summaryrefslogtreecommitdiff
path: root/audio/libvorbis
diff options
context:
space:
mode:
authordrochner <drochner>2012-02-17 12:23:24 +0000
committerdrochner <drochner>2012-02-17 12:23:24 +0000
commitedb789a514add1560a3217030e60ae8fedf11e62 (patch)
tree07700fbd095fe936cf0ed13d85936362fd2f6916 /audio/libvorbis
parente74890706673c48335d9d83aebb92b5c9da18ea6 (diff)
downloadpkgsrc-edb789a514add1560a3217030e60ae8fedf11e62.tar.gz
add patch from upstream to fix possible memory corruption by
malicious Ogg Vorbis files bump PKGREV
Diffstat (limited to 'audio/libvorbis')
-rw-r--r--audio/libvorbis/Makefile3
-rw-r--r--audio/libvorbis/distinfo3
-rw-r--r--audio/libvorbis/patches/patch-CVE-2012-044414
3 files changed, 18 insertions, 2 deletions
diff --git a/audio/libvorbis/Makefile b/audio/libvorbis/Makefile
index b6e16bc88d5..2795eb76db6 100644
--- a/audio/libvorbis/Makefile
+++ b/audio/libvorbis/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.51 2010/11/09 13:12:11 adam Exp $
+# $NetBSD: Makefile,v 1.52 2012/02/17 12:23:24 drochner Exp $
DISTNAME= libvorbis-1.3.2
+PKGREVISION= 1
CATEGORIES= devel audio
MASTER_SITES= http://downloads.xiph.org/releases/vorbis/
EXTRACT_SUFX= .tar.bz2
diff --git a/audio/libvorbis/distinfo b/audio/libvorbis/distinfo
index 1dfe41a8afb..01df7373ab2 100644
--- a/audio/libvorbis/distinfo
+++ b/audio/libvorbis/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.20 2010/11/09 13:12:11 adam Exp $
+$NetBSD: distinfo,v 1.21 2012/02/17 12:23:24 drochner Exp $
SHA1 (libvorbis-1.3.2.tar.bz2) = 4c44da8215d1fc56676fccc1af8dd6b422d9e676
RMD160 (libvorbis-1.3.2.tar.bz2) = 2478fd66305ee6fa31d6d336e4ff2b3ec649d661
Size (libvorbis-1.3.2.tar.bz2) = 1230364 bytes
+SHA1 (patch-CVE-2012-0444) = c5e2cb7ee0a13c38b43166952954e66bcc5307a1
diff --git a/audio/libvorbis/patches/patch-CVE-2012-0444 b/audio/libvorbis/patches/patch-CVE-2012-0444
new file mode 100644
index 00000000000..82653ff2f6b
--- /dev/null
+++ b/audio/libvorbis/patches/patch-CVE-2012-0444
@@ -0,0 +1,14 @@
+$NetBSD: patch-CVE-2012-0444,v 1.1 2012/02/17 12:23:24 drochner Exp $
+
+changeset #18151
+
+--- lib/floor1.c.orig 2010-10-23 04:31:21.000000000 +0000
++++ lib/floor1.c
+@@ -167,6 +167,7 @@ static vorbis_info_floor *floor1_unpack
+
+ for(j=0,k=0;j<info->partitions;j++){
+ count+=info->class_dim[info->partitionclass[j]];
++ if(count>VIF_POSIT) goto err_out;
+ for(;k<count;k++){
+ int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
+ if(t<0 || t>=(1<<rangebits))