Sun Jan 22 13:04:55 2017 UTC ()
Updated libopus to 1.1.4.

This Opus 1.1.4 release fixes a single bug. A specially-crafted
Opus packet could cause an integer wrap-around in the SILK LSF
stabilization code. This would cause an out-of-bounds read 256
bytes before a constant table. In most circumstances, the consequences
are harmless and the result is simply noise in the audio.

This was reported as CVE-2017-0381. Contrary to that report, our
own analysis shows that no remote code execution is possible.
However, we are making this release as a precaution.


(wiz)
diff -r1.8 -r1.9 pkgsrc/audio/libopus/Makefile
diff -r1.7 -r1.8 pkgsrc/audio/libopus/distinfo
cvs diff -r1.8 -r1.9 pkgsrc/audio/libopus/Makefile (expand / switch to unified diff)

--- pkgsrc/audio/libopus/Makefile 2016/07/21 12:24:33 1.8
+++ pkgsrc/audio/libopus/Makefile 2017/01/22 13:04:55 1.9
@@ -1,24 +1,23 @@ @@ -1,24 +1,23 @@
1# $NetBSD: Makefile,v 1.8 2016/07/21 12:24:33 wiz Exp $ 1# $NetBSD: Makefile,v 1.9 2017/01/22 13:04:55 wiz Exp $
2 2
3DISTNAME= opus-1.1.3 3DISTNAME= opus-1.1.4
4PKGNAME= lib${DISTNAME} 4PKGNAME= lib${DISTNAME}
5CATEGORIES= audio 5CATEGORIES= audio
6MASTER_SITES= http://downloads.xiph.org/releases/opus/ 6MASTER_SITES= http://downloads.xiph.org/releases/opus/
7 7
8MAINTAINER= ryoon@NetBSD.org 8MAINTAINER= ryoon@NetBSD.org
9HOMEPAGE= http://opus-codec.org/ 9HOMEPAGE= http://opus-codec.org/
10COMMENT= Totally open, royalty-free, highly versatile audio codec library 10COMMENT= Totally open, royalty-free, highly versatile audio codec library
11LICENSE= modified-bsd 11LICENSE= modified-bsd
12 12
13CONFLICTS= opus<=1.0.2 
14SUPERSEDES= opus<=1.0.2 13SUPERSEDES= opus<=1.0.2
15 14
16GNU_CONFIGURE= yes 15GNU_CONFIGURE= yes
17USE_LIBTOOL= yes 16USE_LIBTOOL= yes
18USE_TOOLS+= gmake pkg-config 17USE_TOOLS+= gmake pkg-config
19 18
20PKGCONFIG_OVERRIDE+= opus.pc.in 19PKGCONFIG_OVERRIDE+= opus.pc.in
21 20
22.include "options.mk" 21.include "options.mk"
23 22
24.include "../../mk/bsd.pkg.mk" 23.include "../../mk/bsd.pkg.mk"
cvs diff -r1.7 -r1.8 pkgsrc/audio/libopus/distinfo (expand / switch to unified diff)

--- pkgsrc/audio/libopus/distinfo 2016/07/21 12:24:33 1.7
+++ pkgsrc/audio/libopus/distinfo 2017/01/22 13:04:55 1.8
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.7 2016/07/21 12:24:33 wiz Exp $ 1$NetBSD: distinfo,v 1.8 2017/01/22 13:04:55 wiz Exp $
2 2
3SHA1 (opus-1.1.3.tar.gz) = 7cb1bef20975afbf14a8a43308aed9cb41629f37 3SHA1 (opus-1.1.4.tar.gz) = c7ecd67321c0e72c928ffc1013d725fc537e633f
4RMD160 (opus-1.1.3.tar.gz) = d498f13d81f3337a2e0b6683c09280955ec3d705 4RMD160 (opus-1.1.4.tar.gz) = a5cb4400e6e41be23d522cfffb04f14e1ac555f1
5SHA512 (opus-1.1.3.tar.gz) = 99fe272ade3f072e38101ec29f9125c9f4f2bacbcc002a9caca6e64a721f6c4193d7b1b81bd8370225693249c94293c4eea980e66c704424939dabbab890ab43 5SHA512 (opus-1.1.4.tar.gz) = 57f14b9e8037eaa02a4d86535d3bbcceca249310fbc9ef1a452cc19dd442d4cf338d5db241d20605c236e22549df2c8266b7486c5f1666b80c532afd52cb3585
6Size (opus-1.1.3.tar.gz) = 978848 bytes 6Size (opus-1.1.4.tar.gz) = 978830 bytes