Fix Speex header processing vulnerability.

Submitted by:	Jasper Lievisse Adriaanse <jasper@humppa.nl>
Obtained from:	OpenBSD
Security:	http://www.vuxml.org/freebsd/633716fa-1f8f-11dd-b143-0211d880e350

2 files changed, 12 insertions, 1 deletions

diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile
index 23673ec8c37f..02a2d8980dd5 100644
--- a/audio/vorbis-tools/Makefile
+++ b/audio/vorbis-tools/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	vorbis-tools
 PORTVERSION=	1.2.0
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	3
 CATEGORIES=	audio
 MASTER_SITES=	http://downloads.xiph.org/releases/vorbis/
diff --git a/audio/vorbis-tools/files/patch-ogg123_speex_format.c b/audio/vorbis-tools/files/patch-ogg123_speex_format.c
new file mode 100644
index 000000000000..db3ac5de45c5
--- /dev/null
+++ b/audio/vorbis-tools/files/patch-ogg123_speex_format.c
@@ -0,0 +1,11 @@
+--- ogg123/speex_format.c.orig	2008-05-11 17:57:48.000000000 +0200
++++ ogg123/speex_format.c	2008-05-11 17:58:19.000000000 +0200
+@@ -475,7 +475,7 @@ void *process_header(ogg_packet *op, int
+            cb->printf_error(callback_arg, ERROR, _("Cannot read header"));
+      return NULL;
+    }
+-   if ((*header)->mode >= SPEEX_NB_MODES) {
++   if ((*header)->mode >= SPEEX_NB_MODES || (*header)->mode < 0) {
+      cb->printf_error(callback_arg, ERROR, 
+ 		      _("Mode number %d does not (any longer) exist in this version"),
+ 	      (*header)->mode);