[pkgsrc/pkgsrc-2008Q1]: pkgsrc/audio/speex pullup ticket #2354 - requested by...

[rtr <rtr%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/8a779fd2520b
branches:  pkgsrc-2008Q1
changeset: 540302:8a779fd2520b
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Wed Apr 30 10:41:52 2008 +0000

description:
pullup ticket #2354 - requested by wiz
speex: update package to address security issue

revisions pulled up:
- pkgsrc/audio/speex/Makefile           1.26
- pkgsrc/audio/speex/distinfo           1.11
- pkgsrc/audio/speex/patches/patch-ac   1.1

   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Tue Apr 29 20:22:43 UTC 2008

   Modified Files:
        pkgsrc/audio/speex: Makefile distinfo
   Added Files:
        pkgsrc/audio/speex/patches: patch-ac

   Log Message:
   Add patch from upstream against CVE-2008-1686.
   Bump PKGREVISION.

diffstat:

 audio/speex/Makefile         |   3 ++-
 audio/speex/distinfo         |   3 ++-
 audio/speex/patches/patch-ac |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (50 lines):

diff -r 19069bde756e -r 8a779fd2520b audio/speex/Makefile
--- a/audio/speex/Makefile      Wed Apr 30 09:24:09 2008 +0000
+++ b/audio/speex/Makefile      Wed Apr 30 10:41:52 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2007/02/22 19:26:07 wiz Exp $
+# $NetBSD: Makefile,v 1.25.10.1 2008/04/30 10:41:52 rtr Exp $
 #
 
 DISTNAME=      speex-1.0.5
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://downloads.us.xiph.org/releases/speex/
 
diff -r 19069bde756e -r 8a779fd2520b audio/speex/distinfo
--- a/audio/speex/distinfo      Wed Apr 30 09:24:09 2008 +0000
+++ b/audio/speex/distinfo      Wed Apr 30 10:41:52 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.10 2006/03/11 03:14:43 reed Exp $
+$NetBSD: distinfo,v 1.10.18.1 2008/04/30 10:41:52 rtr Exp $
 
 SHA1 (speex-1.0.5.tar.gz) = a8f34f80e5f84a47aee7e70088632d4958fe75fd
 RMD160 (speex-1.0.5.tar.gz) = 6ceed29438912647ef1d2d7299822fdaaf5509f9
 Size (speex-1.0.5.tar.gz) = 546872 bytes
 SHA1 (patch-aa) = 675bbd2696852002d73fc778a3c1125435eb0fc6
 SHA1 (patch-ab) = b88dfafc1464aed7c5f38f39a270d16338335418
+SHA1 (patch-ac) = 9167258134683ee6172455532ff1ae9aa95d9868
diff -r 19069bde756e -r 8a779fd2520b audio/speex/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/speex/patches/patch-ac      Wed Apr 30 10:41:52 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ac,v 1.1.2.2 2008/04/30 10:41:52 rtr Exp $
+
+https://trac.xiph.org/changeset/14701
+
+--- libspeex/speex_header.c.orig       2004-07-14 05:58:46.000000000 +0000
++++ libspeex/speex_header.c
+@@ -157,6 +157,13 @@ SpeexHeader *speex_packet_to_header(char
+    ENDIAN_SWITCH(le_header->frames_per_packet);
+    ENDIAN_SWITCH(le_header->extra_headers);
+ 
++   if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
++   {
++      speex_warning("Invalid mode specified in Speex header");
++      speex_free (le_header);
++      return NULL;
++   }
++
+    return le_header;
+ 
+ }