diff options
| author | he <he@pkgsrc.org> | 2017-05-17 21:51:46 +0000 |
|---|---|---|
| committer | he <he@pkgsrc.org> | 2017-05-17 21:51:46 +0000 |
| commit | 55404be85f07f11bb678291708591d41feb7b566 (patch) | |
| tree | 95d712ec943bd2177e262b193175bae3a9caad40 | |
| parent | c59414aa07d9314cc1609906215436725dda13fd (diff) | |
| download | pkgsrc-55404be85f07f11bb678291708591d41feb7b566.tar.gz | |
Fix for CVE-2017-8365, ref.
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
Bump PKGREVISION.
| -rw-r--r-- | audio/libsndfile/Makefile | 3 | ||||
| -rw-r--r-- | audio/libsndfile/distinfo | 5 | ||||
| -rw-r--r-- | audio/libsndfile/patches/patch-src_common.h | 15 | ||||
| -rw-r--r-- | audio/libsndfile/patches/patch-src_flac.c | 27 | ||||
| -rw-r--r-- | audio/libsndfile/patches/patch-src_sndfile.c | 15 |
5 files changed, 63 insertions, 2 deletions
diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile index 74ccbf42a5e..4a1298e513a 100644 --- a/audio/libsndfile/Makefile +++ b/audio/libsndfile/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.73 2017/04/26 22:35:01 maya Exp $ +# $NetBSD: Makefile,v 1.74 2017/05/17 21:51:46 he Exp $ DISTNAME= libsndfile-1.0.28 +PKGREVISION= 1 CATEGORIES= audio MASTER_SITES= http://www.mega-nerd.com/libsndfile/files/ diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo index 94dc433c67a..19e5e299240 100644 --- a/audio/libsndfile/distinfo +++ b/audio/libsndfile/distinfo @@ -1,6 +1,9 @@ -$NetBSD: distinfo,v 1.40 2017/04/19 13:32:12 wiz Exp $ +$NetBSD: distinfo,v 1.41 2017/05/17 21:51:46 he Exp $ SHA1 (libsndfile-1.0.28.tar.gz) = 85aa967e19f6b9bf975601d79669025e5f8bc77d RMD160 (libsndfile-1.0.28.tar.gz) = f8803966802afe2b5a35cda28c2f764d91c48f37 SHA512 (libsndfile-1.0.28.tar.gz) = 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f Size (libsndfile-1.0.28.tar.gz) = 1202833 bytes +SHA1 (patch-src_common.h) = ed366417009008f816d688cd33809f680cf2f674 +SHA1 (patch-src_flac.c) = d31a3532ed71a2a490c14b5cd90928089d2ab093 +SHA1 (patch-src_sndfile.c) = 34b27502839b8ef271ced8ba562b7281c68ff4da diff --git a/audio/libsndfile/patches/patch-src_common.h b/audio/libsndfile/patches/patch-src_common.h new file mode 100644 index 00000000000..2cbe7dcf7e4 --- /dev/null +++ b/audio/libsndfile/patches/patch-src_common.h @@ -0,0 +1,15 @@ +$NetBSD: patch-src_common.h,v 1.1 2017/05/17 21:51:46 he Exp $ + +Fix for CVE-2017-8365, ref. +https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 + +--- src/common.h.orig 2017-04-01 09:40:45.000000000 +0000 ++++ src/common.h +@@ -725,6 +725,7 @@ enum + SFE_FLAC_INIT_DECODER, + SFE_FLAC_LOST_SYNC, + SFE_FLAC_BAD_SAMPLE_RATE, ++ SFE_FLAC_CHANNEL_COUNT_CHANGED, + SFE_FLAC_UNKOWN_ERROR, + + SFE_WVE_NOT_WVE, diff --git a/audio/libsndfile/patches/patch-src_flac.c b/audio/libsndfile/patches/patch-src_flac.c new file mode 100644 index 00000000000..0d2cb90b8dd --- /dev/null +++ b/audio/libsndfile/patches/patch-src_flac.c @@ -0,0 +1,27 @@ +$NetBSD: patch-src_flac.c,v 1.1 2017/05/17 21:51:46 he Exp $ + +Fix for CVE-2017-8365, ref. +https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 + +--- src/flac.c.orig 2017-04-02 08:13:30.000000000 +0000 ++++ src/flac.c +@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea + + switch (metadata->type) + { case FLAC__METADATA_TYPE_STREAMINFO : ++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) ++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" ++ "Nothing to be but to error out.\n" , ++ psf->sf.channels, metadata->data.stream_info.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return ; ++ } ; ++ ++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate) ++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n" ++ "Carrying on as if nothing happened.", ++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ; ++ } ; + psf->sf.channels = metadata->data.stream_info.channels ; + psf->sf.samplerate = metadata->data.stream_info.sample_rate ; + psf->sf.frames = metadata->data.stream_info.total_samples ; diff --git a/audio/libsndfile/patches/patch-src_sndfile.c b/audio/libsndfile/patches/patch-src_sndfile.c new file mode 100644 index 00000000000..4f9e9d122d5 --- /dev/null +++ b/audio/libsndfile/patches/patch-src_sndfile.c @@ -0,0 +1,15 @@ +$NetBSD: patch-src_sndfile.c,v 1.1 2017/05/17 21:51:46 he Exp $ + +Fix for CVE-2017-8365, ref. +https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 + +--- src/sndfile.c.orig 2017-04-02 06:33:16.000000000 +0000 ++++ src/sndfile.c +@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] = + { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." }, + { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." }, + { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." }, ++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." }, + { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." }, + + { SFE_WVE_NOT_WVE , "Error : not a WVE file." }, |