libvorbis: add patches for CVE-2017-14632 and CVE-2017-14633

patches via Debian, originally from upstream
c1c2831fc7
a79ec216cd

Closes: #11657 [via git-merge-pr]

srcpkgs/libvorbis/patches/CVE-2017-14632.patch

@@ -0,0 +1,10 @@
+--- lib/info.c
++++ lib/info.c
+@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   private_state *b=v->backend_state;
+ 
+   if(!b||vi->channels<=0){
++    b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
+   }

srcpkgs/libvorbis/patches/CVE-2017-14633.patch

@@ -0,0 +1,11 @@
+--- lib/info.c
++++ lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+     b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;

srcpkgs/libvorbis/template

@@ -1,7 +1,7 @@
 # Template file for 'libvorbis'.
 pkgname=libvorbis
 version=1.3.5
-revision=1
+revision=2
 build_style=gnu-configure
 hostmakedepends="automake libtool pkg-config"
 makedepends="libogg-devel"
@@ -16,6 +16,10 @@ pre_configure() {
 	autoreconf -fi -I m4
 }
 
+post_install() {
+	vlicense COPYING
+}
+
 libvorbis-devel_package() {
 	depends="libogg-devel libvorbis>=${version}_${revision}"
 	short_desc+=" - development files"