git: a1f663e8d4a6 - main - audio/libsndfile: Fix CVE-2022-33065

From: Daniel Engberg <diizzy_at_FreeBSD.org>
Date: Wed, 08 Nov 2023 22:30:27 UTC 
The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a1f663e8d4a65bdb5366a7992ebe02476a9d18c7

commit a1f663e8d4a65bdb5366a7992ebe02476a9d18c7
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-11-08 22:26:14 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-11-08 22:26:20 +0000

    audio/libsndfile: Fix CVE-2022-33065
    
    Multiple signed integers overflow in function au_read_header in
    src/au.c and in functions mat4_open and mat4_read_header in
    src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service
    or other unspecified impacts.
    
    Reference:
    https://nvd.nist.gov/vuln/detail/CVE-2022-33065
---
 audio/libsndfile/Makefile | 3 +++
 audio/libsndfile/distinfo | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile
index d709a2f65bbc..543a69b43f18 100644
--- a/audio/libsndfile/Makefile
+++ b/audio/libsndfile/Makefile
@@ -3,6 +3,9 @@ DISTVERSION=	1.2.2
 CATEGORIES=	audio
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/releases/download/${DISTVERSION}/
 
+PATCH_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/commit/
+PATCHFILES=	0754562e13d2e63a248a1c82f90b30bc0ffe307c.patch:-p1
+
 MAINTAINER=	multimedia@FreeBSD.org
 COMMENT=	Reading and writing files containing sampled sound (like WAV or AIFF)
 WWW=		http://www.mega-nerd.com/libsndfile/
diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo
index c4529d683265..510494b71533 100644
--- a/audio/libsndfile/distinfo
+++ b/audio/libsndfile/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1691924884
+TIMESTAMP = 1699480963
 SHA256 (libsndfile-1.2.2.tar.xz) = 3799ca9924d3125038880367bf1468e53a1b7e3686a934f098b7e1d286cdb80e
 SIZE (libsndfile-1.2.2.tar.xz) = 730760
+SHA256 (0754562e13d2e63a248a1c82f90b30bc0ffe307c.patch) = f42720a0307a5d3785c2719729d0eeaa0f15e6fe1c3645f5028fef89a35d7bd2
+SIZE (0754562e13d2e63a248a1c82f90b30bc0ffe307c.patch) = 1722