pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/lame Add patch to check against invalid input sa...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4b9375352f77
branches: trunk
changeset: 372361:4b9375352f77
user: he <he%pkgsrc.org@localhost>
date: Mon Dec 04 08:20:37 2017 +0000
description:
Add patch to check against invalid input sample rate.
Should fix CVE-2015-9099. Ref.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
Bump PKGREVISION.
diffstat:
audio/lame/Makefile | 3 ++-
audio/lame/distinfo | 7 ++++---
audio/lame/patches/patch-ab | 4 +++-
audio/lame/patches/patch-ad | 4 +++-
audio/lame/patches/patch-libmp3lame_lame.c | 21 +++++++++++++++++++++
5 files changed, 33 insertions(+), 6 deletions(-)
diffs (77 lines):
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/Makefile
--- a/audio/lame/Makefile Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/Makefile Mon Dec 04 08:20:37 2017 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2017/10/21 22:51:00 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2017/12/04 08:20:37 he Exp $
DISTNAME= lame-3.100
CATEGORIES= audio
+PKGREVISION= 1
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=lame/}
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/distinfo
--- a/audio/lame/distinfo Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/distinfo Mon Dec 04 08:20:37 2017 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.30 2017/10/22 09:30:41 tron Exp $
+$NetBSD: distinfo,v 1.31 2017/12/04 08:20:37 he Exp $
SHA1 (lame-3.100.tar.gz) = 64c53b1a4d493237cef5e74944912cd9f98e618d
RMD160 (lame-3.100.tar.gz) = e467c1f9458ca6878cd46e89fffce8970b9ea936
SHA512 (lame-3.100.tar.gz) = 0844b9eadb4aacf8000444621451277de365041cc1d97b7f7a589da0b7a23899310afd4e4d81114b9912aa97832621d20588034715573d417b2923948c08634b
Size (lame-3.100.tar.gz) = 1524133 bytes
-SHA1 (patch-ab) = ee5b570e8800aefdaffe94a6ed072fa7b62fba6b
-SHA1 (patch-ad) = fa14817f765a61f046a96a1b556e2c8203fc27ad
+SHA1 (patch-ab) = ef244006f1b172a0027de65a95fa11f5bce62da8
+SHA1 (patch-ad) = 9783edc46232eeb14f1174606963cdd3a2c601fc
SHA1 (patch-include_libmp3lame.sym) = 2278fa631fb8ce05864d3ef09a45c0b3d73ab065
+SHA1 (patch-libmp3lame_lame.c) = ed64ba64c857dc6acb008105546699c95ac125b5
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/patches/patch-ab
--- a/audio/lame/patches/patch-ab Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/patches/patch-ab Mon Dec 04 08:20:37 2017 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-ab,v 1.11 2017/10/21 22:51:00 wiz Exp $
+$NetBSD: patch-ab,v 1.12 2017/12/04 08:20:37 he Exp $
+
+Change where html doc files are installed.
--- doc/html/Makefile.in.orig 2017-10-13 20:21:58.000000000 +0000
+++ doc/html/Makefile.in
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/patches/patch-ad
--- a/audio/lame/patches/patch-ad Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/patches/patch-ad Mon Dec 04 08:20:37 2017 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-ad,v 1.4 2013/10/10 10:49:30 roy Exp $
+$NetBSD: patch-ad,v 1.5 2017/12/04 08:20:37 he Exp $
+
+Add <float.h> include.
--- libmp3lame/machine.h.orig 2012-02-07 14:04:51.000000000 +0000
+++ libmp3lame/machine.h
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/patches/patch-libmp3lame_lame.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/lame/patches/patch-libmp3lame_lame.c Mon Dec 04 08:20:37 2017 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-libmp3lame_lame.c,v 1.3 2017/12/04 08:20:37 he Exp $
+
+Add patch to check against invalid input sample rate.
+Should fix CVE-2015-9099. Ref.
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
+
+--- libmp3lame/lame.c.orig 2017-10-10 19:08:39.000000000 +0000
++++ libmp3lame/lame.c
+@@ -801,6 +801,12 @@ lame_init_params(lame_global_flags * gfp
+ gfp->samplerate_out * 16 * cfg->channels_out / (1.e3 * gfp->VBR_mean_bitrate_kbps);
+ }
+
++ if (gfp->samplerate_in < 0) {
++ freegfc(gfc);
++ gfp->internal_flags = NULL;
++ return -1;
++ }
++
+ cfg->disable_reservoir = gfp->disable_reservoir;
+ cfg->lowpassfreq = gfp->lowpassfreq;
+ cfg->highpassfreq = gfp->highpassfreq;
Home |
Main Index |
Thread Index |
Old Index