pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/vlc Fix for CVE-2007-3316 format-string vul...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b62378dbcb4e
branches: trunk
changeset: 530304:b62378dbcb4e
user: lkundrak <lkundrak%pkgsrc.org@localhost>
date: Fri Jun 22 14:13:16 2007 +0000
description:
Fix for CVE-2007-3316 format-string vulnerability described by
VideoLAN-SA-0702 upstream advisory. Backported from 0.8.6c.
diffstat:
multimedia/vlc/Makefile | 4 ++--
multimedia/vlc/distinfo | 6 +++++-
multimedia/vlc/patches/patch-ak | 27 +++++++++++++++++++++++++++
multimedia/vlc/patches/patch-al | 16 ++++++++++++++++
multimedia/vlc/patches/patch-am | 16 ++++++++++++++++
multimedia/vlc/patches/patch-an | 22 ++++++++++++++++++++++
6 files changed, 88 insertions(+), 3 deletions(-)
diffs (128 lines):
diff -r baa464f77df9 -r b62378dbcb4e multimedia/vlc/Makefile
--- a/multimedia/vlc/Makefile Fri Jun 22 13:14:22 2007 +0000
+++ b/multimedia/vlc/Makefile Fri Jun 22 14:13:16 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.44 2007/02/22 19:26:51 wiz Exp $
+# $NetBSD: Makefile,v 1.45 2007/06/22 14:13:16 lkundrak Exp $
#
DISTNAME= vlc-${VLC_VER}
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= multimedia
MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
EXTRACT_SUFX= .tar.bz2
diff -r baa464f77df9 -r b62378dbcb4e multimedia/vlc/distinfo
--- a/multimedia/vlc/distinfo Fri Jun 22 13:14:22 2007 +0000
+++ b/multimedia/vlc/distinfo Fri Jun 22 14:13:16 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2007/02/22 16:36:10 drochner Exp $
+$NetBSD: distinfo,v 1.11 2007/06/22 14:13:16 lkundrak Exp $
SHA1 (vlc-0.8.5.tar.bz2) = 2f0a26a336a5211f32c7bcc653dfd0b27f1fb26b
RMD160 (vlc-0.8.5.tar.bz2) = d24140a5b4bf771754028090e103bb5c171e4fd8
@@ -10,3 +10,7 @@
SHA1 (patch-ah) = 5a355a70b7b39c0a33db7cc37e3944f903686d3f
SHA1 (patch-ai) = 655df187ab529eb30753531dafbf4b68f7a85785
SHA1 (patch-aj) = ff16b192696f7a8517b2bf343697cb81c6041015
+SHA1 (patch-ak) = 62e4c366c6ad39fdadf3e9484f1ee46a2f5680ab
+SHA1 (patch-al) = d363baa7a1d4150b2b12376652650295e546f0fe
+SHA1 (patch-am) = 7d212c47879c718a7685fe94660c9fa71a02f4c3
+SHA1 (patch-an) = 6388e50ad6b7c4cc6860759d514ca691b996ee45
diff -r baa464f77df9 -r b62378dbcb4e multimedia/vlc/patches/patch-ak
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc/patches/patch-ak Fri Jun 22 14:13:16 2007 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-ak,v 1.1 2007/06/22 14:13:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in CDDA module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/access/cdda.c.orig 2007-06-22 16:00:43.000000000 +0200
++++ modules/access/cdda.c
+@@ -630,7 +630,9 @@ static int GetTracks( access_t *p_access
+ {
+ vlc_input_item_AddInfo( &p_item->input,
+ _(VLC_META_INFO_CAT),
+- _(VLC_META_TITLE),
++ _(VLC_META_TITLE), "%s",
++ cddb_track_get_title( t ) );
++
+ cddb_track_get_title( t ) );
+ if( p_item->input.psz_name )
+ free( p_item->input.psz_name );
+@@ -641,7 +643,7 @@ static int GetTracks( access_t *p_access
+ if( psz_result )
+ {
+ vlc_input_item_AddInfo( &p_item->input,
+- _(VLC_META_INFO_CAT),
++ _(VLC_META_INFO_CAT), "%s",
+ _(VLC_META_ARTIST), psz_result );
+ }
+ }
diff -r baa464f77df9 -r b62378dbcb4e multimedia/vlc/patches/patch-al
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc/patches/patch-al Fri Jun 22 14:13:16 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-al,v 1.1 2007/06/22 14:13:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/codec/vorbis.c.orig 2007-06-22 16:03:12.000000000 +0200
++++ modules/codec/vorbis.c
+@@ -614,7 +614,7 @@ static void ParseVorbisComments( decoder
+ *psz_value = '\0';
+ psz_value++;
+ input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
+- psz_name, psz_value );
++ psz_name, "%s", psz_value );
+ if( strcasestr( psz_name, "artist" ) )
+ {
+ vlc_input_item_AddInfo( p_input->input.p_item,
diff -r baa464f77df9 -r b62378dbcb4e multimedia/vlc/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc/patches/patch-am Fri Jun 22 14:13:16 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-am,v 1.1 2007/06/22 14:13:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Theora module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/codec/theora.c.orig 2007-06-22 16:04:59.000000000 +0200
++++ modules/codec/theora.c
+@@ -510,7 +510,7 @@ static void ParseTheoraComments( decoder
+ *psz_value = '\0';
+ psz_value++;
+ input_Control( p_input, INPUT_ADD_INFO, _("Theora comment"),
+- psz_name, psz_value );
++ psz_name, "%s", psz_value );
+ }
+ free( psz_comment );
+ i++;
diff -r baa464f77df9 -r b62378dbcb4e multimedia/vlc/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc/patches/patch-an Fri Jun 22 14:13:16 2007 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-an,v 1.1 2007/06/22 14:13:17 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in SAP module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/services_discovery/sap.c.orig 2007-06-22 16:06:09.000000000 +0200
++++ modules/services_discovery/sap.c
+@@ -818,12 +818,12 @@ sap_announce_t *CreateAnnounce( services
+ if( psz_value != NULL )
+ {
+ vlc_input_item_AddInfo( &p_item->input, _("Session"),
+- _("Tool"), psz_value );
++ _("Tool"), "%s", psz_value );
+ }
+ if( strcmp( p_sdp->psz_username, "-" ) )
+ {
+ vlc_input_item_AddInfo( &p_item->input, _("Session"),
+- _("User"), p_sdp->psz_username );
++ _("User"), "%s", p_sdp->psz_username );
+ }
+
+ psz_value = GetAttribute( p_sap->p_sdp, "x-plgroup" );
Home |
Main Index |
Thread Index |
Old Index