Contrib: fix libvorbis CVEs: 2008-1419, 2008-1420, 2008-1423.

[vlc] / extras / contrib / src / Makefile

diff --git a/extras/contrib/src/Makefile b/extras/contrib/src/Makefile
index be7d3646f6c10cc91cddab2b67d0c4fc063d5eb3..4c2b48547c7110a63d212c1cc6d46ed09715f358 100644 (file)
--- a/extras/contrib/src/Makefile
+++ b/extras/contrib/src/Makefile
@@ -148,10 +148,11 @@ FFMPEGCONF += --disable-mmx
 endif
 
 ifdef HAVE_DARWIN_OS
+X264CONF += --enable-pic
 ifdef HAVE_DARWIN_OS_ON_INTEL
 FFMPEG_CFLAGS += -DHAVE_LRINTF
 else
-X264CONF += --enable-pic
+FFMPEGCONF += --disable-altivec
 endif
 endif
 
@@ -567,6 +568,7 @@ libid3tag-$(LIBID3TAG_VERSION).tar.gz:
 
 libid3tag: libid3tag-$(LIBID3TAG_VERSION).tar.gz
        $(EXTRACT_GZ)
+       patch -d libid3tag -p0 < Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
 
 .id3tag: libid3tag
        (cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) && make && make install)
@@ -697,6 +699,9 @@ libvorbis-$(VORBIS_VERSION).tar.gz:
 libvorbis: libvorbis-$(VORBIS_VERSION).tar.gz
        $(EXTRACT_GZ)
        patch -p0 < Patches/libvorbis.patch
+       patch -d libvorbis -p0 < Patches/libvorbis-r14598-CVE-2008-1420.patch
+       patch -d libvorbis -p0 < Patches/libvorbis-r14602-CVE-2008-1419.patch
+       patch -d libvorbis -p0 < Patches/libvorbis-r14602-CVE-2008-1423.patch
        (cd $@; autoconf)
 
 .vorbis: libvorbis .ogg
@@ -759,6 +764,7 @@ libtheora-$(THEORA_VERSION).tar.bz2:
 libtheora: libtheora-$(THEORA_VERSION).tar.bz2
        $(EXTRACT_BZ2)
        patch -p0 < Patches/theora.patch
+       patch -p0 < Patches/libtheora-includes.patch
        (cd $@; autoconf)
 
 .theora: libtheora .ogg
@@ -1039,7 +1045,7 @@ DISTCLEAN_PKG += amrwb-$(LIBAMR_WB_VERSION).tar.bz2
 
 ifdef SVN
 ffmpeg:
-       $(SVN) co $(FFMPEG_SVN) ffmpeg
+       $(SVN) co $(FFMPEG_SVN) ffmpeg -r 12920
 ifeq ($(HOST),i586-pc-beos)
        (cd $@; patch -p0 < ../Patches/ffmpeg-svn-beos.patch)
 endif
@@ -1051,6 +1057,7 @@ ifdef HAVE_BEOS
 endif
 ifdef HAVE_DARWIN_OS
        (cd $@; patch -p0 < ../Patches/ffmpeg-macosx-intel-mmx.patch)
+       (cd $@/libswscale; patch -p0 < ../../Patches/ffmpeg-fix-noaltivec.patch)
 endif
 ifdef NO_TEXT_RELOCATION
        (cd $@; patch -p1 < ../Patches/ffmpeg-svn-mmx_removal-darwin9.patch)
@@ -1841,7 +1848,7 @@ CIPHDIG= --enable-ciphers=aes,des,rfc2268,arcfour --enable-digests=sha1,md5,rmd1
 
 .gcrypt: libgcrypt .gpg-error
 ifdef HAVE_WIN32
-       (cd $<; ./autogen.sh && $(HOSTCC) ./configure $(HOSTCONF) --target=i586-mingw32msvc --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" $(CIPHDIG) && sed -i 46s@sys/times.h@sys/time.h@ cipher/random.c && make && make install)
+       (cd $<; ./autogen.sh && $(HOSTCC) ./configure $(HOSTCONF) --target=i586-mingw32msvc --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" $(CIPHDIG) --disable-shared --enable-static --disable-nls && sed -i 46s@sys/times.h@sys/time.h@ cipher/random.c && make && make install)
 else
        (cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" $(CIPHDIG) && make && make install)
 endif
@@ -1881,12 +1888,12 @@ gnutls: gnutls-$(GNUTLS_VERSION).tar.bz2
        $(EXTRACT_BZ2)
 ifdef HAVE_WIN32
        patch -p0 < Patches/gnutls-win32.patch
-       (cd $@; cd lgl; ln -sf alloca_.h alloca.h) 
+       (cd $@; cd lgl; ln -sf alloca_.h alloca.h; rm vasprintf.c; touch vasprintf.c; rm vasnprintf.c; touch vasnprintf.c) 
 endif
 
 .gnutls: gnutls .opencdk .gcrypt .gpg-error 
 ifdef HAVE_WIN32
-       (cd $<; autoconf && $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" --target=i586-mingw32msvc --disable-cxx && cd lgl && make && cd ../gl && make &&  cd ../lib &&make && make install && cd ../includes && make install)
+       (cd $<; autoconf && $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" --target=i586-mingw32msvc --disable-cxx -disable-shared --enable-static --disable-nls  && cd lgl && make && cd ../gl && make &&  cd ../lib &&make && make install && cd ../includes && make install)
 else
        (cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" --disable-cxx --with-libopencdk-prefix=$(PREFIX) --disable-guile && make && make install)
 endif