pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/vlc08 Update to 0.8.6i and fixes for CVE-20...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1363a428f78a
branches: trunk
changeset: 547119:1363a428f78a
user: sborrill <sborrill%pkgsrc.org@localhost>
date: Fri Sep 12 14:47:39 2008 +0000
description:
Update to 0.8.6i and fixes for CVE-2008-3732, CVE-2008-3794
diffstat:
multimedia/vlc08/DESCR | 7 +
multimedia/vlc08/Makefile | 5 +-
multimedia/vlc08/PLIST | 3 +-
multimedia/vlc08/distinfo | 15 +-
multimedia/vlc08/patches/patch-ab | 13 --
multimedia/vlc08/patches/patch-ac | 15 ---
multimedia/vlc08/patches/patch-ad | 24 -----
multimedia/vlc08/patches/patch-ae | 43 ---------
multimedia/vlc08/patches/patch-mmstu.c | 83 ++++++++++++++++++
multimedia/vlc08/patches/patch-mmstu.h | 31 +++++++
multimedia/vlc08/patches/patch-tta.c | 145 +++++++++++++++++++++++++++++++++
11 files changed, 278 insertions(+), 106 deletions(-)
diffs (truncated from 457 to 300 lines):
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/DESCR
--- a/multimedia/vlc08/DESCR Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/DESCR Fri Sep 12 14:47:39 2008 +0000
@@ -8,3 +8,10 @@
the computer : DVDs, VCDs, MPEG and DivX files and from a satellite
card. It is multi-plaform : Linux, Windows, Mac OS X, BeOS, BSD, Solaris,
QNX, iPaq... The VideoLAN Client and Server now have a full IPv6 support.
+
+*** Please note: ffmpeg must NOT be built with the swscale option ***
+For more information see: http://trac.videolan.org/vlc/ticket/1594
+
+To disable swscale, please add the following to your /etc/mk.conf before
+building ffmpeg:
+PKG_OPTIONS.ffmpeg=-swscale
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/Makefile
--- a/multimedia/vlc08/Makefile Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/Makefile Fri Sep 12 14:47:39 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2008/09/08 18:42:21 ahoka Exp $
+# $NetBSD: Makefile,v 1.12 2008/09/12 14:47:39 sborrill Exp $
#
DISTNAME= vlc-${VLC_VER}
PKGNAME= vlc08-${VLC_VER}
-VLC_VER= 0.8.6f
+VLC_VER= 0.8.6i
CATEGORIES= multimedia
MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
EXTRACT_SUFX= .tar.bz2
@@ -118,6 +118,7 @@
.include "../../multimedia/libmatroska/buildlink3.mk"
.include "../../multimedia/libmpeg2/buildlink3.mk"
.include "../../multimedia/libogg/buildlink3.mk"
+.include "../../multimedia/x264-devel/buildlink3.mk"
.include "../../textproc/libxml2/buildlink3.mk"
.include "../../x11/libXv/buildlink3.mk"
.include "../../x11/libXxf86vm/buildlink3.mk"
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/PLIST
--- a/multimedia/vlc08/PLIST Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/PLIST Fri Sep 12 14:47:39 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2008/09/08 18:42:21 ahoka Exp $
+@comment $NetBSD: PLIST,v 1.9 2008/09/12 14:47:39 sborrill Exp $
${PLIST.skins}bin/svlc
bin/vlc
bin/vlc-config
@@ -263,6 +263,7 @@
share/locale/sk/LC_MESSAGES/vlc.mo
share/locale/sl/LC_MESSAGES/vlc.mo
share/locale/sq/LC_MESSAGES/vlc.mo
+share/locale/sr/LC_MESSAGES/vlc.mo
share/locale/sv/LC_MESSAGES/vlc.mo
share/locale/th/LC_MESSAGES/vlc.mo
share/locale/tr/LC_MESSAGES/vlc.mo
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/distinfo
--- a/multimedia/vlc08/distinfo Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/distinfo Fri Sep 12 14:47:39 2008 +0000
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.5 2008/09/08 18:42:21 ahoka Exp $
+$NetBSD: distinfo,v 1.6 2008/09/12 14:47:39 sborrill Exp $
-SHA1 (vlc-0.8.6f.tar.bz2) = 9684bb7504636d3e3143734698c2bbac250f4a03
-RMD160 (vlc-0.8.6f.tar.bz2) = c52d0cb7e8ba36f9d0959b9d6e1e8b1b36b71b04
-Size (vlc-0.8.6f.tar.bz2) = 11433698 bytes
+SHA1 (vlc-0.8.6i.tar.bz2) = 4c6f45dffe3a8309ce201897040dc1f82b9cde99
+RMD160 (vlc-0.8.6i.tar.bz2) = a5da4e1e0980594c678c04016491c8a373df4017
+Size (vlc-0.8.6i.tar.bz2) = 11786172 bytes
SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c
-SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671
-SHA1 (patch-ac) = 69f90b13aa4c398a00c12279c8bd8af922e9e8aa
-SHA1 (patch-ad) = 29660533b468e6871fa8104e081f9321cfb30aa5
-SHA1 (patch-ae) = 21b6292e77469375edbfb7b828e298427e1ed118
+SHA1 (patch-mmstu.c) = ef4bed6fb5871790bb9198dad4961384f3e38d16
+SHA1 (patch-mmstu.h) = a11be24360948bcd8ca32bd7d01020e34c0801ad
+SHA1 (patch-tta.c) = 923852b9aedeb75eed052e532ce5ddf50ab19951
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ab
--- a/multimedia/vlc08/patches/patch-ab Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.5 2008/09/08 18:42:21 ahoka Exp $
-
---- modules/gui/wxwidgets/dialogs.cpp.orig 2007-11-26 14:08:05.000000000 +0100
-+++ modules/gui/wxwidgets/dialogs.cpp
-@@ -376,7 +376,7 @@ void DialogsProvider::OnOpenFileGeneric(
- {
- p_file_generic_dialog->SetMessage( wxU(p_arg->psz_title) );
- p_file_generic_dialog->SetWildcard( wxU(p_arg->psz_extensions) );
-- p_file_generic_dialog->SetStyle( (p_arg->b_save ? wxSAVE : wxOPEN) |
-+ p_file_generic_dialog->SetWindowStyle( (p_arg->b_save ? wxSAVE : wxOPEN) |
- (p_arg->b_multiple ? wxMULTIPLE:0) );
- }
-
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ac
--- a/multimedia/vlc08/patches/patch-ac Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
-Fix wrong boundary check in Speex decoder (CVE-2008-1686).
-
---- modules/codec/speex.c.orig 2008-03-23 22:41:48.000000000 +0000
-+++ modules/codec/speex.c
-@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder
- msg_Err( p_dec, "cannot read Speex header" );
- return VLC_EGENERIC;
- }
-- if( p_header->mode >= SPEEX_NB_MODES )
-+ if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
- {
- msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
- "this version of libspeex.", p_header->mode );
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ad
--- a/multimedia/vlc08/patches/patch-ad Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
-Fix compilability of CDDA code with modern libcdio versions.
-
---- modules/access/cdda/cdda.h.orig 2008-03-23 22:41:48.000000000 +0000
-+++ modules/access/cdda/cdda.h
-@@ -75,7 +75,7 @@ typedef enum {
- paranoia_none = 0, /* Note: We make use of 0 as being the same as false */
- paranoia_overlap = 1,
- paranoia_full = 2
--} paranoia_mode_t;
-+} vlc_paranoia_mode_t;
-
-
- /*****************************************************************************
-@@ -107,7 +107,7 @@ typedef struct cdda_data_s
-
- #if LIBCDIO_VERSION_NUM >= 72
- /* Paranoia support */
-- paranoia_mode_t e_paranoia; /* Use cd paranoia for reads? */
-+ vlc_paranoia_mode_t e_paranoia; /* Use cd paranoia for reads? */
- cdrom_drive_t *paranoia_cd; /* Place to store drive
- handle given by paranoia. */
- cdrom_paranoia_t *paranoia;
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ae
--- a/multimedia/vlc08/patches/patch-ae Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
---- modules/demux/wav.c.orig 2008-03-23 23:41:49.000000000 +0100
-+++ modules/demux/wav.c
-@@ -103,7 +103,8 @@ static int Open( vlc_object_t * p_this )
- demux_sys_t *p_sys;
-
- uint8_t *p_peek;
-- unsigned int i_size, i_extended;
-+ uint32_t i_size;
-+ unsigned int i_extended;
- char *psz_name;
-
- WAVEFORMATEXTENSIBLE *p_wf_ext = NULL;
-@@ -136,7 +137,8 @@ static int Open( vlc_object_t * p_this )
- msg_Err( p_demux, "cannot find 'fmt ' chunk" );
- goto error;
- }
-- if( i_size < sizeof( WAVEFORMATEX ) - 2 ) /* XXX -2 isn't a typo */
-+ i_size += 2;
-+ if( i_size < sizeof( WAVEFORMATEX ) )
- {
- msg_Err( p_demux, "invalid 'fmt ' chunk" );
- goto error;
-@@ -144,14 +146,15 @@ static int Open( vlc_object_t * p_this )
- stream_Read( p_demux->s, NULL, 8 ); /* Cannot fail */
-
- /* load waveformatex */
-- p_wf_ext = malloc( __EVEN( i_size ) + 2 );
-+ p_wf_ext = malloc( i_size );
- if( p_wf_ext == NULL )
- goto error;
-
- p_wf = (WAVEFORMATEX *)p_wf_ext;
- p_wf->cbSize = 0;
-- if( stream_Read( p_demux->s,
-- p_wf, __EVEN( i_size ) ) < (int)__EVEN( i_size ) )
-+ i_size -= 2;
-+ if( stream_Read( p_demux->s, p_wf, i_size ) != (int)i_size
-+ || ( ( i_size & 1 ) && stream_Read( p_demux->s, NULL, 1 ) != 1 ) )
- {
- msg_Err( p_demux, "cannot load 'fmt ' chunk" );
- goto error;
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-mmstu.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc08/patches/patch-mmstu.c Fri Sep 12 14:47:39 2008 +0000
@@ -0,0 +1,83 @@
+$NetBSD: patch-mmstu.c,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* A signedness error leading to a stack-based buffer overflow in the
+mms_ReceiveCommand() function in modules/access/mms/mmstu.c
+(CVE-2008-3794).
+
+--- modules/access/mms/mmstu.c.orig 2008-07-08 21:59:23.000000000 +0100
++++ modules/access/mms/mmstu.c 2008-09-12 11:16:01.000000000 +0100
+@@ -28,6 +28,7 @@
+ #include <stdlib.h>
+ #include <vlc/vlc.h>
+ #include <string.h>
++#include <inttypes.h>
+ #include <vlc/input.h>
+ #include <errno.h>
+
+@@ -695,7 +696,7 @@
+ GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE + 60 );
+
+ msg_Dbg( p_access,
+- "answer 0x06 flags:0x%8.8x media_length:%us packet_length:%lu packet_count:%u max_bit_rate:%d header_size:%d",
++ "answer 0x06 flags:0x%8.8"PRIx32" media_length:%"PRIu32"s packet_length:%zu packet_count:%"PRIu32" max_bit_rate:%d header_size:%zu",
+ p_sys->i_flags_broadcast,
+ p_sys->i_media_length,
+ p_sys->i_packet_length,
+@@ -749,12 +750,12 @@
+ if( p_sys->i_header >= p_sys->i_header_size )
+ {
+ msg_Dbg( p_access,
+- "header complete(%d)",
++ "header complete(%zu)",
+ p_sys->i_header );
+ break;
+ }
+ msg_Dbg( p_access,
+- "header incomplete (%d/%d), reading more",
++ "header incomplete (%zu/%zu), reading more",
+ p_sys->i_header,
+ p_sys->i_header_size );
+ }
+@@ -1128,7 +1129,7 @@
+
+ static int mms_ParseCommand( access_t *p_access,
+ uint8_t *p_data,
+- int i_data,
++ size_t i_data,
+ int *pi_used )
+ {
+ #define GET32( i_pos ) \
+@@ -1137,7 +1138,7 @@
+ ( p_sys->p_cmd[i_pos + 3] << 24 ) )
+
+ access_sys_t *p_sys = p_access->p_sys;
+- int i_length;
++ uint32_t i_length;
+ uint32_t i_id;
+
+ if( p_sys->p_cmd )
+@@ -1159,10 +1160,10 @@
+ i_id = GetDWLE( p_data + 4 );
+ i_length = GetDWLE( p_data + 8 ) + 16;
+
+- if( i_id != 0xb00bface )
++ if( i_id != 0xb00bface || i_length < 16 )
+ {
+ msg_Err( p_access,
+- "incorrect command header (0x%x)", i_id );
++ "incorrect command header (0x%"PRIx32")", i_id );
+ p_sys->i_command = 0;
+ return -1;
+ }
+@@ -1170,8 +1171,8 @@
+ if( i_length > p_sys->i_cmd )
+ {
+ msg_Warn( p_access,
+- "truncated command (missing %d bytes)",
+- i_length - i_data );
++ "truncated command (missing %zu bytes)",
++ (size_t)i_length - i_data );
+ p_sys->i_command = 0;
+ return -1;
+ }
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-mmstu.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc08/patches/patch-mmstu.h Fri Sep 12 14:47:39 2008 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-mmstu.h,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* A signedness error leading to a stack-based buffer overflow in the
+mms_ReceiveCommand() function in modules/access/mms/mmstu.c
+(CVE-2008-3794).
+
+--- modules/access/mms/mmstu.h.orig 2008-07-08 21:59:23.000000000 +0100
++++ modules/access/mms/mmstu.h 2008-09-12 11:16:06.000000000 +0100
+@@ -62,10 +62,10 @@
+ int i_packet_seq_num;
+
+ uint8_t *p_cmd; /* latest command read */
+- int i_cmd; /* allocated at the begining */
++ size_t i_cmd; /* allocated at the begining */
+
+ uint8_t *p_header; /* allocated by mms_ReadPacket */
+- int i_header;
++ size_t i_header;
+
+ uint8_t *p_media; /* allocated by mms_ReadPacket */
+ size_t i_media;
+@@ -86,7 +86,7 @@
Home |
Main Index |
Thread Index |
Old Index