Add upstream patch fixing http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 Bump PKGREVISION.diff -r1.49 -r1.50 pkgsrc/audio/vorbis-tools/Makefile
(wiz)
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.49 2008/03/14 18:55:54 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.50 2008/04/29 05:51:09 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= vorbis-tools-1.2.0 | 3 | DISTNAME= vorbis-tools-1.2.0 | |
4 | PKGREVISION= 1 | |||
4 | CATEGORIES= audio | 5 | CATEGORIES= audio | |
5 | MASTER_SITES= http://downloads.xiph.org/releases/vorbis/ | 6 | MASTER_SITES= http://downloads.xiph.org/releases/vorbis/ | |
6 | 7 | |||
7 | MAINTAINER= wiz@NetBSD.org | 8 | MAINTAINER= wiz@NetBSD.org | |
8 | HOMEPAGE= http://www.vorbis.com/ | 9 | HOMEPAGE= http://www.vorbis.com/ | |
9 | COMMENT= Ogg Vorbis encoder and player | 10 | COMMENT= Ogg Vorbis encoder and player | |
10 | 11 | |||
11 | PKG_DESTDIR_SUPPORT= user-destdir | 12 | PKG_DESTDIR_SUPPORT= user-destdir | |
12 | 13 | |||
13 | BUILD_DEFS+= IPV6_READY | 14 | BUILD_DEFS+= IPV6_READY | |
14 | 15 | |||
15 | CONFLICTS= vorbis-[0-9]* | 16 | CONFLICTS= vorbis-[0-9]* | |
16 | 17 |
@@ -1,8 +1,9 @@ | @@ -1,8 +1,9 @@ | |||
1 | $NetBSD: distinfo,v 1.20 2008/03/14 18:55:54 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.21 2008/04/29 05:51:09 wiz Exp $ | |
2 | 2 | |||
3 | SHA1 (vorbis-tools-1.2.0.tar.gz) = c5c5ee4637ab8c9fc953d203663b7264432f874a | 3 | SHA1 (vorbis-tools-1.2.0.tar.gz) = c5c5ee4637ab8c9fc953d203663b7264432f874a | |
4 | RMD160 (vorbis-tools-1.2.0.tar.gz) = 8cb6925c6e4e69373b6c91ff20d7ed8d75153b7c | 4 | RMD160 (vorbis-tools-1.2.0.tar.gz) = 8cb6925c6e4e69373b6c91ff20d7ed8d75153b7c | |
5 | Size (vorbis-tools-1.2.0.tar.gz) = 1076814 bytes | 5 | Size (vorbis-tools-1.2.0.tar.gz) = 1076814 bytes | |
6 | SHA1 (patch-aa) = a9fe36760479678df09f840671c515e0d9f37796 | 6 | SHA1 (patch-aa) = a9fe36760479678df09f840671c515e0d9f37796 | |
7 | SHA1 (patch-ab) = b706ae0bc9e13c5ccff689aa1451efc782e340e9 | 7 | SHA1 (patch-ab) = b706ae0bc9e13c5ccff689aa1451efc782e340e9 | |
8 | SHA1 (patch-ac) = 53065c4db39f7e975712c2cba51ff5542cf5a77f | 8 | SHA1 (patch-ac) = 53065c4db39f7e975712c2cba51ff5542cf5a77f | |
9 | SHA1 (patch-ad) = 6fe04631cd098fc64bf0914f1fd4ef654c0089b0 |
$NetBSD: patch-ad,v 1.3 2008/04/29 05:51:10 wiz Exp $
https://trac.xiph.org/attachment/ticket/1347/vorbis-tools-1.2.0-sec.patch
for
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
--- ogg123/speex_format.c.orig 2008-03-03 06:37:26.000000000 +0100
+++ ogg123/speex_format.c
@@ -475,7 +475,7 @@ void *process_header(ogg_packet *op, int
cb->printf_error(callback_arg, ERROR, _("Cannot read header"));
return NULL;
}
- if ((*header)->mode >= SPEEX_NB_MODES) {
+ if ((*header)->mode >= SPEEX_NB_MODES || (*header)->mode < 0) {
cb->printf_error(callback_arg, ERROR,
_("Mode number %d does not (any longer) exist in this version"),
(*header)->mode);