diff options
author | drochner <drochner> | 2012-02-17 12:23:24 +0000 |
---|---|---|
committer | drochner <drochner> | 2012-02-17 12:23:24 +0000 |
commit | edb789a514add1560a3217030e60ae8fedf11e62 (patch) | |
tree | 07700fbd095fe936cf0ed13d85936362fd2f6916 /audio/libvorbis | |
parent | e74890706673c48335d9d83aebb92b5c9da18ea6 (diff) | |
download | pkgsrc-edb789a514add1560a3217030e60ae8fedf11e62.tar.gz |
add patch from upstream to fix possible memory corruption by
malicious Ogg Vorbis files
bump PKGREV
Diffstat (limited to 'audio/libvorbis')
-rw-r--r-- | audio/libvorbis/Makefile | 3 | ||||
-rw-r--r-- | audio/libvorbis/distinfo | 3 | ||||
-rw-r--r-- | audio/libvorbis/patches/patch-CVE-2012-0444 | 14 |
3 files changed, 18 insertions, 2 deletions
diff --git a/audio/libvorbis/Makefile b/audio/libvorbis/Makefile index b6e16bc88d5..2795eb76db6 100644 --- a/audio/libvorbis/Makefile +++ b/audio/libvorbis/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.51 2010/11/09 13:12:11 adam Exp $ +# $NetBSD: Makefile,v 1.52 2012/02/17 12:23:24 drochner Exp $ DISTNAME= libvorbis-1.3.2 +PKGREVISION= 1 CATEGORIES= devel audio MASTER_SITES= http://downloads.xiph.org/releases/vorbis/ EXTRACT_SUFX= .tar.bz2 diff --git a/audio/libvorbis/distinfo b/audio/libvorbis/distinfo index 1dfe41a8afb..01df7373ab2 100644 --- a/audio/libvorbis/distinfo +++ b/audio/libvorbis/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.20 2010/11/09 13:12:11 adam Exp $ +$NetBSD: distinfo,v 1.21 2012/02/17 12:23:24 drochner Exp $ SHA1 (libvorbis-1.3.2.tar.bz2) = 4c44da8215d1fc56676fccc1af8dd6b422d9e676 RMD160 (libvorbis-1.3.2.tar.bz2) = 2478fd66305ee6fa31d6d336e4ff2b3ec649d661 Size (libvorbis-1.3.2.tar.bz2) = 1230364 bytes +SHA1 (patch-CVE-2012-0444) = c5e2cb7ee0a13c38b43166952954e66bcc5307a1 diff --git a/audio/libvorbis/patches/patch-CVE-2012-0444 b/audio/libvorbis/patches/patch-CVE-2012-0444 new file mode 100644 index 00000000000..82653ff2f6b --- /dev/null +++ b/audio/libvorbis/patches/patch-CVE-2012-0444 @@ -0,0 +1,14 @@ +$NetBSD: patch-CVE-2012-0444,v 1.1 2012/02/17 12:23:24 drochner Exp $ + +changeset #18151 + +--- lib/floor1.c.orig 2010-10-23 04:31:21.000000000 +0000 ++++ lib/floor1.c +@@ -167,6 +167,7 @@ static vorbis_info_floor *floor1_unpack + + for(j=0,k=0;j<info->partitions;j++){ + count+=info->class_dim[info->partitionclass[j]]; ++ if(count>VIF_POSIT) goto err_out; + for(;k<count;k++){ + int t=info->postlist[k+2]=oggpack_read(opb,rangebits); + if(t<0 || t>=(1<<rangebits)) |