pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2009Q1]: pkgsrc/audio/libsndfile Pullup ticket 2790 - requeste...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/33bb35caec94
branches:  pkgsrc-2009Q1
changeset: 556858:33bb35caec94
user:      spz <spz%pkgsrc.org@localhost>
date:      Mon Jun 08 21:05:22 2009 +0000

description:
Pullup ticket 2790 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/audio/libsndfile/Makefile              1.52
- pkgsrc/audio/libsndfile/distinfo              1.29
- pkgsrc/audio/libsndfile/options.mk            1.7

Files added:
pkgsrc/audio/libsndfile/patches/patch-aa        1.15
pkgsrc/audio/libsndfile/patches/patch-ab        1.9
pkgsrc/audio/libsndfile/patches/patch-ac        1.11
pkgsrc/audio/libsndfile/patches/patch-ad        1.12
pkgsrc/audio/libsndfile/patches/patch-ae        1.7
pkgsrc/audio/libsndfile/patches/patch-af        1.7

   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sat May  2 17:24:15 UTC 2009

   Modified Files:
        pkgsrc/audio/libsndfile: options.mk

   Log Message:
   Add octave option, based on PR 41307 by Rumko.


   To generate a diff of this commit:
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/audio/libsndfile/options.mk

---------------------------------------------------------------------

   Module Name: pkgsrc
   Committed By:        adam
   Date:                Thu May 14 12:58:27 UTC 2009

   Modified Files:
        pkgsrc/audio/libsndfile: Makefile distinfo options.mk

   Log Message:
   Changes 1.0.20:
   * Fix potential heap overflow in VOC file parser.


   To generate a diff of this commit:
   cvs rdiff -u -r1.50 -r1.51 pkgsrc/audio/libsndfile/Makefile
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/audio/libsndfile/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/audio/libsndfile/options.mk

---------------------------------------------------------------------

   Module Name: pkgsrc
   Committed By:        tron
   Date:                Mon Jun  8 09:30:17 UTC 2009

   Modified Files:
        pkgsrc/audio/libsndfile: Makefile distinfo
   Added Files:
        pkgsrc/audio/libsndfile/patches: patch-aa patch-ab patch-ac patch-ad
            patch-ae patch-af

   Log Message:
   Add upstream patch (taken from Debian bug report) to fix crashes
   caused by bad audio files.


   To generate a diff of this commit:
   cvs rdiff -u -r1.51 -r1.52 pkgsrc/audio/libsndfile/Makefile
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/audio/libsndfile/distinfo
   cvs rdiff -u -r0 -r1.15 pkgsrc/audio/libsndfile/patches/patch-aa
   cvs rdiff -u -r0 -r1.9 pkgsrc/audio/libsndfile/patches/patch-ab
   cvs rdiff -u -r0 -r1.11 pkgsrc/audio/libsndfile/patches/patch-ac
   cvs rdiff -u -r0 -r1.12 pkgsrc/audio/libsndfile/patches/patch-ad
   cvs rdiff -u -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-ae \
       pkgsrc/audio/libsndfile/patches/patch-af

diffstat:

 audio/libsndfile/Makefile         |   7 ++--
 audio/libsndfile/distinfo         |  14 ++++++--
 audio/libsndfile/options.mk       |  11 ++++++-
 audio/libsndfile/patches/patch-aa |  17 +++++++++++
 audio/libsndfile/patches/patch-ab |  17 +++++++++++
 audio/libsndfile/patches/patch-ac |  29 ++++++++++++++++++++
 audio/libsndfile/patches/patch-ad |  17 +++++++++++
 audio/libsndfile/patches/patch-ae |  56 +++++++++++++++++++++++++++++++++++++++
 audio/libsndfile/patches/patch-af |  17 +++++++++++
 9 files changed, 177 insertions(+), 8 deletions(-)

diffs (245 lines):

diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/Makefile
--- a/audio/libsndfile/Makefile Mon Jun 08 20:28:51 2009 +0000
+++ b/audio/libsndfile/Makefile Mon Jun 08 21:05:22 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2009/03/04 16:47:05 tnn Exp $
+# $NetBSD: Makefile,v 1.49.2.1 2009/06/08 21:05:22 spz Exp $
 
-DISTNAME=      libsndfile-1.0.19
+DISTNAME=      libsndfile-1.0.20
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://www.mega-nerd.com/libsndfile/
 
@@ -13,7 +14,7 @@
 
 USE_LANGUAGES=         c c++
 USE_LIBTOOL=           yes
-USE_TOOLS=             pkg-config
+USE_TOOLS+=            pkg-config
 PKGCONFIG_OVERRIDE=    sndfile.pc.in
 GNU_CONFIGURE=         yes
 
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/distinfo
--- a/audio/libsndfile/distinfo Mon Jun 08 20:28:51 2009 +0000
+++ b/audio/libsndfile/distinfo Mon Jun 08 21:05:22 2009 +0000
@@ -1,5 +1,11 @@
-$NetBSD: distinfo,v 1.27 2009/03/04 16:47:05 tnn Exp $
+$NetBSD: distinfo,v 1.27.2.1 2009/06/08 21:05:22 spz Exp $
 
-SHA1 (libsndfile-1.0.19.tar.gz) = 7cf8d3f032501642e36fecd8c899b09d3f7c986c
-RMD160 (libsndfile-1.0.19.tar.gz) = 027d53e55b6d01c78aba31ed239fd2f0d2f752b5
-Size (libsndfile-1.0.19.tar.gz) = 924368 bytes
+SHA1 (libsndfile-1.0.20.tar.gz) = d4f88b919c644f54dd4038c4cf4fb2e7b0d32f7b
+RMD160 (libsndfile-1.0.20.tar.gz) = 873802efaa3f1e3303167fe1b7302fe2ab4cbd59
+Size (libsndfile-1.0.20.tar.gz) = 927422 bytes
+SHA1 (patch-aa) = fe12f9e3f8621d11c57b079534259465bb70ff42
+SHA1 (patch-ab) = 28299ed8bebe27f5f8ebbf36a129458ef05d8cd0
+SHA1 (patch-ac) = bc3cb0c0334df3c1c40201eb032a980a1270108f
+SHA1 (patch-ad) = dcdc4aebfb1da508e590220c1c2da7e9bb02678a
+SHA1 (patch-ae) = 8b0c4ae7ba9559bf5bc3d12d59e049f93889d09e
+SHA1 (patch-af) = b4fd14515b944164af0ecbd2da4a8deed43be28b
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/options.mk
--- a/audio/libsndfile/options.mk       Mon Jun 08 20:28:51 2009 +0000
+++ b/audio/libsndfile/options.mk       Mon Jun 08 21:05:22 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: options.mk,v 1.5 2008/07/24 22:39:30 obache Exp $
+# $NetBSD: options.mk,v 1.5.8.1 2009/06/08 21:05:22 spz Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.libsndfile
+PKG_SUPPORTED_OPTIONS= octave
 PKG_OPTIONS_OPTIONAL_GROUPS=   output
 PKG_OPTIONS_GROUP.output=      oss sun
 
@@ -23,6 +24,14 @@
 
 .include "../../mk/bsd.options.mk"
 
+.if !empty(PKG_OPTIONS:Moctave)
+USE_LANGUAGES=         c c++ fortran
+USE_TOOLS+=            gmake
+.include "../../math/octave/buildlink3.mk"
+.else
+CONFIGURE_ARGS+=       --disable-octave
+.endif
+
 .if !empty(PKG_OPTIONS:Moss)
 .include "../../mk/oss.buildlink3.mk"
 OSS_DEFS=      -DDEV_DSP=\"${DEVOSSAUDIO:Q}\" -DUSE_OSS=1
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-aa Mon Jun 08 21:05:22 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-aa,v 1.15.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/alaw.c.orig    2009-03-22 19:17:13.000000000 +0000
++++ src/alaw.c 2009-06-08 10:03:02.000000000 +0100
+@@ -69,7 +69,7 @@
+       else
+               psf->datalength = 0 ;
+ 
+-      psf->sf.frames = psf->datalength / psf->blockwidth ;
++      psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+ 
+       return 0 ;
+ } /* alaw_init */
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ab Mon Jun 08 21:05:22 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ab,v 1.9.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/float32.c.orig 2009-03-25 02:59:47.000000000 +0000
++++ src/float32.c      2009-06-08 10:03:02.000000000 +0100
+@@ -241,7 +241,7 @@
+       else
+               psf->datalength = 0 ;
+ 
+-      psf->sf.frames = psf->datalength / psf->blockwidth ;
++      psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+ 
+       return 0 ;
+ } /* float32_init */
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ac Mon Jun 08 21:05:22 2009 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-ac,v 1.11.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/htk.c.orig     2009-03-22 19:17:14.000000000 +0000
++++ src/htk.c  2009-06-08 10:03:02.000000000 +0100
+@@ -195,10 +195,17 @@
+               return SFE_HTK_NOT_WAVEFORM ;
+ 
+       psf->sf.channels = 1 ;
+-      psf->sf.samplerate = 10000000 / sample_period ;
+ 
+-      psf_log_printf (psf, "HTK Waveform file\n  Sample Count  : %d\n  Sample Period : %d => %d Hz\n",
+-                              sample_count, sample_period, psf->sf.samplerate) ;
++      if (sample_period > 0)
++      {       psf->sf.samplerate = 10000000 / sample_period ;
++              psf_log_printf (psf, "HTK Waveform file\n  Sample Count  : %d\n  Sample Period : %d => %d Hz\n",
++                                      sample_count, sample_period, psf->sf.samplerate) ;
++              }
++      else
++      {       psf->sf.samplerate = 16000 ;
++              psf_log_printf (psf, "HTK Waveform file\n  Sample Count  : %d\n  Sample Period : %d (should be > 0) => Guessed sample rate %d Hz\n",
++                                      sample_count, sample_period, psf->sf.samplerate) ;
++              } ;
+ 
+       psf->sf.format = SF_FORMAT_HTK | SF_FORMAT_PCM_16 ;
+       psf->bytewidth = 2 ;
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ad Mon Jun 08 21:05:22 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.12.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/pcm.c.orig     2009-03-22 19:17:14.000000000 +0000
++++ src/pcm.c  2009-06-08 10:03:02.000000000 +0100
+@@ -271,7 +271,7 @@
+       else
+               psf->datalength = 0 ;
+ 
+-      psf->sf.frames = psf->datalength / psf->blockwidth ;
++      psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+ 
+       return 0 ;
+ } /* pcm_init */
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ae Mon Jun 08 21:05:22 2009 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-ae,v 1.7.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/sds.c.orig     2009-03-22 19:17:14.000000000 +0000
++++ src/sds.c  2009-06-08 10:03:02.000000000 +0100
+@@ -219,21 +219,40 @@
+       if (marker != 0xF07E || byte != 0x01)
+               return SFE_SDS_NOT_SDS ;
+ 
+-      psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel  : %d\n", channel) ;
++      bytesread += psf_binheader_readf (psf, "e2", &sample_no) ;
++      sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+ 
+-      bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ;
++      psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n"
++                                              " Midi Channel  : %d\n Sample Number : %d\n",
++                                              channel, sample_no) ;
++
++      bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ;
+ 
+-      sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+       samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ;
+ 
+       psds->bitwidth = bitwidth ;
+ 
+-      psf->sf.samplerate = 1000000000 / samp_period ;
++      if (psds->bitwidth > 1)
++              psf_log_printf (psf, " Bit Width     : %d\n", psds->bitwidth) ;
++      else
++      {       psf_log_printf (psf, " Bit Width     : %d (should be > 1)\n", psds->bitwidth) ;
++              return SFE_SDS_BAD_BIT_WIDTH ;
++              } ;
++
++      if (samp_period > 0)
++      {       psf->sf.samplerate = 1000000000 / samp_period ;
+ 
+-      psf_log_printf (psf,    " Sample Number : %d\n"
+-                                                      " Bit Width     : %d\n"
++              psf_log_printf (psf, " Sample Period : %d\n"
+                                                       " Sample Rate   : %d\n",
+-                      sample_no, psds->bitwidth, psf->sf.samplerate) ;
++                                                      samp_period, psf->sf.samplerate) ;
++              }
++      else
++      {       psf->sf.samplerate = 16000 ;
++
++              psf_log_printf (psf, " Sample Period : %d (should be > 0)\n"
++                                                      " Sample Rate   : %d (guessed)\n",
++                                                      samp_period, psf->sf.samplerate) ;
++              } ;
+ 
+       bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ;
+ 
diff -r b0aa869d531a -r 33bb35caec94 audio/libsndfile/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-af Mon Jun 08 21:05:22 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-af,v 1.7.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/ulaw.c.orig    2009-03-22 19:17:14.000000000 +0000
++++ src/ulaw.c 2009-06-08 10:03:02.000000000 +0100
+@@ -59,7 +59,7 @@
+       else
+               psf->datalength = 0 ;
+ 
+-      psf->sf.frames = psf->datalength / psf->blockwidth ;
++      psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+ 
+       return 0 ;
+ } /* ulaw_init */



Home | Main Index | Thread Index | Old Index