package/vorbis-tools: annotate _IGNORE_CVES for the included security patches

author Peter Korsgaard <peter@korsgaard.com>

Wed, 19 Feb 2020 16:02:01 +0000 (17:02 +0100)

committer Peter Korsgaard <peter@korsgaard.com>

Thu, 20 Feb 2020 12:16:52 +0000 (13:16 +0100)
author Peter Korsgaard <peter@korsgaard.com>
Wed, 19 Feb 2020 16:02:01 +0000 (17:02 +0100)
committer Peter Korsgaard <peter@korsgaard.com>
Thu, 20 Feb 2020 12:16:52 +0000 (13:16 +0100)
diff --git a/package/vorbis-tools/vorbis-tools.mk b/package/vorbis-tools/vorbis-tools.mk

index 1bec1e2b96216580906e447f8ca568b96fd6748d..407ea975e72d8b78613d4254ac505fa03f22ed06 100644 (file)
--- a/package/vorbis-tools/vorbis-tools.mk
+++ b/package/vorbis-tools/vorbis-tools.mk
@@ -10,6 +10,14 @@ VORBIS_TOOLS_LICENSE = GPL-2.0
  VORBIS_TOOLS_LICENSE_FILES = COPYING
  VORBIS_TOOLS_DEPENDENCIES = libao libogg libvorbis libcurl
  VORBIS_TOOLS_CONF_OPTS = --program-transform-name=''
+
+# 0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
+VORBIS_TOOLS_IGNORE_CVES += CVE-2015-6749
+# 0002-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
+VORBIS_TOOLS_IGNORE_CVES += CVE-2014-9638 CVE-2014-9639
+# 0003-oggenc-fix-crash-on-raw-file-close-reported-by-Hanno.patch
+VORBIS_TOOLS_IGNORE_CVES += CVE-2014-9640
+
  # ogg123 calls math functions but forgets to link with libm
  VORBIS_TOOLS_CONF_ENV = LIBS=-lm
author	Peter Korsgaard <peter@korsgaard.com>
	Wed, 19 Feb 2020 16:02:01 +0000 (17:02 +0100)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 20 Feb 2020 12:16:52 +0000 (13:16 +0100)