[pkgsrc/trunk]: pkgsrc/audio/libvorbis Apply some possible security fixes fro...

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/947bcd32eae2
branches:  trunk
changeset: 568028:947bcd32eae2
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Dec 02 12:41:25 2009 +0000

description:
Apply some possible security fixes from upstream SVN.
Glanced from links in mozilla advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
and Fedora Core patches for 1.2.0.

Bump PKGREVISION.

diffstat:

 audio/libvorbis/Makefile         |   3 ++-
 audio/libvorbis/distinfo         |   4 +++-
 audio/libvorbis/patches/patch-aa |  14 ++++++++++++++
 audio/libvorbis/patches/patch-ab |  15 +++++++++++++++
 4 files changed, 34 insertions(+), 2 deletions(-)

diffs (61 lines):

diff -r f465c033eb6c -r 947bcd32eae2 audio/libvorbis/Makefile
--- a/audio/libvorbis/Makefile  Wed Dec 02 12:24:08 2009 +0000
+++ b/audio/libvorbis/Makefile  Wed Dec 02 12:41:25 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2009/07/17 20:28:21 wiz Exp $
+# $NetBSD: Makefile,v 1.49 2009/12/02 12:41:25 wiz Exp $
 
 DISTNAME=      libvorbis-1.2.3
+PKGREVISION=   1
 CATEGORIES=    devel audio
 MASTER_SITES=  http://downloads.xiph.org/releases/vorbis/
 
diff -r f465c033eb6c -r 947bcd32eae2 audio/libvorbis/distinfo
--- a/audio/libvorbis/distinfo  Wed Dec 02 12:24:08 2009 +0000
+++ b/audio/libvorbis/distinfo  Wed Dec 02 12:41:25 2009 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.17 2009/07/17 20:28:21 wiz Exp $
+$NetBSD: distinfo,v 1.18 2009/12/02 12:41:25 wiz Exp $
 
 SHA1 (libvorbis-1.2.3.tar.gz) = a93251aa5e4f142db4fa6433de80797f80960fac
 RMD160 (libvorbis-1.2.3.tar.gz) = e80ad7de3c2599e0d88994876407ac8fe3c9a0e7
 Size (libvorbis-1.2.3.tar.gz) = 1474492 bytes
+SHA1 (patch-aa) = bd1534e2f680d5621a7909fd0b197d9d8c52b91d
+SHA1 (patch-ab) = b253546a863893e96569d8afb5e626ffe5f226dc
diff -r f465c033eb6c -r 947bcd32eae2 audio/libvorbis/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libvorbis/patches/patch-aa  Wed Dec 02 12:41:25 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aa,v 1.5 2009/12/02 12:41:25 wiz Exp $
+
+SVN r16957
+
+--- lib/codebook.c.orig        2009-07-09 09:12:08.000000000 +0000
++++ lib/codebook.c
+@@ -198,6 +198,7 @@ int vorbis_staticbook_unpack(oggpack_buf
+       for(i=0;i<s->entries;){
+         long num=oggpack_read(opb,_ilog(s->entries-i));
+         if(num==-1)goto _eofout;
++      if(length>32)goto _errout;
+         for(j=0;j<num && i<s->entries;j++,i++)
+           s->lengthlist[i]=length;
+         length++;
diff -r f465c033eb6c -r 947bcd32eae2 audio/libvorbis/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libvorbis/patches/patch-ab  Wed Dec 02 12:41:25 2009 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.5 2009/12/02 12:41:25 wiz Exp $
+
+SVN 16326.
+
+--- lib/backends.h.orig        2009-07-09 09:12:08.000000000 +0000
++++ lib/backends.h
+@@ -111,7 +111,7 @@ typedef struct vorbis_info_residue0{
+   int    partitions;       /* possible codebooks for a partition */
+   int    groupbook;        /* huffbook for partitioning */
+   int    secondstages[64]; /* expanded out to pointers in lookup */
+-  int    booklist[256];    /* list of second stage books */
++  int    booklist[512];    /* list of second stage books */
+ 
+   const float classmetric1[64];
+   const float classmetric2[64];