pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/vorbis-tools SECURITY: Fix CVE-2014-9640.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/daa887f9b1d9
branches:  trunk
changeset: 648860:daa887f9b1d9
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sat Mar 21 19:06:54 2015 +0000

description:
SECURITY: Fix CVE-2014-9640.
https://trac.xiph.org/changeset/19117
oggenc: fix crash on raw file close, reported by Hanno in issue #2009. pointer
to a non-static struct was escaping its scope.

diffstat:

 audio/vorbis-tools/Makefile         |   4 ++--
 audio/vorbis-tools/distinfo         |   4 ++--
 audio/vorbis-tools/patches/patch-ac |  32 +++++++++++++++++++++++++++-----
 3 files changed, 31 insertions(+), 9 deletions(-)

diffs (91 lines):

diff -r ded80b14bd99 -r daa887f9b1d9 audio/vorbis-tools/Makefile
--- a/audio/vorbis-tools/Makefile       Sat Mar 21 18:48:36 2015 +0000
+++ b/audio/vorbis-tools/Makefile       Sat Mar 21 19:06:54 2015 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.60 2014/02/12 23:17:35 tron Exp $
+# $NetBSD: Makefile,v 1.61 2015/03/21 19:06:54 bsiegert Exp $
 
 DISTNAME=      vorbis-tools-1.4.0
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    audio
 MASTER_SITES=  http://downloads.xiph.org/releases/vorbis/
 
diff -r ded80b14bd99 -r daa887f9b1d9 audio/vorbis-tools/distinfo
--- a/audio/vorbis-tools/distinfo       Sat Mar 21 18:48:36 2015 +0000
+++ b/audio/vorbis-tools/distinfo       Sat Mar 21 19:06:54 2015 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.23 2010/11/09 13:13:03 adam Exp $
+$NetBSD: distinfo,v 1.24 2015/03/21 19:06:54 bsiegert Exp $
 
 SHA1 (vorbis-tools-1.4.0.tar.gz) = fc6a820bdb5ad6fcac074721fab5c3f96eaf6562
 RMD160 (vorbis-tools-1.4.0.tar.gz) = ff21e5c9456ac0a82b8eda4e53931db8522a2ccd
 Size (vorbis-tools-1.4.0.tar.gz) = 1346532 bytes
 SHA1 (patch-aa) = ea37946fb3a227d91eeb3ea94a9a7c9f8a3ef021
 SHA1 (patch-ab) = 00c0a5a9388baf79fd944e12cda1da65e2e8676c
-SHA1 (patch-ac) = 43f270b53044c54cf682ee084fa29592cf2b0eeb
+SHA1 (patch-ac) = 781ad97014c81f9fd40166cc29112247ef4acd6d
 SHA1 (patch-ae) = 60ca36c35325e4228ea7f7f5b3a60cd57b56b0cd
diff -r ded80b14bd99 -r daa887f9b1d9 audio/vorbis-tools/patches/patch-ac
--- a/audio/vorbis-tools/patches/patch-ac       Sat Mar 21 18:48:36 2015 +0000
+++ b/audio/vorbis-tools/patches/patch-ac       Sat Mar 21 19:06:54 2015 +0000
@@ -1,8 +1,30 @@
-$NetBSD: patch-ac,v 1.9 2010/11/09 13:13:03 adam Exp $
+$NetBSD: patch-ac,v 1.10 2015/03/21 19:06:54 bsiegert Exp $
 
+https://trac.xiph.org/changeset/19117
+oggenc: fix crash on raw file close, reported by Hanno in issue #2009. pointer
+to a non-static struct was escaping its scope.
 --- oggenc/oggenc.c.orig       2010-03-26 07:07:07.000000000 +0000
 +++ oggenc/oggenc.c
-@@ -779,6 +779,8 @@ static void parse_options(int argc, char
+@@ -97,6 +97,8 @@ int main(int argc, char **argv)
+               .3,-1,
+               0,0,0.f,
+               0, 0, 0, 0, 0};
++    input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
++      N_("RAW file reader")};
+ 
+     int i;
+ 
+@@ -239,9 +241,6 @@ int main(int argc, char **argv)
+ 
+         if(opt.rawmode)
+         {
+-            input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", 
+-                N_("RAW file reader")};
+-
+             enc_opts.rate=opt.raw_samplerate;
+             enc_opts.channels=opt.raw_channels;
+             enc_opts.samplesize=opt.raw_samplesize;
+@@ -779,6 +778,8 @@ static void parse_options(int argc, char
  
                  break;
              case 'a':
@@ -11,7 +33,7 @@
                  opt->artist = realloc(opt->artist, (++opt->artist_count)*sizeof(char *));
                  opt->artist[opt->artist_count - 1] = strdup(optarg);
                  break;
-@@ -791,10 +793,14 @@ static void parse_options(int argc, char
+@@ -791,10 +792,14 @@ static void parse_options(int argc, char
                  opt->comments[opt->comment_count - 1] = strdup(optarg);
                  break;
              case 'd':
@@ -26,7 +48,7 @@
                  opt->genre = realloc(opt->genre, (++opt->genre_count)*sizeof(char *));
                  opt->genre[opt->genre_count - 1] = strdup(optarg);
                  break;
-@@ -803,6 +809,8 @@ static void parse_options(int argc, char
+@@ -803,6 +808,8 @@ static void parse_options(int argc, char
                  exit(0);
                  break;
              case 'l':
@@ -35,7 +57,7 @@
                  opt->album = realloc(opt->album, (++opt->album_count)*sizeof(char *));
                  opt->album[opt->album_count - 1] = strdup(optarg);
                  break;
-@@ -815,6 +823,8 @@ static void parse_options(int argc, char
+@@ -815,6 +822,8 @@ static void parse_options(int argc, char
                                      opt->fixedserial = 1;
                  break;
              case 't':



Home | Main Index | Thread Index | Old Index