libcue: add fix for CVE-2023-43641

Bump PKGREVISION
2023-10-09 17:35:38 +00:00 · 2023-10-09 17:35:38 +00:00 · f7a26f3fda
parent 6324503728
commit f7a26f3fda
3 changed files with 19 additions and 2 deletions
--- a/textproc/libcue/Makefile
+++ b/textproc/libcue/Makefile
@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1 2020/12/19 10:22:45 nia Exp $
+# $NetBSD: Makefile,v 1.2 2023/10/09 17:35:38 wiz Exp $

 DISTNAME=	libcue-2.2.1
+PKGREVISION=	1
 CATEGORIES=	textproc
 MASTER_SITES=	${MASTER_SITE_GITHUB:=lipnitsk/}
 GITHUB_TAG=	v${PKGVERSION_NOREV}
--- a/textproc/libcue/distinfo
+++ b/textproc/libcue/distinfo
@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2021/10/26 11:22:15 nia Exp $
+$NetBSD: distinfo,v 1.4 2023/10/09 17:35:38 wiz Exp $

 BLAKE2s (libcue-2.2.1.tar.gz) = 89307dc1b0686d5b25ccc1c9168f2b48c1927ea272ad7afe7716a83f417312c5
 SHA512 (libcue-2.2.1.tar.gz) = 32e476cb09ed2cb2d64aaba1342fb91e77e448391b493a3a794a8d2a6723a0e6097a90b11c6ad82998cb7f270f4f18c2578d7b8575f6929c2a35502e09ebc964
 Size (libcue-2.2.1.tar.gz) = 24177 bytes
+SHA1 (patch-cd.c) = e8ae3ed3b0b4f39159ab860fc90ddba561912fc0
--- a/textproc/libcue/patches/patch-cd.c
+++ b/textproc/libcue/patches/patch-cd.c
@ -0,0 +1,15 @@
+$NetBSD: patch-cd.c,v 1.1 2023/10/09 17:35:38 wiz Exp $
+
+Fix for CVE-2023-43641.
+
+--- cd.c.orig	2018-05-02 00:51:51.000000000 +0000
+++ cd.c
+@@ -339,7 +339,7 @@ track_get_rem(const Track* track)
+ 
+ void track_set_index(Track *track, int i, long ind)
+ {
+-	if (i > MAXINDEX) {
+	if (i < 0 || i > MAXINDEX) {
+ 		fprintf(stderr, "too many indexes\n");
+                 return;
+         }