Updated libopus to 1.1.4. This Opus 1.1.4 release fixes a single bug. A specially-crafted Opus packet could cause an integer wrap-around in the SILK LSF stabilization code. This would cause an out-of-bounds read 256 bytes before a constant table. In most circumstances, the consequences are harmless and the result is simply noise in the audio. This was reported as CVE-2017-0381. Contrary to that report, our own analysis shows that no remote code execution is possible. However, we are making this release as a precaution.diff -r1.8 -r1.9 pkgsrc/audio/libopus/Makefile
(wiz)
@@ -1,24 +1,23 @@ | @@ -1,24 +1,23 @@ | |||
1 | # $NetBSD: Makefile,v 1.8 2016/07/21 12:24:33 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.9 2017/01/22 13:04:55 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= opus-1.1.3 | 3 | DISTNAME= opus-1.1.4 | |
4 | PKGNAME= lib${DISTNAME} | 4 | PKGNAME= lib${DISTNAME} | |
5 | CATEGORIES= audio | 5 | CATEGORIES= audio | |
6 | MASTER_SITES= http://downloads.xiph.org/releases/opus/ | 6 | MASTER_SITES= http://downloads.xiph.org/releases/opus/ | |
7 | 7 | |||
8 | MAINTAINER= ryoon@NetBSD.org | 8 | MAINTAINER= ryoon@NetBSD.org | |
9 | HOMEPAGE= http://opus-codec.org/ | 9 | HOMEPAGE= http://opus-codec.org/ | |
10 | COMMENT= Totally open, royalty-free, highly versatile audio codec library | 10 | COMMENT= Totally open, royalty-free, highly versatile audio codec library | |
11 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
12 | 12 | |||
13 | CONFLICTS= opus<=1.0.2 | |||
14 | SUPERSEDES= opus<=1.0.2 | 13 | SUPERSEDES= opus<=1.0.2 | |
15 | 14 | |||
16 | GNU_CONFIGURE= yes | 15 | GNU_CONFIGURE= yes | |
17 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes | |
18 | USE_TOOLS+= gmake pkg-config | 17 | USE_TOOLS+= gmake pkg-config | |
19 | 18 | |||
20 | PKGCONFIG_OVERRIDE+= opus.pc.in | 19 | PKGCONFIG_OVERRIDE+= opus.pc.in | |
21 | 20 | |||
22 | .include "options.mk" | 21 | .include "options.mk" | |
23 | 22 | |||
24 | .include "../../mk/bsd.pkg.mk" | 23 | .include "../../mk/bsd.pkg.mk" |
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | $NetBSD: distinfo,v 1.7 2016/07/21 12:24:33 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.8 2017/01/22 13:04:55 wiz Exp $ | |
2 | 2 | |||
3 | SHA1 (opus-1.1.3.tar.gz) = 7cb1bef20975afbf14a8a43308aed9cb41629f37 | 3 | SHA1 (opus-1.1.4.tar.gz) = c7ecd67321c0e72c928ffc1013d725fc537e633f | |
4 | RMD160 (opus-1.1.3.tar.gz) = d498f13d81f3337a2e0b6683c09280955ec3d705 | 4 | RMD160 (opus-1.1.4.tar.gz) = a5cb4400e6e41be23d522cfffb04f14e1ac555f1 | |
5 | SHA512 (opus-1.1.3.tar.gz) = 99fe272ade3f072e38101ec29f9125c9f4f2bacbcc002a9caca6e64a721f6c4193d7b1b81bd8370225693249c94293c4eea980e66c704424939dabbab890ab43 | 5 | SHA512 (opus-1.1.4.tar.gz) = 57f14b9e8037eaa02a4d86535d3bbcceca249310fbc9ef1a452cc19dd442d4cf338d5db241d20605c236e22549df2c8266b7486c5f1666b80c532afd52cb3585 | |
6 | Size (opus-1.1.3.tar.gz) = 978848 bytes | 6 | Size (opus-1.1.4.tar.gz) = 978830 bytes |