Permalink
Browse files

Pullup ticket #3684 - requested by drochner

audio/libvorbis: security patch

Revisions pulled up:
- audio/libvorbis/Makefile                                      1.52
- audio/libvorbis/distinfo                                      1.21
- audio/libvorbis/patches/patch-CVE-2012-0444                   1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Feb 17 12:23:24 UTC 2012

   Modified Files:
           pkgsrc/audio/libvorbis: Makefile distinfo
   Added Files:
           pkgsrc/audio/libvorbis/patches: patch-CVE-2012-0444

   Log Message:
   add patch from upstream to fix possible memory corruption by
   malicious Ogg Vorbis files
   bump PKGREV
  • Loading branch information...
1 parent 362ad30 commit e02bb8c386aaecb647c1dbaa59050f15ae280c65 tron committed Feb 18, 2012
Showing with 18 additions and 2 deletions.
  1. +2 −1 audio/libvorbis/Makefile
  2. +2 −1 audio/libvorbis/distinfo
  3. +14 −0 audio/libvorbis/patches/patch-CVE-2012-0444
View
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.51 2010/11/09 13:12:11 adam Exp $
+# $NetBSD: Makefile,v 1.51.10.1 2012/02/18 23:17:50 tron Exp $
DISTNAME= libvorbis-1.3.2
+PKGREVISION= 1
CATEGORIES= devel audio
MASTER_SITES= http://downloads.xiph.org/releases/vorbis/
EXTRACT_SUFX= .tar.bz2
View
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.20 2010/11/09 13:12:11 adam Exp $
+$NetBSD: distinfo,v 1.20.10.1 2012/02/18 23:17:50 tron Exp $
SHA1 (libvorbis-1.3.2.tar.bz2) = 4c44da8215d1fc56676fccc1af8dd6b422d9e676
RMD160 (libvorbis-1.3.2.tar.bz2) = 2478fd66305ee6fa31d6d336e4ff2b3ec649d661
Size (libvorbis-1.3.2.tar.bz2) = 1230364 bytes
+SHA1 (patch-CVE-2012-0444) = c5e2cb7ee0a13c38b43166952954e66bcc5307a1
@@ -0,0 +1,14 @@
+$NetBSD: patch-CVE-2012-0444,v 1.1.2.2 2012/02/18 23:17:50 tron Exp $
+
+changeset #18151
+
+--- lib/floor1.c.orig 2010-10-23 04:31:21.000000000 +0000
++++ lib/floor1.c
+@@ -167,6 +167,7 @@ static vorbis_info_floor *floor1_unpack
+
+ for(j=0,k=0;j<info->partitions;j++){
+ count+=info->class_dim[info->partitionclass[j]];
++ if(count>VIF_POSIT) goto err_out;
+ for(;k<count;k++){
+ int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
+ if(t<0 || t>=(1<<rangebits))

0 comments on commit e02bb8c

Please sign in to comment.