[vorbis-tools] 01/02: Use "gbp patch-queue" to manage the two most recent patches and extended/corrected information in their tagging.
Martin Steghöfer
martin.steghoefer-guest at moszumanska.debian.org
Thu Oct 8 19:40:16 UTC 2015
This is an automated email from the git hooks/post-receive script.
martin.steghoefer-guest pushed a commit to branch master
in repository vorbis-tools.
commit c574ccdf6f4618b9ccd5b4343faaacf39d74b9a7
Author: Martin Steghöfer <martin at steghoefer.eu>
Date: Thu Oct 8 21:08:43 2015 +0200
Use "gbp patch-queue" to manage the two most recent patches and extended/corrected information in their tagging.
Git-Dch: Ignore
---
...arge-alloca-on-bad-AIFF-input-CVE-2015-6.patch} | 11 +++++---
...ate-count-of-channels-in-the-header-CVE-.patch} | 31 +++++++++++-----------
debian/patches/series | 4 +--
3 files changed, 26 insertions(+), 20 deletions(-)
diff --git a/debian/patches/0015-Fix-Large-alloca-on-bad-AIFF-input-CVE-2015-6749.patch b/debian/patches/0015-oggenc-Fix-large-alloca-on-bad-AIFF-input-CVE-2015-6.patch
similarity index 77%
rename from debian/patches/0015-Fix-Large-alloca-on-bad-AIFF-input-CVE-2015-6749.patch
rename to debian/patches/0015-oggenc-Fix-large-alloca-on-bad-AIFF-input-CVE-2015-6.patch
index bd212f9..1f7814b 100644
--- a/debian/patches/0015-Fix-Large-alloca-on-bad-AIFF-input-CVE-2015-6749.patch
+++ b/debian/patches/0015-oggenc-Fix-large-alloca-on-bad-AIFF-input-CVE-2015-6.patch
@@ -1,11 +1,16 @@
-Description: oggenc: Fix large alloca on bad AIFF input
- This is CVE-2015-6749.
-Author: Mark Harris <mark.hsj at gmail.com>
+From: Petter Reinholdtsen <pere at debian.org>
+Date: Tue, 22 Sep 2015 14:56:58 +0200
+Subject: oggenc: Fix large alloca on bad AIFF input (CVE-2015-6749).
+Author: Mark Harris <mark.hsj at gmail.com>
+Origin: https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
Bug-Debian: https://bugs.debian.org/797461
Forwarded: https://trac.xiph.org/ticket/2212
Reviewed-By: Petter Reinholdtsen <pere at hungry.com>
Last-Update: 2015-09-22
+---
+ oggenc/audio.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/oggenc/audio.c b/oggenc/audio.c
index 22bbed4..05e42b3 100644
diff --git a/debian/patches/0016-Validate-channel-count-in-audio-header.patch b/debian/patches/0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
similarity index 70%
rename from debian/patches/0016-Validate-channel-count-in-audio-header.patch
rename to debian/patches/0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
index 4a40846..6e389dd 100644
--- a/debian/patches/0016-Validate-channel-count-in-audio-header.patch
+++ b/debian/patches/0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
@@ -1,13 +1,9 @@
-Description: oggenc: validate count of channels in the header
- Fixes CVE-2014-9638 and CVE-2014-9639.
-Author: Kamil Dudka kdudka at redhat.com
-Bug-Debian: https://bugs.debian.org/
-
----
-The information above should follow the Patch Tagging Guidelines, please
-checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
-are templates for supplementary fields that you might want to add:
+From: Petter Reinholdtsen <pere at debian.org>
+Date: Tue, 22 Sep 2015 15:14:06 +0200
+Subject: oggenc: validate count of channels in the header (CVE-2014-9638 &
+ CVE-2014-9639)
+Author: Kamil Dudka <kdudka at redhat.com>
Origin: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
Bug: https://trac.xiph.org/ticket/2136
Bug: https://trac.xiph.org/ticket/2137
@@ -15,9 +11,14 @@ Bug-Debian: https://bugs.debian.org/776086
Forwarded: not-needed
Reviewed-By: Petter Reinholdtsen <pere at hungry.com>
Last-Update: 2015-09-22
+---
+ oggenc/audio.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
---- vorbis-tools-1.4.0.orig/oggenc/audio.c
-+++ vorbis-tools-1.4.0/oggenc/audio.c
+diff --git a/oggenc/audio.c b/oggenc/audio.c
+index 05e42b3..1b3f179 100644
+--- a/oggenc/audio.c
++++ b/oggenc/audio.c
@@ -13,6 +13,7 @@
#include <config.h>
#endif
@@ -26,7 +27,7 @@ Last-Update: 2015-09-22
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-@@ -251,6 +252,7 @@ int aiff_open(FILE *in, oe_enc_opt *opt,
+@@ -251,6 +252,7 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
aiff_fmt format;
aifffile *aiff = malloc(sizeof(aifffile));
int i;
@@ -34,7 +35,7 @@ Last-Update: 2015-09-22
if(buf[11]=='C')
aifc=1;
-@@ -277,11 +279,16 @@ int aiff_open(FILE *in, oe_enc_opt *opt,
+@@ -277,11 +279,16 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
return 0;
}
@@ -52,7 +53,7 @@ Last-Update: 2015-09-22
aiff->bigendian = 1;
if(aifc)
-@@ -412,6 +419,7 @@ int wav_open(FILE *in, oe_enc_opt *opt,
+@@ -412,6 +419,7 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen)
wav_fmt format;
wavfile *wav = malloc(sizeof(wavfile));
int i;
@@ -60,7 +61,7 @@ Last-Update: 2015-09-22
/* Ok. At this point, we know we have a WAV file. Now we have to detect
* whether we support the subtype, and we have to find the actual data
-@@ -449,12 +457,18 @@ int wav_open(FILE *in, oe_enc_opt *opt,
+@@ -449,12 +457,18 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen)
}
format.format = READ_U16_LE(buf);
diff --git a/debian/patches/series b/debian/patches/series
index bde560b..dfc7006 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,5 +12,5 @@
0012-Fix-ogg123-speex-playback-Initialize-channel-matrix.patch
0013-Fix-oggdec-crash-hang-Don-t-ignore-stream-errors.patch
0014-Use-translations-in-oggdec.patch
-0015-Fix-Large-alloca-on-bad-AIFF-input-CVE-2015-6749.patch
-0016-Validate-channel-count-in-audio-header.patch
+0015-oggenc-Fix-large-alloca-on-bad-AIFF-input-CVE-2015-6.patch
+0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/vorbis-tools.git
More information about the pkg-xiph-commits
mailing list