Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 1a4b7ee28bf7413af6513fb45ad0d0736048f866^! / . / poky / meta / recipes-multimedia / libvorbis / libvorbis / CVE-2017-14160.patch
commit1a4b7ee28bf7413af6513fb45ad0d0736048f866[log] [tgz]
authorBrad Bishop <bradleyb@fuzziesquirrel.com>Sun Dec 16 17:11:34 2018 -0800
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Tue Jan 08 18:21:44 2019 -0500
tree79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce
parent5b9ede0403237c7dace972affa65cf64a1aadd0e [diff] [blame]
reset upstream subtrees to yocto 2.6

Reset the following subtrees on thud HEAD:

  poky: 87e3a9739d
  meta-openembedded: 6094ae18c8
  meta-security: 31dc4e7532
  meta-raspberrypi: a48743dc36
  meta-xilinx: c42016e2e6

Also re-apply backports that didn't make it into thud:
  poky:
    17726d0 systemd-systemctl-native: handle Install wildcards

  meta-openembedded:
    4321a5d libtinyxml2: update to 7.0.1
    042f0a3 libcereal: Add native and nativesdk classes
    e23284f libcereal: Allow empty package
    030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
    179a1b9 gtest: update to 1.8.1

Squashed OpenBMC subtree compatibility updates:
  meta-aspeed:
    Brad Bishop (1):
          aspeed: add yocto 2.6 compatibility

  meta-ibm:
    Brad Bishop (1):
          ibm: prepare for yocto 2.6

  meta-ingrasys:
    Brad Bishop (1):
          ingrasys: set layer compatibility to yocto 2.6

  meta-openpower:
    Brad Bishop (1):
          openpower: set layer compatibility to yocto 2.6

  meta-phosphor:
    Brad Bishop (3):
          phosphor: set layer compatibility to thud
          phosphor: libgpg-error: drop patches
          phosphor: react to fitimage artifact rename

    Ed Tanous (4):
          Dropbear: upgrade options for latest upgrade
          yocto2.6: update openssl options
          busybox: remove upstream watchdog patch
          systemd: Rebase CONFIG_CGROUP_BPF patch

Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
index 7564d92..b7603c3 100644
--- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch

@@ -3,14 +3,15 @@
 Date: Wed, 9 May 2018 14:56:59 -0700
 Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
 
-CVE: CVE-2017-14160
-CVE: CVE-2018-10393
-Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
-
-Signed-off-by: Thomas Daede <daede003@umn.edu>
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
 ---
- lib/psy.c | 3 ++-
+CVE: CVE-2017-14160 CVE-2018-10393
+
+Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/018ca26d...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+---
+ lib/psy.c |    3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/lib/psy.c b/lib/psy.c
@@ -29,5 +30,5 @@
      tN = N[hi] + N[-lo];
      tX = X[hi] - X[-lo];
 -- 
-2.7.4
+1.7.9.5