Pullup ticket #4647 - requested by bsiegert

audio/vorbis-tools: security patch Revisions pulled up: - audio/vorbis-tools/Makefile 1.61 - audio/vorbis-tools/distinfo 1.24 - audio/vorbis-tools/patches/patch-ac 1.10 --- Module Name: pkgsrc Committed By: bsiegert Date: Sat Mar 21 19:06:54 UTC 2015 Modified Files: pkgsrc/audio/vorbis-tools: Makefile distinfo pkgsrc/audio/vorbis-tools/patches: patch-ac Log Message: SECURITY: Fix CVE-2014-9640. https://trac.xiph.org/changeset/19117 oggenc: fix crash on raw file close, reported by Hanno in issue #2009. pointer to a non-static struct was escaping its scope.
author: hiramatsu <hiramatsu> 2015-04-01 15:32:04 +0000
committer: hiramatsu <hiramatsu> 2015-04-01 15:32:04 +0000
commit: 45d7b184ecc2063f1d9f87318b412992161034d8 (patch)
tree: b5f4219ff8bcde900b774f68733e78c15224be2f
parent: b43cdab0b09833011c312962f0b185277dc04136 (diff)
download: pkgsrc-45d7b184ecc2063f1d9f87318b412992161034d8.tar.gz
3 files changed, 31 insertions, 9 deletions
diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile
index 5b6ba4a3e49..9a2582ab139 100644
--- a/audio/vorbis-tools/Makefile
+++ b/audio/vorbis-tools/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.60 2014/02/12 23:17:35 tron Exp $
+# $NetBSD: Makefile,v 1.60.8.1 2015/04/01 15:32:04 hiramatsu Exp $
 
 DISTNAME=	vorbis-tools-1.4.0
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	audio
 MASTER_SITES=	http://downloads.xiph.org/releases/vorbis/
 
diff --git a/audio/vorbis-tools/distinfo b/audio/vorbis-tools/distinfo
index e8d7e20f268..846f593a659 100644
--- a/audio/vorbis-tools/distinfo
+++ b/audio/vorbis-tools/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.23 2010/11/09 13:13:03 adam Exp $
+$NetBSD: distinfo,v 1.23.34.1 2015/04/01 15:32:04 hiramatsu Exp $
 
 SHA1 (vorbis-tools-1.4.0.tar.gz) = fc6a820bdb5ad6fcac074721fab5c3f96eaf6562
 RMD160 (vorbis-tools-1.4.0.tar.gz) = ff21e5c9456ac0a82b8eda4e53931db8522a2ccd
 Size (vorbis-tools-1.4.0.tar.gz) = 1346532 bytes
 SHA1 (patch-aa) = ea37946fb3a227d91eeb3ea94a9a7c9f8a3ef021
 SHA1 (patch-ab) = 00c0a5a9388baf79fd944e12cda1da65e2e8676c
-SHA1 (patch-ac) = 43f270b53044c54cf682ee084fa29592cf2b0eeb
+SHA1 (patch-ac) = 781ad97014c81f9fd40166cc29112247ef4acd6d
 SHA1 (patch-ae) = 60ca36c35325e4228ea7f7f5b3a60cd57b56b0cd
diff --git a/audio/vorbis-tools/patches/patch-ac b/audio/vorbis-tools/patches/patch-ac
index b287c548d0a..a1e22ec4803 100644
--- a/audio/vorbis-tools/patches/patch-ac
+++ b/audio/vorbis-tools/patches/patch-ac
@@ -1,8 +1,30 @@
-$NetBSD: patch-ac,v 1.9 2010/11/09 13:13:03 adam Exp $
+$NetBSD: patch-ac,v 1.9.34.1 2015/04/01 15:32:04 hiramatsu Exp $
 
+https://trac.xiph.org/changeset/19117
+oggenc: fix crash on raw file close, reported by Hanno in issue #2009. pointer
+to a non-static struct was escaping its scope.
 --- oggenc/oggenc.c.orig	2010-03-26 07:07:07.000000000 +0000
 +++ oggenc/oggenc.c
-@@ -779,6 +779,8 @@ static void parse_options(int argc, char
+@@ -97,6 +97,8 @@ int main(int argc, char **argv)
+               .3,-1,
+               0,0,0.f,
+               0, 0, 0, 0, 0};
++    input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
++	N_("RAW file reader")};
+ 
+     int i;
+ 
+@@ -239,9 +241,6 @@ int main(int argc, char **argv)
+ 
+         if(opt.rawmode)
+         {
+-            input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", 
+-                N_("RAW file reader")};
+-
+             enc_opts.rate=opt.raw_samplerate;
+             enc_opts.channels=opt.raw_channels;
+             enc_opts.samplesize=opt.raw_samplesize;
+@@ -779,6 +778,8 @@ static void parse_options(int argc, char
  
                  break;
              case 'a':
@@ -11,7 +33,7 @@ $NetBSD: patch-ac,v 1.9 2010/11/09 13:13:03 adam Exp $
                  opt->artist = realloc(opt->artist, (++opt->artist_count)*sizeof(char *));
                  opt->artist[opt->artist_count - 1] = strdup(optarg);
                  break;
-@@ -791,10 +793,14 @@ static void parse_options(int argc, char
+@@ -791,10 +792,14 @@ static void parse_options(int argc, char
                  opt->comments[opt->comment_count - 1] = strdup(optarg);
                  break;
              case 'd':
@@ -26,7 +48,7 @@ $NetBSD: patch-ac,v 1.9 2010/11/09 13:13:03 adam Exp $
                  opt->genre = realloc(opt->genre, (++opt->genre_count)*sizeof(char *));
                  opt->genre[opt->genre_count - 1] = strdup(optarg);
                  break;
-@@ -803,6 +809,8 @@ static void parse_options(int argc, char
+@@ -803,6 +808,8 @@ static void parse_options(int argc, char
                  exit(0);
                  break;
              case 'l':
@@ -35,7 +57,7 @@ $NetBSD: patch-ac,v 1.9 2010/11/09 13:13:03 adam Exp $
                  opt->album = realloc(opt->album, (++opt->album_count)*sizeof(char *));
                  opt->album[opt->album_count - 1] = strdup(optarg);
                  break;
-@@ -815,6 +823,8 @@ static void parse_options(int argc, char
+@@ -815,6 +822,8 @@ static void parse_options(int argc, char
                                      opt->fixedserial = 1;
                  break;
              case 't':
author	hiramatsu <hiramatsu>	2015-04-01 15:32:04 +0000
committer	hiramatsu <hiramatsu>	2015-04-01 15:32:04 +0000
commit	45d7b184ecc2063f1d9f87318b412992161034d8 (patch)
tree	b5f4219ff8bcde900b774f68733e78c15224be2f
parent	b43cdab0b09833011c312962f0b185277dc04136 (diff)
download	pkgsrc-45d7b184ecc2063f1d9f87318b412992161034d8.tar.gz