diff options
| author | wiz <wiz@pkgsrc.org> | 2008-04-29 05:51:09 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2008-04-29 05:51:09 +0000 |
| commit | 77c3a5676c08e3957dbd08bc5a9488913f4a1880 (patch) | |
| tree | 8186f852be260288d5ce62ec171f459227e9b3c3 | |
| parent | d86d72404ea77b61bf693d3b43c72ab7ebf42956 (diff) | |
| download | pkgsrc-77c3a5676c08e3957dbd08bc5a9488913f4a1880.tar.gz | |
Add upstream patch fixing
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Bump PKGREVISION.
| -rw-r--r-- | audio/vorbis-tools/Makefile | 3 | ||||
| -rw-r--r-- | audio/vorbis-tools/distinfo | 3 | ||||
| -rw-r--r-- | audio/vorbis-tools/patches/patch-ad | 17 |
3 files changed, 21 insertions, 2 deletions
diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile index f80a1285569..8d4c4efd19d 100644 --- a/audio/vorbis-tools/Makefile +++ b/audio/vorbis-tools/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.49 2008/03/14 18:55:54 wiz Exp $ +# $NetBSD: Makefile,v 1.50 2008/04/29 05:51:09 wiz Exp $ DISTNAME= vorbis-tools-1.2.0 +PKGREVISION= 1 CATEGORIES= audio MASTER_SITES= http://downloads.xiph.org/releases/vorbis/ diff --git a/audio/vorbis-tools/distinfo b/audio/vorbis-tools/distinfo index 1cb0f117d07..8771cdab321 100644 --- a/audio/vorbis-tools/distinfo +++ b/audio/vorbis-tools/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.20 2008/03/14 18:55:54 wiz Exp $ +$NetBSD: distinfo,v 1.21 2008/04/29 05:51:09 wiz Exp $ SHA1 (vorbis-tools-1.2.0.tar.gz) = c5c5ee4637ab8c9fc953d203663b7264432f874a RMD160 (vorbis-tools-1.2.0.tar.gz) = 8cb6925c6e4e69373b6c91ff20d7ed8d75153b7c @@ -6,3 +6,4 @@ Size (vorbis-tools-1.2.0.tar.gz) = 1076814 bytes SHA1 (patch-aa) = a9fe36760479678df09f840671c515e0d9f37796 SHA1 (patch-ab) = b706ae0bc9e13c5ccff689aa1451efc782e340e9 SHA1 (patch-ac) = 53065c4db39f7e975712c2cba51ff5542cf5a77f +SHA1 (patch-ad) = 6fe04631cd098fc64bf0914f1fd4ef654c0089b0 diff --git a/audio/vorbis-tools/patches/patch-ad b/audio/vorbis-tools/patches/patch-ad new file mode 100644 index 00000000000..41c36d4d3be --- /dev/null +++ b/audio/vorbis-tools/patches/patch-ad @@ -0,0 +1,17 @@ +$NetBSD: patch-ad,v 1.3 2008/04/29 05:51:10 wiz Exp $ + +https://trac.xiph.org/attachment/ticket/1347/vorbis-tools-1.2.0-sec.patch +for +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 + +--- ogg123/speex_format.c.orig 2008-03-03 06:37:26.000000000 +0100 ++++ ogg123/speex_format.c +@@ -475,7 +475,7 @@ void *process_header(ogg_packet *op, int + cb->printf_error(callback_arg, ERROR, _("Cannot read header")); + return NULL; + } +- if ((*header)->mode >= SPEEX_NB_MODES) { ++ if ((*header)->mode >= SPEEX_NB_MODES || (*header)->mode < 0) { + cb->printf_error(callback_arg, ERROR, + _("Mode number %d does not (any longer) exist in this version"), + (*header)->mode); |