[pkgsrc/pkgsrc-2009Q3]: pkgsrc/audio/libvorbis Pullup ticket #2943 - requeste...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/db6ad68e07f4
branches:  pkgsrc-2009Q3
changeset: 399993:db6ad68e07f4
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Dec 03 10:16:10 2009 +0000

description:
Pullup ticket #2943 - requested by wiz
libvorbis: security patch

Revisions pulled up:
- audio/libvorbis/Makefile                      1.49
- audio/libvorbis/distinfo                      1.18
- audio/libvorbis/patches/patch-aa              1.5
- audio/libvorbis/patches/patch-ab              1.5
---
Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed Dec  2 12:41:25 UTC 2009

Modified Files:
        pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
        pkgsrc/audio/libvorbis/patches: patch-aa patch-ab

Log Message:
Apply some possible security fixes from upstream SVN.
Glanced from links in mozilla advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
and Fedora Core patches for 1.2.0.

Bump PKGREVISION.

diffstat:

 audio/libvorbis/Makefile         |   3 ++-
 audio/libvorbis/distinfo         |   4 +++-
 audio/libvorbis/patches/patch-aa |  14 ++++++++++++++
 audio/libvorbis/patches/patch-ab |  15 +++++++++++++++
 4 files changed, 34 insertions(+), 2 deletions(-)

diffs (61 lines):

diff -r 070ddfab9cfe -r db6ad68e07f4 audio/libvorbis/Makefile
--- a/audio/libvorbis/Makefile  Thu Dec 03 10:07:48 2009 +0000
+++ b/audio/libvorbis/Makefile  Thu Dec 03 10:16:10 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2009/07/17 20:28:21 wiz Exp $
+# $NetBSD: Makefile,v 1.48.2.1 2009/12/03 10:16:10 tron Exp $
 
 DISTNAME=      libvorbis-1.2.3
+PKGREVISION=   1
 CATEGORIES=    devel audio
 MASTER_SITES=  http://downloads.xiph.org/releases/vorbis/
 
diff -r 070ddfab9cfe -r db6ad68e07f4 audio/libvorbis/distinfo
--- a/audio/libvorbis/distinfo  Thu Dec 03 10:07:48 2009 +0000
+++ b/audio/libvorbis/distinfo  Thu Dec 03 10:16:10 2009 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.17 2009/07/17 20:28:21 wiz Exp $
+$NetBSD: distinfo,v 1.17.2.1 2009/12/03 10:16:10 tron Exp $
 
 SHA1 (libvorbis-1.2.3.tar.gz) = a93251aa5e4f142db4fa6433de80797f80960fac
 RMD160 (libvorbis-1.2.3.tar.gz) = e80ad7de3c2599e0d88994876407ac8fe3c9a0e7
 Size (libvorbis-1.2.3.tar.gz) = 1474492 bytes
+SHA1 (patch-aa) = bd1534e2f680d5621a7909fd0b197d9d8c52b91d
+SHA1 (patch-ab) = b253546a863893e96569d8afb5e626ffe5f226dc
diff -r 070ddfab9cfe -r db6ad68e07f4 audio/libvorbis/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libvorbis/patches/patch-aa  Thu Dec 03 10:16:10 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aa,v 1.5.2.2 2009/12/03 10:16:10 tron Exp $
+
+SVN r16957
+
+--- lib/codebook.c.orig        2009-07-09 09:12:08.000000000 +0000
++++ lib/codebook.c
+@@ -198,6 +198,7 @@ int vorbis_staticbook_unpack(oggpack_buf
+       for(i=0;i<s->entries;){
+         long num=oggpack_read(opb,_ilog(s->entries-i));
+         if(num==-1)goto _eofout;
++      if(length>32)goto _errout;
+         for(j=0;j<num && i<s->entries;j++,i++)
+           s->lengthlist[i]=length;
+         length++;
diff -r 070ddfab9cfe -r db6ad68e07f4 audio/libvorbis/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libvorbis/patches/patch-ab  Thu Dec 03 10:16:10 2009 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.5.2.2 2009/12/03 10:16:10 tron Exp $
+
+SVN 16326.
+
+--- lib/backends.h.orig        2009-07-09 09:12:08.000000000 +0000
++++ lib/backends.h
+@@ -111,7 +111,7 @@ typedef struct vorbis_info_residue0{
+   int    partitions;       /* possible codebooks for a partition */
+   int    groupbook;        /* huffbook for partitioning */
+   int    secondstages[64]; /* expanded out to pointers in lookup */
+-  int    booklist[256];    /* list of second stage books */
++  int    booklist[512];    /* list of second stage books */
+ 
+   const float classmetric1[64];
+   const float classmetric2[64];