summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron>2009-12-03 10:16:10 +0000
committertron <tron>2009-12-03 10:16:10 +0000
commit99fee4d544ac9951b947ee0fd0b8a6d0b91bc891 (patch)
tree1647794a44fbf80a84561a9dcb03cd20d2378db7
parenta4778890bc63caea753f71e97dc9166d7e448e78 (diff)
downloadpkgsrc-99fee4d544ac9951b947ee0fd0b8a6d0b91bc891.tar.gz
Pullup ticket #2943 - requested by wiz
libvorbis: security patch Revisions pulled up: - audio/libvorbis/Makefile 1.49 - audio/libvorbis/distinfo 1.18 - audio/libvorbis/patches/patch-aa 1.5 - audio/libvorbis/patches/patch-ab 1.5 --- Module Name: pkgsrc Committed By: wiz Date: Wed Dec 2 12:41:25 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile distinfo Added Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab Log Message: Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION.
Diffstat
-rw-r--r--audio/libvorbis/Makefile3
-rw-r--r--audio/libvorbis/distinfo4
-rw-r--r--audio/libvorbis/patches/patch-aa14
-rw-r--r--audio/libvorbis/patches/patch-ab15
4 files changed, 34 insertions, 2 deletions
diff --git a/audio/libvorbis/Makefile b/audio/libvorbis/Makefile
index 8bfd935c586..3a2463cc683 100644
--- a/audio/libvorbis/Makefile
+++ b/audio/libvorbis/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2009/07/17 20:28:21 wiz Exp $
+# $NetBSD: Makefile,v 1.48.2.1 2009/12/03 10:16:10 tron Exp $
DISTNAME= libvorbis-1.2.3
+PKGREVISION= 1
CATEGORIES= devel audio
MASTER_SITES= http://downloads.xiph.org/releases/vorbis/
diff --git a/audio/libvorbis/distinfo b/audio/libvorbis/distinfo
index 84adab88e8d..c45cf62fca1 100644
--- a/audio/libvorbis/distinfo
+++ b/audio/libvorbis/distinfo
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.17 2009/07/17 20:28:21 wiz Exp $
+$NetBSD: distinfo,v 1.17.2.1 2009/12/03 10:16:10 tron Exp $
SHA1 (libvorbis-1.2.3.tar.gz) = a93251aa5e4f142db4fa6433de80797f80960fac
RMD160 (libvorbis-1.2.3.tar.gz) = e80ad7de3c2599e0d88994876407ac8fe3c9a0e7
Size (libvorbis-1.2.3.tar.gz) = 1474492 bytes
+SHA1 (patch-aa) = bd1534e2f680d5621a7909fd0b197d9d8c52b91d
+SHA1 (patch-ab) = b253546a863893e96569d8afb5e626ffe5f226dc
diff --git a/audio/libvorbis/patches/patch-aa b/audio/libvorbis/patches/patch-aa
new file mode 100644
index 00000000000..c8fdcbd84f6
--- /dev/null
+++ b/audio/libvorbis/patches/patch-aa
@@ -0,0 +1,14 @@
+$NetBSD: patch-aa,v 1.5.2.2 2009/12/03 10:16:10 tron Exp $
+
+SVN r16957
+
+--- lib/codebook.c.orig 2009-07-09 09:12:08.000000000 +0000
++++ lib/codebook.c
+@@ -198,6 +198,7 @@ int vorbis_staticbook_unpack(oggpack_buf
+ for(i=0;i<s->entries;){
+ long num=oggpack_read(opb,_ilog(s->entries-i));
+ if(num==-1)goto _eofout;
++ if(length>32)goto _errout;
+ for(j=0;j<num && i<s->entries;j++,i++)
+ s->lengthlist[i]=length;
+ length++;
diff --git a/audio/libvorbis/patches/patch-ab b/audio/libvorbis/patches/patch-ab
new file mode 100644
index 00000000000..7881dc476b4
--- /dev/null
+++ b/audio/libvorbis/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.5.2.2 2009/12/03 10:16:10 tron Exp $
+
+SVN 16326.
+
+--- lib/backends.h.orig 2009-07-09 09:12:08.000000000 +0000
++++ lib/backends.h
+@@ -111,7 +111,7 @@ typedef struct vorbis_info_residue0{
+ int partitions; /* possible codebooks for a partition */
+ int groupbook; /* huffbook for partitioning */
+ int secondstages[64]; /* expanded out to pointers in lookup */
+- int booklist[256]; /* list of second stage books */
++ int booklist[512]; /* list of second stage books */
+
+ const float classmetric1[64];
+ const float classmetric2[64];
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 00:29:12 +0000