From 55404be85f07f11bb678291708591d41feb7b566 Mon Sep 17 00:00:00 2001
From: he <he@pkgsrc.org>
Date: Wed, 17 May 2017 21:51:46 +0000
Subject: Fix for CVE-2017-8365, ref.
 https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
 Bump PKGREVISION.

---
 audio/libsndfile/Makefile                    |  3 ++-
 audio/libsndfile/distinfo                    |  5 ++++-
 audio/libsndfile/patches/patch-src_common.h  | 15 +++++++++++++++
 audio/libsndfile/patches/patch-src_flac.c    | 27 +++++++++++++++++++++++++++
 audio/libsndfile/patches/patch-src_sndfile.c | 15 +++++++++++++++
 5 files changed, 63 insertions(+), 2 deletions(-)
 create mode 100644 audio/libsndfile/patches/patch-src_common.h
 create mode 100644 audio/libsndfile/patches/patch-src_flac.c
 create mode 100644 audio/libsndfile/patches/patch-src_sndfile.c

diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile
index 74ccbf42a5e..4a1298e513a 100644
--- a/audio/libsndfile/Makefile
+++ b/audio/libsndfile/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.73 2017/04/26 22:35:01 maya Exp $
+# $NetBSD: Makefile,v 1.74 2017/05/17 21:51:46 he Exp $
 
 DISTNAME=	libsndfile-1.0.28
+PKGREVISION=	1
 CATEGORIES=	audio
 MASTER_SITES=	http://www.mega-nerd.com/libsndfile/files/
 
diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo
index 94dc433c67a..19e5e299240 100644
--- a/audio/libsndfile/distinfo
+++ b/audio/libsndfile/distinfo
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.40 2017/04/19 13:32:12 wiz Exp $
+$NetBSD: distinfo,v 1.41 2017/05/17 21:51:46 he Exp $
 
 SHA1 (libsndfile-1.0.28.tar.gz) = 85aa967e19f6b9bf975601d79669025e5f8bc77d
 RMD160 (libsndfile-1.0.28.tar.gz) = f8803966802afe2b5a35cda28c2f764d91c48f37
 SHA512 (libsndfile-1.0.28.tar.gz) = 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f
 Size (libsndfile-1.0.28.tar.gz) = 1202833 bytes
+SHA1 (patch-src_common.h) = ed366417009008f816d688cd33809f680cf2f674
+SHA1 (patch-src_flac.c) = d31a3532ed71a2a490c14b5cd90928089d2ab093
+SHA1 (patch-src_sndfile.c) = 34b27502839b8ef271ced8ba562b7281c68ff4da
diff --git a/audio/libsndfile/patches/patch-src_common.h b/audio/libsndfile/patches/patch-src_common.h
new file mode 100644
index 00000000000..2cbe7dcf7e4
--- /dev/null
+++ b/audio/libsndfile/patches/patch-src_common.h
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_common.h,v 1.1 2017/05/17 21:51:46 he Exp $
+
+Fix for CVE-2017-8365, ref.
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+--- src/common.h.orig	2017-04-01 09:40:45.000000000 +0000
++++ src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
diff --git a/audio/libsndfile/patches/patch-src_flac.c b/audio/libsndfile/patches/patch-src_flac.c
new file mode 100644
index 00000000000..0d2cb90b8dd
--- /dev/null
+++ b/audio/libsndfile/patches/patch-src_flac.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-src_flac.c,v 1.1 2017/05/17 21:51:46 he Exp $
+
+Fix for CVE-2017-8365, ref.
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+--- src/flac.c.orig	2017-04-02 08:13:30.000000000 +0000
++++ src/flac.c
+@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++						    "Nothing to be but to error out.\n" ,
++						    psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++						    "Carrying on as if nothing happened.",
++						    psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
diff --git a/audio/libsndfile/patches/patch-src_sndfile.c b/audio/libsndfile/patches/patch-src_sndfile.c
new file mode 100644
index 00000000000..4f9e9d122d5
--- /dev/null
+++ b/audio/libsndfile/patches/patch-src_sndfile.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_sndfile.c,v 1.1 2017/05/17 21:51:46 he Exp $
+
+Fix for CVE-2017-8365, ref.
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+--- src/sndfile.c.orig	2017-04-02 06:33:16.000000000 +0000
++++ src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
-- 
cgit v1.2.3