diff options
| author | nia <nia@pkgsrc.org> | 2019-07-27 15:14:40 +0000 |
|---|---|---|
| committer | nia <nia@pkgsrc.org> | 2019-07-27 15:14:40 +0000 |
| commit | 288196dbcdecda6f9169106c3998681273d6f41c (patch) | |
| tree | 961b6926fbe4405b7de6900507c7f501593f0a6e /audio | |
| parent | cee0b638234ef31932cfa2910d695f08c5d52685 (diff) | |
| download | pkgsrc-288196dbcdecda6f9169106c3998681273d6f41c.tar.gz | |
mpg123: Update to 1.25.11
libmpg123:
* Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
* Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852)
* Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)
* Fix undefined parsing of APE header for skipping. Also prevent endless loop on premature end of supposed APE header. (oss-fuzz-bug 15864)
* Fix some syntax to make pedantic compiler happy.
The serious bugs trigger Denial of Service either via the nasty endless
loop in supposed APE tags or by crashes if the invalid reads hit a
diagnostic by the OS or, more likely, a security mechanism like the
sanitizer instrumentation that enabled finding the bugs.
I do not have CVE numbers for these bugs.
I rather fix the bugs than name them. Just update, will you?
Diffstat (limited to 'audio')
| -rw-r--r-- | audio/mpg123/Makefile | 3 | ||||
| -rw-r--r-- | audio/mpg123/Makefile.common | 6 | ||||
| -rw-r--r-- | audio/mpg123/distinfo | 10 |
3 files changed, 9 insertions, 10 deletions
diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile index b7d7bb87697..923df16131d 100644 --- a/audio/mpg123/Makefile +++ b/audio/mpg123/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.57 2018/07/14 17:12:56 tsutsui Exp $ +# $NetBSD: Makefile,v 1.58 2019/07/27 15:14:40 nia Exp $ PKGNAME= ${DISTNAME:C/[^[:alnum:]]*//} -PKGREVISION= 2 COMMENT= MPEG layer 1, 2, and 3 audio player PKGCONFIG_OVERRIDE+= libmpg123.pc.in diff --git a/audio/mpg123/Makefile.common b/audio/mpg123/Makefile.common index 1ffd0060ef6..c8695815d88 100644 --- a/audio/mpg123/Makefile.common +++ b/audio/mpg123/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.48 2018/04/13 08:20:06 adam Exp $ +# $NetBSD: Makefile.common,v 1.49 2019/07/27 15:14:40 nia Exp $ # # used by audio/mpg123-arts/Makefile # used by audio/mpg123-esound/Makefile @@ -7,14 +7,14 @@ # used by audio/mpg123-pulse/Makefile # used by audio/mpg123-sun/Makefile -DISTNAME= mpg123-1.25.10 +DISTNAME= mpg123-1.25.11 PKGNAME?= ${DISTNAME:C/[[:alnum:]]*/&-${MPG123_MODULE}/} CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mpg123/} EXTRACT_SUFX= .tar.bz2 MAINTAINER= martin@NetBSD.org -HOMEPAGE= http://www.mpg123.org/ +HOMEPAGE= https://www.mpg123.org/ COMMENT?= Contains the ${MPG123_MODULE} module for mpg123 LICENSE= gnu-lgpl-v2.1 diff --git a/audio/mpg123/distinfo b/audio/mpg123/distinfo index b4e375fd77f..97f8efa622e 100644 --- a/audio/mpg123/distinfo +++ b/audio/mpg123/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.48 2018/04/13 08:20:06 adam Exp $ +$NetBSD: distinfo,v 1.49 2019/07/27 15:14:40 nia Exp $ -SHA1 (mpg123-1.25.10.tar.bz2) = 604784ddbcfe282bffdc595d1d45c677c7cf381f -RMD160 (mpg123-1.25.10.tar.bz2) = c22ec77cf8c69925d36546f3bc971edc713c197c -SHA512 (mpg123-1.25.10.tar.bz2) = a33666ae4aca7e7c1a93a6414d8c525ec19044c54f712d578180147d88e63033f7af2370b9ad22960cc3a0b454f15967b7a831cccc97e034c8855f70cdf1ab09 -Size (mpg123-1.25.10.tar.bz2) = 921219 bytes +SHA1 (mpg123-1.25.11.tar.bz2) = 25f3e8f8599d3ffc480858799ea6f8620f48543d +RMD160 (mpg123-1.25.11.tar.bz2) = b41bf43a4773b07286c5622df53f8f15610eb9e6 +SHA512 (mpg123-1.25.11.tar.bz2) = 986338d0f4829ec9e40990cb384746c7abfa80d3b3d5656b6dda73d03e2441c1f28ffbe7f3f82b0008a1c4ebcfa07aeffb493e95f13f7d04cbc818a09f1008ed +Size (mpg123-1.25.11.tar.bz2) = 909478 bytes SHA1 (patch-Makefile.in) = e1b529e9468994e25c2567df7e64a2905b0cf529 SHA1 (patch-aa) = 4b2761219dd8fb92079d7f96872e56beb702696a SHA1 (patch-ad) = f07b637c3fc1d3ea0426013fc25bca8e3aecba56 |