head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.10
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.6
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.8
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.4
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2020.08.15.23.36.38;	author nia;	state dead;
branches;
next	1.1;
commitid	sGuKvIOKTODaxdkC;

1.1
date	2019.07.14.15.39.32;	author nia;	state Exp;
branches
	1.1.2.1;
next	;
commitid	Xk6dCpZuNpcyG1vB;

1.1.2.1
date	2019.07.14.15.39.32;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	1ArdaWhFxb2VIwvB;

1.1.2.2
date	2019.07.18.13.08.19;	author bsiegert;	state Exp;
branches;
next	;
commitid	1ArdaWhFxb2VIwvB;


desc
@@


1.2
log
@libsndfile: Update to 1.0.29

Version 1.0.29 (2020-08-15)
  * Add support for Opus files.
  * Autotool build system improvements.
  * CMake build system improvements.
  * Fixes for: CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661,
    CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832.
  * Add BWF v2 loudness parameters.
  * Wave64: Permit and skip arbitrary chunks prior to the data chunk.
  * Fix ASAN crash in wavlike_ima_seek().
  * Fix IMA-ADPCM encoding for AIFF files.
  * sndfile-convert: Handle gsm, vox and opus extensions the same way.
  * Add SFC_SET_OGG_PAGE_LATENCY_MS command to get Ogg page latency for Ogg Opus
    files.
  * Fix parsing of some SD2 files.
  * Documentation updates.
  * Minor bug fixes and improvements.
@
text
@$NetBSD: patch-CVE-2017-14634,v 1.1 2019/07/14 15:39:32 nia Exp $

Fixes: CVE-2017-14634

Upstream commit:
https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788.patch

--- src/double64.c.orig	2016-04-01 21:08:53.000000000 +0000
+++ src/double64.c
@@@@ -91,7 +91,7 @@@@ int
 double64_init	(SF_PRIVATE *psf)
 {	static int double64_caps ;
 
-	if (psf->sf.channels < 1)
+	if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
 	{	psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
 		return SFE_INTERNAL ;
 		} ;
@


1.1
log
@libsndfile: Apply patches from upstream's github for these CVEs:

CVE-2017-14245 - information-disclosure
CVE-2017-14246 - information-disclosure
CVE-2017-14634 - denial-of-service
CVE-2017-17456 - denial-of-service
CVE-2017-17457 - denial-of-service
CVE-2017-8362 - denial-of-service
CVE-2017-8363 - heap-overflow
CVE-2017-8365 - buffer-overflow
CVE-2018-13139 - stack-overflow
CVE-2018-19432 - null-pointer-dereference
CVE-2018-19661 - denial-of-service
CVE-2018-19662 - denial-of-service
CVE-2018-19758 - denial-of-service
CVE-2019-3832 - denial-of-service

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-CVE-2017-14634 was added on branch pkgsrc-2019Q2 on 2019-07-18 13:08:19 +0000
@
text
@d1 18
@


1.1.2.2
log
@Pullup ticket #5998 - requested by nia
audio/libsndfile: security fix

Revisions pulled up:
- audio/libsndfile/Makefile                                     1.76
- audio/libsndfile/distinfo                                     1.43
- audio/libsndfile/patches/patch-CVE-2017-14634                 1.1
- audio/libsndfile/patches/patch-CVE-2018-13139                 1.1
- audio/libsndfile/patches/patch-src_alaw.c                     1.1
- audio/libsndfile/patches/patch-src_ulaw.c                     1.1
- audio/libsndfile/patches/patch-src_wav.c                      1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sun Jul 14 15:39:32 UTC 2019

   Modified Files:
   	pkgsrc/audio/libsndfile: Makefile distinfo
   Added Files:
   	pkgsrc/audio/libsndfile/patches: patch-CVE-2017-14634
   	    patch-CVE-2018-13139 patch-src_alaw.c patch-src_ulaw.c
   	    patch-src_wav.c

   Log Message:
   libsndfile: Apply patches from upstream's github for these CVEs:

   CVE-2017-14245 - information-disclosure
   CVE-2017-14246 - information-disclosure
   CVE-2017-14634 - denial-of-service
   CVE-2017-17456 - denial-of-service
   CVE-2017-17457 - denial-of-service
   CVE-2017-8362 - denial-of-service
   CVE-2017-8363 - heap-overflow
   CVE-2017-8365 - buffer-overflow
   CVE-2018-13139 - stack-overflow
   CVE-2018-19432 - null-pointer-dereference
   CVE-2018-19661 - denial-of-service
   CVE-2018-19662 - denial-of-service
   CVE-2018-19758 - denial-of-service
   CVE-2019-3832 - denial-of-service

   Bump PKGREVISION.
@
text
@a0 18
$NetBSD: patch-CVE-2017-14634,v 1.1 2019/07/14 15:39:32 nia Exp $

Fixes: CVE-2017-14634

Upstream commit:
https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788.patch

--- src/double64.c.orig	2016-04-01 21:08:53.000000000 +0000
+++ src/double64.c
@@@@ -91,7 +91,7 @@@@ int
 double64_init	(SF_PRIVATE *psf)
 {	static int double64_caps ;
 
-	if (psf->sf.channels < 1)
+	if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
 	{	psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
 		return SFE_INTERNAL ;
 		} ;
@