pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q4]: pkgsrc/audio Pullup ticket 227 - requested by Matthia...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e6ed34865904
branches:  pkgsrc-2004Q4
changeset: 485817:e6ed34865904
user:      snj <snj%pkgsrc.org@localhost>
date:      Sat Jan 15 07:00:18 2005 +0000

description:
Pullup ticket 227 - requested by Matthias Drochner
security fix for mpg123

   Module Name:  pkgsrc
   Committed By: drochner
   Date:         Fri Jan  7 14:52:13 UTC 2005

   Modified Files:
         pkgsrc/audio/mpg123: Makefile distinfo
   Added Files:
         pkgsrc/audio/mpg123/patches: patch-as patch-at

   Log Message:
   Fix a buffer overflow by a malicous playlist (CAN-2004-1284).
   Being here, fix a possible problem which was mentioned in conjunction
   with CAN-2003-0577 - zero bitrate makes mpg123 assume a negative
   frame size.
   bump PKGREVISION
---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Jan 12 11:52:38 UTC 2005

   Modified Files:
           pkgsrc/audio/mpg123: distinfo
           pkgsrc/audio/mpg123/patches: patch-ar

   Log Message:
   another header valdation (CAN-2004-0991)
   ride on recent PKGREVISION bump
---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Wed Jan 12 14:17:44 UTC 2005

   Modified Files:
           pkgsrc/audio/mpg123: Makefile
           pkgsrc/audio/mpg123-esound: Makefile
           pkgsrc/audio/mpg123-nas: Makefile

   Log Message:
   PKGREVISION bump for security fix (previous bump was >4 days ago.

diffstat:

 audio/mpg123-esound/Makefile  |   4 ++--
 audio/mpg123-nas/Makefile     |   4 ++--
 audio/mpg123/Makefile         |   4 ++--
 audio/mpg123/distinfo         |   6 ++++--
 audio/mpg123/patches/patch-ar |  17 ++++++++++++-----
 audio/mpg123/patches/patch-as |  13 +++++++++++++
 audio/mpg123/patches/patch-at |  17 +++++++++++++++++
 7 files changed, 52 insertions(+), 13 deletions(-)

diffs (120 lines):

diff -r 57a78768b509 -r e6ed34865904 audio/mpg123-esound/Makefile
--- a/audio/mpg123-esound/Makefile      Sat Jan 15 06:39:40 2005 +0000
+++ b/audio/mpg123-esound/Makefile      Sat Jan 15 07:00:18 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.9 2004/11/07 08:55:04 tron Exp $
+# $NetBSD: Makefile,v 1.9.2.1 2005/01/15 07:00:18 snj Exp $
 
 PKGNAME=       mpg123-esound-${MPG123_VERSION}
-PKGREVISION=   4
+PKGREVISION=   5
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with EsounD
 
 TARGET_SUFFIX= -esd
diff -r 57a78768b509 -r e6ed34865904 audio/mpg123-nas/Makefile
--- a/audio/mpg123-nas/Makefile Sat Jan 15 06:39:40 2005 +0000
+++ b/audio/mpg123-nas/Makefile Sat Jan 15 07:00:18 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.10 2004/11/07 08:55:04 tron Exp $
+# $NetBSD: Makefile,v 1.10.2.1 2005/01/15 07:00:18 snj Exp $
 
 PKGNAME=       mpg123${TARGET_SUFFIX}-${MPG123_VERSION}
-PKGREVISION=   5
+PKGREVISION=   6
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with NAS output
 
 TARGET_SUFFIX= -nas
diff -r 57a78768b509 -r e6ed34865904 audio/mpg123/Makefile
--- a/audio/mpg123/Makefile     Sat Jan 15 06:39:40 2005 +0000
+++ b/audio/mpg123/Makefile     Sat Jan 15 07:00:18 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2004/11/07 08:55:04 tron Exp $
+# $NetBSD: Makefile,v 1.37.2.1 2005/01/15 07:00:18 snj Exp $
 
 PKGNAME=       mpg123-${MPG123_VERSION}
-PKGREVISION=   5
+PKGREVISION=   7
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio
 
 CONFLICTS+=    mpg123-nas-[0-9]*
diff -r 57a78768b509 -r e6ed34865904 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Sat Jan 15 06:39:40 2005 +0000
+++ b/audio/mpg123/distinfo     Sat Jan 15 07:00:18 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2004/11/07 08:55:04 tron Exp $
+$NetBSD: distinfo,v 1.19.2.1 2005/01/15 07:00:18 snj Exp $
 
 SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -21,4 +21,6 @@
 SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
 SHA1 (patch-aq) = a993d815b6657b9a2241b2e3f0ba30d6c2861230
-SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4
+SHA1 (patch-ar) = e81771bf72da97d898f9320fb6c529e5a1151050
+SHA1 (patch-as) = 8765b22c556cdc217f6270f3a5e70b40b36b9229
+SHA1 (patch-at) = 9a64a62f7d1d115e3d36dbb0f08762d4b0eb1e2b
diff -r 57a78768b509 -r e6ed34865904 audio/mpg123/patches/patch-ar
--- a/audio/mpg123/patches/patch-ar     Sat Jan 15 06:39:40 2005 +0000
+++ b/audio/mpg123/patches/patch-ar     Sat Jan 15 07:00:18 2005 +0000
@@ -1,10 +1,17 @@
-$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $
-
-CVE: CAN-2004-0805
+$NetBSD: patch-ar,v 1.1.4.1 2005/01/15 07:00:18 snj Exp $
 
 --- layer2.c.orig      1999-02-10 13:13:06.000000000 +0100
-+++ layer2.c   2004-09-08 00:00:06.000000000 +0200
-@@ -265,6 +265,12 @@
++++ layer2.c
+@@ -240,7 +240,7 @@ static void II_select_table(struct frame
+        { alloc_0, alloc_1, alloc_2, alloc_3 , alloc_4 };
+   static int sblims[5] = { 27 , 30 , 8, 12 , 30 };
+ 
+-  if(fr->lsf)
++  if(fr->sampling_frequency >= 3) /* Or equivalent: (fr->lsf == 1) */
+     table = 4;
+   else
+     table = translate[fr->sampling_frequency][2-fr->stereo][fr->bitrate_index];
+@@ -265,6 +265,12 @@ int do_layer2(struct frame *fr,int outmo
    fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
       (fr->mode_ext<<2)+4 : fr->II_sblimit;
  
diff -r 57a78768b509 -r e6ed34865904 audio/mpg123/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-as     Sat Jan 15 07:00:18 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-as,v 1.1.2.2 2005/01/15 07:00:18 snj Exp $
+
+--- common.c.orig      1999-06-15 23:24:19.000000000 +0200
++++ common.c
+@@ -123,7 +123,7 @@ int head_check(unsigned long head)
+       return FALSE;
+     if(!((head>>17)&3))
+       return FALSE;
+-    if( ((head>>12)&0xf) == 0xf)
++    if( ((head>>12)&0xf) == 0xf || ((head>>12)&0xf) == 0) 
+       return FALSE;
+     if( ((head>>10)&0x3) == 0x3 )
+       return FALSE;
diff -r 57a78768b509 -r e6ed34865904 audio/mpg123/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-at     Sat Jan 15 07:00:18 2005 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-at,v 1.1.2.2 2005/01/15 07:00:18 snj Exp $
+
+--- mpg123.c.orig      2005-01-07 15:18:27.000000000 +0100
++++ mpg123.c
+@@ -309,9 +309,9 @@ char *find_next_file (int argc, char *ar
+                 if (line[0]=='\0' || line[0]=='#')
+                     continue;
+               if ((listnamedir) && (line[0]!='/') && (line[0]!='\\')){
+-                    strcpy (linetmp, listnamedir);
+-                    strcat (linetmp, line);
+-                  strcpy (line, linetmp);
++                    strncpy (linetmp, listnamedir, 1023);
++                    strncat (linetmp, line, 1023 - strlen(linetmp));
++                  strncpy (line, linetmp, 1023);
+                 }
+                 return (line);
+             }
Home | Main Index | Thread Index | Old Index