pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio PKGREVISION++
details: https://anonhg.NetBSD.org/pkgsrc/rev/9f6a5229f2b4
branches: trunk
changeset: 480380:9f6a5229f2b4
user: salo <salo%pkgsrc.org@localhost>
date: Tue Sep 07 22:14:09 2004 +0000
description:
PKGREVISION++
- fix a buffer overflow:
"A malicious formatted mp3/2 causes mpg123 to fail header checks,
this may allow arbitrary code to be executed with the privilege
of the user trying to play the mp3."
- patch from Debian but retain code style.
diffstat:
audio/mpg123-esound/Makefile | 4 ++--
audio/mpg123-nas/Makefile | 4 ++--
audio/mpg123/Makefile | 4 ++--
audio/mpg123/distinfo | 3 ++-
audio/mpg123/patches/patch-ar | 19 +++++++++++++++++++
5 files changed, 27 insertions(+), 7 deletions(-)
diffs (76 lines):
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123-esound/Makefile
--- a/audio/mpg123-esound/Makefile Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123-esound/Makefile Tue Sep 07 22:14:09 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2004/04/24 23:05:40 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2004/09/07 22:14:10 salo Exp $
PKGNAME= mpg123-esound-${MPG123_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio with EsounD
TARGET_SUFFIX= -esd
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123-nas/Makefile
--- a/audio/mpg123-nas/Makefile Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123-nas/Makefile Tue Sep 07 22:14:09 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2004/04/24 23:16:32 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2004/09/07 22:14:10 salo Exp $
PKGNAME= mpg123${TARGET_SUFFIX}-${MPG123_VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio with NAS output
TARGET_SUFFIX= -nas
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123/Makefile
--- a/audio/mpg123/Makefile Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123/Makefile Tue Sep 07 22:14:09 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $
+# $NetBSD: Makefile,v 1.36 2004/09/07 22:14:09 salo Exp $
PKGNAME= mpg123-${MPG123_VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio
CONFLICTS+= mpg123-nas-[0-9]*
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo Tue Sep 07 21:41:17 2004 +0000
+++ b/audio/mpg123/distinfo Tue Sep 07 22:14:09 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2004/03/17 04:49:48 danw Exp $
+$NetBSD: distinfo,v 1.18 2004/09/07 22:14:09 salo Exp $
SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -21,3 +21,4 @@
SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
+SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4
diff -r d8cda88af9ad -r 9f6a5229f2b4 audio/mpg123/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-ar Tue Sep 07 22:14:09 2004 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $
+
+CVE: CAN-2004-0805
+
+--- layer2.c.orig 1999-02-10 13:13:06.000000000 +0100
++++ layer2.c 2004-09-08 00:00:06.000000000 +0200
+@@ -265,6 +265,12 @@
+ fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
+ (fr->mode_ext<<2)+4 : fr->II_sblimit;
+
++ if (fr->jsbound > fr->II_sblimit)
++ {
++ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
++ fr->jsbound=fr->II_sblimit;
++ }
++
+ if(stereo == 1 || single == 3)
+ single = 0;
+
Home |
Main Index |
Thread Index |
Old Index