pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/vorbis-tools Add upstream patch fixing

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7a94a5638a40
branches:  trunk
changeset: 541970:7a94a5638a40
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Tue Apr 29 05:51:09 2008 +0000

description:
Add upstream patch fixing
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Bump PKGREVISION.

diffstat:

 audio/vorbis-tools/Makefile         |   3 ++-
 audio/vorbis-tools/distinfo         |   3 ++-
 audio/vorbis-tools/patches/patch-ad |  17 +++++++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diffs (47 lines):

diff -r 1008defc5b31 -r 7a94a5638a40 audio/vorbis-tools/Makefile
--- a/audio/vorbis-tools/Makefile       Tue Apr 29 05:46:08 2008 +0000
+++ b/audio/vorbis-tools/Makefile       Tue Apr 29 05:51:09 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2008/03/14 18:55:54 wiz Exp $
+# $NetBSD: Makefile,v 1.50 2008/04/29 05:51:09 wiz Exp $
 
 DISTNAME=      vorbis-tools-1.2.0
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://downloads.xiph.org/releases/vorbis/
 
diff -r 1008defc5b31 -r 7a94a5638a40 audio/vorbis-tools/distinfo
--- a/audio/vorbis-tools/distinfo       Tue Apr 29 05:46:08 2008 +0000
+++ b/audio/vorbis-tools/distinfo       Tue Apr 29 05:51:09 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2008/03/14 18:55:54 wiz Exp $
+$NetBSD: distinfo,v 1.21 2008/04/29 05:51:09 wiz Exp $
 
 SHA1 (vorbis-tools-1.2.0.tar.gz) = c5c5ee4637ab8c9fc953d203663b7264432f874a
 RMD160 (vorbis-tools-1.2.0.tar.gz) = 8cb6925c6e4e69373b6c91ff20d7ed8d75153b7c
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = a9fe36760479678df09f840671c515e0d9f37796
 SHA1 (patch-ab) = b706ae0bc9e13c5ccff689aa1451efc782e340e9
 SHA1 (patch-ac) = 53065c4db39f7e975712c2cba51ff5542cf5a77f
+SHA1 (patch-ad) = 6fe04631cd098fc64bf0914f1fd4ef654c0089b0
diff -r 1008defc5b31 -r 7a94a5638a40 audio/vorbis-tools/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/vorbis-tools/patches/patch-ad       Tue Apr 29 05:51:09 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.3 2008/04/29 05:51:10 wiz Exp $
+
+https://trac.xiph.org/attachment/ticket/1347/vorbis-tools-1.2.0-sec.patch
+for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
+
+--- ogg123/speex_format.c.orig 2008-03-03 06:37:26.000000000 +0100
++++ ogg123/speex_format.c
+@@ -475,7 +475,7 @@ void *process_header(ogg_packet *op, int
+            cb->printf_error(callback_arg, ERROR, _("Cannot read header"));
+      return NULL;
+    }
+-   if ((*header)->mode >= SPEEX_NB_MODES) {
++   if ((*header)->mode >= SPEEX_NB_MODES || (*header)->mode < 0) {
+      cb->printf_error(callback_arg, ERROR, 
+                     _("Mode number %d does not (any longer) exist in this version"),
+             (*header)->mode);
Home | Main Index | Thread Index | Old Index