[pkgsrc/pkgsrc-2008Q2]: pkgsrc/audio/faad2 Pullup ticket #2533 - tonnerre

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/79c3e0c70235
branches:  pkgsrc-2008Q2
changeset: 544329:79c3e0c70235
user:      tron <tron%pkgsrc.org@localhost>
date:      Fri Sep 26 14:42:13 2008 +0000

description:
Pullup ticket #2533 - tonnerre
faad2: security patch

Revisions pulled up:
- audio/faad2/Makefile          1.41
- audio/faad2/distinfo          1.17
- audio/faad2/patches/patch-at  1.2
---
Module Name:    pkgsrc
Committed By:   tonnerre
Date:           Wed Sep 24 22:25:14 UTC 2008

Modified Files:
        pkgsrc/audio/faad2: Makefile distinfo
        pkgsrc/audio/faad2/patches: patch-at

Log Message:
Fix for faad2 decodeMP4file() heap overflow. If the sample count looks
insane, it may as well be insane. Also bump PKGREVISION.

diffstat:

 audio/faad2/Makefile         |   3 ++-
 audio/faad2/distinfo         |   4 ++--
 audio/faad2/patches/patch-at |  15 ++++++++++++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diffs (53 lines):

diff -r 147ab5b754fe -r 79c3e0c70235 audio/faad2/Makefile
--- a/audio/faad2/Makefile      Tue Sep 23 11:19:53 2008 +0000
+++ b/audio/faad2/Makefile      Fri Sep 26 14:42:13 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.40 2007/12/09 10:55:30 drochner Exp $
+# $NetBSD: Makefile,v 1.40.8.1 2008/09/26 14:42:13 tron Exp $
 
 DISTNAME=      faad2-2.6.1
 CATEGORIES=    audio
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=faac/}
+PKGREVISION=   1
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://www.audiocoding.com/
diff -r 147ab5b754fe -r 79c3e0c70235 audio/faad2/distinfo
--- a/audio/faad2/distinfo      Tue Sep 23 11:19:53 2008 +0000
+++ b/audio/faad2/distinfo      Fri Sep 26 14:42:13 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2007/12/29 19:56:04 joerg Exp $
+$NetBSD: distinfo,v 1.16.8.1 2008/09/26 14:42:13 tron Exp $
 
 SHA1 (faad2-2.6.1.tar.gz) = b4ad33d3c4dfa6dbf3011a3da34c631926cabfad
 RMD160 (faad2-2.6.1.tar.gz) = ad559933dad6a65576a9947819190f04cb3b1c16
@@ -12,4 +12,4 @@
 SHA1 (patch-ak) = d8f47b6f738d885c5e512f9f5508290a0b146bbe
 SHA1 (patch-ar) = 0aa479669b1e2417f9a68adb0ac79ae9c6d5dfe8
 SHA1 (patch-as) = 1626b7a4e696862c365740c6b29f786662c9d845
-SHA1 (patch-at) = 4e28b2150f7383674450e25db472ccb566e61cc0
+SHA1 (patch-at) = 52839407569f452bfecccd7f531fbcac0fb519ad
diff -r 147ab5b754fe -r 79c3e0c70235 audio/faad2/patches/patch-at
--- a/audio/faad2/patches/patch-at      Tue Sep 23 11:19:53 2008 +0000
+++ b/audio/faad2/patches/patch-at      Fri Sep 26 14:42:13 2008 +0000
@@ -1,8 +1,17 @@
-$NetBSD: patch-at,v 1.1 2007/12/09 10:55:37 drochner Exp $
+$NetBSD: patch-at,v 1.1.8.1 2008/09/26 14:42:13 tron Exp $
 
---- frontend/main.c.orig       2007-12-08 17:49:45.000000000 +0100
+--- frontend/main.c.orig       2007-11-01 13:33:29.000000000 +0100
 +++ frontend/main.c
-@@ -1189,11 +1189,13 @@ int main(int argc, char *argv[])
+@@ -914,6 +914,8 @@ int decodeMP4file(char *mp4file, char *s
+                 sample_count = frameInfo.samples;
+             } else {
+                 sample_count = (unsigned int)(dur * frameInfo.channels);
++              if (sample_count > frameInfo.samples)
++                      sample_count = frameInfo.samples;
+ 
+                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+                 {
+@@ -1189,11 +1191,13 @@ int main(int argc, char *argv[])
          return 1;
      }