[pkgsrc/trunk]: pkgsrc/audio PKGREVISION++

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9f6a5229f2b4
branches:  trunk
changeset: 480380:9f6a5229f2b4
user:      salo <salo%pkgsrc.org@localhost>
date:      Tue Sep 07 22:14:09 2004 +0000

description:
PKGREVISION++

- fix a buffer overflow:

  "A malicious formatted mp3/2 causes mpg123 to fail header checks,
   this may allow arbitrary code to be executed with the privilege
   of the user trying to play the mp3."

- patch from Debian but retain code style.

diffstat:

 audio/mpg123-esound/Makefile  |   4 ++--
 audio/mpg123-nas/Makefile     |   4 ++--
 audio/mpg123/Makefile         |   4 ++--
 audio/mpg123/distinfo         |   3 ++-
 audio/mpg123/patches/patch-ar |  19 +++++++++++++++++++
 5 files changed, 27 insertions(+), 7 deletions(-)

diffs (76 lines):

diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123-esound/Makefile
--- a/audio/mpg123-esound/Makefile      Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123-esound/Makefile      Tue Sep 07 22:14:09 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2004/04/24 23:05:40 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2004/09/07 22:14:10 salo Exp $
 
 PKGNAME=       mpg123-esound-${MPG123_VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with EsounD
 
 TARGET_SUFFIX= -esd
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123-nas/Makefile
--- a/audio/mpg123-nas/Makefile Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123-nas/Makefile Tue Sep 07 22:14:09 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2004/04/24 23:16:32 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2004/09/07 22:14:10 salo Exp $
 
 PKGNAME=       mpg123${TARGET_SUFFIX}-${MPG123_VERSION}
-PKGREVISION=   3
+PKGREVISION=   4
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with NAS output
 
 TARGET_SUFFIX= -nas
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123/Makefile
--- a/audio/mpg123/Makefile     Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123/Makefile     Tue Sep 07 22:14:09 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $
+# $NetBSD: Makefile,v 1.36 2004/09/07 22:14:09 salo Exp $
 
 PKGNAME=       mpg123-${MPG123_VERSION}
-PKGREVISION=   3
+PKGREVISION=   4
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio
 
 CONFLICTS+=    mpg123-nas-[0-9]*
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123/distinfo     Tue Sep 07 22:14:09 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2004/03/17 04:49:48 danw Exp $
+$NetBSD: distinfo,v 1.18 2004/09/07 22:14:09 salo Exp $
 
 SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -21,3 +21,4 @@
 SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
 SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
+SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-ar     Tue Sep 07 22:14:09 2004 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $
+
+CVE: CAN-2004-0805
+
+--- layer2.c.orig      1999-02-10 13:13:06.000000000 +0100
++++ layer2.c   2004-09-08 00:00:06.000000000 +0200
+@@ -265,6 +265,12 @@
+   fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
+      (fr->mode_ext<<2)+4 : fr->II_sblimit;
+ 
++  if (fr->jsbound > fr->II_sblimit)
++  {
++    fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
++    fr->jsbound=fr->II_sblimit;
++  }
++
+   if(stereo == 1 || single == 3)
+     single = 0;
+