[pkgsrc/trunk]: pkgsrc/graphics PKGREVISION++

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bd25aa5e97d4
branches:  trunk
changeset: 462124:bd25aa5e97d4
user:      salo <salo%pkgsrc.org@localhost>
date:      Fri Sep 26 12:04:46 2003 +0000

description:
PKGREVISION++

Fix remotely exploitable buffer overflow vulnerability.

A malicious host can craft a harmful ASX header, and trick MPlayer into
executing arbitrary code upon parsing that header.

http://www.mplayerhq.hu/homepage/design6/news.html

diffstat:

 graphics/gmplayer/distinfo              |   3 ++-
 graphics/mencoder/distinfo              |   3 ++-
 graphics/mplayer-share/Makefile.common  |   4 ++--
 graphics/mplayer-share/distinfo         |   3 ++-
 graphics/mplayer-share/patches/patch-ab |  22 ++++++++++++++++++++++
 graphics/mplayer/distinfo               |   3 ++-
 6 files changed, 32 insertions(+), 6 deletions(-)

diffs (98 lines):

diff -r 3bf325c8d5e4 -r bd25aa5e97d4 graphics/gmplayer/distinfo
--- a/graphics/gmplayer/distinfo        Fri Sep 26 11:24:42 2003 +0000
+++ b/graphics/gmplayer/distinfo        Fri Sep 26 12:04:46 2003 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2003/09/21 12:40:22 markd Exp $
+$NetBSD: distinfo,v 1.40 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
@@ -43,5 +43,6 @@
 SHA1 (mplayer/xine-lcd-1.0.tar.bz2) = 1edbf1703e64f7a7c2aa3837d3383ba60a6d2f2d
 Size (mplayer/xine-lcd-1.0.tar.bz2) = 168441 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
diff -r 3bf325c8d5e4 -r bd25aa5e97d4 graphics/mencoder/distinfo
--- a/graphics/mencoder/distinfo        Fri Sep 26 11:24:42 2003 +0000
+++ b/graphics/mencoder/distinfo        Fri Sep 26 12:04:46 2003 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.23 2003/09/19 10:13:41 wiz Exp $
+$NetBSD: distinfo,v 1.24 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
diff -r 3bf325c8d5e4 -r bd25aa5e97d4 graphics/mplayer-share/Makefile.common
--- a/graphics/mplayer-share/Makefile.common    Fri Sep 26 11:24:42 2003 +0000
+++ b/graphics/mplayer-share/Makefile.common    Fri Sep 26 12:04:46 2003 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.39 2003/09/02 17:46:32 jmmv Exp $
+# $NetBSD: Makefile.common,v 1.40 2003/09/26 12:04:46 salo Exp $
 #
 
 MPLAYER_DIST_VERSION=  1.0pre1
-#PKGREVISION=          0
+PKGREVISION=           1
 
 # This variable is used in all packages which depend on this package
 MPLAYER_PKG_VERSION=   1.0rc1
diff -r 3bf325c8d5e4 -r bd25aa5e97d4 graphics/mplayer-share/distinfo
--- a/graphics/mplayer-share/distinfo   Fri Sep 26 11:24:42 2003 +0000
+++ b/graphics/mplayer-share/distinfo   Fri Sep 26 12:04:46 2003 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2003/09/02 17:46:32 jmmv Exp $
+$NetBSD: distinfo,v 1.28 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
@@ -9,5 +9,6 @@
 SHA1 (mplayer/font-arial-cp1250.tar.bz2) = ccf11dce5d0fb72fd3af97f788b7471cd0cd0b68
 Size (mplayer/font-arial-cp1250.tar.bz2) = 249705 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
diff -r 3bf325c8d5e4 -r bd25aa5e97d4 graphics/mplayer-share/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/mplayer-share/patches/patch-ab   Fri Sep 26 12:04:46 2003 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.9 2003/09/26 12:04:46 salo Exp $
+
+Fixes remotely exploitable buffer overflow vulnerability. A malicious host can
+craft a harmful ASX header, and trick MPlayer into executing arbitrary code
+upon parsing that header.
+
+--- libmpdemux/asf_streaming.c.orig    2003-08-15 21:13:23.000000000 +0200
++++ libmpdemux/asf_streaming.c 2003-09-26 13:27:04.000000000 +0200
+@@ -502,11 +502,11 @@
+                       return NULL;
+               }
+               http_set_uri( http_hdr, server_url->url );
+-              sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port );
++              sprintf( str, "Host: %.220s:%d", server_url->hostname, server_url->port );
+               url_free( server_url );
+       } else {
+               http_set_uri( http_hdr, url->file );
+-              sprintf( str, "Host: %s:%d", url->hostname, url->port );
++              sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
+       }
+       
+       http_set_field( http_hdr, str );
diff -r 3bf325c8d5e4 -r bd25aa5e97d4 graphics/mplayer/distinfo
--- a/graphics/mplayer/distinfo Fri Sep 26 11:24:42 2003 +0000
+++ b/graphics/mplayer/distinfo Fri Sep 26 12:04:46 2003 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.37 2003/09/19 10:13:41 wiz Exp $
+$NetBSD: distinfo,v 1.38 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425