pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia apply the patch from the mplayer site to fi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8cd0ba4fe95a
branches: trunk
changeset: 477424:8cd0ba4fe95a
user: drochner <drochner%pkgsrc.org@localhost>
date: Fri Jul 02 17:07:21 2004 +0000
description:
apply the patch from the mplayer site to fix buffer overflow
vulnerabilities in the GUI
diffstat:
multimedia/gmplayer/distinfo | 16 ++-
multimedia/mplayer-share/distinfo | 16 ++-
multimedia/mplayer-share/patches/patch-aa | 62 +++++++++-
multimedia/mplayer-share/patches/patch-ba | 19 +++
multimedia/mplayer-share/patches/patch-bb | 181 ++++++++++++++++++++++++++++++
multimedia/mplayer-share/patches/patch-bc | 32 +++++
multimedia/mplayer-share/patches/patch-bd | 107 +++++++++++++++++
multimedia/mplayer-share/patches/patch-be | 17 ++
multimedia/mplayer-share/patches/patch-bf | 62 ++++++++++
multimedia/mplayer-share/patches/patch-bg | 71 +++++++++++
multimedia/mplayer-share/patches/patch-bh | 14 ++
multimedia/mplayer-share/patches/patch-bi | 52 ++++++++
multimedia/mplayer-share/patches/patch-bj | 13 ++
multimedia/mplayer-share/patches/patch-bk | 13 ++
multimedia/mplayer-share/patches/patch-bl | 26 ++++
15 files changed, 693 insertions(+), 8 deletions(-)
diffs (truncated from 799 to 300 lines):
diff -r da2375e4bf88 -r 8cd0ba4fe95a multimedia/gmplayer/distinfo
--- a/multimedia/gmplayer/distinfo Fri Jul 02 16:27:48 2004 +0000
+++ b/multimedia/gmplayer/distinfo Fri Jul 02 17:07:21 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2004/06/21 07:01:38 tron Exp $
+$NetBSD: distinfo,v 1.9 2004/07/02 17:07:21 drochner Exp $
SHA1 (mplayer-1.0rc4/MPlayer-1.0pre4.tar.bz2) = 1e9f181589d6bf36e4c59ad013f8b5976447e702
Size (mplayer-1.0rc4/MPlayer-1.0pre4.tar.bz2) = 4913390 bytes
@@ -42,5 +42,17 @@
Size (mplayer-1.0rc4/xanim-1.6.tar.bz2) = 94567 bytes
SHA1 (mplayer-1.0rc4/xine-lcd-1.2.tar.bz2) = b882ec3e0aceeffb22c425cfd7322bf0f7aaf269
Size (mplayer-1.0rc4/xine-lcd-1.2.tar.bz2) = 172340 bytes
-SHA1 (patch-aa) = 93b13909bd489599b3f9a6c4ec1fc3e53411fc17
+SHA1 (patch-aa) = 12c75630628dec1893ea06e0a623cd25c143cf1d
SHA1 (patch-ad) = e01b08da4c46c57a50b5306353391b8f9ba7bf6e
+SHA1 (patch-ba) = 944cf2d3c99fe0af53bc71c47d5a48aff2bb4671
+SHA1 (patch-bb) = 395045e7e10c2154dce06eebcc04283f6aeac552
+SHA1 (patch-bc) = 900672b8f7c9aa3a66a56c3439607e8eeefedcba
+SHA1 (patch-bd) = 0687b9907e7fab7ffbb90a855088031e84123f76
+SHA1 (patch-be) = 159bef14dd6419445c5c530e8d402eb83543f774
+SHA1 (patch-bf) = 5ce3344b3384aa8caa9848e361902ebb0de148da
+SHA1 (patch-bg) = 297539d5d53721fdef12ee8ace7be8e50ee7ab50
+SHA1 (patch-bh) = fb757d74e9896fb29c55b87d586e801c7667b8a8
+SHA1 (patch-bi) = ce208ec7d6245a4e5609d61a5d877be0efb67102
+SHA1 (patch-bj) = 5f40f145303434c0869aea061f3e15d555a3b711
+SHA1 (patch-bk) = 31ddf8e0cee55bfac0b34859ef09f660a0404903
+SHA1 (patch-bl) = e778c11a4655127263d1d3ecc573e62167f98557
diff -r da2375e4bf88 -r 8cd0ba4fe95a multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Fri Jul 02 16:27:48 2004 +0000
+++ b/multimedia/mplayer-share/distinfo Fri Jul 02 17:07:21 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2004/06/21 06:28:56 tron Exp $
+$NetBSD: distinfo,v 1.9 2004/07/02 17:07:21 drochner Exp $
SHA1 (mplayer-1.0rc4/MPlayer-1.0pre4.tar.bz2) = 1e9f181589d6bf36e4c59ad013f8b5976447e702
Size (mplayer-1.0rc4/MPlayer-1.0pre4.tar.bz2) = 4913390 bytes
@@ -8,5 +8,17 @@
Size (mplayer-1.0rc4/font-arial-iso-8859-2.tar.bz2) = 222208 bytes
SHA1 (mplayer-1.0rc4/font-arial-cp1250.tar.bz2) = ccf11dce5d0fb72fd3af97f788b7471cd0cd0b68
Size (mplayer-1.0rc4/font-arial-cp1250.tar.bz2) = 249705 bytes
-SHA1 (patch-aa) = 93b13909bd489599b3f9a6c4ec1fc3e53411fc17
+SHA1 (patch-aa) = 12c75630628dec1893ea06e0a623cd25c143cf1d
SHA1 (patch-ad) = e01b08da4c46c57a50b5306353391b8f9ba7bf6e
+SHA1 (patch-ba) = 944cf2d3c99fe0af53bc71c47d5a48aff2bb4671
+SHA1 (patch-bb) = 395045e7e10c2154dce06eebcc04283f6aeac552
+SHA1 (patch-bc) = 900672b8f7c9aa3a66a56c3439607e8eeefedcba
+SHA1 (patch-bd) = 0687b9907e7fab7ffbb90a855088031e84123f76
+SHA1 (patch-be) = 159bef14dd6419445c5c530e8d402eb83543f774
+SHA1 (patch-bf) = 5ce3344b3384aa8caa9848e361902ebb0de148da
+SHA1 (patch-bg) = 297539d5d53721fdef12ee8ace7be8e50ee7ab50
+SHA1 (patch-bh) = fb757d74e9896fb29c55b87d586e801c7667b8a8
+SHA1 (patch-bi) = ce208ec7d6245a4e5609d61a5d877be0efb67102
+SHA1 (patch-bj) = 5f40f145303434c0869aea061f3e15d555a3b711
+SHA1 (patch-bk) = 31ddf8e0cee55bfac0b34859ef09f660a0404903
+SHA1 (patch-bl) = e778c11a4655127263d1d3ecc573e62167f98557
diff -r da2375e4bf88 -r 8cd0ba4fe95a multimedia/mplayer-share/patches/patch-aa
--- a/multimedia/mplayer-share/patches/patch-aa Fri Jul 02 16:27:48 2004 +0000
+++ b/multimedia/mplayer-share/patches/patch-aa Fri Jul 02 17:07:21 2004 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.5 2004/05/14 09:27:32 grant Exp $
+$NetBSD: patch-aa,v 1.6 2004/07/02 17:07:21 drochner Exp $
---- configure.orig Mon Apr 26 11:44:06 2004
+--- configure.orig 2004-07-02 18:36:10.000000000 +0200
+++ configure
@@ -375,8 +375,8 @@ for ac_option do
_inc_extra=-I`echo $ac_option | cut -d '=' -f 2 | sed 's,:, -I,g'`
@@ -40,7 +40,7 @@
_def_arch='#define ARCH_X86_64 1'
_target_arch='TARGET_ARCH_X86_64 = yes'
iproc='x86_64'
-@@ -1587,7 +1587,8 @@
+@@ -1587,7 +1587,8 @@ for ac_option do
_inc_x11=-I`echo $ac_option | cut -d '=' -f 2 | sed 's,:, -I,g'`
;;
--with-x11libdir=*)
@@ -50,7 +50,42 @@
;;
--with-dxr2incdir=*)
_inc_dxr2=-I`echo $ac_option | cut -d '=' -f 2 | sed 's,:, -I,g'`
-@@ -4653,11 +4653,11 @@ if test "$_matroska_external" != no ; th
+@@ -2649,6 +2650,34 @@ else
+ fi
+ echores "$_strsep"
+
++echocheck "strlcpy()"
++cat > $TMPC << EOF
++#include <string.h>
++int main (void) { char *s = "Hello, world!", t[20]; (void) strlcpy(t, s, sizeof( t )); return 0; }
++EOF
++_strlcpy=no
++cc_check && _strlcpy=yes
++if test "$_strlcpy" = yes ; then
++ _def_strlcpy='#define HAVE_STRLCPY 1'
++else
++ _def_strlcpy='#undef HAVE_STRLCPY'
++fi
++echores "$_strlcpy"
++
++echocheck "strlcat()"
++cat > $TMPC << EOF
++#include <string.h>
++int main (void) { char *s = "Hello, world!", t[20]; (void) strlcat(t, s, sizeof( t )); return 0; }
++EOF
++_strlcat=no
++cc_check && _strlcat=yes
++if test "$_strlcat" = yes ; then
++ _def_strlcat='#define HAVE_STRLCAT 1'
++else
++ _def_strlcat='#undef HAVE_STRLCAT'
++fi
++echores "$_strlcat"
++
+ echocheck "fseeko()"
+ cat > $TMPC << EOF
+ #include <stdio.h>
+@@ -4653,11 +4682,11 @@ if test "$_matroska_external" != no ; th
int main(void) { return 0; }
EOF
@@ -64,3 +99,22 @@
if test "$_matroska_external" = no ; then
_inc_extra=$_saved_inc_extra
fi
+@@ -6272,6 +6301,18 @@ $_def_scandir
+ /* Define this if your system has strsep */
+ $_def_strsep
+
++/* Define this if your system has strlcpy */
++$_def_strlcpy
++#ifndef HAVE_STRLCPY
++unsigned int strlcpy (char *dest, char *src, unsigned int size);
++#endif
++
++/* Define this if your system has strlcat */
++$_def_strlcat
++#ifndef HAVE_STRLCAT
++unsigned int strlcat (char *dest, char *src, unsigned int size);
++#endif
++
+ /* Define this if your system has fseeko */
+ $_def_fseeko
+ #ifndef HAVE_FSEEKO
diff -r da2375e4bf88 -r 8cd0ba4fe95a multimedia/mplayer-share/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ba Fri Jul 02 17:07:21 2004 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ba,v 1.1 2004/07/02 17:07:21 drochner Exp $
+
+--- Gui/interface.c.orig 2004-03-25 22:49:47.000000000 +0100
++++ Gui/interface.c
+@@ -54,8 +54,12 @@ char * gstrcat( char ** dest,char * src
+ if ( *dest )
+ {
+ tmp=malloc( strlen( *dest ) + strlen( src ) + 1 );
+- strcpy( tmp,*dest ); strcat( tmp,src ); free( *dest );
+- }
++
++ if ( tmp ) /* TODO: advanced error handling */
++ {
++ strcpy( tmp,*dest ); strcat( tmp,src ); free( *dest );
++ }
++ }
+ else
+ { tmp=malloc( strlen( src ) + 1 ); strcpy( tmp,src ); }
+ *dest=tmp;
diff -r da2375e4bf88 -r 8cd0ba4fe95a multimedia/mplayer-share/patches/patch-bb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-bb Fri Jul 02 17:07:21 2004 +0000
@@ -0,0 +1,181 @@
+$NetBSD: patch-bb,v 1.1 2004/07/02 17:07:21 drochner Exp $
+
+--- Gui/mplayer/common.c.orig 2003-03-20 13:42:09.000000000 +0100
++++ Gui/mplayer/common.c
+@@ -32,35 +32,39 @@
+
+ extern unsigned int GetTimerMS( void );
+
+-inline void TranslateFilename( int c,char * tmp )
++inline void TranslateFilename( int c,char * tmp,size_t tmplen )
+ {
+ int i;
++ char * p;
++
+ switch ( guiIntfStruct.StreamType )
+ {
+ case STREAMTYPE_STREAM:
+- strcpy( tmp,guiIntfStruct.Filename );
++ strlcpy(tmp, guiIntfStruct.Filename, tmplen);
+ break;
+ case STREAMTYPE_FILE:
+ if ( ( guiIntfStruct.Filename )&&( guiIntfStruct.Filename[0] ) )
+ {
+- if ( strrchr( guiIntfStruct.Filename,'/' ) ) strcpy( tmp,strrchr( guiIntfStruct.Filename,'/' ) + 1 );
+- else strcpy( tmp,guiIntfStruct.Filename );
++ if ( p = strrchr(guiIntfStruct.Filename, '/') )
++ strlcpy(tmp, p + 1, tmplen);
++ else
++ strlcpy(tmp, guiIntfStruct.Filename, tmplen);
+ if ( tmp[strlen( tmp ) - 4] == '.' ) tmp[strlen( tmp ) - 4]=0;
+ if ( tmp[strlen( tmp ) - 5] == '.' ) tmp[strlen( tmp ) - 5]=0;
+- } else strcpy( tmp,MSGTR_NoFileLoaded );
++ } else strlcpy( tmp,MSGTR_NoFileLoaded,tmplen );
+ break;
+ #ifdef USE_DVDREAD
+ case STREAMTYPE_DVD:
+- if ( guiIntfStruct.DVD.current_chapter ) sprintf( tmp,MSGTR_Chapter,guiIntfStruct.DVD.current_chapter );
+- else strcat( tmp,MSGTR_NoChapter );
++ if ( guiIntfStruct.DVD.current_chapter ) snprintf(tmp,tmplen,MSGTR_Chapter,guiIntfStruct.DVD.current_chapter );
++ else strlcat( tmp,MSGTR_NoChapter,tmplen );
+ break;
+ #endif
+ #ifdef HAVE_VCD
+ case STREAMTYPE_VCD:
+- sprintf( tmp,MSGTR_VCDTrack,guiIntfStruct.Track );
++ snprintf( tmp,tmplen,MSGTR_VCDTrack,guiIntfStruct.Track );
+ break;
+ #endif
+- default: strcpy( tmp,MSGTR_NoMediaOpened );
++ default: strlcpy( tmp,MSGTR_NoMediaOpened,tmplen );
+ }
+ if ( c )
+ {
+@@ -74,75 +78,94 @@ inline void TranslateFilename( int c,cha
+ }
+ }
+
++/* Unsafe! Pass only null-terminated strings as (char *)str. */
+ char * Translate( char * str )
+ {
+ static char trbuf[512];
+ char tmp[512];
+ int i,c;
+ int t;
++ int strsize = 0;
+ memset( trbuf,0,512 );
+ memset( tmp,0,128 );
+- for ( c=0,i=0;i < (int)strlen( str );i++ )
++ strsize = strlen(str);
++ for ( c=0,i=0;i < strsize;i++ )
+ {
+ if ( str[i] != '$' ) { trbuf[c++]=str[i]; trbuf[c]=0; }
+ else
+ {
+ switch ( str[++i] )
+ {
+- case 't': sprintf( tmp,"%02d",guiIntfStruct.Track ); strcat( trbuf,tmp ); break;
+- case 'o': TranslateFilename( 0,tmp ); strcat( trbuf,tmp ); break;
+- case 'f': TranslateFilename( 1,tmp ); strcat( trbuf,tmp ); break;
+- case 'F': TranslateFilename( 2,tmp ); strcat( trbuf,tmp ); break;
++ case 't': snprintf( tmp,sizeof( tmp ),"%02d",guiIntfStruct.Track );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case 'o': TranslateFilename( 0,tmp,sizeof( tmp ) );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case 'f': TranslateFilename( 1,tmp,sizeof( tmp ) );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case 'F': TranslateFilename( 2,tmp,sizeof( tmp ) );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
+ case '6': t=guiIntfStruct.LengthInSec; goto calclengthhhmmss;
+ case '1': t=guiIntfStruct.TimeSec;
+ calclengthhhmmss:
+- sprintf( tmp,"%02d:%02d:%02d",t/3600,t/60%60,t%60 ); strcat( trbuf,tmp );
++ snprintf( tmp,sizeof( tmp ),"%02d:%02d:%02d",t/3600,t/60%60,t%60 );
++ strlcat( trbuf,tmp,sizeof( trbuf ) );
+ break;
+ case '7': t=guiIntfStruct.LengthInSec; goto calclengthmmmmss;
+ case '2': t=guiIntfStruct.TimeSec;
+ calclengthmmmmss:
+- sprintf( tmp,"%04d:%02d",t/60,t%60 ); strcat( trbuf,tmp );
++ snprintf( tmp,sizeof( tmp ),"%04d:%02d",t/60,t%60 );
++ strlcat( trbuf,tmp,sizeof( trbuf ) );
+ break;
+- case '3': sprintf( tmp,"%02d",guiIntfStruct.TimeSec / 3600 ); strcat( trbuf,tmp ); break;
+- case '4': sprintf( tmp,"%02d",( ( guiIntfStruct.TimeSec / 60 ) % 60 ) ); strcat( trbuf,tmp ); break;
+- case '5': sprintf( tmp,"%02d",guiIntfStruct.TimeSec % 60 ); strcat( trbuf,tmp ); break;
+- case '8': sprintf( tmp,"%01d:%02d:%02d",guiIntfStruct.TimeSec / 3600,( guiIntfStruct.TimeSec / 60 ) % 60,guiIntfStruct.TimeSec % 60 ); strcat( trbuf,tmp ); break;
+- case 'v': sprintf( tmp,"%3.2f%%",guiIntfStruct.Volume ); strcat( trbuf,tmp ); break;
+- case 'V': sprintf( tmp,"%3.1f",guiIntfStruct.Volume ); strcat( trbuf,tmp ); break;
+- case 'b': sprintf( tmp,"%3.2f%%",guiIntfStruct.Balance ); strcat( trbuf,tmp ); break;
+- case 'B': sprintf( tmp,"%3.1f",guiIntfStruct.Balance ); strcat( trbuf,tmp ); break;
+- case 'd': sprintf( tmp,"%d",guiIntfStruct.FrameDrop ); strcat( trbuf,tmp ); break;
+- case 'x': sprintf( tmp,"%d",guiIntfStruct.MovieWidth ); strcat( trbuf,tmp ); break;
+- case 'y': sprintf( tmp,"%d",guiIntfStruct.MovieHeight ); strcat( trbuf,tmp ); break;
+- case 'C': sprintf( tmp,"%s", guiIntfStruct.sh_video? ((sh_video_t *)guiIntfStruct.sh_video)->codec->name : "");
+- strcat( trbuf,tmp ); break;
+- case 's': if ( guiIntfStruct.Playing == 0 ) strcat( trbuf,"s" ); break;
+- case 'l': if ( guiIntfStruct.Playing == 1 ) strcat( trbuf,"p" ); break;
+- case 'e': if ( guiIntfStruct.Playing == 2 ) strcat( trbuf,"e" ); break;
++ case '3': snprintf( tmp,sizeof( tmp ),"%02d",guiIntfStruct.TimeSec / 3600 );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case '4': snprintf( tmp,sizeof( tmp ),"%02d",( ( guiIntfStruct.TimeSec / 60 ) % 60 ) );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case '5': snprintf( tmp,sizeof( tmp ),"%02d",guiIntfStruct.TimeSec % 60 );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case '8': snprintf( tmp,sizeof( tmp ),"%01d:%02d:%02d",guiIntfStruct.TimeSec / 3600,( guiIntfStruct.TimeSec / 60 ) % 60,guiIntfStruct.TimeSec % 60 ); strlcat( trbuf,tmp,sizeof( trbuf ) );
break;
++ case 'v': snprintf( tmp,sizeof( tmp ),"%3.2f%%",guiIntfStruct.Volume );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
++ case 'V': snprintf( tmp,sizeof( tmp ),"%3.1f",guiIntfStruct.Volume );
++ strlcat( trbuf,tmp,sizeof( trbuf ) ); break;
Home |
Main Index |
Thread Index |
Old Index