CVS commit: pkgsrc/multimedia/xine-ui

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Jan 21 18:44:59 UTC 2018

Modified Files:
        pkgsrc/multimedia/xine-ui: Makefile distinfo
        pkgsrc/multimedia/xine-ui/patches: patch-aj
Added Files:
        pkgsrc/multimedia/xine-ui/patches: patch-src_xitk_session__common.c

Log Message:
xine-ui: fix two buffer overflows found by SSP

>From Anon.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 pkgsrc/multimedia/xine-ui/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/multimedia/xine-ui/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/multimedia/xine-ui/patches/patch-aj
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/multimedia/xine-ui/patches/patch-src_xitk_session__common.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/multimedia/xine-ui/Makefile
diff -u pkgsrc/multimedia/xine-ui/Makefile:1.81 pkgsrc/multimedia/xine-ui/Makefile:1.82
--- pkgsrc/multimedia/xine-ui/Makefile:1.81     Mon Jan  1 21:18:46 2018
+++ pkgsrc/multimedia/xine-ui/Makefile  Sun Jan 21 18:44:58 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2018/01/01 21:18:46 adam Exp $
+# $NetBSD: Makefile,v 1.82 2018/01/21 18:44:58 wiz Exp $
 
 DISTNAME=              xine-ui-0.99.8
-PKGREVISION=           14
+PKGREVISION=           15
 CATEGORIES=            multimedia
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=xine/}
 EXTRACT_SUFX=          .tar.xz

Index: pkgsrc/multimedia/xine-ui/distinfo
diff -u pkgsrc/multimedia/xine-ui/distinfo:1.26 pkgsrc/multimedia/xine-ui/distinfo:1.27
--- pkgsrc/multimedia/xine-ui/distinfo:1.26     Tue Nov  3 23:54:34 2015
+++ pkgsrc/multimedia/xine-ui/distinfo  Sun Jan 21 18:44:58 2018
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.26 2015/11/03 23:54:34 agc Exp $
+$NetBSD: distinfo,v 1.27 2018/01/21 18:44:58 wiz Exp $
 
 SHA1 (xine-ui-0.99.8.tar.xz) = ffe8e6507a95f92f1e29aa4e3751f4b505e8da1a
 RMD160 (xine-ui-0.99.8.tar.xz) = 5f876d2dd24ab2bec8f1027dee071b8f3f3e76f9
 SHA512 (xine-ui-0.99.8.tar.xz) = a2d11b0c512b9d485e0bbe418b36fb5fd52fe1a9c68cdb865771fc580b30bff513825f3e24ef85a902669c2c1ea8947512dd9abe4c12fdef94b8852cc8588da3
 Size (xine-ui-0.99.8.tar.xz) = 1758372 bytes
 SHA1 (patch-ab) = 93cd824f2b85affb8847d84dd8562ef4bb12f6eb
-SHA1 (patch-aj) = 8030659d18f9a28c0d56a0a95748f070b912f95e
+SHA1 (patch-aj) = faa52c1a42d6053fc03b722286b2021d5508c8ac
 SHA1 (patch-ba) = 58cb4076d7034b252015c51de9260452bf63f37d
 SHA1 (patch-bb) = 2dcc5d1df7d46226f4f2c2a53ff6772bc513bf51
+SHA1 (patch-src_xitk_session__common.c) = 7040122ba6351989226584adb2c16a0d9fee31e6
 SHA1 (patch-zz) = d97dfaf773f5e69c18f6163e7262fdfbd330e5ed

Index: pkgsrc/multimedia/xine-ui/patches/patch-aj
diff -u pkgsrc/multimedia/xine-ui/patches/patch-aj:1.6 pkgsrc/multimedia/xine-ui/patches/patch-aj:1.7
--- pkgsrc/multimedia/xine-ui/patches/patch-aj:1.6      Wed May  7 18:44:28 2014
+++ pkgsrc/multimedia/xine-ui/patches/patch-aj  Sun Jan 21 18:44:59 2018
@@ -1,9 +1,11 @@
-$NetBSD: patch-aj,v 1.6 2014/05/07 18:44:28 wiz Exp $
+$NetBSD: patch-aj,v 1.7 2018/01/21 18:44:59 wiz Exp $
 
 Support NetBSD and DragonFlyBSD.
 https://bugs.xine-project.org/show_bug.cgi?id=515
 
---- src/xitk/session.c.orig    2010-03-11 09:40:12.000000000 +0000
+Fix buffer overflow
+
+--- src/xitk/session.c.orig    2014-02-25 16:52:58.000000000 +0000
 +++ src/xitk/session.c
 @@ -21,7 +21,7 @@
  /* Largely inspired of xmms control socket stuff */
@@ -14,3 +16,12 @@ https://bugs.xine-project.org/show_bug.c
  #define _XOPEN_SOURCE 500
  #endif
  
+@@ -453,7 +453,7 @@ int init_session(void) {
+     for(i = 0;; i++)  {
+       saddr.un.sun_family = AF_UNIX;
+       
+-      snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
++      snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
+       if(!is_remote_running(i)) {
+       if((unlink(saddr.un.sun_path) == -1) && errno != ENOENT) {
+         fprintf(stderr, "setup_ctrlsocket(): Failed to unlink %s (Error: %s)", 

Added files:

Index: pkgsrc/multimedia/xine-ui/patches/patch-src_xitk_session__common.c
diff -u /dev/null pkgsrc/multimedia/xine-ui/patches/patch-src_xitk_session__common.c:1.1
--- /dev/null   Sun Jan 21 18:44:59 2018
+++ pkgsrc/multimedia/xine-ui/patches/patch-src_xitk_session__common.c  Sun Jan 21 18:44:59 2018
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_xitk_session__common.c,v 1.1 2018/01/21 18:44:59 wiz Exp $
+
+Fix buffer overflow
+
+--- src/xitk/session_common.c.orig     2014-02-25 16:52:58.000000000 +0000
++++ src/xitk/session_common.c
+@@ -61,7 +61,7 @@ int connect_to_session(int session) {
+     euid             = geteuid();
+     setuid(euid);
+ 
+-    snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", session);
++    snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", session);
+     setreuid(stored_uid, euid);
+ 
+     if((connect(fd,&saddr.sa, sizeof(saddr.un))) != -1) {