diff options
| author | salo <salo@pkgsrc.org> | 2004-09-07 22:14:09 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2004-09-07 22:14:09 +0000 |
| commit | dd49dadba10cfdcd00b6c7564c04b17b81218da6 (patch) | |
| tree | 5aa40d0538a652dadb25db85efc7556e7f4d446e /audio/mpg123 | |
| parent | 08b316427bb3e3b6ac15a4e9a1be6c005573a8f6 (diff) | |
| download | pkgsrc-dd49dadba10cfdcd00b6c7564c04b17b81218da6.tar.gz | |
PKGREVISION++
- fix a buffer overflow:
"A malicious formatted mp3/2 causes mpg123 to fail header checks,
this may allow arbitrary code to be executed with the privilege
of the user trying to play the mp3."
- patch from Debian but retain code style.
Diffstat (limited to 'audio/mpg123')
| -rw-r--r-- | audio/mpg123/Makefile | 4 | ||||
| -rw-r--r-- | audio/mpg123/distinfo | 3 | ||||
| -rw-r--r-- | audio/mpg123/patches/patch-ar | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile index 2f7a9034d09..e10b723e2d1 100644 --- a/audio/mpg123/Makefile +++ b/audio/mpg123/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $ +# $NetBSD: Makefile,v 1.36 2004/09/07 22:14:09 salo Exp $ PKGNAME= mpg123-${MPG123_VERSION} -PKGREVISION= 3 +PKGREVISION= 4 COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio CONFLICTS+= mpg123-nas-[0-9]* diff --git a/audio/mpg123/distinfo b/audio/mpg123/distinfo index 60ddc5ed31c..d1fea081646 100644 --- a/audio/mpg123/distinfo +++ b/audio/mpg123/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2004/03/17 04:49:48 danw Exp $ +$NetBSD: distinfo,v 1.18 2004/09/07 22:14:09 salo Exp $ SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes @@ -21,3 +21,4 @@ SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7 SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007 +SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4 diff --git a/audio/mpg123/patches/patch-ar b/audio/mpg123/patches/patch-ar new file mode 100644 index 00000000000..0e8d87d8d0a --- /dev/null +++ b/audio/mpg123/patches/patch-ar @@ -0,0 +1,19 @@ +$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $ + +CVE: CAN-2004-0805 + +--- layer2.c.orig 1999-02-10 13:13:06.000000000 +0100 ++++ layer2.c 2004-09-08 00:00:06.000000000 +0200 +@@ -265,6 +265,12 @@ + fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ? + (fr->mode_ext<<2)+4 : fr->II_sblimit; + ++ if (fr->jsbound > fr->II_sblimit) ++ { ++ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n"); ++ fr->jsbound=fr->II_sblimit; ++ } ++ + if(stereo == 1 || single == 3) + single = 0; + |