[pkgsrc/trunk]: pkgsrc/audio/speex Add patch from upstream against CVE-2008-1...

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/90d3ade5eecd
branches:  trunk
changeset: 542024:90d3ade5eecd
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Tue Apr 29 20:22:43 2008 +0000

description:
Add patch from upstream against CVE-2008-1686.
Bump PKGREVISION.

diffstat:

 audio/speex/Makefile         |   3 ++-
 audio/speex/distinfo         |   3 ++-
 audio/speex/patches/patch-ac |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (50 lines):

diff -r c29ec961ea5e -r 90d3ade5eecd audio/speex/Makefile
--- a/audio/speex/Makefile      Tue Apr 29 20:16:08 2008 +0000
+++ b/audio/speex/Makefile      Tue Apr 29 20:22:43 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2007/02/22 19:26:07 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2008/04/29 20:22:43 wiz Exp $
 #
 
 DISTNAME=      speex-1.0.5
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://downloads.us.xiph.org/releases/speex/
 
diff -r c29ec961ea5e -r 90d3ade5eecd audio/speex/distinfo
--- a/audio/speex/distinfo      Tue Apr 29 20:16:08 2008 +0000
+++ b/audio/speex/distinfo      Tue Apr 29 20:22:43 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.10 2006/03/11 03:14:43 reed Exp $
+$NetBSD: distinfo,v 1.11 2008/04/29 20:22:43 wiz Exp $
 
 SHA1 (speex-1.0.5.tar.gz) = a8f34f80e5f84a47aee7e70088632d4958fe75fd
 RMD160 (speex-1.0.5.tar.gz) = 6ceed29438912647ef1d2d7299822fdaaf5509f9
 Size (speex-1.0.5.tar.gz) = 546872 bytes
 SHA1 (patch-aa) = 675bbd2696852002d73fc778a3c1125435eb0fc6
 SHA1 (patch-ab) = b88dfafc1464aed7c5f38f39a270d16338335418
+SHA1 (patch-ac) = 9167258134683ee6172455532ff1ae9aa95d9868
diff -r c29ec961ea5e -r 90d3ade5eecd audio/speex/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/speex/patches/patch-ac      Tue Apr 29 20:22:43 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ac,v 1.1 2008/04/29 20:22:43 wiz Exp $
+
+https://trac.xiph.org/changeset/14701
+
+--- libspeex/speex_header.c.orig       2004-07-14 05:58:46.000000000 +0000
++++ libspeex/speex_header.c
+@@ -157,6 +157,13 @@ SpeexHeader *speex_packet_to_header(char
+    ENDIAN_SWITCH(le_header->frames_per_packet);
+    ENDIAN_SWITCH(le_header->extra_headers);
+ 
++   if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
++   {
++      speex_warning("Invalid mode specified in Speex header");
++      speex_free (le_header);
++      return NULL;
++   }
++
+    return le_header;
+ 
+ }