diff --git a/SOURCES/libvorbis-1.3.6-git.patch b/SOURCES/libvorbis-1.3.6-git.patch
new file mode 100644
index 0000000..e7714d2
--- /dev/null
+++ b/SOURCES/libvorbis-1.3.6-git.patch
@@ -0,0 +1,215 @@
+diff --git a/Brewfile b/Brewfile
+new file mode 100644
+index 0000000..af81e5b
+--- /dev/null
++++ b/Brewfile
+@@ -0,0 +1,3 @@
++brew 'doxygen'
++brew 'libogg'
++brew 'xz'
+diff --git a/Makefile.am b/Makefile.am
+index c35131a..3feaf72 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -26,7 +26,7 @@ EXTRA_DIST = \
+ vorbisenc-uninstalled.pc.in \
+ vorbisfile-uninstalled.pc.in \
+ symbian \
+- macosx win32
++ macosx win32 CMakeLists.txt
+
+
+ DISTCHECK_CONFIGURE_FLAGS = --enable-docs
+diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh
+new file mode 100755
+index 0000000..29e7f38
+--- /dev/null
++++ b/contrib/oss-fuzz/build.sh
+@@ -0,0 +1,23 @@
++#!/bin/bash -eu
++
++pushd $SRC
++mv people.xiph.org/*.ogg decode_corpus/
++zip -r "$OUT/decode_fuzzer_seed_corpus.zip" decode_corpus/
++popd
++
++pushd $SRC/ogg
++./autogen.sh
++./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc
++make clean
++make -j$(nproc)
++make install
++popd
++
++
++./autogen.sh
++./configure --prefix="$WORK" --enable-static --disable-shared
++make clean
++make -j$(nproc)
++make install
++
++$CXX $CXXFLAGS $SRC/vorbis/contrib/oss-fuzz/decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" -lFuzzingEngine -lvorbisfile -lvorbis -logg
+diff --git a/contrib/oss-fuzz/decode_fuzzer.cc b/contrib/oss-fuzz/decode_fuzzer.cc
+new file mode 100644
+index 0000000..b8840c1
+--- /dev/null
++++ b/contrib/oss-fuzz/decode_fuzzer.cc
+@@ -0,0 +1,48 @@
++#include <stdio.h>
++#include <string.h>
++#include <cstdint>
++#include <vorbis/vorbisfile.h>
++
++struct vorbis_data {
++ const uint8_t *current;
++ const uint8_t *data;
++ size_t size;
++};
++
++size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) {
++ vorbis_data* vd = (vorbis_data *)(datasource);
++ size_t len = size1 * size2;
++ if (vd->current + len > vd->data + vd->size) {
++ len = vd->data + vd->size - vd->current;
++ }
++ memcpy(ptr, vd->current, len);
++ vd->current += len;
++ return len;
++}
++
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ ov_callbacks memory_callbacks = {0};
++ memory_callbacks.read_func = read_func;
++ vorbis_data data_st;
++ data_st.size = Size;
++ data_st.current = Data;
++ data_st.data = Data;
++ OggVorbis_File vf;
++ int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks);
++ if (result < 0) {
++ return 0;
++ }
++ int current_section = 0;
++ int eof = 0;
++ char buf[4096];
++ int read_result;
++ while (!eof) {
++ read_result = ov_read(&vf, buf, sizeof(buf), 0, 2, 1, ¤t_section);
++ if (read_result != OV_HOLE && read_result <= 0) {
++ eof = 1;
++ }
++ }
++ ov_clear(&vf);
++ return 0;
++}
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index cd5afdf..e22895e 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -35,7 +35,7 @@ psytune_SOURCES = psytune.c
+ psytune_LDFLAGS = -static
+ psytune_LDADD = libvorbis.la
+
+-EXTRA_DIST = lookups.pl
++EXTRA_DIST = lookups.pl CMakeLists.txt
+
+ # build and run the self tests on 'make check'
+
+diff --git a/lib/info.c b/lib/info.c
+index 3fbb7c7..23efa25 100644
+--- a/lib/info.c
++++ b/lib/info.c
+@@ -203,6 +203,7 @@ void vorbis_info_clear(vorbis_info *vi){
+
+ static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){
+ codec_setup_info *ci=vi->codec_setup;
++ int bs;
+ if(!ci)return(OV_EFAULT);
+
+ vi->version=oggpack_read(opb,32);
+@@ -215,8 +216,12 @@ static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){
+ vi->bitrate_nominal=(ogg_int32_t)oggpack_read(opb,32);
+ vi->bitrate_lower=(ogg_int32_t)oggpack_read(opb,32);
+
+- ci->blocksizes[0]=1<<oggpack_read(opb,4);
+- ci->blocksizes[1]=1<<oggpack_read(opb,4);
++ bs = oggpack_read(opb,4);
++ if(bs<0)goto err_out;
++ ci->blocksizes[0]=1<<bs;
++ bs = oggpack_read(opb,4);
++ if(bs<0)goto err_out;
++ ci->blocksizes[1]=1<<bs;
+
+ if(vi->rate<1)goto err_out;
+ if(vi->channels<1)goto err_out;
+diff --git a/lib/os.h b/lib/os.h
+index 416a401..e098926 100644
+--- a/lib/os.h
++++ b/lib/os.h
+@@ -120,7 +120,7 @@ static inline int vorbis_ftoi(double f){ /* yes, double! Otherwise,
+ /* MSVC inline assembly. 32 bit only; inline ASM isn't implemented in the
+ * 64 bit compiler and doesn't work on arm. */
+ #if defined(_MSC_VER) && !defined(_WIN64) && \
+- !defined(_WIN32_WCE) && !defined(_M_ARM)
++ !defined(_WIN32_WCE) && !defined(_M_ARM) && !defined(_M_ARM64)
+ # define VORBIS_FPU_CONTROL
+
+ typedef ogg_int16_t vorbis_fpu_control;
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+ for (i = 0, x = 0.f;; i++, x += 1.f) {
+
+ lo = b[i] >> 16;
+- if( lo>=0 ) break;
+ hi = b[i] & 0xffff;
++ if( lo>=0 ) break;
++ if( hi>=n ) break;
+
+ tN = N[hi] + N[-lo];
+ tX = X[hi] - X[-lo];
+diff --git a/lib/sharedbook.c b/lib/sharedbook.c
+index 4545d4f..8d73daa 100644
+--- a/lib/sharedbook.c
++++ b/lib/sharedbook.c
+@@ -62,7 +62,15 @@ float _float32_unpack(long val){
+ int sign=val&0x80000000;
+ long exp =(val&0x7fe00000L)>>VQ_FMAN;
+ if(sign)mant= -mant;
+- return(ldexp(mant,exp-(VQ_FMAN-1)-VQ_FEXP_BIAS));
++ exp=exp-(VQ_FMAN-1)-VQ_FEXP_BIAS;
++ /* clamp excessive exponent values */
++ if (exp>63){
++ exp=63;
++ }
++ if (exp<-63){
++ exp-63;
++ }
++ return(ldexp(mant,exp));
+ }
+
+ /* given a list of word lengths, generate a list of codewords. Works
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4a4607c..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+ highlevel_encode_setup *hi=&ci->hi;
+
+ if(ci==NULL)return(OV_EINVAL);
++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+ if(!hi->impulse_block_p)i0=1;
+
+ /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+@@ -1210,7 +1211,7 @@ int vorbis_encode_ctl(vorbis_info *vi,int number,void *arg){
+ hi->req,
+ hi->managed,
+ &new_base);
+- if(!hi->setup)return OV_EIMPL;
++ if(!new_template)return OV_EIMPL;
+ hi->setup=new_template;
+ hi->base_setting=new_base;
+ vorbis_encode_setup_setting(vi,vi->channels,vi->rate);
diff --git a/SPECS/libvorbis.spec b/SPECS/libvorbis.spec
index 5d94c86..f87a64f 100644
--- a/SPECS/libvorbis.spec
+++ b/SPECS/libvorbis.spec
@@ -3,7 +3,7 @@
Summary: The Vorbis General Audio Compression Codec
Name: libvorbis
Version: 1.3.6
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
Group: System Environment/Libraries
License: BSD
@@ -11,6 +11,20 @@ URL: https://www.xiph.org/
Source: https://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.xz
BuildRequires: pkgconfig(ogg) >= 1.0
+# sync with git as of
+#
+# commit 46e70fa6573e206c2555cd99a53204ffd6bf58fd
+# Author: Minmin Gong <gongminmin@msn.com>
+# Date: Wed Jul 4 21:37:54 2018 -0700
+#
+# Fix the compiling errors on msvc ARM64 configuration.
+#
+# Fixes:
+# CVE-2017-14160
+# CVE-2018-10392
+# CVE-2018-10393
+Patch0: libvorbis-1.3.6-git.patch
+
%description
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
general-purpose compressed audio format for audio and music at fixed
@@ -40,6 +54,7 @@ Documentation for developing applications with libvorbis.
%prep
%setup -q
+%patch0 -p1
sed -i "s|-O20|$RPM_OPT_FLAGS|" configure
sed -i "s/-ffast-math//" configure
sed -i "s/-mcpu=750//" configure
@@ -78,6 +93,9 @@ make check
%ldconfig_scriptlets
%changelog
+* Wed May 29 2019 Adam Jackson <ajax@redhat.com> - 1.3.6-2
+- Sync with git for CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
+
* Fri Mar 16 2018 Adam Jackson <ajax@redhat.com> - 1.3.6-1
- libvorbis 1.3.6