Pullup ticket 2281 - requested by drochner
security fix for libsndfile
- pkgsrc/audio/libsndfile/Makefile 1.44
- pkgsrc/audio/libsndfile/distinfo 1.23
- pkgsrc/audio/libsndfile/patches/patch-ba 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Mon Jan 7 17:34:38 UTC 2008
Modified Files:
pkgsrc/audio/libsndfile: Makefile distinfo
Added Files:
pkgsrc/audio/libsndfile/patches: patch-ba
Log Message:
fix CVE-2007-4974 (buffer overflow), patch from Gentoo
bump PKGREVISION
(ghen)
diff -r1.43 -r1.43.2.1 pkgsrc/audio/libsndfile/Makefile| @@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.43 2007/11/04 16:00:02 agc Exp $ | 1 | # $NetBSD: Makefile,v 1.43.2.1 2008/01/29 14:05:51 ghen Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= libsndfile-1.0.17 | 3 | DISTNAME= libsndfile-1.0.17 | |
| 4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
| 5 | CATEGORIES= audio | 5 | CATEGORIES= audio | |
| 6 | MASTER_SITES= http://www.mega-nerd.com/libsndfile/ | 6 | MASTER_SITES= http://www.mega-nerd.com/libsndfile/ | |
| 7 | 7 | |||
| 8 | PATCHFILES= libsndfile-1.0.17+flac-1.1.3.patch.bz2 | 8 | PATCHFILES= libsndfile-1.0.17+flac-1.1.3.patch.bz2 | |
| 9 | PATCH_SITES= ${MASTER_SITE_GENTOO:=distfiles/} | 9 | PATCH_SITES= ${MASTER_SITE_GENTOO:=distfiles/} | |
| 10 | PATCH_DIST_STRIP= -p1 | 10 | PATCH_DIST_STRIP= -p1 | |
| 11 | 11 | |||
| 12 | MAINTAINER= pkgsrc-users@NetBSD.org | 12 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 13 | HOMEPAGE= http://www.mega-nerd.com/libsndfile/ | 13 | HOMEPAGE= http://www.mega-nerd.com/libsndfile/ | |
| 14 | COMMENT= Library for reading and writing audio files | 14 | COMMENT= Library for reading and writing audio files | |
| 15 | 15 | |||
| 16 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 17 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 17 | PKG_INSTALLATION_TYPES= overwrite pkgviews |
| @@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
| 1 | $NetBSD: distinfo,v 1.22 2007/01/07 15:02:16 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.22.8.1 2008/01/29 14:05:51 ghen Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = 10e0d19dfc8cf2a6bf499e0fa0d1ab17dca4c519 | 3 | SHA1 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = 10e0d19dfc8cf2a6bf499e0fa0d1ab17dca4c519 | |
| 4 | RMD160 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = fc6e6f03069c1ad8ee43f600f6ac2aa6e97bb1f5 | 4 | RMD160 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = fc6e6f03069c1ad8ee43f600f6ac2aa6e97bb1f5 | |
| 5 | Size (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = 3127 bytes | 5 | Size (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = 3127 bytes | |
| 6 | SHA1 (libsndfile-1.0.17.tar.gz) = 2f66798d596a15491fbd1191ded8125ed71ef411 | 6 | SHA1 (libsndfile-1.0.17.tar.gz) = 2f66798d596a15491fbd1191ded8125ed71ef411 | |
| 7 | RMD160 (libsndfile-1.0.17.tar.gz) = ae93822a4c587dcdd7c70d043d2a38ed2fe3a188 | 7 | RMD160 (libsndfile-1.0.17.tar.gz) = ae93822a4c587dcdd7c70d043d2a38ed2fe3a188 | |
| 8 | Size (libsndfile-1.0.17.tar.gz) = 819456 bytes | 8 | Size (libsndfile-1.0.17.tar.gz) = 819456 bytes | |
| 9 | SHA1 (patch-aa) = a3bb33cc28c10c9aa23a0b066339a512dbd7b0e2 | 9 | SHA1 (patch-aa) = a3bb33cc28c10c9aa23a0b066339a512dbd7b0e2 | |
| 10 | SHA1 (patch-ab) = 007a93229bc8cbcb1b27e6223e8c10e8a2e3c6eb | 10 | SHA1 (patch-ab) = 007a93229bc8cbcb1b27e6223e8c10e8a2e3c6eb | |
| 11 | SHA1 (patch-ac) = 7d49a0da2dfa9470d188873133526e8ad851c9a7 | 11 | SHA1 (patch-ac) = 7d49a0da2dfa9470d188873133526e8ad851c9a7 | |
| 12 | SHA1 (patch-ad) = b730de6bb0716bece5f83c3100f9fc0f8eb2ae7d | 12 | SHA1 (patch-ad) = b730de6bb0716bece5f83c3100f9fc0f8eb2ae7d | |
| 13 | SHA1 (patch-ae) = 628700514d3d2e6e12abb182c697311a233c1bd9 | 13 | SHA1 (patch-ae) = 628700514d3d2e6e12abb182c697311a233c1bd9 | |
| 14 | SHA1 (patch-af) = 9ac0dd446a2f24c2d39e20063489a3b778fcda36 | 14 | SHA1 (patch-af) = 9ac0dd446a2f24c2d39e20063489a3b778fcda36 | |
| 15 | SHA1 (patch-ag) = 10d0fcda9377fc6afa2dce9e4782f49889a4f4a3 | 15 | SHA1 (patch-ag) = 10d0fcda9377fc6afa2dce9e4782f49889a4f4a3 | |
| 16 | SHA1 (patch-ah) = 8c936316ca1191f8893579a562ff705c8dde6f92 | 16 | SHA1 (patch-ah) = 8c936316ca1191f8893579a562ff705c8dde6f92 | |
| 17 | SHA1 (patch-ba) = 92ec08d4e021f121d2255760d601625df71e3805 |
$NetBSD: patch-ba,v 1.1.2.2 2008/01/29 14:05:51 ghen Exp $
--- src/flac.c.orig 2008-01-03 17:13:00.000000000 +0100
+++ src/flac.c
@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf)
** Private static functions.
*/
-#define ENC_BUFFER_SIZE 4096
+#define ENC_BUFFER_SIZE 8192
typedef enum
{ PFLAC_PCM_SHORT = 0,
@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
const FLAC__int32* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset ;
+ /*
+ ** frame->header.blocksize is variable and we're using a constant blocksize
+ ** of FLAC__MAX_BLOCK_SIZE.
+ ** Check our assumptions here.
+ */
+ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
+ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
+ psf->error = SFE_INTERNAL ;
+ return 0 ;
+ } ;
+
if (pflac->ptr == NULL)
{ /*
** Not sure why this code is here and not elsewhere.
@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
pflac->bufferbackup = SF_TRUE ;
for (i = 0 ; i < frame->header.channels ; i++)
{ if (pflac->rbuffer [i] == NULL)
- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
+ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
} ;
pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;