Fri Oct 12 13:51:59 2018 UTC ()

Fix a buffer overflow caused by miscalculation of the maximal
VBR header size. Bump revision.


(martin)

diff -r1.34 -r1.35 pkgsrc/audio/id3lib/Makefile
diff -r1.21 -r1.22 pkgsrc/audio/id3lib/distinfo
diff -r0 -r1.1 pkgsrc/audio/id3lib/patches/patch-src__mp3_parse.cpp

--- pkgsrc/audio/id3lib/Makefile 2018/01/26 10:32:36 1.34
+++ pkgsrc/audio/id3lib/Makefile 2018/10/12 13:51:59 1.35

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.34 2018/01/26 10:32:36 jperkin Exp $
+# $NetBSD: Makefile,v 1.35 2018/10/12 13:51:59 martin Exp $
+#
 DISTNAME=	id3lib-3.8.3
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	audio
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=id3lib/}
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://id3lib.sourceforge.net/
 COMMENT=	Library for manipulating ID3v1 and ID3v2 tags
 LICENSE=	gnu-gpl-v2
 USE_LANGUAGES=		c c++
 GNU_CONFIGURE=		yes
 USE_LIBTOOL=		yes
 CPPFLAGS+=-DID3_NEED_WCHAR_TEMPLATE

--- pkgsrc/audio/id3lib/distinfo 2015/11/03 01:12:35 1.21
+++ pkgsrc/audio/id3lib/distinfo 2018/10/12 13:51:59 1.22

 @@ -1,19 +1,20 @@
-$NetBSD: distinfo,v 1.21 2015/11/03 01:12:35 agc Exp $
+$NetBSD: distinfo,v 1.22 2018/10/12 13:51:59 martin Exp $
 SHA1 (id3lib-3.8.3.tar.gz) = c92c880da41d1ec0b242745a901702ae87970838
 RMD160 (id3lib-3.8.3.tar.gz) = bfa2499ec649ed40815ad0a370c78eb1517952c4
 SHA512 (id3lib-3.8.3.tar.gz) = 3787e261f86933c1c2f2bff2c4b349b42f5d8636e489e4f39f9d75e6dfbdc79b87009a0f4ce4b786f2fb3dbc01ca9d56c4112095b46244f897e6c9a28573adaf
 Size (id3lib-3.8.3.tar.gz) = 950726 bytes
 SHA1 (patch-aa) = 23ccb36fc35e1f645a72b9292c1cd8eeb0379a38
 SHA1 (patch-af) = 0266e9220791b7b14a35dc9b7564ab75cbc6562b
 SHA1 (patch-ag) = a047fe90d83c88e0f6d0a6a0595a440ef49276e3
 SHA1 (patch-ah) = 42a04014cc839565063daa395884b757214eb911
 SHA1 (patch-ai) = c0521a6d62d17826c9b1f35f6be51e1b72c48e7c
 SHA1 (patch-aj) = 626952e7bbddbcf5db66a0509f62d588ccaed17a
 SHA1 (patch-ak) = f7d1155a7750b455ac590d5777b332a55542393d
 SHA1 (patch-aq) = 711a66086a591515b14358abeb265e28b2a178db
 SHA1 (patch-ar) = bee59462bfb3c5729e24827953a6da9f281cd8a7
 SHA1 (patch-as) = 50ca42926c603361864bf2891d6b4e01e7f59ade
 SHA1 (patch-at) = f5ab25d72d3d6e47c1710bbc17dd0cd0749a0b22
 SHA1 (patch-au) = 2d96d6cadaf8b1055337da6a5f85070ea6222583
 SHA1 (patch-av) = e54c0839ecfe4e3f70758e334666717b5a3b396f
 SHA1 (patch-src__mp3_parse.cpp) = 874614302be7cdcb9b95e8b32e17b488cdf21359

$NetBSD: patch-src__mp3_parse.cpp,v 1.1 2018/10/12 13:51:59 martin Exp $

Fix a miscalculation of the VBR maximal header size,
upstream has already been notified (there is a user
review about this issue)

--- src/mp3_parse.cpp.orig	2003-03-02 01:23:00.000000000 +0100
+++ src/mp3_parse.cpp	2018-10-12 15:46:21.863323611 +0200
@@ -465,7 +465,7 @@ bool Mp3Info::Parse(ID3_Reader& reader, 
   // from http://www.xingtech.com/developer/mp3/
 
   const size_t VBR_HEADER_MIN_SIZE = 8;     // "xing" + flags are fixed
-  const size_t VBR_HEADER_MAX_SIZE = 116;   // frames, bytes, toc and scale are optional
+  const size_t VBR_HEADER_MAX_SIZE = 120;   // frames, bytes, toc and scale are optional
 
   if (mp3size >= vbr_header_offest + VBR_HEADER_MIN_SIZE) 
   {