From: spz Date: Mon, 8 Jun 2009 21:05:22 +0000 (+0000) Subject: Pullup ticket 2790 - requested by tron X-Git-Url: https://gitweb.dragonflybsd.org/pkgsrc.git/commitdiff_plain/dbb3d4391ef97b4289603c7e01552cb59c4e3305 Pullup ticket 2790 - requested by tron Security update Revisions pulled up: - pkgsrc/audio/libsndfile/Makefile 1.52 - pkgsrc/audio/libsndfile/distinfo 1.29 - pkgsrc/audio/libsndfile/options.mk 1.7 Files added: pkgsrc/audio/libsndfile/patches/patch-aa 1.15 pkgsrc/audio/libsndfile/patches/patch-ab 1.9 pkgsrc/audio/libsndfile/patches/patch-ac 1.11 pkgsrc/audio/libsndfile/patches/patch-ad 1.12 pkgsrc/audio/libsndfile/patches/patch-ae 1.7 pkgsrc/audio/libsndfile/patches/patch-af 1.7 Module Name: pkgsrc Committed By: wiz Date: Sat May 2 17:24:15 UTC 2009 Modified Files: pkgsrc/audio/libsndfile: options.mk Log Message: Add octave option, based on PR 41307 by Rumko. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 pkgsrc/audio/libsndfile/options.mk --------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Thu May 14 12:58:27 UTC 2009 Modified Files: pkgsrc/audio/libsndfile: Makefile distinfo options.mk Log Message: Changes 1.0.20: * Fix potential heap overflow in VOC file parser. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 pkgsrc/audio/libsndfile/Makefile cvs rdiff -u -r1.27 -r1.28 pkgsrc/audio/libsndfile/distinfo cvs rdiff -u -r1.6 -r1.7 pkgsrc/audio/libsndfile/options.mk --------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Mon Jun 8 09:30:17 UTC 2009 Modified Files: pkgsrc/audio/libsndfile: Makefile distinfo Added Files: pkgsrc/audio/libsndfile/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Log Message: Add upstream patch (taken from Debian bug report) to fix crashes caused by bad audio files. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 pkgsrc/audio/libsndfile/Makefile cvs rdiff -u -r1.28 -r1.29 pkgsrc/audio/libsndfile/distinfo cvs rdiff -u -r0 -r1.15 pkgsrc/audio/libsndfile/patches/patch-aa cvs rdiff -u -r0 -r1.9 pkgsrc/audio/libsndfile/patches/patch-ab cvs rdiff -u -r0 -r1.11 pkgsrc/audio/libsndfile/patches/patch-ac cvs rdiff -u -r0 -r1.12 pkgsrc/audio/libsndfile/patches/patch-ad cvs rdiff -u -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-ae \ pkgsrc/audio/libsndfile/patches/patch-af --- diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile index 856f9330c4d8..4d0dac1e1853 100644 --- a/audio/libsndfile/Makefile +++ b/audio/libsndfile/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.48 2009/02/21 13:20:45 wiz Exp $ +# $NetBSD: Makefile,v 1.52 2009/06/08 09:30:17 tron Exp $ -DISTNAME= libsndfile-1.0.19 +DISTNAME= libsndfile-1.0.20 +PKGREVISION= 1 CATEGORIES= audio MASTER_SITES= http://www.mega-nerd.com/libsndfile/ @@ -13,7 +14,7 @@ PKG_INSTALLATION_TYPES= overwrite pkgviews USE_LANGUAGES= c c++ USE_LIBTOOL= yes -USE_TOOLS= pkg-config +USE_TOOLS+= pkg-config PKGCONFIG_OVERRIDE= sndfile.pc.in GNU_CONFIGURE= yes diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo index 68db26623f40..98af2d9baa89 100644 --- a/audio/libsndfile/distinfo +++ b/audio/libsndfile/distinfo @@ -1,5 +1,11 @@ -$NetBSD: distinfo,v 1.26 2009/02/21 13:20:45 wiz Exp $ +$NetBSD: distinfo,v 1.29 2009/06/08 09:30:17 tron Exp $ -SHA1 (libsndfile-1.0.19.tar.gz) = 7cf8d3f032501642e36fecd8c899b09d3f7c986c -RMD160 (libsndfile-1.0.19.tar.gz) = 027d53e55b6d01c78aba31ed239fd2f0d2f752b5 -Size (libsndfile-1.0.19.tar.gz) = 924368 bytes +SHA1 (libsndfile-1.0.20.tar.gz) = d4f88b919c644f54dd4038c4cf4fb2e7b0d32f7b +RMD160 (libsndfile-1.0.20.tar.gz) = 873802efaa3f1e3303167fe1b7302fe2ab4cbd59 +Size (libsndfile-1.0.20.tar.gz) = 927422 bytes +SHA1 (patch-aa) = fe12f9e3f8621d11c57b079534259465bb70ff42 +SHA1 (patch-ab) = 28299ed8bebe27f5f8ebbf36a129458ef05d8cd0 +SHA1 (patch-ac) = bc3cb0c0334df3c1c40201eb032a980a1270108f +SHA1 (patch-ad) = dcdc4aebfb1da508e590220c1c2da7e9bb02678a +SHA1 (patch-ae) = 8b0c4ae7ba9559bf5bc3d12d59e049f93889d09e +SHA1 (patch-af) = b4fd14515b944164af0ecbd2da4a8deed43be28b diff --git a/audio/libsndfile/options.mk b/audio/libsndfile/options.mk index 39d3eb086ebb..7b855a67ac73 100644 --- a/audio/libsndfile/options.mk +++ b/audio/libsndfile/options.mk @@ -1,6 +1,7 @@ -# $NetBSD: options.mk,v 1.4 2008/04/07 15:36:19 bjs Exp $ +# $NetBSD: options.mk,v 1.7 2009/05/14 12:58:27 adam Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.libsndfile +PKG_SUPPORTED_OPTIONS= octave PKG_OPTIONS_OPTIONAL_GROUPS= output PKG_OPTIONS_GROUP.output= oss sun @@ -23,6 +24,14 @@ PKG_SUGGESTED_OPTIONS= ${SNDFILE_OUTPUT.${OPSYS}} .include "../../mk/bsd.options.mk" +.if !empty(PKG_OPTIONS:Moctave) +USE_LANGUAGES= c c++ fortran +USE_TOOLS+= gmake +.include "../../math/octave/buildlink3.mk" +.else +CONFIGURE_ARGS+= --disable-octave +.endif + .if !empty(PKG_OPTIONS:Moss) .include "../../mk/oss.buildlink3.mk" OSS_DEFS= -DDEV_DSP=\"${DEVOSSAUDIO:Q}\" -DUSE_OSS=1 diff --git a/audio/libsndfile/patches/patch-aa b/audio/libsndfile/patches/patch-aa new file mode 100644 index 000000000000..888e8be114c2 --- /dev/null +++ b/audio/libsndfile/patches/patch-aa @@ -0,0 +1,17 @@ +$NetBSD: patch-aa,v 1.15 2009/06/08 09:30:17 tron Exp $ + +Upstream fix for DoS vulnerability taken from here: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831 + +--- src/alaw.c.orig 2009-03-22 19:17:13.000000000 +0000 ++++ src/alaw.c 2009-06-08 10:03:02.000000000 +0100 +@@ -69,7 +69,7 @@ + else + psf->datalength = 0 ; + +- psf->sf.frames = psf->datalength / psf->blockwidth ; ++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ; + + return 0 ; + } /* alaw_init */ diff --git a/audio/libsndfile/patches/patch-ab b/audio/libsndfile/patches/patch-ab new file mode 100644 index 000000000000..d5b9906d032f --- /dev/null +++ b/audio/libsndfile/patches/patch-ab @@ -0,0 +1,17 @@ +$NetBSD: patch-ab,v 1.9 2009/06/08 09:30:17 tron Exp $ + +Upstream fix for DoS vulnerability taken from here: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831 + +--- src/float32.c.orig 2009-03-25 02:59:47.000000000 +0000 ++++ src/float32.c 2009-06-08 10:03:02.000000000 +0100 +@@ -241,7 +241,7 @@ + else + psf->datalength = 0 ; + +- psf->sf.frames = psf->datalength / psf->blockwidth ; ++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ; + + return 0 ; + } /* float32_init */ diff --git a/audio/libsndfile/patches/patch-ac b/audio/libsndfile/patches/patch-ac new file mode 100644 index 000000000000..e339ccd16ae4 --- /dev/null +++ b/audio/libsndfile/patches/patch-ac @@ -0,0 +1,29 @@ +$NetBSD: patch-ac,v 1.11 2009/06/08 09:30:17 tron Exp $ + +Upstream fix for DoS vulnerability taken from here: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831 + +--- src/htk.c.orig 2009-03-22 19:17:14.000000000 +0000 ++++ src/htk.c 2009-06-08 10:03:02.000000000 +0100 +@@ -195,10 +195,17 @@ + return SFE_HTK_NOT_WAVEFORM ; + + psf->sf.channels = 1 ; +- psf->sf.samplerate = 10000000 / sample_period ; + +- psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d => %d Hz\n", +- sample_count, sample_period, psf->sf.samplerate) ; ++ if (sample_period > 0) ++ { psf->sf.samplerate = 10000000 / sample_period ; ++ psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d => %d Hz\n", ++ sample_count, sample_period, psf->sf.samplerate) ; ++ } ++ else ++ { psf->sf.samplerate = 16000 ; ++ psf_log_printf (psf, "HTK Waveform file\n Sample Count : %d\n Sample Period : %d (should be > 0) => Guessed sample rate %d Hz\n", ++ sample_count, sample_period, psf->sf.samplerate) ; ++ } ; + + psf->sf.format = SF_FORMAT_HTK | SF_FORMAT_PCM_16 ; + psf->bytewidth = 2 ; diff --git a/audio/libsndfile/patches/patch-ad b/audio/libsndfile/patches/patch-ad new file mode 100644 index 000000000000..f3df51036f47 --- /dev/null +++ b/audio/libsndfile/patches/patch-ad @@ -0,0 +1,17 @@ +$NetBSD: patch-ad,v 1.12 2009/06/08 09:30:17 tron Exp $ + +Upstream fix for DoS vulnerability taken from here: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831 + +--- src/pcm.c.orig 2009-03-22 19:17:14.000000000 +0000 ++++ src/pcm.c 2009-06-08 10:03:02.000000000 +0100 +@@ -271,7 +271,7 @@ + else + psf->datalength = 0 ; + +- psf->sf.frames = psf->datalength / psf->blockwidth ; ++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ; + + return 0 ; + } /* pcm_init */ diff --git a/audio/libsndfile/patches/patch-ae b/audio/libsndfile/patches/patch-ae new file mode 100644 index 000000000000..37698ad8b60f --- /dev/null +++ b/audio/libsndfile/patches/patch-ae @@ -0,0 +1,56 @@ +$NetBSD: patch-ae,v 1.7 2009/06/08 09:30:17 tron Exp $ + +Upstream fix for DoS vulnerability taken from here: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831 + +--- src/sds.c.orig 2009-03-22 19:17:14.000000000 +0000 ++++ src/sds.c 2009-06-08 10:03:02.000000000 +0100 +@@ -219,21 +219,40 @@ + if (marker != 0xF07E || byte != 0x01) + return SFE_SDS_NOT_SDS ; + +- psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel : %d\n", channel) ; ++ bytesread += psf_binheader_readf (psf, "e2", &sample_no) ; ++ sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ; + +- bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ; ++ psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n" ++ " Midi Channel : %d\n Sample Number : %d\n", ++ channel, sample_no) ; ++ ++ bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ; + +- sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ; + samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ; + + psds->bitwidth = bitwidth ; + +- psf->sf.samplerate = 1000000000 / samp_period ; ++ if (psds->bitwidth > 1) ++ psf_log_printf (psf, " Bit Width : %d\n", psds->bitwidth) ; ++ else ++ { psf_log_printf (psf, " Bit Width : %d (should be > 1)\n", psds->bitwidth) ; ++ return SFE_SDS_BAD_BIT_WIDTH ; ++ } ; ++ ++ if (samp_period > 0) ++ { psf->sf.samplerate = 1000000000 / samp_period ; + +- psf_log_printf (psf, " Sample Number : %d\n" +- " Bit Width : %d\n" ++ psf_log_printf (psf, " Sample Period : %d\n" + " Sample Rate : %d\n", +- sample_no, psds->bitwidth, psf->sf.samplerate) ; ++ samp_period, psf->sf.samplerate) ; ++ } ++ else ++ { psf->sf.samplerate = 16000 ; ++ ++ psf_log_printf (psf, " Sample Period : %d (should be > 0)\n" ++ " Sample Rate : %d (guessed)\n", ++ samp_period, psf->sf.samplerate) ; ++ } ; + + bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ; + diff --git a/audio/libsndfile/patches/patch-af b/audio/libsndfile/patches/patch-af new file mode 100644 index 000000000000..69b671221693 --- /dev/null +++ b/audio/libsndfile/patches/patch-af @@ -0,0 +1,17 @@ +$NetBSD: patch-af,v 1.7 2009/06/08 09:30:17 tron Exp $ + +Upstream fix for DoS vulnerability taken from here: + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831 + +--- src/ulaw.c.orig 2009-03-22 19:17:14.000000000 +0000 ++++ src/ulaw.c 2009-06-08 10:03:02.000000000 +0100 +@@ -59,7 +59,7 @@ + else + psf->datalength = 0 ; + +- psf->sf.frames = psf->datalength / psf->blockwidth ; ++ psf->sf.frames = psf->blockwidth > 0 ? psf->datalength / psf->blockwidth : 0 ; + + return 0 ; + } /* ulaw_init */