pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/libsndfile Add upstream patch (taken from Debian...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e07497aa7784
branches: trunk
changeset: 560144:e07497aa7784
user: tron <tron%pkgsrc.org@localhost>
date: Mon Jun 08 09:30:17 2009 +0000
description:
Add upstream patch (taken from Debian bug report) to fix crashes
caused by bad audio files.
diffstat:
audio/libsndfile/Makefile | 3 +-
audio/libsndfile/distinfo | 8 ++++-
audio/libsndfile/patches/patch-aa | 17 +++++++++++
audio/libsndfile/patches/patch-ab | 17 +++++++++++
audio/libsndfile/patches/patch-ac | 29 ++++++++++++++++++++
audio/libsndfile/patches/patch-ad | 17 +++++++++++
audio/libsndfile/patches/patch-ae | 56 +++++++++++++++++++++++++++++++++++++++
audio/libsndfile/patches/patch-af | 17 +++++++++++
8 files changed, 162 insertions(+), 2 deletions(-)
diffs (205 lines):
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/Makefile
--- a/audio/libsndfile/Makefile Mon Jun 08 09:24:39 2009 +0000
+++ b/audio/libsndfile/Makefile Mon Jun 08 09:30:17 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.51 2009/05/14 12:58:27 adam Exp $
+# $NetBSD: Makefile,v 1.52 2009/06/08 09:30:17 tron Exp $
DISTNAME= libsndfile-1.0.20
+PKGREVISION= 1
CATEGORIES= audio
MASTER_SITES= http://www.mega-nerd.com/libsndfile/
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/distinfo
--- a/audio/libsndfile/distinfo Mon Jun 08 09:24:39 2009 +0000
+++ b/audio/libsndfile/distinfo Mon Jun 08 09:30:17 2009 +0000
@@ -1,5 +1,11 @@
-$NetBSD: distinfo,v 1.28 2009/05/14 12:58:27 adam Exp $
+$NetBSD: distinfo,v 1.29 2009/06/08 09:30:17 tron Exp $
SHA1 (libsndfile-1.0.20.tar.gz) = d4f88b919c644f54dd4038c4cf4fb2e7b0d32f7b
RMD160 (libsndfile-1.0.20.tar.gz) = 873802efaa3f1e3303167fe1b7302fe2ab4cbd59
Size (libsndfile-1.0.20.tar.gz) = 927422 bytes
+SHA1 (patch-aa) = fe12f9e3f8621d11c57b079534259465bb70ff42
+SHA1 (patch-ab) = 28299ed8bebe27f5f8ebbf36a129458ef05d8cd0
+SHA1 (patch-ac) = bc3cb0c0334df3c1c40201eb032a980a1270108f
+SHA1 (patch-ad) = dcdc4aebfb1da508e590220c1c2da7e9bb02678a
+SHA1 (patch-ae) = 8b0c4ae7ba9559bf5bc3d12d59e049f93889d09e
+SHA1 (patch-af) = b4fd14515b944164af0ecbd2da4a8deed43be28b
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-aa Mon Jun 08 09:30:17 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-aa,v 1.15 2009/06/08 09:30:17 tron Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/alaw.c.orig 2009-03-22 19:17:13.000000000 +0000
++++ src/alaw.c 2009-06-08 10:03:02.000000000 +0100
+@@ -69,7 +69,7 @@
+ else
+ psf->datalength = 0 ;
+
+- psf->sf.frames = psf->datalength / psf->blockwidth ;
++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+
+ return 0 ;
+ } /* alaw_init */
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ab Mon Jun 08 09:30:17 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ab,v 1.9 2009/06/08 09:30:17 tron Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/float32.c.orig 2009-03-25 02:59:47.000000000 +0000
++++ src/float32.c 2009-06-08 10:03:02.000000000 +0100
+@@ -241,7 +241,7 @@
+ else
+ psf->datalength = 0 ;
+
+- psf->sf.frames = psf->datalength / psf->blockwidth ;
++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+
+ return 0 ;
+ } /* float32_init */
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ac Mon Jun 08 09:30:17 2009 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-ac,v 1.11 2009/06/08 09:30:17 tron Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/htk.c.orig 2009-03-22 19:17:14.000000000 +0000
++++ src/htk.c 2009-06-08 10:03:02.000000000 +0100
+@@ -195,10 +195,17 @@
+ return SFE_HTK_NOT_WAVEFORM ;
+
+ psf->sf.channels = 1 ;
+- psf->sf.samplerate = 10000000 / sample_period ;
+
+- psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d => %d Hz\n",
+- sample_count, sample_period, psf->sf.samplerate) ;
++ if (sample_period > 0)
++ { psf->sf.samplerate = 10000000 / sample_period ;
++ psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d => %d Hz\n",
++ sample_count, sample_period, psf->sf.samplerate) ;
++ }
++ else
++ { psf->sf.samplerate = 16000 ;
++ psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d (should be > 0) => Guessed sample rate %d Hz\n",
++ sample_count, sample_period, psf->sf.samplerate) ;
++ } ;
+
+ psf->sf.format = SF_FORMAT_HTK | SF_FORMAT_PCM_16 ;
+ psf->bytewidth = 2 ;
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ad Mon Jun 08 09:30:17 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.12 2009/06/08 09:30:17 tron Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/pcm.c.orig 2009-03-22 19:17:14.000000000 +0000
++++ src/pcm.c 2009-06-08 10:03:02.000000000 +0100
+@@ -271,7 +271,7 @@
+ else
+ psf->datalength = 0 ;
+
+- psf->sf.frames = psf->datalength / psf->blockwidth ;
++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+
+ return 0 ;
+ } /* pcm_init */
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ae Mon Jun 08 09:30:17 2009 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-ae,v 1.7 2009/06/08 09:30:17 tron Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/sds.c.orig 2009-03-22 19:17:14.000000000 +0000
++++ src/sds.c 2009-06-08 10:03:02.000000000 +0100
+@@ -219,21 +219,40 @@
+ if (marker != 0xF07E || byte != 0x01)
+ return SFE_SDS_NOT_SDS ;
+
+- psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel : %d\n", channel) ;
++ bytesread += psf_binheader_readf (psf, "e2", &sample_no) ;
++ sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+
+- bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ;
++ psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n"
++ " Midi Channel : %d\n Sample Number : %d\n",
++ channel, sample_no) ;
++
++ bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ;
+
+- sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+ samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ;
+
+ psds->bitwidth = bitwidth ;
+
+- psf->sf.samplerate = 1000000000 / samp_period ;
++ if (psds->bitwidth > 1)
++ psf_log_printf (psf, " Bit Width : %d\n", psds->bitwidth) ;
++ else
++ { psf_log_printf (psf, " Bit Width : %d (should be > 1)\n", psds->bitwidth) ;
++ return SFE_SDS_BAD_BIT_WIDTH ;
++ } ;
++
++ if (samp_period > 0)
++ { psf->sf.samplerate = 1000000000 / samp_period ;
+
+- psf_log_printf (psf, " Sample Number : %d\n"
+- " Bit Width : %d\n"
++ psf_log_printf (psf, " Sample Period : %d\n"
+ " Sample Rate : %d\n",
+- sample_no, psds->bitwidth, psf->sf.samplerate) ;
++ samp_period, psf->sf.samplerate) ;
++ }
++ else
++ { psf->sf.samplerate = 16000 ;
++
++ psf_log_printf (psf, " Sample Period : %d (should be > 0)\n"
++ " Sample Rate : %d (guessed)\n",
++ samp_period, psf->sf.samplerate) ;
++ } ;
+
+ bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ;
+
diff -r e8c75e7c78e4 -r e07497aa7784 audio/libsndfile/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-af Mon Jun 08 09:30:17 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-af,v 1.7 2009/06/08 09:30:17 tron Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/ulaw.c.orig 2009-03-22 19:17:14.000000000 +0000
++++ src/ulaw.c 2009-06-08 10:03:02.000000000 +0100
+@@ -59,7 +59,7 @@
+ else
+ psf->datalength = 0 ;
+
+- psf->sf.frames = psf->datalength / psf->blockwidth ;
++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ;
+
+ return 0 ;
+ } /* ulaw_init */
Home |
Main Index |
Thread Index |
Old Index