Add patch from upstream against CVE-2008-1686.

Bump PKGREVISION.

3 files changed, 24 insertions, 2 deletions

diff --git a/audio/speex/Makefile b/audio/speex/Makefile
index c1ebaa1bf3e..78e8408aa4b 100644
--- a/audio/speex/Makefile
+++ b/audio/speex/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2007/02/22 19:26:07 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2008/04/29 20:22:43 wiz Exp $
 #
 
 DISTNAME=	speex-1.0.5
+PKGREVISION=	1
 CATEGORIES=	audio
 MASTER_SITES=	http://downloads.us.xiph.org/releases/speex/
 
diff --git a/audio/speex/distinfo b/audio/speex/distinfo
index 5bce560804c..ee5d07d74d2 100644
--- a/audio/speex/distinfo
+++ b/audio/speex/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.10 2006/03/11 03:14:43 reed Exp $
+$NetBSD: distinfo,v 1.11 2008/04/29 20:22:43 wiz Exp $
 
 SHA1 (speex-1.0.5.tar.gz) = a8f34f80e5f84a47aee7e70088632d4958fe75fd
 RMD160 (speex-1.0.5.tar.gz) = 6ceed29438912647ef1d2d7299822fdaaf5509f9
 Size (speex-1.0.5.tar.gz) = 546872 bytes
 SHA1 (patch-aa) = 675bbd2696852002d73fc778a3c1125435eb0fc6
 SHA1 (patch-ab) = b88dfafc1464aed7c5f38f39a270d16338335418
+SHA1 (patch-ac) = 9167258134683ee6172455532ff1ae9aa95d9868
diff --git a/audio/speex/patches/patch-ac b/audio/speex/patches/patch-ac
new file mode 100644
index 00000000000..9e37aaf508e
--- /dev/null
+++ b/audio/speex/patches/patch-ac
@@ -0,0 +1,20 @@
+$NetBSD: patch-ac,v 1.1 2008/04/29 20:22:43 wiz Exp $
+
+https://trac.xiph.org/changeset/14701
+
+--- libspeex/speex_header.c.orig	2004-07-14 05:58:46.000000000 +0000
++++ libspeex/speex_header.c
+@@ -157,6 +157,13 @@ SpeexHeader *speex_packet_to_header(char
+    ENDIAN_SWITCH(le_header->frames_per_packet);
+    ENDIAN_SWITCH(le_header->extra_headers);
+ 
++   if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
++   {
++      speex_warning("Invalid mode specified in Speex header");
++      speex_free (le_header);
++      return NULL;
++   }
++
+    return le_header;
+ 
+ }