From: Matthias Scheler <tron@netbsd.org>
Subject: CVS commit: [pkgsrc-2008Q4] pkgsrc/audio/libaudiofile
To: pkgsrc-changes@NetBSD.org
Reply-To: tron@netbsd.org
Message-Id: <20090122202128.87100175D0@cvs.netbsd.org>
Date: Thu, 22 Jan 2009 20:21:28 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list


Module Name:	pkgsrc
Committed By:	tron
Date:		Thu Jan 22 20:21:28 UTC 2009

Modified Files:
	pkgsrc/audio/libaudiofile [pkgsrc-2008Q4]: Makefile distinfo
Added Files:
	pkgsrc/audio/libaudiofile/patches [pkgsrc-2008Q4]: patch-ac patch-ad

Log Message:
Pullup ticket #2652 - requested by drochner
libaudiofile: security patch

Revisions pulled up:
audio/libaudiofile/Makefile			1.43
audio/libaudiofile/distinfo			1.12
audio/libaudiofile/patches/patch-ac		1.1
audio/libaudiofile/patches/patch-ad		1.1
---
Module Name:	pkgsrc
Committed By:	drochner
Date:		Wed Jan 21 15:19:27 UTC 2009

Modified Files:
	pkgsrc/audio/libaudiofile: Makefile distinfo
Added Files:
	pkgsrc/audio/libaudiofile/patches: patch-ac patch-ad

Log Message:
(attempt to) fix CVE-2008-5824 (buffer overflow in msadpcm.c),
see Debian bug #510205, just done correctly.
The IMA code might have similar problems. The code appearently can't
handle stereo files correctly anyway, so bail out if >1 channel
which should avoid the problem.
bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -r1.42 -r1.42.10.1 pkgsrc/audio/libaudiofile/Makefile
cvs rdiff -r1.11 -r1.11.34.1 pkgsrc/audio/libaudiofile/distinfo
cvs rdiff -r0 -r1.1.2.2 pkgsrc/audio/libaudiofile/patches/patch-ac \
    pkgsrc/audio/libaudiofile/patches/patch-ad

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.