diff options
author | he <he@pkgsrc.org> | 2017-12-04 08:20:37 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2017-12-04 08:20:37 +0000 |
commit | d77a94667966f543181d210bf700ad26b8d015fd (patch) | |
tree | 3ab4eb8abf8f78aca6c7bcaa710cb169b4e90ddb /audio/lame | |
parent | f2d43dfa9f84db195899ef301eedbf4a83e42602 (diff) | |
download | pkgsrc-d77a94667966f543181d210bf700ad26b8d015fd.tar.gz |
Add patch to check against invalid input sample rate.
Should fix CVE-2015-9099. Ref.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
Bump PKGREVISION.
Diffstat (limited to 'audio/lame')
-rw-r--r-- | audio/lame/Makefile | 3 | ||||
-rw-r--r-- | audio/lame/distinfo | 7 | ||||
-rw-r--r-- | audio/lame/patches/patch-ab | 4 | ||||
-rw-r--r-- | audio/lame/patches/patch-ad | 4 | ||||
-rw-r--r-- | audio/lame/patches/patch-libmp3lame_lame.c | 21 |
5 files changed, 33 insertions, 6 deletions
diff --git a/audio/lame/Makefile b/audio/lame/Makefile index 1c303af2b7a..531272ba8a1 100644 --- a/audio/lame/Makefile +++ b/audio/lame/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.80 2017/10/21 22:51:00 wiz Exp $ +# $NetBSD: Makefile,v 1.81 2017/12/04 08:20:37 he Exp $ DISTNAME= lame-3.100 CATEGORIES= audio +PKGREVISION= 1 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=lame/} MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/audio/lame/distinfo b/audio/lame/distinfo index d885ae9b11c..69f25c70a74 100644 --- a/audio/lame/distinfo +++ b/audio/lame/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.30 2017/10/22 09:30:41 tron Exp $ +$NetBSD: distinfo,v 1.31 2017/12/04 08:20:37 he Exp $ SHA1 (lame-3.100.tar.gz) = 64c53b1a4d493237cef5e74944912cd9f98e618d RMD160 (lame-3.100.tar.gz) = e467c1f9458ca6878cd46e89fffce8970b9ea936 SHA512 (lame-3.100.tar.gz) = 0844b9eadb4aacf8000444621451277de365041cc1d97b7f7a589da0b7a23899310afd4e4d81114b9912aa97832621d20588034715573d417b2923948c08634b Size (lame-3.100.tar.gz) = 1524133 bytes -SHA1 (patch-ab) = ee5b570e8800aefdaffe94a6ed072fa7b62fba6b -SHA1 (patch-ad) = fa14817f765a61f046a96a1b556e2c8203fc27ad +SHA1 (patch-ab) = ef244006f1b172a0027de65a95fa11f5bce62da8 +SHA1 (patch-ad) = 9783edc46232eeb14f1174606963cdd3a2c601fc SHA1 (patch-include_libmp3lame.sym) = 2278fa631fb8ce05864d3ef09a45c0b3d73ab065 +SHA1 (patch-libmp3lame_lame.c) = ed64ba64c857dc6acb008105546699c95ac125b5 diff --git a/audio/lame/patches/patch-ab b/audio/lame/patches/patch-ab index dbb2cf14bcc..f6119ef1527 100644 --- a/audio/lame/patches/patch-ab +++ b/audio/lame/patches/patch-ab @@ -1,4 +1,6 @@ -$NetBSD: patch-ab,v 1.11 2017/10/21 22:51:00 wiz Exp $ +$NetBSD: patch-ab,v 1.12 2017/12/04 08:20:37 he Exp $ + +Change where html doc files are installed. --- doc/html/Makefile.in.orig 2017-10-13 20:21:58.000000000 +0000 +++ doc/html/Makefile.in diff --git a/audio/lame/patches/patch-ad b/audio/lame/patches/patch-ad index e5222e00201..8252d204451 100644 --- a/audio/lame/patches/patch-ad +++ b/audio/lame/patches/patch-ad @@ -1,4 +1,6 @@ -$NetBSD: patch-ad,v 1.4 2013/10/10 10:49:30 roy Exp $ +$NetBSD: patch-ad,v 1.5 2017/12/04 08:20:37 he Exp $ + +Add <float.h> include. --- libmp3lame/machine.h.orig 2012-02-07 14:04:51.000000000 +0000 +++ libmp3lame/machine.h diff --git a/audio/lame/patches/patch-libmp3lame_lame.c b/audio/lame/patches/patch-libmp3lame_lame.c new file mode 100644 index 00000000000..7d43c327fc9 --- /dev/null +++ b/audio/lame/patches/patch-libmp3lame_lame.c @@ -0,0 +1,21 @@ +$NetBSD: patch-libmp3lame_lame.c,v 1.3 2017/12/04 08:20:37 he Exp $ + +Add patch to check against invalid input sample rate. +Should fix CVE-2015-9099. Ref. +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959 + +--- libmp3lame/lame.c.orig 2017-10-10 19:08:39.000000000 +0000 ++++ libmp3lame/lame.c +@@ -801,6 +801,12 @@ lame_init_params(lame_global_flags * gfp + gfp->samplerate_out * 16 * cfg->channels_out / (1.e3 * gfp->VBR_mean_bitrate_kbps); + } + ++ if (gfp->samplerate_in < 0) { ++ freegfc(gfc); ++ gfp->internal_flags = NULL; ++ return -1; ++ } ++ + cfg->disable_reservoir = gfp->disable_reservoir; + cfg->lowpassfreq = gfp->lowpassfreq; + cfg->highpassfreq = gfp->highpassfreq; |