Index: head/audio/libvorbis/Makefile =================================================================== --- head/audio/libvorbis/Makefile (revision 540731) +++ head/audio/libvorbis/Makefile (revision 540732) @@ -1,32 +1,33 @@ # Created by: t.vanklaveren@student.utwente.nl # $FreeBSD$ PORTNAME= libvorbis PORTVERSION= 1.3.6 +PORTREVISION= 1 PORTEPOCH= 3 CATEGORIES= audio MASTER_SITES= https://downloads.xiph.org/releases/vorbis/ \ https://download.videolan.org/videolan/testing/contrib/vorbis/ MAINTAINER= naddy@FreeBSD.org COMMENT= Audio compression codec library LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= libogg.so:audio/libogg USES= libtool pathfix tar:xz USE_LDCONFIG= yes GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-ogg=${LOCALBASE} INSTALL_TARGET= install-strip TEST_TARGET= check OPTIONS_DEFINE= DOCS post-install: cd ${STAGEDIR}${PREFIX}/share/doc && ${MV} ${DISTNAME} libvorbis .include Index: head/audio/libvorbis/files/patch-lib_psy.c =================================================================== --- head/audio/libvorbis/files/patch-lib_psy.c (nonexistent) +++ head/audio/libvorbis/files/patch-lib_psy.c (revision 540732) @@ -0,0 +1,15 @@ +CVE-2017-14160: fix bounds check on very low sample rates. +https://gitlab.xiph.org/xiph/vorbis/-/commit/018ca26dece618457dd13585cad52941193c4a25 +--- lib/psy.c.orig 2020-06-28 19:37:27 UTC ++++ lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; Property changes on: head/audio/libvorbis/files/patch-lib_psy.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/audio/libvorbis/files/patch-lib_vorbisenc.c =================================================================== --- head/audio/libvorbis/files/patch-lib_vorbisenc.c (nonexistent) +++ head/audio/libvorbis/files/patch-lib_vorbisenc.c (revision 540732) @@ -0,0 +1,12 @@ +CVE-2018-10392: Sanity check number of channels in setup. +https://gitlab.xiph.org/xiph/vorbis/-/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b +--- lib/vorbisenc.c.orig 2020-06-28 19:38:54 UTC ++++ lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ Property changes on: head/audio/libvorbis/files/patch-lib_vorbisenc.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property