pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia/vlc08 Update to 0.8.6i and fixes for CVE-20...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1363a428f78a
branches:  trunk
changeset: 547119:1363a428f78a
user:      sborrill <sborrill%pkgsrc.org@localhost>
date:      Fri Sep 12 14:47:39 2008 +0000

description:
Update to 0.8.6i and fixes for CVE-2008-3732, CVE-2008-3794

diffstat:

 multimedia/vlc08/DESCR                 |    7 +
 multimedia/vlc08/Makefile              |    5 +-
 multimedia/vlc08/PLIST                 |    3 +-
 multimedia/vlc08/distinfo              |   15 +-
 multimedia/vlc08/patches/patch-ab      |   13 --
 multimedia/vlc08/patches/patch-ac      |   15 ---
 multimedia/vlc08/patches/patch-ad      |   24 -----
 multimedia/vlc08/patches/patch-ae      |   43 ---------
 multimedia/vlc08/patches/patch-mmstu.c |   83 ++++++++++++++++++
 multimedia/vlc08/patches/patch-mmstu.h |   31 +++++++
 multimedia/vlc08/patches/patch-tta.c   |  145 +++++++++++++++++++++++++++++++++
 11 files changed, 278 insertions(+), 106 deletions(-)

diffs (truncated from 457 to 300 lines):

diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/DESCR
--- a/multimedia/vlc08/DESCR    Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/DESCR    Fri Sep 12 14:47:39 2008 +0000
@@ -8,3 +8,10 @@
 the computer : DVDs, VCDs, MPEG and DivX files and from a satellite
 card. It is multi-plaform : Linux, Windows, Mac OS X, BeOS, BSD, Solaris,
 QNX, iPaq... The VideoLAN Client and Server now have a full IPv6 support.
+
+*** Please note: ffmpeg must NOT be built with the swscale option ***
+For more information see: http://trac.videolan.org/vlc/ticket/1594
+
+To disable swscale, please add the following to your /etc/mk.conf before
+building ffmpeg:
+PKG_OPTIONS.ffmpeg=-swscale
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/Makefile
--- a/multimedia/vlc08/Makefile Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/Makefile Fri Sep 12 14:47:39 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2008/09/08 18:42:21 ahoka Exp $
+# $NetBSD: Makefile,v 1.12 2008/09/12 14:47:39 sborrill Exp $
 #
 
 DISTNAME=              vlc-${VLC_VER}
 PKGNAME=               vlc08-${VLC_VER}
-VLC_VER=               0.8.6f
+VLC_VER=               0.8.6i
 CATEGORIES=            multimedia
 MASTER_SITES=          http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
 EXTRACT_SUFX=          .tar.bz2
@@ -118,6 +118,7 @@
 .include "../../multimedia/libmatroska/buildlink3.mk"
 .include "../../multimedia/libmpeg2/buildlink3.mk"
 .include "../../multimedia/libogg/buildlink3.mk"
+.include "../../multimedia/x264-devel/buildlink3.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
 .include "../../x11/libXv/buildlink3.mk"
 .include "../../x11/libXxf86vm/buildlink3.mk"
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/PLIST
--- a/multimedia/vlc08/PLIST    Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/PLIST    Fri Sep 12 14:47:39 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2008/09/08 18:42:21 ahoka Exp $
+@comment $NetBSD: PLIST,v 1.9 2008/09/12 14:47:39 sborrill Exp $
 ${PLIST.skins}bin/svlc
 bin/vlc
 bin/vlc-config
@@ -263,6 +263,7 @@
 share/locale/sk/LC_MESSAGES/vlc.mo
 share/locale/sl/LC_MESSAGES/vlc.mo
 share/locale/sq/LC_MESSAGES/vlc.mo
+share/locale/sr/LC_MESSAGES/vlc.mo
 share/locale/sv/LC_MESSAGES/vlc.mo
 share/locale/th/LC_MESSAGES/vlc.mo
 share/locale/tr/LC_MESSAGES/vlc.mo
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/distinfo
--- a/multimedia/vlc08/distinfo Fri Sep 12 14:36:29 2008 +0000
+++ b/multimedia/vlc08/distinfo Fri Sep 12 14:47:39 2008 +0000
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.5 2008/09/08 18:42:21 ahoka Exp $
+$NetBSD: distinfo,v 1.6 2008/09/12 14:47:39 sborrill Exp $
 
-SHA1 (vlc-0.8.6f.tar.bz2) = 9684bb7504636d3e3143734698c2bbac250f4a03
-RMD160 (vlc-0.8.6f.tar.bz2) = c52d0cb7e8ba36f9d0959b9d6e1e8b1b36b71b04
-Size (vlc-0.8.6f.tar.bz2) = 11433698 bytes
+SHA1 (vlc-0.8.6i.tar.bz2) = 4c6f45dffe3a8309ce201897040dc1f82b9cde99
+RMD160 (vlc-0.8.6i.tar.bz2) = a5da4e1e0980594c678c04016491c8a373df4017
+Size (vlc-0.8.6i.tar.bz2) = 11786172 bytes
 SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c
-SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671
-SHA1 (patch-ac) = 69f90b13aa4c398a00c12279c8bd8af922e9e8aa
-SHA1 (patch-ad) = 29660533b468e6871fa8104e081f9321cfb30aa5
-SHA1 (patch-ae) = 21b6292e77469375edbfb7b828e298427e1ed118
+SHA1 (patch-mmstu.c) = ef4bed6fb5871790bb9198dad4961384f3e38d16
+SHA1 (patch-mmstu.h) = a11be24360948bcd8ca32bd7d01020e34c0801ad
+SHA1 (patch-tta.c) = 923852b9aedeb75eed052e532ce5ddf50ab19951
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ab
--- a/multimedia/vlc08/patches/patch-ab Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.5 2008/09/08 18:42:21 ahoka Exp $
-
---- modules/gui/wxwidgets/dialogs.cpp.orig     2007-11-26 14:08:05.000000000 +0100
-+++ modules/gui/wxwidgets/dialogs.cpp
-@@ -376,7 +376,7 @@ void DialogsProvider::OnOpenFileGeneric(
-     {
-         p_file_generic_dialog->SetMessage( wxU(p_arg->psz_title) );
-         p_file_generic_dialog->SetWildcard( wxU(p_arg->psz_extensions) );
--        p_file_generic_dialog->SetStyle( (p_arg->b_save ? wxSAVE : wxOPEN) |
-+        p_file_generic_dialog->SetWindowStyle( (p_arg->b_save ? wxSAVE : wxOPEN) |
-                                          (p_arg->b_multiple ? wxMULTIPLE:0) );
-     }
- 
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ac
--- a/multimedia/vlc08/patches/patch-ac Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
-Fix wrong boundary check in Speex decoder (CVE-2008-1686).
-
---- modules/codec/speex.c.orig 2008-03-23 22:41:48.000000000 +0000
-+++ modules/codec/speex.c
-@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder
-         msg_Err( p_dec, "cannot read Speex header" );
-         return VLC_EGENERIC;
-     }
--    if( p_header->mode >= SPEEX_NB_MODES )
-+    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
-     {
-         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
-                  "this version of libspeex.", p_header->mode );
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ad
--- a/multimedia/vlc08/patches/patch-ad Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
-Fix compilability of CDDA code with modern libcdio versions.
-
---- modules/access/cdda/cdda.h.orig    2008-03-23 22:41:48.000000000 +0000
-+++ modules/access/cdda/cdda.h
-@@ -75,7 +75,7 @@ typedef enum {
-   paranoia_none    = 0, /* Note: We make use of 0 as being the same as false */
-   paranoia_overlap = 1, 
-   paranoia_full    = 2
--} paranoia_mode_t;
-+} vlc_paranoia_mode_t;
- 
-   
- /*****************************************************************************
-@@ -107,7 +107,7 @@ typedef struct cdda_data_s
- 
- #if LIBCDIO_VERSION_NUM >= 72
-   /* Paranoia support */
--  paranoia_mode_t e_paranoia;         /* Use cd paranoia for reads? */
-+  vlc_paranoia_mode_t e_paranoia;     /* Use cd paranoia for reads? */
-   cdrom_drive_t *paranoia_cd;         /* Place to store drive
-                                        handle given by paranoia. */
-   cdrom_paranoia_t *paranoia;
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-ae
--- a/multimedia/vlc08/patches/patch-ae Fri Sep 12 14:36:29 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
---- modules/demux/wav.c.orig   2008-03-23 23:41:49.000000000 +0100
-+++ modules/demux/wav.c
-@@ -103,7 +103,8 @@ static int Open( vlc_object_t * p_this )
-     demux_sys_t *p_sys;
- 
-     uint8_t     *p_peek;
--    unsigned int i_size, i_extended;
-+    uint32_t   i_size;
-+    unsigned int i_extended;
-     char        *psz_name;
- 
-     WAVEFORMATEXTENSIBLE *p_wf_ext = NULL;
-@@ -136,7 +137,8 @@ static int Open( vlc_object_t * p_this )
-         msg_Err( p_demux, "cannot find 'fmt ' chunk" );
-         goto error;
-     }
--    if( i_size < sizeof( WAVEFORMATEX ) - 2 )   /* XXX -2 isn't a typo */
-+    i_size += 2;
-+    if( i_size < sizeof( WAVEFORMATEX ) )
-     {
-         msg_Err( p_demux, "invalid 'fmt ' chunk" );
-         goto error;
-@@ -144,14 +146,15 @@ static int Open( vlc_object_t * p_this )
-     stream_Read( p_demux->s, NULL, 8 );   /* Cannot fail */
- 
-     /* load waveformatex */
--    p_wf_ext = malloc( __EVEN( i_size ) + 2 );
-+    p_wf_ext = malloc( i_size );
-     if( p_wf_ext == NULL )
-          goto error;
- 
-     p_wf = (WAVEFORMATEX *)p_wf_ext;
-     p_wf->cbSize = 0;
--    if( stream_Read( p_demux->s,
--                     p_wf, __EVEN( i_size ) ) < (int)__EVEN( i_size ) )
-+    i_size -= 2;
-+    if( stream_Read( p_demux->s, p_wf, i_size ) != (int)i_size
-+     || ( ( i_size & 1 ) && stream_Read( p_demux->s, NULL, 1 ) != 1 ) )
-     {
-         msg_Err( p_demux, "cannot load 'fmt ' chunk" );
-         goto error;
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-mmstu.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc08/patches/patch-mmstu.c    Fri Sep 12 14:47:39 2008 +0000
@@ -0,0 +1,83 @@
+$NetBSD: patch-mmstu.c,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* A signedness error leading to a stack-based buffer overflow in the
+mms_ReceiveCommand() function in modules/access/mms/mmstu.c
+(CVE-2008-3794).
+
+--- modules/access/mms/mmstu.c.orig    2008-07-08 21:59:23.000000000 +0100
++++ modules/access/mms/mmstu.c 2008-09-12 11:16:01.000000000 +0100
+@@ -28,6 +28,7 @@
+ #include <stdlib.h>
+ #include <vlc/vlc.h>
+ #include <string.h>
++#include <inttypes.h>
+ #include <vlc/input.h>
+ #include <errno.h>
+ 
+@@ -695,7 +696,7 @@
+         GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE + 60 );
+ 
+     msg_Dbg( p_access,
+-             "answer 0x06 flags:0x%8.8x media_length:%us packet_length:%lu packet_count:%u max_bit_rate:%d header_size:%d",
++             "answer 0x06 flags:0x%8.8"PRIx32" media_length:%"PRIu32"s packet_length:%zu packet_count:%"PRIu32" max_bit_rate:%d header_size:%zu",
+              p_sys->i_flags_broadcast,
+              p_sys->i_media_length,
+              p_sys->i_packet_length,
+@@ -749,12 +750,12 @@
+         if( p_sys->i_header >= p_sys->i_header_size )
+         {
+             msg_Dbg( p_access,
+-                     "header complete(%d)",
++                     "header complete(%zu)",
+                      p_sys->i_header );
+             break;
+         }
+         msg_Dbg( p_access,
+-                 "header incomplete (%d/%d), reading more",
++                 "header incomplete (%zu/%zu), reading more",
+                  p_sys->i_header,
+                  p_sys->i_header_size );
+     }
+@@ -1128,7 +1129,7 @@
+ 
+ static int  mms_ParseCommand( access_t *p_access,
+                               uint8_t *p_data,
+-                              int i_data,
++                              size_t i_data,
+                               int *pi_used )
+ {
+  #define GET32( i_pos ) \
+@@ -1137,7 +1138,7 @@
+       ( p_sys->p_cmd[i_pos + 3] << 24 ) )
+ 
+     access_sys_t        *p_sys = p_access->p_sys;
+-    int         i_length;
++    uint32_t    i_length;
+     uint32_t    i_id;
+ 
+     if( p_sys->p_cmd )
+@@ -1159,10 +1160,10 @@
+     i_id =  GetDWLE( p_data + 4 );
+     i_length = GetDWLE( p_data + 8 ) + 16;
+ 
+-    if( i_id != 0xb00bface )
++    if( i_id != 0xb00bface || i_length < 16 )
+     {
+         msg_Err( p_access,
+-                 "incorrect command header (0x%x)", i_id );
++                 "incorrect command header (0x%"PRIx32")", i_id );
+         p_sys->i_command = 0;
+         return -1;
+     }
+@@ -1170,8 +1171,8 @@
+     if( i_length > p_sys->i_cmd )
+     {
+         msg_Warn( p_access,
+-                  "truncated command (missing %d bytes)",
+-                   i_length - i_data  );
++                  "truncated command (missing %zu bytes)",
++                   (size_t)i_length - i_data  );
+         p_sys->i_command = 0;
+         return -1;
+     }
diff -r fd63fcc87752 -r 1363a428f78a multimedia/vlc08/patches/patch-mmstu.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc08/patches/patch-mmstu.h    Fri Sep 12 14:47:39 2008 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-mmstu.h,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* A signedness error leading to a stack-based buffer overflow in the
+mms_ReceiveCommand() function in modules/access/mms/mmstu.c
+(CVE-2008-3794).
+
+--- modules/access/mms/mmstu.h.orig    2008-07-08 21:59:23.000000000 +0100
++++ modules/access/mms/mmstu.h 2008-09-12 11:16:06.000000000 +0100
+@@ -62,10 +62,10 @@
+     int         i_packet_seq_num;
+ 
+     uint8_t     *p_cmd;     /* latest command read */
+-    int         i_cmd;      /* allocated at the begining */
++    size_t      i_cmd;      /* allocated at the begining */
+ 
+     uint8_t     *p_header;  /* allocated by mms_ReadPacket */
+-    int         i_header;
++    size_t      i_header;
+ 
+     uint8_t     *p_media;   /* allocated by mms_ReadPacket */
+     size_t      i_media;
+@@ -86,7 +86,7 @@



Home | Main Index | Thread Index | Old Index