Mon Jun 8 09:30:17 2009 UTC ()
Add upstream patch (taken from Debian bug report) to fix crashes
caused by bad audio files.
(tron)
diff -r1.51 -r1.52 pkgsrc/audio/libsndfile/Makefile
diff -r1.28 -r1.29 pkgsrc/audio/libsndfile/distinfo
diff -r0 -r1.15 pkgsrc/audio/libsndfile/patches/patch-aa
diff -r0 -r1.9 pkgsrc/audio/libsndfile/patches/patch-ab
diff -r0 -r1.11 pkgsrc/audio/libsndfile/patches/patch-ac
diff -r0 -r1.12 pkgsrc/audio/libsndfile/patches/patch-ad
diff -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-ae
diff -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-af
--- pkgsrc/audio/libsndfile/Makefile 2009/05/14 12:58:27 1.51
+++ pkgsrc/audio/libsndfile/Makefile 2009/06/08 09:30:17 1.52
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
| 1 | # $NetBSD: Makefile,v 1.51 2009/05/14 12:58:27 adam Exp $ | | 1 | # $NetBSD: Makefile,v 1.52 2009/06/08 09:30:17 tron Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= libsndfile-1.0.20 | | 3 | DISTNAME= libsndfile-1.0.20 |
| | | 4 | PKGREVISION= 1 |
| 4 | CATEGORIES= audio | | 5 | CATEGORIES= audio |
| 5 | MASTER_SITES= http://www.mega-nerd.com/libsndfile/ | | 6 | MASTER_SITES= http://www.mega-nerd.com/libsndfile/ |
| 6 | | | 7 | |
| 7 | MAINTAINER= pkgsrc-users@NetBSD.org | | 8 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 8 | HOMEPAGE= http://www.mega-nerd.com/libsndfile/ | | 9 | HOMEPAGE= http://www.mega-nerd.com/libsndfile/ |
| 9 | COMMENT= Library for reading and writing audio files | | 10 | COMMENT= Library for reading and writing audio files |
| 10 | | | 11 | |
| 11 | PKG_DESTDIR_SUPPORT= user-destdir | | 12 | PKG_DESTDIR_SUPPORT= user-destdir |
| 12 | PKG_INSTALLATION_TYPES= overwrite pkgviews | | 13 | PKG_INSTALLATION_TYPES= overwrite pkgviews |
| 13 | | | 14 | |
| 14 | USE_LANGUAGES= c c++ | | 15 | USE_LANGUAGES= c c++ |
| 15 | USE_LIBTOOL= yes | | 16 | USE_LIBTOOL= yes |
| 16 | USE_TOOLS+= pkg-config | | 17 | USE_TOOLS+= pkg-config |
--- pkgsrc/audio/libsndfile/distinfo 2009/05/14 12:58:27 1.28
+++ pkgsrc/audio/libsndfile/distinfo 2009/06/08 09:30:17 1.29
| @@ -1,5 +1,11 @@ | | | @@ -1,5 +1,11 @@ |
| 1 | $NetBSD: distinfo,v 1.28 2009/05/14 12:58:27 adam Exp $ | | 1 | $NetBSD: distinfo,v 1.29 2009/06/08 09:30:17 tron Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (libsndfile-1.0.20.tar.gz) = d4f88b919c644f54dd4038c4cf4fb2e7b0d32f7b | | 3 | SHA1 (libsndfile-1.0.20.tar.gz) = d4f88b919c644f54dd4038c4cf4fb2e7b0d32f7b |
| 4 | RMD160 (libsndfile-1.0.20.tar.gz) = 873802efaa3f1e3303167fe1b7302fe2ab4cbd59 | | 4 | RMD160 (libsndfile-1.0.20.tar.gz) = 873802efaa3f1e3303167fe1b7302fe2ab4cbd59 |
| 5 | Size (libsndfile-1.0.20.tar.gz) = 927422 bytes | | 5 | Size (libsndfile-1.0.20.tar.gz) = 927422 bytes |
| | | 6 | SHA1 (patch-aa) = fe12f9e3f8621d11c57b079534259465bb70ff42 |
| | | 7 | SHA1 (patch-ab) = 28299ed8bebe27f5f8ebbf36a129458ef05d8cd0 |
| | | 8 | SHA1 (patch-ac) = bc3cb0c0334df3c1c40201eb032a980a1270108f |
| | | 9 | SHA1 (patch-ad) = dcdc4aebfb1da508e590220c1c2da7e9bb02678a |
| | | 10 | SHA1 (patch-ae) = 8b0c4ae7ba9559bf5bc3d12d59e049f93889d09e |
| | | 11 | SHA1 (patch-af) = b4fd14515b944164af0ecbd2da4a8deed43be28b |
$NetBSD: patch-aa,v 1.15 2009/06/08 09:30:17 tron Exp $
Upstream fix for DoS vulnerability taken from here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
--- src/alaw.c.orig 2009-03-22 19:17:13.000000000 +0000
+++ src/alaw.c 2009-06-08 10:03:02.000000000 +0100
@@ -69,7 +69,7 @@
else
psf->datalength = 0 ;
- psf->sf.frames = psf->datalength / psf->blockwidth ;
+ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
return 0 ;
} /* alaw_init */
$NetBSD: patch-ab,v 1.9 2009/06/08 09:30:17 tron Exp $
Upstream fix for DoS vulnerability taken from here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
--- src/float32.c.orig 2009-03-25 02:59:47.000000000 +0000
+++ src/float32.c 2009-06-08 10:03:02.000000000 +0100
@@ -241,7 +241,7 @@
else
psf->datalength = 0 ;
- psf->sf.frames = psf->datalength / psf->blockwidth ;
+ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
return 0 ;
} /* float32_init */
$NetBSD: patch-ac,v 1.11 2009/06/08 09:30:17 tron Exp $
Upstream fix for DoS vulnerability taken from here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
--- src/htk.c.orig 2009-03-22 19:17:14.000000000 +0000
+++ src/htk.c 2009-06-08 10:03:02.000000000 +0100
@@ -195,10 +195,17 @@
return SFE_HTK_NOT_WAVEFORM ;
psf->sf.channels = 1 ;
- psf->sf.samplerate = 10000000 / sample_period ;
- psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d => %d Hz\n",
- sample_count, sample_period, psf->sf.samplerate) ;
+ if (sample_period > 0)
+ { psf->sf.samplerate = 10000000 / sample_period ;
+ psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d => %d Hz\n",
+ sample_count, sample_period, psf->sf.samplerate) ;
+ }
+ else
+ { psf->sf.samplerate = 16000 ;
+ psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d (should be > 0) => Guessed sample rate %d Hz\n",
+ sample_count, sample_period, psf->sf.samplerate) ;
+ } ;
psf->sf.format = SF_FORMAT_HTK | SF_FORMAT_PCM_16 ;
psf->bytewidth = 2 ;
$NetBSD: patch-ad,v 1.12 2009/06/08 09:30:17 tron Exp $
Upstream fix for DoS vulnerability taken from here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
--- src/pcm.c.orig 2009-03-22 19:17:14.000000000 +0000
+++ src/pcm.c 2009-06-08 10:03:02.000000000 +0100
@@ -271,7 +271,7 @@
else
psf->datalength = 0 ;
- psf->sf.frames = psf->datalength / psf->blockwidth ;
+ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
return 0 ;
} /* pcm_init */
$NetBSD: patch-ae,v 1.7 2009/06/08 09:30:17 tron Exp $
Upstream fix for DoS vulnerability taken from here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
--- src/sds.c.orig 2009-03-22 19:17:14.000000000 +0000
+++ src/sds.c 2009-06-08 10:03:02.000000000 +0100
@@ -219,21 +219,40 @@
if (marker != 0xF07E || byte != 0x01)
return SFE_SDS_NOT_SDS ;
- psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel : %d\n", channel) ;
+ bytesread += psf_binheader_readf (psf, "e2", &sample_no) ;
+ sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
- bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ;
+ psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n"
+ " Midi Channel : %d\n Sample Number : %d\n",
+ channel, sample_no) ;
+
+ bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ;
- sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ;
psds->bitwidth = bitwidth ;
- psf->sf.samplerate = 1000000000 / samp_period ;
+ if (psds->bitwidth > 1)
+ psf_log_printf (psf, " Bit Width : %d\n", psds->bitwidth) ;
+ else
+ { psf_log_printf (psf, " Bit Width : %d (should be > 1)\n", psds->bitwidth) ;
+ return SFE_SDS_BAD_BIT_WIDTH ;
+ } ;
+
+ if (samp_period > 0)
+ { psf->sf.samplerate = 1000000000 / samp_period ;
- psf_log_printf (psf, " Sample Number : %d\n"
- " Bit Width : %d\n"
+ psf_log_printf (psf, " Sample Period : %d\n"
" Sample Rate : %d\n",
- sample_no, psds->bitwidth, psf->sf.samplerate) ;
+ samp_period, psf->sf.samplerate) ;
+ }
+ else
+ { psf->sf.samplerate = 16000 ;
+
+ psf_log_printf (psf, " Sample Period : %d (should be > 0)\n"
+ " Sample Rate : %d (guessed)\n",
+ samp_period, psf->sf.samplerate) ;
+ } ;
bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ;
$NetBSD: patch-af,v 1.7 2009/06/08 09:30:17 tron Exp $
Upstream fix for DoS vulnerability taken from here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
--- src/ulaw.c.orig 2009-03-22 19:17:14.000000000 +0000
+++ src/ulaw.c 2009-06-08 10:03:02.000000000 +0100
@@ -59,7 +59,7 @@
else
psf->datalength = 0 ;
- psf->sf.frames = psf->datalength / psf->blockwidth ;
+ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
return 0 ;
} /* ulaw_init */