pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/lame Add patch to check against invalid input sa...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4b9375352f77
branches:  trunk
changeset: 372361:4b9375352f77
user:      he <he%pkgsrc.org@localhost>
date:      Mon Dec 04 08:20:37 2017 +0000

description:
Add patch to check against invalid input sample rate.
Should fix CVE-2015-9099.  Ref.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
Bump PKGREVISION.

diffstat:

 audio/lame/Makefile                        |   3 ++-
 audio/lame/distinfo                        |   7 ++++---
 audio/lame/patches/patch-ab                |   4 +++-
 audio/lame/patches/patch-ad                |   4 +++-
 audio/lame/patches/patch-libmp3lame_lame.c |  21 +++++++++++++++++++++
 5 files changed, 33 insertions(+), 6 deletions(-)

diffs (77 lines):

diff -r 04d6254068ae -r 4b9375352f77 audio/lame/Makefile
--- a/audio/lame/Makefile       Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/Makefile       Mon Dec 04 08:20:37 2017 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2017/10/21 22:51:00 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2017/12/04 08:20:37 he Exp $
 
 DISTNAME=      lame-3.100
 CATEGORIES=    audio
+PKGREVISION=   1
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=lame/}
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/distinfo
--- a/audio/lame/distinfo       Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/distinfo       Mon Dec 04 08:20:37 2017 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.30 2017/10/22 09:30:41 tron Exp $
+$NetBSD: distinfo,v 1.31 2017/12/04 08:20:37 he Exp $
 
 SHA1 (lame-3.100.tar.gz) = 64c53b1a4d493237cef5e74944912cd9f98e618d
 RMD160 (lame-3.100.tar.gz) = e467c1f9458ca6878cd46e89fffce8970b9ea936
 SHA512 (lame-3.100.tar.gz) = 0844b9eadb4aacf8000444621451277de365041cc1d97b7f7a589da0b7a23899310afd4e4d81114b9912aa97832621d20588034715573d417b2923948c08634b
 Size (lame-3.100.tar.gz) = 1524133 bytes
-SHA1 (patch-ab) = ee5b570e8800aefdaffe94a6ed072fa7b62fba6b
-SHA1 (patch-ad) = fa14817f765a61f046a96a1b556e2c8203fc27ad
+SHA1 (patch-ab) = ef244006f1b172a0027de65a95fa11f5bce62da8
+SHA1 (patch-ad) = 9783edc46232eeb14f1174606963cdd3a2c601fc
 SHA1 (patch-include_libmp3lame.sym) = 2278fa631fb8ce05864d3ef09a45c0b3d73ab065
+SHA1 (patch-libmp3lame_lame.c) = ed64ba64c857dc6acb008105546699c95ac125b5
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/patches/patch-ab
--- a/audio/lame/patches/patch-ab       Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/patches/patch-ab       Mon Dec 04 08:20:37 2017 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-ab,v 1.11 2017/10/21 22:51:00 wiz Exp $
+$NetBSD: patch-ab,v 1.12 2017/12/04 08:20:37 he Exp $
+
+Change where html doc files are installed.
 
 --- doc/html/Makefile.in.orig  2017-10-13 20:21:58.000000000 +0000
 +++ doc/html/Makefile.in
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/patches/patch-ad
--- a/audio/lame/patches/patch-ad       Mon Dec 04 07:40:48 2017 +0000
+++ b/audio/lame/patches/patch-ad       Mon Dec 04 08:20:37 2017 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-ad,v 1.4 2013/10/10 10:49:30 roy Exp $
+$NetBSD: patch-ad,v 1.5 2017/12/04 08:20:37 he Exp $
+
+Add <float.h> include.
 
 --- libmp3lame/machine.h.orig  2012-02-07 14:04:51.000000000 +0000
 +++ libmp3lame/machine.h
diff -r 04d6254068ae -r 4b9375352f77 audio/lame/patches/patch-libmp3lame_lame.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/lame/patches/patch-libmp3lame_lame.c        Mon Dec 04 08:20:37 2017 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-libmp3lame_lame.c,v 1.3 2017/12/04 08:20:37 he Exp $
+
+Add patch to check against invalid input sample rate.
+Should fix CVE-2015-9099.  Ref.
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
+
+--- libmp3lame/lame.c.orig     2017-10-10 19:08:39.000000000 +0000
++++ libmp3lame/lame.c
+@@ -801,6 +801,12 @@ lame_init_params(lame_global_flags * gfp
+             gfp->samplerate_out * 16 * cfg->channels_out / (1.e3 * gfp->VBR_mean_bitrate_kbps);
+     }
+ 
++    if (gfp->samplerate_in < 0) {
++      freegfc(gfc);
++      gfp->internal_flags = NULL;
++      return -1;
++    }
++
+     cfg->disable_reservoir = gfp->disable_reservoir;
+     cfg->lowpassfreq = gfp->lowpassfreq;
+     cfg->highpassfreq = gfp->highpassfreq;



Home | Main Index | Thread Index | Old Index