pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/multimedia/gst-plugins1-ugly
Module Name: pkgsrc
Committed By: snj
Date: Mon Mar 6 08:01:40 UTC 2017
Modified Files:
pkgsrc/multimedia/gst-plugins1-ugly: Makefile distinfo
Added Files:
pkgsrc/multimedia/gst-plugins1-ugly/patches:
patch-gst_asfdemux_gstasfdemux.c
Log Message:
fix CVE-2017-5847. bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/multimedia/gst-plugins1-ugly/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/multimedia/gst-plugins1-ugly/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/multimedia/gst-plugins1-ugly/Makefile
diff -u pkgsrc/multimedia/gst-plugins1-ugly/Makefile:1.3 pkgsrc/multimedia/gst-plugins1-ugly/Makefile:1.4
--- pkgsrc/multimedia/gst-plugins1-ugly/Makefile:1.3 Fri Aug 8 21:29:39 2014
+++ pkgsrc/multimedia/gst-plugins1-ugly/Makefile Mon Mar 6 08:01:40 2017
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2014/08/08 21:29:39 wiz Exp $
+# $NetBSD: Makefile,v 1.4 2017/03/06 08:01:40 snj Exp $
.include "Makefile.common"
COMMENT+= Ugly plugins
+PKGREVISION= 1
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/multimedia/gst-plugins1-ugly/distinfo
diff -u pkgsrc/multimedia/gst-plugins1-ugly/distinfo:1.23 pkgsrc/multimedia/gst-plugins1-ugly/distinfo:1.24
--- pkgsrc/multimedia/gst-plugins1-ugly/distinfo:1.23 Fri Feb 3 15:28:40 2017
+++ pkgsrc/multimedia/gst-plugins1-ugly/distinfo Mon Mar 6 08:01:40 2017
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.23 2017/02/03 15:28:40 maya Exp $
+$NetBSD: distinfo,v 1.24 2017/03/06 08:01:40 snj Exp $
SHA1 (gst-plugins-ugly-1.10.3.tar.xz) = 47a965570a9fc07d058e7ecb85e0026251129911
RMD160 (gst-plugins-ugly-1.10.3.tar.xz) = 12a45808c456ea543a1d993fdd310eb76c6414bf
SHA512 (gst-plugins-ugly-1.10.3.tar.xz) = 56272eda1af3017d9b53a3a049c5446e97dbea0e45567b4d1626c6a210dba90d216c01707e2d49130da00d483dcbace642bfb88ebaa1a822ecd5475394b5d116
Size (gst-plugins-ugly-1.10.3.tar.xz) = 907352 bytes
SHA1 (patch-configure) = 4bba5af550b211d45533ee001fb1bc77bcfa6213
+SHA1 (patch-gst_asfdemux_gstasfdemux.c) = 6ec643fbb59b27b87b2621a2b2aaff6a0c3939af
Added files:
Index: pkgsrc/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c
diff -u /dev/null pkgsrc/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c:1.1
--- /dev/null Mon Mar 6 08:01:40 2017
+++ pkgsrc/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c Mon Mar 6 08:01:40 2017
@@ -0,0 +1,36 @@
+$NetBSD: patch-gst_asfdemux_gstasfdemux.c,v 1.1 2017/03/06 08:01:40 snj Exp $
+
+CVE-2017-5847
+
+https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
+
+--- gst/asfdemux/gstasfdemux.c.orig 2017-01-30 05:41:35.000000000 -0800
++++ gst/asfdemux/gstasfdemux.c 2017-03-05 23:45:12.000000000 -0800
+@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (
+ break;
+ }
+ case ASF_DEMUX_DATA_TYPE_DWORD:{
+- guint uint_val = GST_READ_UINT32_LE (value);
++ guint uint_val;
++
++ if (value_len < 4)
++ break;
++
++ uint_val = GST_READ_UINT32_LE (value);
+
+ /* this is the track number */
+ g_value_init (&tag_value, G_TYPE_UINT);
+@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (
+ }
+ /* Detect 3D */
+ case ASF_DEMUX_DATA_TYPE_BOOL:{
+- gboolean bool_val = GST_READ_UINT32_LE (value);
++ gboolean bool_val;
++
++ if (value_len < 4)
++ break;
++
++ bool_val = GST_READ_UINT32_LE (value);
+
+ if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) {
+ if (bool_val) {
Home |
Main Index |
Thread Index |
Old Index