diff options
author | drochner <drochner@pkgsrc.org> | 2011-10-07 12:30:17 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2011-10-07 12:30:17 +0000 |
commit | fcd819ef49c17c4f202a73f3921f6e46bc7031d9 (patch) | |
tree | b9733426f57eab042dd5a86f25b3198a5b97e980 | |
parent | 89cb0ad5b55ce6d36f1a39cee98de82fb0463f33 (diff) | |
download | pkgsrc-fcd819ef49c17c4f202a73f3921f6e46bc7031d9.tar.gz |
Add patch from upstream to fix a NULL dereference vulnerability in the
HTTP and RTSP server component (possible DOS)
-rw-r--r-- | multimedia/vlc/Makefile | 4 | ||||
-rw-r--r-- | multimedia/vlc/distinfo | 3 | ||||
-rw-r--r-- | multimedia/vlc/patches/patch-au | 38 |
3 files changed, 42 insertions, 3 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index 19b0fcab6a8..07e71fca3bc 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.117 2011/09/12 21:50:38 shattered Exp $ +# $NetBSD: Makefile,v 1.118 2011/10/07 12:30:17 drochner Exp $ # DISTNAME= vlc-${VLC_VERSION} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= multimedia MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=vlc/} \ http://download.videolan.org/pub/videolan/vlc/${VLC_VERSION}/ diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo index fcdd77b9899..701a172411e 100644 --- a/multimedia/vlc/distinfo +++ b/multimedia/vlc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.49 2011/09/12 17:25:28 drochner Exp $ +$NetBSD: distinfo,v 1.50 2011/10/07 12:30:17 drochner Exp $ SHA1 (vlc-1.1.11.tar.bz2) = 068e75bdbfe6e595a4db14ad49e05688c8b1d5ad RMD160 (vlc-1.1.11.tar.bz2) = fa8a32a8e81a5f707b3cace6fa9808d5d7cb9fe6 @@ -9,5 +9,6 @@ SHA1 (patch-ap) = 423b571ca8a1b740812aea021e331912ba34c868 SHA1 (patch-ar) = 25d22167cef8b8fa2a07ef633de196726eb354d2 SHA1 (patch-as) = b53b074b2791d7bf69d5f09c7c32d873608f3086 SHA1 (patch-at) = 5761ec0809d2b03511666ae81f7b4ae01b6f5930 +SHA1 (patch-au) = 7d2371e38e3c34f85f18b7ea5662633fa156c13c SHA1 (patch-configure) = 83f476cc71d795a69f787713a04471e078c0ec52 SHA1 (patch-modules_audio__output_pulse.c) = 994389b214f3e2b7b8b7ccaf3bb535a94523f81b diff --git a/multimedia/vlc/patches/patch-au b/multimedia/vlc/patches/patch-au new file mode 100644 index 00000000000..dcf6bc175ed --- /dev/null +++ b/multimedia/vlc/patches/patch-au @@ -0,0 +1,38 @@ +$NetBSD: patch-au,v 1.9 2011/10/07 12:30:17 drochner Exp $ + +VideoLAN-SA-1107 + +--- src/network/httpd.c.orig 2010-12-23 13:26:53.000000000 +0000 ++++ src/network/httpd.c +@@ -1755,16 +1755,27 @@ static void httpd_ClientRecv( httpd_clie + *p2++ = '\0'; + } + if( !strncasecmp( p, ( cl->query.i_proto +- == HTTPD_PROTO_HTTP ) ? "http" : "rtsp", 4 ) +- && p[4 + !!strchr( "sS", p[4] )] == ':' ) ++ == HTTPD_PROTO_HTTP ) ? "http" : "rtsp", 5 ) ) + { /* Skip hier-part of URL (if present) */ +- p = strchr( p, ':' ) + 1; /* skip URI scheme */ ++ p += 5; + if( !strncmp( p, "//", 2 ) ) /* skip authority */ + { /* see RFC3986 ยง3.2 */ + p += 2; +- while( *p && !strchr( "/?#", *p ) ) p++; ++ p += strcspn( p, "/?#" ); + } + } ++ else ++ if( !strncasecmp( p, ( cl->query.i_proto ++ == HTTPD_PROTO_HTTP ) ? "https:" : "rtsps:", 6 ) ) ++ { /* Skip hier-part of URL (if present) */ ++ p += 6; ++ if( !strncmp( p, "//", 2 ) ) /* skip authority */ ++ { /* see RFC3986 ?3.2 */ ++ p += 2; ++ p += strcspn( p, "/?#" ); ++ } ++ } ++ + cl->query.psz_url = strdup( p ); + if( ( p3 = strchr( cl->query.psz_url, '?' ) ) ) + { |