pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia Add patch from the MPlayer SVN repository t...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6644142b7d89
branches:  trunk
changeset: 529544:6644142b7d89
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jun 07 13:19:54 2007 +0000

description:
Add patch from the MPlayer SVN repository to fix an overflow in the
CDDB code reported in CVE-2007-2948. Bump package revision.

diffstat:

 multimedia/gmplayer/Makefile              |   4 ++--
 multimedia/gmplayer/distinfo              |   3 ++-
 multimedia/mplayer-share/patches/patch-ae |  31 +++++++++++++++++++++++++++++++
 multimedia/mplayer/Makefile               |   4 ++--
 4 files changed, 37 insertions(+), 5 deletions(-)

diffs (83 lines):

diff -r cc746c6f4ab3 -r 6644142b7d89 multimedia/gmplayer/Makefile
--- a/multimedia/gmplayer/Makefile      Thu Jun 07 13:05:13 2007 +0000
+++ b/multimedia/gmplayer/Makefile      Thu Jun 07 13:19:54 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.59 2007/01/31 00:04:12 wiz Exp $
+# $NetBSD: Makefile,v 1.60 2007/06/07 13:19:54 tron Exp $
 
 #
 # NOTE: if you are updating both mplayer and gmplayer, you must ensure
@@ -9,7 +9,7 @@
 #
 
 PKGNAME=       gmplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 
 BROKEN_IN=             pkgsrc-2006Q4
 
diff -r cc746c6f4ab3 -r 6644142b7d89 multimedia/gmplayer/distinfo
--- a/multimedia/gmplayer/distinfo      Thu Jun 07 13:05:13 2007 +0000
+++ b/multimedia/gmplayer/distinfo      Thu Jun 07 13:19:54 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.46 2007/03/23 07:40:12 wiz Exp $
+$NetBSD: distinfo,v 1.47 2007/06/07 13:19:54 tron Exp $
 
 SHA1 (gmplayer-1.0rc9-20060123/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc
 RMD160 (gmplayer-1.0rc9-20060123/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998
@@ -67,6 +67,7 @@
 SHA1 (patch-ab) = 29bf59ecb3d283708ae1c5002d1fa71cac627cc9
 SHA1 (patch-ac) = 6d0de4bd41d9842ea1bf46e9fbe60bf6a943b913
 SHA1 (patch-ad) = d0b72eaa5e63d2cfd7828ea1a9973f1728c607b5
+SHA1 (patch-ae) = b725fce8f4dfb7b06f6de388265ce317f22824e9
 SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b
 SHA1 (patch-ai) = bcf45db81587d99fc69ae5fcf89ff4a4b8f6f53c
 SHA1 (patch-aj) = 40ba1625f85f0264628013ad0209aa095e8e5d3f
diff -r cc746c6f4ab3 -r 6644142b7d89 multimedia/mplayer-share/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ae Thu Jun 07 13:19:54 2007 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ae,v 1.7 2007/06/07 13:19:54 tron Exp $
+
+--- stream/stream_cddb.c.orig  2006-10-22 23:32:25.000000000 +0100
++++ stream/stream_cddb.c       2007-06-07 13:57:35.000000000 +0100
+@@ -435,7 +435,7 @@
+ 
+       switch(status) {
+               case 210:
+-                      ret = sscanf( http_hdr->body, "%d %s %08lx", &status, category, &disc_id);
++                      ret = sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &disc_id);
+                       if( ret!=3 ) {
+                               mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+                               return -1;
+@@ -496,7 +496,7 @@
+       ptr++;
+       // We have a list of exact/inexact matches, so which one do we use?
+       // So let's take the first one.
+-      ret = sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->disc_id), album_title);
++      ret = sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data->disc_id), album_title);
+       if( ret!=3 ) {
+               mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+               return -1;
+@@ -533,7 +533,7 @@
+       switch(status) {
+               case 200:
+                       // Found exact match
+-                      ret = sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
++                      ret = sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
+                       if( ret!=4 ) {
+                               mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+                               return -1;
diff -r cc746c6f4ab3 -r 6644142b7d89 multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile       Thu Jun 07 13:05:13 2007 +0000
+++ b/multimedia/mplayer/Makefile       Thu Jun 07 13:19:54 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.41 2007/03/09 15:14:16 drochner Exp $
+# $NetBSD: Makefile,v 1.42 2007/06/07 13:19:54 tron Exp $
 
 PKGNAME=       mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION=   5
+PKGREVISION=   6
 
 COMMENT=       Software-only MPEG-1/2/4 video decoder
 



Home | Main Index | Thread Index | Old Index