From 2f2c5d85d6bc383ed27e6c491dc9620db9e913f9 Mon Sep 17 00:00:00 2001
From: Helmut Pozimski <helmut@pozimski.eu>
Date: Thu, 15 Feb 2018 19:59:45 +0100
Subject: [PATCH] libvorbis: add patches for CVE-2017-14632 and CVE-2017-14633

patches via Debian, originally from upstream
https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f
https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993

Closes: #11657 [via git-merge-pr]
---
 srcpkgs/libvorbis/patches/CVE-2017-14632.patch | 10 ++++++++++
 srcpkgs/libvorbis/patches/CVE-2017-14633.patch | 11 +++++++++++
 srcpkgs/libvorbis/template                     |  6 +++++-
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/libvorbis/patches/CVE-2017-14632.patch
 create mode 100644 srcpkgs/libvorbis/patches/CVE-2017-14633.patch

diff --git a/srcpkgs/libvorbis/patches/CVE-2017-14632.patch b/srcpkgs/libvorbis/patches/CVE-2017-14632.patch
new file mode 100644
index 00000000000..33cd45bcaf8
--- /dev/null
+++ b/srcpkgs/libvorbis/patches/CVE-2017-14632.patch
@@ -0,0 +1,10 @@
+--- lib/info.c
++++ lib/info.c
+@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   private_state *b=v->backend_state;
+ 
+   if(!b||vi->channels<=0){
++    b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
+   }
diff --git a/srcpkgs/libvorbis/patches/CVE-2017-14633.patch b/srcpkgs/libvorbis/patches/CVE-2017-14633.patch
new file mode 100644
index 00000000000..548b1262848
--- /dev/null
+++ b/srcpkgs/libvorbis/patches/CVE-2017-14633.patch
@@ -0,0 +1,11 @@
+--- lib/info.c
++++ lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+     b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
diff --git a/srcpkgs/libvorbis/template b/srcpkgs/libvorbis/template
index a6423d1b076..bb376333e4d 100644
--- a/srcpkgs/libvorbis/template
+++ b/srcpkgs/libvorbis/template
@@ -1,7 +1,7 @@
 # Template file for 'libvorbis'.
 pkgname=libvorbis
 version=1.3.5
-revision=1
+revision=2
 build_style=gnu-configure
 hostmakedepends="automake libtool pkg-config"
 makedepends="libogg-devel"
@@ -16,6 +16,10 @@ pre_configure() {
 	autoreconf -fi -I m4
 }
 
+post_install() {
+	vlicense COPYING
+}
+
 libvorbis-devel_package() {
 	depends="libogg-devel libvorbis>=${version}_${revision}"
 	short_desc+=" - development files"