Pullup ticket #6014 - requested by nia

audio/mpg123: security fix

Revisions pulled up:
- audio/mpg123/Makefile                                         1.58
- audio/mpg123/Makefile.common                                  1.49
- audio/mpg123/distinfo                                         1.49

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sat Jul 27 15:14:40 UTC 2019

   Modified Files:
   	pkgsrc/audio/mpg123: Makefile Makefile.common distinfo

   Log Message:
   mpg123: Update to 1.25.11

   libmpg123:
   * Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
   * Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852)
   * Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)
   * Fix undefined parsing of APE header for skipping. Also prevent endless loop on premature end of supposed APE header. (oss-fuzz-bug 15864)
   * Fix some syntax to make pedantic compiler happy.

   The serious bugs trigger Denial of Service either via the nasty endless
   loop in supposed APE tags or by crashes if the invalid reads hit a
   diagnostic by the OS or, more likely, a security mechanism like the
   sanitizer instrumentation that enabled finding the bugs.

   I do not have CVE numbers for these bugs.
   I rather fix the bugs than name them. Just update, will you?

1 files changed, 1 insertions, 2 deletions

diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile
index b7d7bb87697..374d6fe3be4 100644
--- a/audio/mpg123/Makefile
+++ b/audio/mpg123/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.57 2018/07/14 17:12:56 tsutsui Exp $
+# $NetBSD: Makefile,v 1.57.8.1 2019/08/09 13:11:04 bsiegert Exp $
 
 PKGNAME=	${DISTNAME:C/[^[:alnum:]]*//}
-PKGREVISION=	2
 COMMENT=	MPEG layer 1, 2, and 3 audio player
 
 PKGCONFIG_OVERRIDE+=	libmpg123.pc.in