + ==23371== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) + ==23371== by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) + ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x10D82A: open_output_file (sox.c:1556) + ==23371== by 0x10D82A: process (sox.c:1753) + ==23371== by 0x10D82A: main (sox.c:3012) + +as seen when using the testcase from CVE-2017-11333 with +008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was +there before. + +Upstream-Status: Backport +CVE: CVE-2017-14632 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=c1c2831fc7306d5fbd7bc800324efd12b28d327f + +Signed-off-by: Tanu Kaskinen +--- + lib/info.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/info.c b/lib/info.c +index 81b7557..4d82568 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, + private_state *b=v->backend_state; + + if(!b||vi->channels<=0||vi->channels>256){ ++ b = NULL; + ret=OV_EFAULT; + goto err_out; + } +-- +2.16.2 + diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch new file mode 100644 index 000000000..9c9e688d4 --- /dev/null +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch @@ -0,0 +1,42 @@ +From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Guido=20G=C3=BCnther?= +Date: Tue, 31 Oct 2017 18:32:46 +0100 +Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels + +Otherwise + + for(i=0;ichannels;i++){ + /* the encoder setup assumes that all the modes used by any + specific bitrate tweaking use the same floor */ + int submap=info->chmuxlist[i]; + +overreads later in mapping0_forward since chmuxlist is a fixed array of +256 elements max. + +Upstream-Status: Backport +CVE: CVE-2017-14633 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f + +Signed-off-by: Tanu Kaskinen +--- + lib/info.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/info.c b/lib/info.c +index e447a0c..81b7557 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, + oggpack_buffer opb; + private_state *b=v->backend_state; + +- if(!b||vi->channels<=0){ ++ if(!b||vi->channels<=0||vi->channels>256){ + ret=OV_EFAULT; + goto err_out; + } +-- +2.16.2 + diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch new file mode 100644 index 000000000..6d4052a87 --- /dev/null +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch @@ -0,0 +1,100 @@ +From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001 +From: Thomas Daede +Date: Thu, 15 Mar 2018 14:15:31 -0700 +Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook + decoding. + +Codebooks that are not an exact divisor of the partition size are now +truncated to fit within the partition. + +Upstream-Status: Backport +CVE: CVE-2018-5146 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f + +Signed-off-by: Tanu Kaskinen +--- + lib/codebook.c | 48 ++++++++++-------------------------------------- + 1 file changed, 10 insertions(+), 38 deletions(-) + +diff --git a/lib/codebook.c b/lib/codebook.c +index 8b766e8..7022fd2 100644 +--- a/lib/codebook.c ++++ b/lib/codebook.c +@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float *a,oggpack_buffer *b,int n){ + t[i] = book->valuelist+entry[i]*book->dim; + } + for(i=0,o=0;idim;i++,o+=step) +- for (j=0;jdim>8){ +- for(i=0;ivaluelist+entry*book->dim; +- for (j=0;jdim;) +- a[i++]+=t[j++]; +- } +- }else{ +- for(i=0;ivaluelist+entry*book->dim; +- j=0; +- switch((int)book->dim){ +- case 8: +- a[i++]+=t[j++]; +- case 7: +- a[i++]+=t[j++]; +- case 6: +- a[i++]+=t[j++]; +- case 5: +- a[i++]+=t[j++]; +- case 4: +- a[i++]+=t[j++]; +- case 3: +- a[i++]+=t[j++]; +- case 2: +- a[i++]+=t[j++]; +- case 1: +- a[i++]+=t[j++]; +- case 0: +- break; +- } +- } ++ for(i=0;ivaluelist+entry*book->dim; ++ for(j=0;idim;) ++ a[i++]+=t[j++]; + } + } + return(0); +@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float **a,long offset,int ch, + long i,j,entry; + int chptr=0; + if(book->used_entries>0){ +- for(i=offset/ch;i<(offset+n)/ch;){ ++ int m=(offset+n)/ch; ++ for(i=offset/ch;ivaluelist+entry*book->dim; +- for (j=0;jdim;j++){ ++ for (j=0;idim;j++){ + a[chptr++][i]+=t[j]; + if(chptr==ch){ + chptr=0; +-- +2.16.2 + diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb new file mode 100644 index 000000000..20f887c25 --- /dev/null +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb @@ -0,0 +1,22 @@ +SUMMARY = "Ogg Vorbis Audio Codec" +DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \ +that is free of intellectual property restrictions. libvorbis \ +is the main vorbis codec library." +HOMEPAGE = "http://www.vorbis.com/" +BUGTRACKER = "https://trac.xiph.org" +SECTION = "libs" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ + file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" +DEPENDS = "libogg" + +SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ + file://0001-configure-Check-for-clang.patch \ + file://CVE-2017-14633.patch \ + file://CVE-2017-14632.patch \ + file://CVE-2018-5146.patch \ + " +SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" +SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" + +inherit autotools pkgconfig -- cgit v1.2.3