diff options
| author | tron <tron> | 2009-03-04 23:17:09 +0000 |
|---|---|---|
| committer | tron <tron> | 2009-03-04 23:17:09 +0000 |
| commit | 2848edef38b4dea5a304260f6bc54c19650cd5eb (patch) | |
| tree | 0393610260073fefcbd6767392f0d656a993e846 | |
| parent | 4540242dd1381c36aeb72c24f9a24bc2dff93a87 (diff) | |
| download | pkgsrc-2848edef38b4dea5a304260f6bc54c19650cd5eb.tar.gz | |
Pullup ticket #2717 - requested by tnn
libsndfile: security patch
Add patch to fix the vulnerability reported in CVE-2009-0186.
| -rw-r--r-- | audio/libsndfile/Makefile | 4 | ||||
| -rw-r--r-- | audio/libsndfile/distinfo | 3 | ||||
| -rw-r--r-- | audio/libsndfile/patches/patch-ai | 18 |
3 files changed, 22 insertions, 3 deletions
diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile index c03e485d302..6a439a677b7 100644 --- a/audio/libsndfile/Makefile +++ b/audio/libsndfile/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.46 2008/07/24 22:39:30 obache Exp $ +# $NetBSD: Makefile,v 1.46.6.1 2009/03/04 23:17:09 tron Exp $ DISTNAME= libsndfile-1.0.17 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= audio MASTER_SITES= http://www.mega-nerd.com/libsndfile/ diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo index 96a652a4b38..78d24eae7c6 100644 --- a/audio/libsndfile/distinfo +++ b/audio/libsndfile/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2008/04/07 15:36:19 bjs Exp $ +$NetBSD: distinfo,v 1.24.10.1 2009/03/04 23:17:09 tron Exp $ SHA1 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = 10e0d19dfc8cf2a6bf499e0fa0d1ab17dca4c519 RMD160 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = fc6e6f03069c1ad8ee43f600f6ac2aa6e97bb1f5 @@ -14,4 +14,5 @@ SHA1 (patch-ae) = 628700514d3d2e6e12abb182c697311a233c1bd9 SHA1 (patch-af) = 9ac0dd446a2f24c2d39e20063489a3b778fcda36 SHA1 (patch-ag) = 10d0fcda9377fc6afa2dce9e4782f49889a4f4a3 SHA1 (patch-ah) = 8c936316ca1191f8893579a562ff705c8dde6f92 +SHA1 (patch-ai) = 9557b5c1a5fdef2321879251df937045e4215b8c SHA1 (patch-ba) = 92ec08d4e021f121d2255760d601625df71e3805 diff --git a/audio/libsndfile/patches/patch-ai b/audio/libsndfile/patches/patch-ai new file mode 100644 index 00000000000..6cdb626841b --- /dev/null +++ b/audio/libsndfile/patches/patch-ai @@ -0,0 +1,18 @@ +$NetBSD: patch-ai,v 1.1.2.1 2009/03/04 23:17:09 tron Exp $ + +Fix for CVE-2009-0186. + +--- src/caf.c.orig 2006-08-31 11:22:07.000000000 +0200 ++++ src/caf.c +@@ -282,6 +282,11 @@ caf_read_header (SF_PRIVATE *psf) + " Frames / packet : %u\n Channels / frame : %u\n Bits / channel : %u\n", + desc.fmt_id, desc.fmt_flags, desc.pkt_bytes, desc.pkt_frames, desc.channels_per_frame, desc.bits_per_chan) ; + ++ if (desc.channels_per_frame > 200) ++ { psf_log_printf (psf, "**** Bad channels per frame value %u.\n", desc.channels_per_frame) ; ++ return SFE_MALFORMED_FILE ; ++ } ; ++ + if (chunk_size > SIGNED_SIZEOF (DESC_CHUNK)) + psf_binheader_readf (psf, "j", (int) (chunk_size - sizeof (DESC_CHUNK))) ; + |