Fix for CVE-2017-8362, ref.

https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd 808 Bump PKGREVISION.
author: he <he@pkgsrc.org> 2017-05-17 21:58:05 +0000
committer: he <he@pkgsrc.org> 2017-05-17 21:58:05 +0000
commit: 0867cde25cbc9f2faac3f913b031c9ab79ae359b (patch)
tree: 6fa5883c4fcf8d5f77db40d922240ff41c84e58f /audio
parent: 31960518c18345243655472950f583f214281b0f (diff)
download: pkgsrc-0867cde25cbc9f2faac3f913b031c9ab79ae359b.tar.gz
2 files changed, 30 insertions, 5 deletions
diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile
index 4a1298e513a..975e90e2f0e 100644
--- a/audio/libsndfile/Makefile
+++ b/audio/libsndfile/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.74 2017/05/17 21:51:46 he Exp $
+# $NetBSD: Makefile,v 1.75 2017/05/17 21:58:05 he Exp $
 
 DISTNAME=	libsndfile-1.0.28
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	audio
 MASTER_SITES=	http://www.mega-nerd.com/libsndfile/files/
 
diff --git a/audio/libsndfile/patches/patch-src_flac.c b/audio/libsndfile/patches/patch-src_flac.c
index 0d2cb90b8dd..6bb74063567 100644
--- a/audio/libsndfile/patches/patch-src_flac.c
+++ b/audio/libsndfile/patches/patch-src_flac.c
@@ -1,17 +1,42 @@
-$NetBSD: patch-src_flac.c,v 1.1 2017/05/17 21:51:46 he Exp $
+$NetBSD: patch-src_flac.c,v 1.2 2017/05/17 21:58:05 he Exp $
 
 Fix for CVE-2017-8365, ref.
 https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+Fix for CVE-2017-8362, ref.
+https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
 
 --- src/flac.c.orig	2017-04-02 08:13:30.000000000 +0000
 +++ src/flac.c
-@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea
+@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const int32_t* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset, channels, len ;
+ 
++	if (psf->sf.channels != (int) frame->header.channels)
++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++					    "Nothing to do but to error out.\n" ,
++					    psf->sf.channels, frame->header.channels) ;
++		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++		return 0 ;
++		} ;
++
+ 	/*
+ 	**	frame->header.blocksize is variable and we're using a constant blocksize
+ 	**	of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		return 0 ;
+ 		} ;
+ 
+-
+ 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
+ 
+ 	if (pflac->remain % channels != 0)
+@@ -435,6 +442,19 @@ sf_flac_meta_callback (const FLAC__Strea
  
  	switch (metadata->type)
  	{	case FLAC__METADATA_TYPE_STREAMINFO :
 +			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
 +			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
-+						    "Nothing to be but to error out.\n" ,
++						    "Nothing to do but to error out.\n" ,
 +						    psf->sf.channels, metadata->data.stream_info.channels) ;
 +				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
 +				return ;
author	he <he@pkgsrc.org>	2017-05-17 21:58:05 +0000
committer	he <he@pkgsrc.org>	2017-05-17 21:58:05 +0000
commit	0867cde25cbc9f2faac3f913b031c9ab79ae359b (patch)
tree	6fa5883c4fcf8d5f77db40d922240ff41c84e58f /audio
parent	31960518c18345243655472950f583f214281b0f (diff)
download	pkgsrc-0867cde25cbc9f2faac3f913b031c9ab79ae359b.tar.gz