[pkgsrc/trunk]: pkgsrc/audio/libvorbis libvorbis: update to 1.3.6. security fix.

[maya <maya%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/da2c0a65c4ad
branches:  trunk
changeset: 377406:da2c0a65c4ad
user:      maya <maya%pkgsrc.org@localhost>
date:      Fri Mar 16 20:23:53 2018 +0000

description:
libvorbis: update to 1.3.6. security fix.

libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

diffstat:

 audio/libvorbis/Makefile |   4 ++--
 audio/libvorbis/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 07ee96b48ed4 -r da2c0a65c4ad audio/libvorbis/Makefile
--- a/audio/libvorbis/Makefile  Fri Mar 16 16:19:14 2018 +0000
+++ b/audio/libvorbis/Makefile  Fri Mar 16 20:23:53 2018 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.59 2017/08/16 20:21:03 wiz Exp $
+# $NetBSD: Makefile,v 1.60 2018/03/16 20:23:53 maya Exp $
 
-DISTNAME=      libvorbis-1.3.5
+DISTNAME=      libvorbis-1.3.6
 CATEGORIES=    devel audio
 MASTER_SITES=  http://downloads.xiph.org/releases/vorbis/
 EXTRACT_SUFX=  .tar.xz
diff -r 07ee96b48ed4 -r da2c0a65c4ad audio/libvorbis/distinfo
--- a/audio/libvorbis/distinfo  Fri Mar 16 16:19:14 2018 +0000
+++ b/audio/libvorbis/distinfo  Fri Mar 16 20:23:53 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.25 2015/11/03 01:12:39 agc Exp $
+$NetBSD: distinfo,v 1.26 2018/03/16 20:23:53 maya Exp $
 
-SHA1 (libvorbis-1.3.5.tar.xz) = 7b4cdd4a73fadfed457ae40984cb0cc91146b300
-RMD160 (libvorbis-1.3.5.tar.xz) = 9d63b156e222fe865a6a4869bdf237d9523ce623
-SHA512 (libvorbis-1.3.5.tar.xz) = f18f32edc43f65fea2dd4133e2828a0ced9e5b0797c4569bd26989fc1409ad599359e7c796bffc082ad36189f9722c7b38837384cea66d217beac8b425299ef8
-Size (libvorbis-1.3.5.tar.xz) = 1193144 bytes
+SHA1 (libvorbis-1.3.6.tar.xz) = 237e3d1c66452734fd9b32f494f44238b4f0185e
+RMD160 (libvorbis-1.3.6.tar.xz) = 80213c5a1506438a342588ae58097a1590b6657c
+SHA512 (libvorbis-1.3.6.tar.xz) = a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132
+Size (libvorbis-1.3.6.tar.xz) = 1195388 bytes