pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/xine-lib Add missing bound check in HTTP Pl...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8c2852e59d6e
branches: trunk
changeset: 515297:8c2852e59d6e
user: tron <tron%pkgsrc.org@localhost>
date: Fri Jun 30 13:51:40 2006 +0000
description:
Add missing bound check in HTTP Plugin "xineplug_inp_http.so".
This fixes the vulnerability reported in CVE-2006-2802.
diffstat:
multimedia/xine-lib/Makefile | 4 ++--
multimedia/xine-lib/distinfo | 3 ++-
multimedia/xine-lib/patches/patch-az | 14 ++++++++++++++
3 files changed, 18 insertions(+), 3 deletions(-)
diffs (49 lines):
diff -r 12f771e6a701 -r 8c2852e59d6e multimedia/xine-lib/Makefile
--- a/multimedia/xine-lib/Makefile Fri Jun 30 13:47:06 2006 +0000
+++ b/multimedia/xine-lib/Makefile Fri Jun 30 13:51:40 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.37 2006/06/12 16:28:13 wiz Exp $
+# $NetBSD: Makefile,v 1.38 2006/06/30 13:51:40 tron Exp $
.include "Makefile.common"
-PKGREVISION= 9
+PKGREVISION= 10
COMMENT= Multimedia player library
diff -r 12f771e6a701 -r 8c2852e59d6e multimedia/xine-lib/distinfo
--- a/multimedia/xine-lib/distinfo Fri Jun 30 13:47:06 2006 +0000
+++ b/multimedia/xine-lib/distinfo Fri Jun 30 13:51:40 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2006/06/26 17:13:36 wiz Exp $
+$NetBSD: distinfo,v 1.32 2006/06/30 13:51:40 tron Exp $
SHA1 (xine-lib-1.0.3a.tar.gz) = 2efe9bc3d85659731e8c679d2c60901a6101f17b
RMD160 (xine-lib-1.0.3a.tar.gz) = 335abfaa46c4592a22246f75c3a455cd87b7cdc4
@@ -28,6 +28,7 @@
SHA1 (patch-aw) = 78ab44197a6b9f85e4b272d522ce254de4d557dc
SHA1 (patch-ax) = 18101c0a19f510455496fc75a10eebf3b28acde9
SHA1 (patch-ay) = 9e2a551de0cf00b4801809b9893734e0d63878ce
+SHA1 (patch-az) = e2d392fb295d51d90dc5fa6b672bcac9dcd5a04f
SHA1 (patch-ba) = c4a5fbe9d88d21a90fe01359ace7831f2a865c86
SHA1 (patch-bb) = 40978e50dcb060a2b8314b310a68684e62e90bc2
SHA1 (patch-bd) = 5352293022da25b08598d42655af2524ff99b28a
diff -r 12f771e6a701 -r 8c2852e59d6e multimedia/xine-lib/patches/patch-az
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-az Fri Jun 30 13:51:40 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-az,v 1.1 2006/06/30 13:51:40 tron Exp $
+
+--- src/input/input_http.c 2006-06-30 14:18:35.000000000 +0100
++++ src/input/input_http.c.orig 2005-07-17 22:49:59.000000000 +0100
+@@ -765,7 +765,8 @@
+ printf ("input_http: read...\n");
+ */
+
+- if (_x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) {
++ if (len == sizeof(this->buf) ||
++ _x_io_tcp_read (this->stream, this->fh, &this->buf[len], 1) <= 0) {
+ return 0;
+ }
+
Home |
Main Index |
Thread Index |
Old Index