pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia add some patches from upstream which fix CV...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bcc63a096bac
branches: trunk
changeset: 538305:bcc63a096bac
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Feb 05 17:00:35 2008 +0000
description:
add some patches from upstream which fix CVE-2008-0485, CVE-2008-0486
and two unnamed buffer overflows, bump PKGREVISION of affected pkgs
diffstat:
multimedia/gmplayer/Makefile | 4 +-
multimedia/mencoder/Makefile | 4 +-
multimedia/mplayer-share/distinfo | 6 +++-
multimedia/mplayer-share/patches/patch-ba | 13 ++++++++
multimedia/mplayer-share/patches/patch-bb | 47 +++++++++++++++++++++++++++++++
multimedia/mplayer-share/patches/patch-bc | 12 +++++++
multimedia/mplayer-share/patches/patch-bd | 34 ++++++++++++++++++++++
multimedia/mplayer/Makefile | 4 +-
8 files changed, 118 insertions(+), 6 deletions(-)
diffs (185 lines):
diff -r 3e0187facaee -r bcc63a096bac multimedia/gmplayer/Makefile
--- a/multimedia/gmplayer/Makefile Tue Feb 05 15:37:18 2008 +0000
+++ b/multimedia/gmplayer/Makefile Tue Feb 05 17:00:35 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.66 2007/12/29 13:26:29 wiz Exp $
+# $NetBSD: Makefile,v 1.67 2008/02/05 17:00:37 drochner Exp $
#
# NOTE: if you are updating both mplayer and gmplayer, you must ensure
@@ -9,7 +9,7 @@
#
PKGNAME= gmplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
BROKEN_IN= pkgsrc-2006Q4
diff -r 3e0187facaee -r bcc63a096bac multimedia/mencoder/Makefile
--- a/multimedia/mencoder/Makefile Tue Feb 05 15:37:18 2008 +0000
+++ b/multimedia/mencoder/Makefile Tue Feb 05 17:00:35 2008 +0000
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.36 2007/12/21 11:31:12 tron Exp $
+# $NetBSD: Makefile,v 1.37 2008/02/05 17:00:36 drochner Exp $
PKGNAME= mencoder-${MPLAYER_PKG_VERSION}
+PKGREVISION= 1
+
COMMENT= Simple movie encoder for MPlayer-playable movies
PKG_DESTDIR_SUPPORT= user-destdir
diff -r 3e0187facaee -r bcc63a096bac multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Tue Feb 05 15:37:18 2008 +0000
+++ b/multimedia/mplayer-share/distinfo Tue Feb 05 17:00:35 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.46 2008/01/03 13:34:37 gdt Exp $
+$NetBSD: distinfo,v 1.47 2008/02/05 17:00:35 drochner Exp $
SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
@@ -12,4 +12,8 @@
SHA1 (patch-ag) = b46d902d88e05d6f61a017e8a1be79fad5a1fa00
SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b
SHA1 (patch-ai) = ec79d6a1b0c2790ca826a91a48040c64632ac988
+SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
+SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
+SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
+SHA1 (patch-bd) = 9132118a143758b6c9e9dffb713f7dadd29ce3c3
SHA1 (patch-tc) = 89f802ff0ebfc14d6f2a4b17177915f66c9f9038
diff -r 3e0187facaee -r bcc63a096bac multimedia/mplayer-share/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ba Tue Feb 05 17:00:35 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ba,v 1.7 2008/02/05 17:00:36 drochner Exp $
+
+--- libmpdemux/demux_audio.c.orig 2007-10-07 21:49:33.000000000 +0200
++++ libmpdemux/demux_audio.c
+@@ -229,6 +229,8 @@ get_flac_metadata (demuxer_t* demuxer)
+ ptr += 4;
+
+ comment = ptr;
++ if (&comment[length] < comments || &comment[length] >= &comments[blk_len])
++ return;
+ c = comment[length];
+ comment[length] = 0;
+
diff -r 3e0187facaee -r bcc63a096bac multimedia/mplayer-share/patches/patch-bb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-bb Tue Feb 05 17:00:35 2008 +0000
@@ -0,0 +1,47 @@
+$NetBSD: patch-bb,v 1.7 2008/02/05 17:00:36 drochner Exp $
+
+--- libmpdemux/demux_mov.c.orig 2007-10-07 21:49:33.000000000 +0200
++++ libmpdemux/demux_mov.c
+@@ -173,11 +173,12 @@ void mov_build_index(mov_track_t* trak,i
+ i=trak->chunkmap_size;
+ while(i>0){
+ --i;
+- for(j=trak->chunkmap[i].first;j<last;j++){
++ j=FFMAX(trak->chunkmap[i].first, 0);
++ for(;j<last;j++){
+ trak->chunks[j].desc=trak->chunkmap[i].sdid;
+ trak->chunks[j].size=trak->chunkmap[i].spc;
+ }
+- last=trak->chunkmap[i].first;
++ last=FFMIN(trak->chunkmap[i].first, trak->chunks_size);
+ }
+
+ #if 0
+@@ -235,6 +236,8 @@ void mov_build_index(mov_track_t* trak,i
+ s=0;
+ for(j=0;j<trak->durmap_size;j++){
+ for(i=0;i<trak->durmap[j].num;i++){
++ if (s >= trak->samples_size)
++ break;
+ trak->samples[s].pts=pts;
+ ++s;
+ pts+=trak->durmap[j].dur;
+@@ -246,6 +249,8 @@ void mov_build_index(mov_track_t* trak,i
+ for(j=0;j<trak->chunks_size;j++){
+ off_t pos=trak->chunks[j].pos;
+ for(i=0;i<trak->chunks[j].size;i++){
++ if (s >= trak->samples_size)
++ break;
+ trak->samples[s].pos=pos;
+ mp_msg(MSGT_DEMUX, MSGL_DBG3, "Sample %5d: pts=%8d off=0x%08X size=%d\n",s,
+ trak->samples[s].pts,
+@@ -1568,8 +1573,7 @@ static void lschunks(demuxer_t* demuxer,
+ if( udta_len>udta_size)
+ udta_len=udta_size;
+ {
+- char dump[udta_len-4];
+- stream_read(demuxer->stream, (char *)&dump, udta_len-4-4);
++ stream_skip(demuxer->stream, udta_len-4-4);
+ udta_size -= udta_len;
+ }
+ }
diff -r 3e0187facaee -r bcc63a096bac multimedia/mplayer-share/patches/patch-bc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-bc Tue Feb 05 17:00:35 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-bc,v 1.5 2008/02/05 17:00:36 drochner Exp $
+
+--- stream/url.c.orig 2007-10-07 21:49:26.000000000 +0200
++++ stream/url.c
+@@ -328,6 +328,7 @@ url_escape_string(char *outbuf, const ch
+ }
+ }
+
++ tmp = NULL;
+ while(i < len) {
+ // look for the next char that must be kept
+ for (j=i;j<len;j++) {
diff -r 3e0187facaee -r bcc63a096bac multimedia/mplayer-share/patches/patch-bd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-bd Tue Feb 05 17:00:35 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-bd,v 1.5 2008/02/05 17:00:36 drochner Exp $
+
+--- stream/stream_cddb.c.orig 2007-10-07 21:49:26.000000000 +0200
++++ stream/stream_cddb.c
+@@ -53,6 +53,7 @@
+ #include "version.h"
+ #include "stream.h"
+ #include "network.h"
++#include "libavutil/intreadwrite.h"
+
+ #define DEFAULT_FREEDB_SERVER "freedb.freedb.org"
+ #define DEFAULT_CACHE_DIR "/.cddb/"
+@@ -453,8 +454,9 @@ cddb_parse_matches_list(HTTP_header_t *h
+ } else {
+ len = ptr2-ptr+1;
+ }
++ len = FFMIN(sizeof(album_title) - 1, len);
+ strncpy(album_title, ptr, len);
+- album_title[len-2]='\0';
++ album_title[len]='\0';
+ }
+ mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
+ return 0;
+@@ -490,8 +492,9 @@ cddb_query_parse(HTTP_header_t *http_hdr
+ } else {
+ len = ptr2-ptr+1;
+ }
++ len = FFMIN(sizeof(album_title) - 1, len);
+ strncpy(album_title, ptr, len);
+- album_title[len-2]='\0';
++ album_title[len]='\0';
+ }
+ mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
+ return cddb_request_titles(cddb_data);
diff -r 3e0187facaee -r bcc63a096bac multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile Tue Feb 05 15:37:18 2008 +0000
+++ b/multimedia/mplayer/Makefile Tue Feb 05 17:00:35 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.51 2008/01/03 13:34:36 gdt Exp $
+# $NetBSD: Makefile,v 1.52 2008/02/05 17:00:36 drochner Exp $
PKGNAME= mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= Software-only MPEG-1/2/4 video decoder
Home |
Main Index |
Thread Index |
Old Index