media-libs/libvorbis: security bump

Bug: https://bugs.gentoo.org/631646
Bug: https://bugs.gentoo.org/699862
Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

3 files changed, 114 insertions, 0 deletions

diff --git a/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2017-14160.patch b/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2017-14160.patch
new file mode 100644
index 000000000000..7759e2eb2a6c
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2017-14160.patch
@@ -0,0 +1,29 @@
+This is also the patch for CVE-2018-10393.
+
+From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Wed, 9 May 2018 14:56:59 -0700
+Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
+
+---
+ lib/psy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
++    if( lo>=0 ) break;
++    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];
+-- 
+2.22.0
+
diff --git a/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2018-10392.patch b/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2018-10392.patch
new file mode 100644
index 000000000000..a12038a94235
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2018-10392.patch
@@ -0,0 +1,25 @@
+From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 17 May 2018 16:19:19 -0700
+Subject: [PATCH] Sanity check number of channels in setup.
+
+Fixes #2335.
+---
+ lib/vorbisenc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4fc7b62..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+   if(ci==NULL)return(OV_EINVAL);
++  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+   if(!hi->impulse_block_p)i0=1;
+ 
+   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+-- 
+2.22.0
+
diff --git a/media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild b/media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild
new file mode 100644
index 000000000000..92f52227407f
--- /dev/null
+++ b/media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools multilib-minimal
+
+DESCRIPTION="The Ogg Vorbis sound file format library"
+HOMEPAGE="https://xiph.org/vorbis/"
+SRC_URI="https://downloads.xiph.org/releases/vorbis/${P}.tar.xz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="static-libs test"
+
+RESTRICT="!test? ( test )"
+
+BDEPEND="virtual/pkgconfig"
+
+RDEPEND=">=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]"
+
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-CVE-2017-14160.patch
+	"${FILESDIR}"/${P}-CVE-2018-10392.patch
+)
+
+src_prepare() {
+	default
+
+	sed -i \
+		-e '/CFLAGS/s:-O20::' \
+		-e '/CFLAGS/s:-mcpu=750::' \
+		-e '/CFLAGS/s:-mno-ieee-fp::' \
+		configure.ac || die
+
+	# Un-hack docdir redefinition.
+	find -name 'Makefile.am' \
+		-exec sed -i \
+			-e 's:$(datadir)/doc/$(PACKAGE)-$(VERSION):@docdir@/html:' \
+			{} + || die
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--enable-shared
+		$(use_enable static-libs static)
+		$(use_enable test oggtest)
+	)
+
+	einfo "Running configure in ${BUILD_DIR}"
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_install_all() {
+	find "${ED}" -name '*.la' -delete || die
+}