summaryrefslogtreecommitdiff
path: root/audio/mpg123
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2004-09-07 22:14:09 +0000
committersalo <salo@pkgsrc.org>2004-09-07 22:14:09 +0000
commitdd49dadba10cfdcd00b6c7564c04b17b81218da6 (patch)
tree5aa40d0538a652dadb25db85efc7556e7f4d446e /audio/mpg123
parent08b316427bb3e3b6ac15a4e9a1be6c005573a8f6 (diff)
downloadpkgsrc-dd49dadba10cfdcd00b6c7564c04b17b81218da6.tar.gz
PKGREVISION++
- fix a buffer overflow: "A malicious formatted mp3/2 causes mpg123 to fail header checks, this may allow arbitrary code to be executed with the privilege of the user trying to play the mp3." - patch from Debian but retain code style.
Diffstat (limited to 'audio/mpg123')
-rw-r--r--audio/mpg123/Makefile4
-rw-r--r--audio/mpg123/distinfo3
-rw-r--r--audio/mpg123/patches/patch-ar19
3 files changed, 23 insertions, 3 deletions
diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile
index 2f7a9034d09..e10b723e2d1 100644
--- a/audio/mpg123/Makefile
+++ b/audio/mpg123/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $
+# $NetBSD: Makefile,v 1.36 2004/09/07 22:14:09 salo Exp $
PKGNAME= mpg123-${MPG123_VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio
CONFLICTS+= mpg123-nas-[0-9]*
diff --git a/audio/mpg123/distinfo b/audio/mpg123/distinfo
index 60ddc5ed31c..d1fea081646 100644
--- a/audio/mpg123/distinfo
+++ b/audio/mpg123/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2004/03/17 04:49:48 danw Exp $
+$NetBSD: distinfo,v 1.18 2004/09/07 22:14:09 salo Exp $
SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -21,3 +21,4 @@ SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef
SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
+SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4
diff --git a/audio/mpg123/patches/patch-ar b/audio/mpg123/patches/patch-ar
new file mode 100644
index 00000000000..0e8d87d8d0a
--- /dev/null
+++ b/audio/mpg123/patches/patch-ar
@@ -0,0 +1,19 @@
+$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $
+
+CVE: CAN-2004-0805
+
+--- layer2.c.orig 1999-02-10 13:13:06.000000000 +0100
++++ layer2.c 2004-09-08 00:00:06.000000000 +0200
+@@ -265,6 +265,12 @@
+ fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
+ (fr->mode_ext<<2)+4 : fr->II_sblimit;
+
++ if (fr->jsbound > fr->II_sblimit)
++ {
++ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
++ fr->jsbound=fr->II_sblimit;
++ }
++
+ if(stereo == 1 || single == 3)
+ single = 0;
+