Received: by mail.netbsd.org (Postfix, from userid 605) id D77C184DDF; Tue, 3 Sep 2019 09:33:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5C2BB84D98 for ; Tue, 3 Sep 2019 09:33:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id RhZNV6w2zAF5 for ; Tue, 3 Sep 2019 09:33:05 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id BC85084D81 for ; Tue, 3 Sep 2019 09:33:05 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id B1ED8FBF4; Tue, 3 Sep 2019 09:33:05 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_156750318570" MIME-Version: 1.0 Date: Tue, 3 Sep 2019 09:33:05 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2019Q2] pkgsrc/audio/mpg123 To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20190903093305.B1ED8FBF4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_156750318570 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Tue Sep 3 09:33:05 UTC 2019 Modified Files: pkgsrc/audio/mpg123 [pkgsrc-2019Q2]: Makefile.common distinfo Log Message: Pullup ticket #6034 - requested by nia audio/mpg123: security fix Revisions pulled up: - audio/mpg123/Makefile.common 1.50 - audio/mpg123/distinfo 1.50 --- Module Name: pkgsrc Committed By: nia Date: Sat Aug 31 14:24:19 UTC 2019 Modified Files: pkgsrc/audio/mpg123: Makefile.common distinfo Log Message: mpg123: Update to 1.25.12 libmpg123: Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames (oss-fuzz-bug 15975). The earlier fix around the same location needed one thought more. Actually, another though was needed, oss-fuzz-bug 16009 documents the incomplete fix. Fix an invalid write of one zero byte for empty ID3v2 frames that demand de-unsyncing (oss-fuzz-bug 16050). Correct preprocessor syntax in mangle.h, no #error in a #define line. (bug 273, thanks to nmlgc). To generate a diff of this commit: cvs rdiff -u -r1.48.10.1 -r1.48.10.2 pkgsrc/audio/mpg123/Makefile.common \ pkgsrc/audio/mpg123/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_156750318570 Content-Disposition: inline Content-Length: 2129 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/audio/mpg123/Makefile.common diff -u pkgsrc/audio/mpg123/Makefile.common:1.48.10.1 pkgsrc/audio/mpg123/Makefile.common:1.48.10.2 --- pkgsrc/audio/mpg123/Makefile.common:1.48.10.1 Fri Aug 9 13:11:04 2019 +++ pkgsrc/audio/mpg123/Makefile.common Tue Sep 3 09:33:05 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.48.10.1 2019/08/09 13:11:04 bsiegert Exp $ +# $NetBSD: Makefile.common,v 1.48.10.2 2019/09/03 09:33:05 bsiegert Exp $ # # used by audio/mpg123-arts/Makefile # used by audio/mpg123-esound/Makefile @@ -7,7 +7,7 @@ # used by audio/mpg123-pulse/Makefile # used by audio/mpg123-sun/Makefile -DISTNAME= mpg123-1.25.11 +DISTNAME= mpg123-1.25.12 PKGNAME?= ${DISTNAME:C/[[:alnum:]]*/&-${MPG123_MODULE}/} CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mpg123/} Index: pkgsrc/audio/mpg123/distinfo diff -u pkgsrc/audio/mpg123/distinfo:1.48.10.1 pkgsrc/audio/mpg123/distinfo:1.48.10.2 --- pkgsrc/audio/mpg123/distinfo:1.48.10.1 Fri Aug 9 13:11:04 2019 +++ pkgsrc/audio/mpg123/distinfo Tue Sep 3 09:33:05 2019 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.48.10.1 2019/08/09 13:11:04 bsiegert Exp $ +$NetBSD: distinfo,v 1.48.10.2 2019/09/03 09:33:05 bsiegert Exp $ -SHA1 (mpg123-1.25.11.tar.bz2) = 25f3e8f8599d3ffc480858799ea6f8620f48543d -RMD160 (mpg123-1.25.11.tar.bz2) = b41bf43a4773b07286c5622df53f8f15610eb9e6 -SHA512 (mpg123-1.25.11.tar.bz2) = 986338d0f4829ec9e40990cb384746c7abfa80d3b3d5656b6dda73d03e2441c1f28ffbe7f3f82b0008a1c4ebcfa07aeffb493e95f13f7d04cbc818a09f1008ed -Size (mpg123-1.25.11.tar.bz2) = 909478 bytes +SHA1 (mpg123-1.25.12.tar.bz2) = 4ece1ec124a6ca085e1d68f7ede6d5619fc587ff +RMD160 (mpg123-1.25.12.tar.bz2) = d6bb641bc56c7e5f83e7658c044b231b94f4886c +SHA512 (mpg123-1.25.12.tar.bz2) = fa3c719c68dbe45b265fd7677d0932b07f6a14e7ffe365ede965ff1637e655c4b57c86f7e4cd60cace7df5fcc93d48e0d44f082931394b7c6ef19f5d11638eff +Size (mpg123-1.25.12.tar.bz2) = 910149 bytes SHA1 (patch-Makefile.in) = e1b529e9468994e25c2567df7e64a2905b0cf529 SHA1 (patch-aa) = 4b2761219dd8fb92079d7f96872e56beb702696a SHA1 (patch-ad) = f07b637c3fc1d3ea0426013fc25bca8e3aecba56 --_----------=_156750318570--