From 96c7fde7dd186ba9d0a60417fabeb15e9895f525 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 17 Mar 2018 03:28:50 -0400
Subject: gnu: libvorbis: Ungraft.

* gnu/packages/xiph.scm (libvorbis): Update to 1.3.6.
[replacement]: Remove field.
[source]: Remove patches.
(libvorbis-1.3.6): Remove variable.
---
 gnu/local.mk                                       |  2 -
 .../patches/libvorbis-CVE-2017-14632.patch         | 63 ----------------------
 .../patches/libvorbis-CVE-2017-14633.patch         | 43 ---------------
 gnu/packages/xiph.scm                              | 19 +------
 4 files changed, 2 insertions(+), 125 deletions(-)
 delete mode 100644 gnu/packages/patches/libvorbis-CVE-2017-14632.patch
 delete mode 100644 gnu/packages/patches/libvorbis-CVE-2017-14633.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index b979d90fa7..010f1417fb 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -864,8 +864,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libusb-for-axoloti.patch			\
   %D%/packages/patches/libvdpau-va-gl-unbundle.patch		\
-  %D%/packages/patches/libvorbis-CVE-2017-14632.patch		\
-  %D%/packages/patches/libvorbis-CVE-2017-14633.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
   %D%/packages/patches/libxt-guix-search-paths.patch		\
diff --git a/gnu/packages/patches/libvorbis-CVE-2017-14632.patch b/gnu/packages/patches/libvorbis-CVE-2017-14632.patch
deleted file mode 100644
index 99debf2104..0000000000
--- a/gnu/packages/patches/libvorbis-CVE-2017-14632.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix CVE-2017-14632:
-
-https://gitlab.xiph.org/xiph/vorbis/issues/2328
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
-
-Patch copied from upstream source repository:
-
-https://gitlab.xiph.org/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f
-
-From c1c2831fc7306d5fbd7bc800324efd12b28d327f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
-Date: Wed, 15 Nov 2017 18:22:59 +0100
-Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb
- if not initialized
-
-If the number of channels is not within the allowed range
-we call oggback_writeclear altough it's not initialized yet.
-
-This fixes
-
-    =23371== Invalid free() / delete / delete[] / realloc()
-    ==23371==    at 0x4C2CE1B: free (vg_replace_malloc.c:530)
-    ==23371==    by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
-    ==23371==    by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
-    ==23371==    by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
-    ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
-    ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
-    ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
-    ==23371==    by 0x10D82A: process (sox.c:1753)
-    ==23371==    by 0x10D82A: main (sox.c:3012)
-    ==23371==  Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd
-    ==23371==    at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
-    ==23371==    by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
-    ==23371==    by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
-    ==23371==    by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
-    ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
-    ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
-    ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
-    ==23371==    by 0x10D82A: process (sox.c:1753)
-    ==23371==    by 0x10D82A: main (sox.c:3012)
-
-as seen when using the testcase from CVE-2017-11333 with
-008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
-there before.
----
- lib/info.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/info.c b/lib/info.c
-index 7bc4ea4..8d0b2ed 100644
---- a/lib/info.c
-+++ b/lib/info.c
-@@ -589,6 +589,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
-   private_state *b=v->backend_state;
- 
-   if(!b||vi->channels<=0||vi->channels>256){
-+    b = NULL;
-     ret=OV_EFAULT;
-     goto err_out;
-   }
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/libvorbis-CVE-2017-14633.patch b/gnu/packages/patches/libvorbis-CVE-2017-14633.patch
deleted file mode 100644
index ec6bf5265c..0000000000
--- a/gnu/packages/patches/libvorbis-CVE-2017-14633.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Fix CVE-2017-14633:
-
-https://gitlab.xiph.org/xiph/vorbis/issues/2329
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
-
-Patch copied from upstream source repository:
-
-https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
-
-From a79ec216cd119069c68b8f3542c6a425a74ab993 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
-Date: Tue, 31 Oct 2017 18:32:46 +0100
-Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
-
-Otherwise
-
- for(i=0;i<vi->channels;i++){
-      /* the encoder setup assumes that all the modes used by any
-         specific bitrate tweaking use the same floor */
-      int submap=info->chmuxlist[i];
-
-overreads later in mapping0_forward since chmuxlist is a fixed array of
-256 elements max.
----
- lib/info.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/info.c b/lib/info.c
-index fe759ed..7bc4ea4 100644
---- a/lib/info.c
-+++ b/lib/info.c
-@@ -588,7 +588,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
-   oggpack_buffer opb;
-   private_state *b=v->backend_state;
- 
--  if(!b||vi->channels<=0){
-+  if(!b||vi->channels<=0||vi->channels>256){
-     ret=OV_EFAULT;
-     goto err_out;
-   }
--- 
-2.15.1
-
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 2e922d2a95..d0349274f4 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -80,17 +80,14 @@ (define libogg
 (define libvorbis
   (package
    (name "libvorbis")
-   (version "1.3.5")
-   (replacement libvorbis-1.3.6)
+   (version "1.3.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "http://downloads.xiph.org/releases/vorbis/"
                                 "libvorbis-" version ".tar.xz"))
-            (patches (search-patches "libvorbis-CVE-2017-14633.patch"
-                                     "libvorbis-CVE-2017-14632.patch"))
             (sha256
              (base32
-              "1lg1n3a6r41492r7in0fpvzc7909mc5ir9z0gd3qh2pz4yalmyal"))))
+              "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))
    (build-system gnu-build-system)
    (propagated-inputs `(("libogg" ,libogg)))
    (arguments `(#:configure-flags '("LDFLAGS=-lm")
@@ -106,18 +103,6 @@ (define libvorbis
                                "See COPYING in the distribution."))
    (home-page "https://xiph.org/vorbis/")))
 
-;; For CVE-2018-5146.
-(define-public libvorbis-1.3.6
-  (package/inherit libvorbis
-    (version "1.3.6")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "http://downloads.xiph.org/releases/vorbis/"
-                                  "libvorbis-" version ".tar.xz"))
-              (sha256
-               (base32
-                "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))))
-
 (define libtheora
   (package
     (name "libtheora")
-- 
cgit v1.2.3