[pkgsrc/pkgsrc-2019Q2]: pkgsrc/audio/mpg123 Pullup ticket #6014 - requested b...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2019Q2]: pkgsrc/audio/mpg123 Pullup ticket #6014 - requested b...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 12:48:41 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4a7c9f71002e
branches:  pkgsrc-2019Q2
changeset: 408177:4a7c9f71002e
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Fri Aug 09 13:11:04 2019 +0000

description:
Pullup ticket #6014 - requested by nia
audio/mpg123: security fix

Revisions pulled up:
- audio/mpg123/Makefile                                         1.58
- audio/mpg123/Makefile.common                                  1.49
- audio/mpg123/distinfo                                         1.49

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Sat Jul 27 15:14:40 UTC 2019

   Modified Files:
        pkgsrc/audio/mpg123: Makefile Makefile.common distinfo

   Log Message:
   mpg123: Update to 1.25.11

   libmpg123:
   * Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
   * Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852)
   * Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)
   * Fix undefined parsing of APE header for skipping. Also prevent endless loop on premature end of supposed APE header. (oss-fuzz-bug 15864)
   * Fix some syntax to make pedantic compiler happy.

   The serious bugs trigger Denial of Service either via the nasty endless
   loop in supposed APE tags or by crashes if the invalid reads hit a
   diagnostic by the OS or, more likely, a security mechanism like the
   sanitizer instrumentation that enabled finding the bugs.

   I do not have CVE numbers for these bugs.
   I rather fix the bugs than name them. Just update, will you?

diffstat:

 audio/mpg123/Makefile        |   3 +--
 audio/mpg123/Makefile.common |   6 +++---
 audio/mpg123/distinfo        |  10 +++++-----
 3 files changed, 9 insertions(+), 10 deletions(-)

diffs (56 lines):

diff -r 8f652b01cd9a -r 4a7c9f71002e audio/mpg123/Makefile
--- a/audio/mpg123/Makefile     Fri Aug 09 13:09:32 2019 +0000
+++ b/audio/mpg123/Makefile     Fri Aug 09 13:11:04 2019 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.57 2018/07/14 17:12:56 tsutsui Exp $
+# $NetBSD: Makefile,v 1.57.8.1 2019/08/09 13:11:04 bsiegert Exp $
 
 PKGNAME=       ${DISTNAME:C/[^[:alnum:]]*//}
-PKGREVISION=   2
 COMMENT=       MPEG layer 1, 2, and 3 audio player
 
 PKGCONFIG_OVERRIDE+=   libmpg123.pc.in
diff -r 8f652b01cd9a -r 4a7c9f71002e audio/mpg123/Makefile.common
--- a/audio/mpg123/Makefile.common      Fri Aug 09 13:09:32 2019 +0000
+++ b/audio/mpg123/Makefile.common      Fri Aug 09 13:11:04 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.48 2018/04/13 08:20:06 adam Exp $
+# $NetBSD: Makefile.common,v 1.48.10.1 2019/08/09 13:11:04 bsiegert Exp $
 #
 # used by audio/mpg123-arts/Makefile
 # used by audio/mpg123-esound/Makefile
@@ -7,14 +7,14 @@
 # used by audio/mpg123-pulse/Makefile
 # used by audio/mpg123-sun/Makefile
 
-DISTNAME=      mpg123-1.25.10
+DISTNAME=      mpg123-1.25.11
 PKGNAME?=      ${DISTNAME:C/[[:alnum:]]*/&-${MPG123_MODULE}/}
 CATEGORIES=    audio
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=mpg123/}
 EXTRACT_SUFX=  .tar.bz2
 
 MAINTAINER=    martin%NetBSD.org@localhost
-HOMEPAGE=      http://www.mpg123.org/
+HOMEPAGE=      https://www.mpg123.org/
 COMMENT?=      Contains the ${MPG123_MODULE} module for mpg123
 LICENSE=       gnu-lgpl-v2.1
 
diff -r 8f652b01cd9a -r 4a7c9f71002e audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Fri Aug 09 13:09:32 2019 +0000
+++ b/audio/mpg123/distinfo     Fri Aug 09 13:11:04 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.48 2018/04/13 08:20:06 adam Exp $
+$NetBSD: distinfo,v 1.48.10.1 2019/08/09 13:11:04 bsiegert Exp $
 
-SHA1 (mpg123-1.25.10.tar.bz2) = 604784ddbcfe282bffdc595d1d45c677c7cf381f
-RMD160 (mpg123-1.25.10.tar.bz2) = c22ec77cf8c69925d36546f3bc971edc713c197c
-SHA512 (mpg123-1.25.10.tar.bz2) = a33666ae4aca7e7c1a93a6414d8c525ec19044c54f712d578180147d88e63033f7af2370b9ad22960cc3a0b454f15967b7a831cccc97e034c8855f70cdf1ab09
-Size (mpg123-1.25.10.tar.bz2) = 921219 bytes
+SHA1 (mpg123-1.25.11.tar.bz2) = 25f3e8f8599d3ffc480858799ea6f8620f48543d
+RMD160 (mpg123-1.25.11.tar.bz2) = b41bf43a4773b07286c5622df53f8f15610eb9e6
+SHA512 (mpg123-1.25.11.tar.bz2) = 986338d0f4829ec9e40990cb384746c7abfa80d3b3d5656b6dda73d03e2441c1f28ffbe7f3f82b0008a1c4ebcfa07aeffb493e95f13f7d04cbc818a09f1008ed
+Size (mpg123-1.25.11.tar.bz2) = 909478 bytes
 SHA1 (patch-Makefile.in) = e1b529e9468994e25c2567df7e64a2905b0cf529
 SHA1 (patch-aa) = 4b2761219dd8fb92079d7f96872e56beb702696a
 SHA1 (patch-ad) = f07b637c3fc1d3ea0426013fc25bca8e3aecba56

Prev by Date: [pkgsrc/pkgsrc-2019Q2]: pkgsrc/devel/subversion Pullup ticket #6013 - request...
Next by Date: [pkgsrc/pkgsrc-2019Q2]: pkgsrc/mail/exim Pullup ticket #6016 - requested by abs
Previous by Thread: [pkgsrc/pkgsrc-2019Q2]: pkgsrc/devel/subversion Pullup ticket #6013 - request...
Next by Thread: [pkgsrc/pkgsrc-2019Q2]: pkgsrc/mail/exim Pullup ticket #6016 - requested by abs
Indexes:

Home | Main Index | Thread Index | Old Index