pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/audio/lame



Module Name:    pkgsrc
Committed By:   he
Date:           Mon Dec  4 08:20:37 UTC 2017

Modified Files:
        pkgsrc/audio/lame: Makefile distinfo
        pkgsrc/audio/lame/patches: patch-ab patch-ad
Added Files:
        pkgsrc/audio/lame/patches: patch-libmp3lame_lame.c

Log Message:
Add patch to check against invalid input sample rate.
Should fix CVE-2015-9099.  Ref.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/audio/lame/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/audio/lame/distinfo
cvs rdiff -u -r1.11 -r1.12 pkgsrc/audio/lame/patches/patch-ab
cvs rdiff -u -r1.4 -r1.5 pkgsrc/audio/lame/patches/patch-ad
cvs rdiff -u -r0 -r1.3 pkgsrc/audio/lame/patches/patch-libmp3lame_lame.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/audio/lame/Makefile
diff -u pkgsrc/audio/lame/Makefile:1.80 pkgsrc/audio/lame/Makefile:1.81
--- pkgsrc/audio/lame/Makefile:1.80     Sat Oct 21 22:51:00 2017
+++ pkgsrc/audio/lame/Makefile  Mon Dec  4 08:20:37 2017
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2017/10/21 22:51:00 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2017/12/04 08:20:37 he Exp $
 
 DISTNAME=      lame-3.100
 CATEGORIES=    audio
+PKGREVISION=   1
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=lame/}
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/audio/lame/distinfo
diff -u pkgsrc/audio/lame/distinfo:1.30 pkgsrc/audio/lame/distinfo:1.31
--- pkgsrc/audio/lame/distinfo:1.30     Sun Oct 22 09:30:41 2017
+++ pkgsrc/audio/lame/distinfo  Mon Dec  4 08:20:37 2017
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.30 2017/10/22 09:30:41 tron Exp $
+$NetBSD: distinfo,v 1.31 2017/12/04 08:20:37 he Exp $
 
 SHA1 (lame-3.100.tar.gz) = 64c53b1a4d493237cef5e74944912cd9f98e618d
 RMD160 (lame-3.100.tar.gz) = e467c1f9458ca6878cd46e89fffce8970b9ea936
 SHA512 (lame-3.100.tar.gz) = 0844b9eadb4aacf8000444621451277de365041cc1d97b7f7a589da0b7a23899310afd4e4d81114b9912aa97832621d20588034715573d417b2923948c08634b
 Size (lame-3.100.tar.gz) = 1524133 bytes
-SHA1 (patch-ab) = ee5b570e8800aefdaffe94a6ed072fa7b62fba6b
-SHA1 (patch-ad) = fa14817f765a61f046a96a1b556e2c8203fc27ad
+SHA1 (patch-ab) = ef244006f1b172a0027de65a95fa11f5bce62da8
+SHA1 (patch-ad) = 9783edc46232eeb14f1174606963cdd3a2c601fc
 SHA1 (patch-include_libmp3lame.sym) = 2278fa631fb8ce05864d3ef09a45c0b3d73ab065
+SHA1 (patch-libmp3lame_lame.c) = ed64ba64c857dc6acb008105546699c95ac125b5

Index: pkgsrc/audio/lame/patches/patch-ab
diff -u pkgsrc/audio/lame/patches/patch-ab:1.11 pkgsrc/audio/lame/patches/patch-ab:1.12
--- pkgsrc/audio/lame/patches/patch-ab:1.11     Sat Oct 21 22:51:00 2017
+++ pkgsrc/audio/lame/patches/patch-ab  Mon Dec  4 08:20:37 2017
@@ -1,4 +1,6 @@
-$NetBSD: patch-ab,v 1.11 2017/10/21 22:51:00 wiz Exp $
+$NetBSD: patch-ab,v 1.12 2017/12/04 08:20:37 he Exp $
+
+Change where html doc files are installed.
 
 --- doc/html/Makefile.in.orig  2017-10-13 20:21:58.000000000 +0000
 +++ doc/html/Makefile.in

Index: pkgsrc/audio/lame/patches/patch-ad
diff -u pkgsrc/audio/lame/patches/patch-ad:1.4 pkgsrc/audio/lame/patches/patch-ad:1.5
--- pkgsrc/audio/lame/patches/patch-ad:1.4      Thu Oct 10 10:49:30 2013
+++ pkgsrc/audio/lame/patches/patch-ad  Mon Dec  4 08:20:37 2017
@@ -1,4 +1,6 @@
-$NetBSD: patch-ad,v 1.4 2013/10/10 10:49:30 roy Exp $
+$NetBSD: patch-ad,v 1.5 2017/12/04 08:20:37 he Exp $
+
+Add <float.h> include.
 
 --- libmp3lame/machine.h.orig  2012-02-07 14:04:51.000000000 +0000
 +++ libmp3lame/machine.h

Added files:

Index: pkgsrc/audio/lame/patches/patch-libmp3lame_lame.c
diff -u /dev/null pkgsrc/audio/lame/patches/patch-libmp3lame_lame.c:1.3
--- /dev/null   Mon Dec  4 08:20:37 2017
+++ pkgsrc/audio/lame/patches/patch-libmp3lame_lame.c   Mon Dec  4 08:20:37 2017
@@ -0,0 +1,21 @@
+$NetBSD: patch-libmp3lame_lame.c,v 1.3 2017/12/04 08:20:37 he Exp $
+
+Add patch to check against invalid input sample rate.
+Should fix CVE-2015-9099.  Ref.
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
+
+--- libmp3lame/lame.c.orig     2017-10-10 19:08:39.000000000 +0000
++++ libmp3lame/lame.c
+@@ -801,6 +801,12 @@ lame_init_params(lame_global_flags * gfp
+             gfp->samplerate_out * 16 * cfg->channels_out / (1.e3 * gfp->VBR_mean_bitrate_kbps);
+     }
+ 
++    if (gfp->samplerate_in < 0) {
++      freegfc(gfc);
++      gfp->internal_flags = NULL;
++      return -1;
++    }
++
+     cfg->disable_reservoir = gfp->disable_reservoir;
+     cfg->lowpassfreq = gfp->lowpassfreq;
+     cfg->highpassfreq = gfp->highpassfreq;



Home | Main Index | Thread Index | Old Index