audio/libsndfile: Fix CVE-2022-33065

Multiple signed integers overflow in function au_read_header in
src/au.c and in functions mat4_open and mat4_read_header in
src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service
or other unspecified impacts.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-33065

2 files changed, 6 insertions, 1 deletions

diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile
index d709a2f65bbc..543a69b43f18 100644
--- a/audio/libsndfile/Makefile
+++ b/audio/libsndfile/Makefile
@@ -3,6 +3,9 @@ DISTVERSION=	1.2.2
 CATEGORIES=	audio
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/releases/download/${DISTVERSION}/
 
+PATCH_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/commit/
+PATCHFILES=	0754562e13d2e63a248a1c82f90b30bc0ffe307c.patch:-p1
+
 MAINTAINER=	multimedia@FreeBSD.org
 COMMENT=	Reading and writing files containing sampled sound (like WAV or AIFF)
 WWW=		http://www.mega-nerd.com/libsndfile/
diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo
index c4529d683265..510494b71533 100644
--- a/audio/libsndfile/distinfo
+++ b/audio/libsndfile/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1691924884
+TIMESTAMP = 1699480963
 SHA256 (libsndfile-1.2.2.tar.xz) = 3799ca9924d3125038880367bf1468e53a1b7e3686a934f098b7e1d286cdb80e
 SIZE (libsndfile-1.2.2.tar.xz) = 730760
+SHA256 (0754562e13d2e63a248a1c82f90b30bc0ffe307c.patch) = f42720a0307a5d3785c2719729d0eeaa0f15e6fe1c3645f5028fef89a35d7bd2
+SIZE (0754562e13d2e63a248a1c82f90b30bc0ffe307c.patch) = 1722