[pkgsrc/trunk]: pkgsrc/multimedia/vlc Patch for CVE-2008-1489, mp4 buffer ove...

[tnn <tnn%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4cdd6ef41da6
branches:  trunk
changeset: 540080:4cdd6ef41da6
user:      tnn <tnn%pkgsrc.org@localhost>
date:      Wed Mar 26 02:32:17 2008 +0000

description:
Patch for CVE-2008-1489, mp4 buffer overflow. Bump rev.

diffstat:

 multimedia/vlc/Makefile         |   4 ++--
 multimedia/vlc/distinfo         |   3 ++-
 multimedia/vlc/patches/patch-ae |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diffs (55 lines):

diff -r e4a7223f83ea -r 4cdd6ef41da6 multimedia/vlc/Makefile
--- a/multimedia/vlc/Makefile   Wed Mar 26 00:56:41 2008 +0000
+++ b/multimedia/vlc/Makefile   Wed Mar 26 02:32:17 2008 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.49 2008/02/28 16:18:53 kefren Exp $
+# $NetBSD: Makefile,v 1.50 2008/03/26 02:32:17 tnn Exp $
 #
 
 DISTNAME=              vlc-${VLC_VER}
 CATEGORIES=            multimedia
 MASTER_SITES=          http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
 EXTRACT_SUFX=          .tar.bz2
-PKGREVISION=           2
+PKGREVISION=           3
 
 MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=              http://www.videolan.org/
diff -r e4a7223f83ea -r 4cdd6ef41da6 multimedia/vlc/distinfo
--- a/multimedia/vlc/distinfo   Wed Mar 26 00:56:41 2008 +0000
+++ b/multimedia/vlc/distinfo   Wed Mar 26 02:32:17 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2008/02/28 16:18:53 kefren Exp $
+$NetBSD: distinfo,v 1.15 2008/03/26 02:32:17 tnn Exp $
 
 SHA1 (vlc-0.8.6d.tar.bz2) = 63afd15cc782795c8d8f3de5edc614389465c577
 RMD160 (vlc-0.8.6d.tar.bz2) = 16c1998dbc30ad96bebdd8792d135b5f7899166e
@@ -7,3 +7,4 @@
 SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671
 SHA1 (patch-ac) = 54526feb8f88cd1f61e40abd62ed5f68ce6b934b
 SHA1 (patch-ad) = dd92aeabc8d21ebf4113558b9d63f7737add2d91
+SHA1 (patch-ae) = 6282c601bb7c1f6c5b55f57a02e965216bd38cd3
diff -r e4a7223f83ea -r 4cdd6ef41da6 multimedia/vlc/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc/patches/patch-ae   Wed Mar 26 02:32:17 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ae,v 1.3 2008/03/26 02:32:17 tnn Exp $
+
+--- modules/demux/mp4/libmp4.c.orig    2007-11-26 14:08:01.000000000 +0100
++++ modules/demux/mp4/libmp4.c
+@@ -1959,10 +1959,14 @@ static int MP4_ReadBox_rdrf( stream_t *p
+     MP4_GETVERSIONFLAGS( p_box->data.p_rdrf );
+     MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type );
+     MP4_GET4BYTES( i_len );
++    i_len++;
++
+     if( i_len > 0 )
+     {
+         uint32_t i;
+-        p_box->data.p_rdrf->psz_ref = malloc( i_len  + 1);
++        p_box->data.p_rdrf->psz_ref = malloc( i_len );
++        i_len--;
++
+         for( i = 0; i < i_len; i++ )
+         {
+             MP4_GET1BYTE( p_box->data.p_rdrf->psz_ref[i] );