pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/libsndfile Fix for CVE-2017-8365, ref.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2fe366e406c6
branches:  trunk
changeset: 362564:2fe366e406c6
user:      he <he%pkgsrc.org@localhost>
date:      Wed May 17 21:51:46 2017 +0000

description:
Fix for CVE-2017-8365, ref.
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
Bump PKGREVISION.

diffstat:

 audio/libsndfile/Makefile                    |   3 ++-
 audio/libsndfile/distinfo                    |   5 ++++-
 audio/libsndfile/patches/patch-src_common.h  |  15 +++++++++++++++
 audio/libsndfile/patches/patch-src_flac.c    |  27 +++++++++++++++++++++++++++
 audio/libsndfile/patches/patch-src_sndfile.c |  15 +++++++++++++++
 5 files changed, 63 insertions(+), 2 deletions(-)

diffs (95 lines):

diff -r 44c20b7d997d -r 2fe366e406c6 audio/libsndfile/Makefile
--- a/audio/libsndfile/Makefile Wed May 17 17:01:37 2017 +0000
+++ b/audio/libsndfile/Makefile Wed May 17 21:51:46 2017 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.73 2017/04/26 22:35:01 maya Exp $
+# $NetBSD: Makefile,v 1.74 2017/05/17 21:51:46 he Exp $
 
 DISTNAME=      libsndfile-1.0.28
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://www.mega-nerd.com/libsndfile/files/
 
diff -r 44c20b7d997d -r 2fe366e406c6 audio/libsndfile/distinfo
--- a/audio/libsndfile/distinfo Wed May 17 17:01:37 2017 +0000
+++ b/audio/libsndfile/distinfo Wed May 17 21:51:46 2017 +0000
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.40 2017/04/19 13:32:12 wiz Exp $
+$NetBSD: distinfo,v 1.41 2017/05/17 21:51:46 he Exp $
 
 SHA1 (libsndfile-1.0.28.tar.gz) = 85aa967e19f6b9bf975601d79669025e5f8bc77d
 RMD160 (libsndfile-1.0.28.tar.gz) = f8803966802afe2b5a35cda28c2f764d91c48f37
 SHA512 (libsndfile-1.0.28.tar.gz) = 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f
 Size (libsndfile-1.0.28.tar.gz) = 1202833 bytes
+SHA1 (patch-src_common.h) = ed366417009008f816d688cd33809f680cf2f674
+SHA1 (patch-src_flac.c) = d31a3532ed71a2a490c14b5cd90928089d2ab093
+SHA1 (patch-src_sndfile.c) = 34b27502839b8ef271ced8ba562b7281c68ff4da
diff -r 44c20b7d997d -r 2fe366e406c6 audio/libsndfile/patches/patch-src_common.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-src_common.h       Wed May 17 21:51:46 2017 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_common.h,v 1.1 2017/05/17 21:51:46 he Exp $
+
+Fix for CVE-2017-8365, ref.
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+--- src/common.h.orig  2017-04-01 09:40:45.000000000 +0000
++++ src/common.h
+@@ -725,6 +725,7 @@ enum
+       SFE_FLAC_INIT_DECODER,
+       SFE_FLAC_LOST_SYNC,
+       SFE_FLAC_BAD_SAMPLE_RATE,
++      SFE_FLAC_CHANNEL_COUNT_CHANGED,
+       SFE_FLAC_UNKOWN_ERROR,
+ 
+       SFE_WVE_NOT_WVE,
diff -r 44c20b7d997d -r 2fe366e406c6 audio/libsndfile/patches/patch-src_flac.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-src_flac.c Wed May 17 21:51:46 2017 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-src_flac.c,v 1.1 2017/05/17 21:51:46 he Exp $
+
+Fix for CVE-2017-8365, ref.
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+--- src/flac.c.orig    2017-04-02 08:13:30.000000000 +0000
++++ src/flac.c
+@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea
+ 
+       switch (metadata->type)
+       {       case FLAC__METADATA_TYPE_STREAMINFO :
++                      if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++                      {       psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++                                                  "Nothing to be but to error out.\n" ,
++                                                  psf->sf.channels, metadata->data.stream_info.channels) ;
++                              psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++                              return ;
++                              } ;
++
++                      if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++                      {       psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++                                                  "Carrying on as if nothing happened.",
++                                                  psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++                              } ;
+                       psf->sf.channels = metadata->data.stream_info.channels ;
+                       psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+                       psf->sf.frames = metadata->data.stream_info.total_samples ;
diff -r 44c20b7d997d -r 2fe366e406c6 audio/libsndfile/patches/patch-src_sndfile.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-src_sndfile.c      Wed May 17 21:51:46 2017 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_sndfile.c,v 1.1 2017/05/17 21:51:46 he Exp $
+
+Fix for CVE-2017-8365, ref.
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+--- src/sndfile.c.orig 2017-04-02 06:33:16.000000000 +0000
++++ src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+       {       SFE_FLAC_INIT_DECODER   , "Error : problem with initialization of the flac decoder." },
+       {       SFE_FLAC_LOST_SYNC              , "Error : flac decoder lost sync." },
+       {       SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++      {       SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+       {       SFE_FLAC_UNKOWN_ERROR   , "Error : unknown error in flac decoder." },
+ 
+       {       SFE_WVE_NOT_WVE                 , "Error : not a WVE file." },



Home | Main Index | Thread Index | Old Index