packages/vorbis-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!4 fix CVE-2014-9640

Browse Source 
From: @wang_yue111
Reviewed-by: @wangxiao65,@small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-01-11 15:59:56 +08:00 committed by Gitee
commit defa660051
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CVE-2014-9640.patch Normal file
View File

@ -0,0 +1,42 @@
From af4a9502aa73c358f331ecc038e1e11375898a32 Mon Sep 17 00:00:00 2001
Date: Mon, 11 Jan 2021 11:51:23 +0800
Subject: [PATCH] fix CVE-2014-9640
diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c
index 323dedb..4616506 100644
--- a/oggenc/oggenc.c
+++ b/oggenc/oggenc.c
@@ -97,6 +97,8 @@ int main(int argc, char **argv)
.3,-1,
0,0,0.f,
0, 0, 0, 0, 0};
+ input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+ N_("RAW file reader")};
int i;
@@ -239,8 +241,6 @@ int main(int argc, char **argv)
if(opt.rawmode)
{
- static input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
- N_("RAW file reader")};
enc_opts.rate=opt.raw_samplerate;
enc_opts.channels=opt.raw_channels;
diff --git a/oggenc/skeleton.h b/oggenc/skeleton.h
index cf87dc2..50b070f 100644
--- a/oggenc/skeleton.h
+++ b/oggenc/skeleton.h
@@ -41,7 +41,7 @@ typedef struct {
ogg_int64_t granule_rate_d; /* granule rate denominator */
ogg_int64_t start_granule; /* start granule value */
ogg_uint32_t preroll; /* preroll */
- unsigned char granule_shift; // a 8-bit field /* 1 byte value holding the granule shift */
+ unsigned char granule_shift; /* 1 byte value holding the granule shift */
char *message_header_fields; /* holds all the message header fields */
/* current total size of the message header fields, for realloc purpose, initially zero */
ogg_uint32_t current_header_size;
--
2.23.0

6
vorbis-tools.spec
View File

@ -1,7 +1,7 @@
Name: vorbis-tools Name: vorbis-tools
Summary: Several Ogg Vorbis Tools Summary: Several Ogg Vorbis Tools
Version: 1.4.0 Version: 1.4.0
Release: 30 Release: 31
Epoch: 1 Epoch: 1
License: GPLv2 License: GPLv2
URL: http://www.xiph.org/ URL: http://www.xiph.org/
@ -14,6 +14,7 @@ Patch3: vorbis-tools-1.4.0-bz1116650.patch
Patch4: vorbis-tools-1.4.0-bz1185558.patch Patch4: vorbis-tools-1.4.0-bz1185558.patch
Patch5: vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch Patch5: vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
Patch6: vorbis-tools-1.4.0-CVE-2015-6749.patch Patch6: vorbis-tools-1.4.0-CVE-2015-6749.patch
Patch7: CVE-2014-9640.patch
BuildRequires: flac-devel gettext gcc libao-devel libcurl-devel libvorbis-devel speex-devel BuildRequires: flac-devel gettext gcc libao-devel libcurl-devel libvorbis-devel speex-devel
@ -54,5 +55,8 @@ export CFLAGS="$RPM_OPT_FLAGS -Wno-error=format-security"
%exclude %{_docdir}/%{name}* %exclude %{_docdir}/%{name}*
%changelog %changelog
* Mon Jan 11 2021 wangyue<wangyue92@huawei.com> - 1:1.4.0-31
- fix CVE-2014-9640
* Tue Nov 19 2019 caomeng<caomeng5@huawei.com> - 1:1.4.0-30 * Tue Nov 19 2019 caomeng<caomeng5@huawei.com> - 1:1.4.0-30
- Package init - Package init