diff --git a/SOURCES/libvorbis-1.3.6-git.patch b/SOURCES/libvorbis-1.3.6-git.patch new file mode 100644 index 0000000..e7714d2 --- /dev/null +++ b/SOURCES/libvorbis-1.3.6-git.patch @@ -0,0 +1,215 @@ +diff --git a/Brewfile b/Brewfile +new file mode 100644 +index 0000000..af81e5b +--- /dev/null ++++ b/Brewfile +@@ -0,0 +1,3 @@ ++brew 'doxygen' ++brew 'libogg' ++brew 'xz' +diff --git a/Makefile.am b/Makefile.am +index c35131a..3feaf72 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -26,7 +26,7 @@ EXTRA_DIST = \ + vorbisenc-uninstalled.pc.in \ + vorbisfile-uninstalled.pc.in \ + symbian \ +- macosx win32 ++ macosx win32 CMakeLists.txt + + + DISTCHECK_CONFIGURE_FLAGS = --enable-docs +diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh +new file mode 100755 +index 0000000..29e7f38 +--- /dev/null ++++ b/contrib/oss-fuzz/build.sh +@@ -0,0 +1,23 @@ ++#!/bin/bash -eu ++ ++pushd $SRC ++mv people.xiph.org/*.ogg decode_corpus/ ++zip -r "$OUT/decode_fuzzer_seed_corpus.zip" decode_corpus/ ++popd ++ ++pushd $SRC/ogg ++./autogen.sh ++./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc ++make clean ++make -j$(nproc) ++make install ++popd ++ ++ ++./autogen.sh ++./configure --prefix="$WORK" --enable-static --disable-shared ++make clean ++make -j$(nproc) ++make install ++ ++$CXX $CXXFLAGS $SRC/vorbis/contrib/oss-fuzz/decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" -lFuzzingEngine -lvorbisfile -lvorbis -logg +diff --git a/contrib/oss-fuzz/decode_fuzzer.cc b/contrib/oss-fuzz/decode_fuzzer.cc +new file mode 100644 +index 0000000..b8840c1 +--- /dev/null ++++ b/contrib/oss-fuzz/decode_fuzzer.cc +@@ -0,0 +1,48 @@ ++#include ++#include ++#include ++#include ++ ++struct vorbis_data { ++ const uint8_t *current; ++ const uint8_t *data; ++ size_t size; ++}; ++ ++size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) { ++ vorbis_data* vd = (vorbis_data *)(datasource); ++ size_t len = size1 * size2; ++ if (vd->current + len > vd->data + vd->size) { ++ len = vd->data + vd->size - vd->current; ++ } ++ memcpy(ptr, vd->current, len); ++ vd->current += len; ++ return len; ++} ++ ++ ++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { ++ ov_callbacks memory_callbacks = {0}; ++ memory_callbacks.read_func = read_func; ++ vorbis_data data_st; ++ data_st.size = Size; ++ data_st.current = Data; ++ data_st.data = Data; ++ OggVorbis_File vf; ++ int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks); ++ if (result < 0) { ++ return 0; ++ } ++ int current_section = 0; ++ int eof = 0; ++ char buf[4096]; ++ int read_result; ++ while (!eof) { ++ read_result = ov_read(&vf, buf, sizeof(buf), 0, 2, 1, ¤t_section); ++ if (read_result != OV_HOLE && read_result <= 0) { ++ eof = 1; ++ } ++ } ++ ov_clear(&vf); ++ return 0; ++} +diff --git a/lib/Makefile.am b/lib/Makefile.am +index cd5afdf..e22895e 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -35,7 +35,7 @@ psytune_SOURCES = psytune.c + psytune_LDFLAGS = -static + psytune_LDADD = libvorbis.la + +-EXTRA_DIST = lookups.pl ++EXTRA_DIST = lookups.pl CMakeLists.txt + + # build and run the self tests on 'make check' + +diff --git a/lib/info.c b/lib/info.c +index 3fbb7c7..23efa25 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -203,6 +203,7 @@ void vorbis_info_clear(vorbis_info *vi){ + + static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){ + codec_setup_info *ci=vi->codec_setup; ++ int bs; + if(!ci)return(OV_EFAULT); + + vi->version=oggpack_read(opb,32); +@@ -215,8 +216,12 @@ static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){ + vi->bitrate_nominal=(ogg_int32_t)oggpack_read(opb,32); + vi->bitrate_lower=(ogg_int32_t)oggpack_read(opb,32); + +- ci->blocksizes[0]=1<blocksizes[1]=1<blocksizes[0]=1<blocksizes[1]=1<rate<1)goto err_out; + if(vi->channels<1)goto err_out; +diff --git a/lib/os.h b/lib/os.h +index 416a401..e098926 100644 +--- a/lib/os.h ++++ b/lib/os.h +@@ -120,7 +120,7 @@ static inline int vorbis_ftoi(double f){ /* yes, double! Otherwise, + /* MSVC inline assembly. 32 bit only; inline ASM isn't implemented in the + * 64 bit compiler and doesn't work on arm. */ + #if defined(_MSC_VER) && !defined(_WIN64) && \ +- !defined(_WIN32_WCE) && !defined(_M_ARM) ++ !defined(_WIN32_WCE) && !defined(_M_ARM) && !defined(_M_ARM64) + # define VORBIS_FPU_CONTROL + + typedef ogg_int16_t vorbis_fpu_control; +diff --git a/lib/psy.c b/lib/psy.c +index 422c6f1..1310123 100644 +--- a/lib/psy.c ++++ b/lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; +diff --git a/lib/sharedbook.c b/lib/sharedbook.c +index 4545d4f..8d73daa 100644 +--- a/lib/sharedbook.c ++++ b/lib/sharedbook.c +@@ -62,7 +62,15 @@ float _float32_unpack(long val){ + int sign=val&0x80000000; + long exp =(val&0x7fe00000L)>>VQ_FMAN; + if(sign)mant= -mant; +- return(ldexp(mant,exp-(VQ_FMAN-1)-VQ_FEXP_BIAS)); ++ exp=exp-(VQ_FMAN-1)-VQ_FEXP_BIAS; ++ /* clamp excessive exponent values */ ++ if (exp>63){ ++ exp=63; ++ } ++ if (exp<-63){ ++ exp-63; ++ } ++ return(ldexp(mant,exp)); + } + + /* given a list of word lengths, generate a list of codewords. Works +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4a4607c..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +@@ -1210,7 +1211,7 @@ int vorbis_encode_ctl(vorbis_info *vi,int number,void *arg){ + hi->req, + hi->managed, + &new_base); +- if(!hi->setup)return OV_EIMPL; ++ if(!new_template)return OV_EIMPL; + hi->setup=new_template; + hi->base_setting=new_base; + vorbis_encode_setup_setting(vi,vi->channels,vi->rate); diff --git a/SPECS/libvorbis.spec b/SPECS/libvorbis.spec index 5d94c86..f87a64f 100644 --- a/SPECS/libvorbis.spec +++ b/SPECS/libvorbis.spec @@ -3,7 +3,7 @@ Summary: The Vorbis General Audio Compression Codec Name: libvorbis Version: 1.3.6 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 Group: System Environment/Libraries License: BSD @@ -11,6 +11,20 @@ URL: https://www.xiph.org/ Source: https://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.xz BuildRequires: pkgconfig(ogg) >= 1.0 +# sync with git as of +# +# commit 46e70fa6573e206c2555cd99a53204ffd6bf58fd +# Author: Minmin Gong +# Date: Wed Jul 4 21:37:54 2018 -0700 +# +# Fix the compiling errors on msvc ARM64 configuration. +# +# Fixes: +# CVE-2017-14160 +# CVE-2018-10392 +# CVE-2018-10393 +Patch0: libvorbis-1.3.6-git.patch + %description Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed @@ -40,6 +54,7 @@ Documentation for developing applications with libvorbis. %prep %setup -q +%patch0 -p1 sed -i "s|-O20|$RPM_OPT_FLAGS|" configure sed -i "s/-ffast-math//" configure sed -i "s/-mcpu=750//" configure @@ -78,6 +93,9 @@ make check %ldconfig_scriptlets %changelog +* Wed May 29 2019 Adam Jackson - 1.3.6-2 +- Sync with git for CVE-2017-14160, CVE-2018-10392, CVE-2018-10393 + * Fri Mar 16 2018 Adam Jackson - 1.3.6-1 - libvorbis 1.3.6