summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2011-10-07 12:30:17 +0000
committerdrochner <drochner@pkgsrc.org>2011-10-07 12:30:17 +0000
commitfcd819ef49c17c4f202a73f3921f6e46bc7031d9 (patch)
treeb9733426f57eab042dd5a86f25b3198a5b97e980
parent89cb0ad5b55ce6d36f1a39cee98de82fb0463f33 (diff)
downloadpkgsrc-fcd819ef49c17c4f202a73f3921f6e46bc7031d9.tar.gz
Add patch from upstream to fix a NULL dereference vulnerability in the
HTTP and RTSP server component (possible DOS)
-rw-r--r--multimedia/vlc/Makefile4
-rw-r--r--multimedia/vlc/distinfo3
-rw-r--r--multimedia/vlc/patches/patch-au38
3 files changed, 42 insertions, 3 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile
index 19b0fcab6a8..07e71fca3bc 100644
--- a/multimedia/vlc/Makefile
+++ b/multimedia/vlc/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.117 2011/09/12 21:50:38 shattered Exp $
+# $NetBSD: Makefile,v 1.118 2011/10/07 12:30:17 drochner Exp $
#
DISTNAME= vlc-${VLC_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= multimedia
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=vlc/} \
http://download.videolan.org/pub/videolan/vlc/${VLC_VERSION}/
diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo
index fcdd77b9899..701a172411e 100644
--- a/multimedia/vlc/distinfo
+++ b/multimedia/vlc/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.49 2011/09/12 17:25:28 drochner Exp $
+$NetBSD: distinfo,v 1.50 2011/10/07 12:30:17 drochner Exp $
SHA1 (vlc-1.1.11.tar.bz2) = 068e75bdbfe6e595a4db14ad49e05688c8b1d5ad
RMD160 (vlc-1.1.11.tar.bz2) = fa8a32a8e81a5f707b3cace6fa9808d5d7cb9fe6
@@ -9,5 +9,6 @@ SHA1 (patch-ap) = 423b571ca8a1b740812aea021e331912ba34c868
SHA1 (patch-ar) = 25d22167cef8b8fa2a07ef633de196726eb354d2
SHA1 (patch-as) = b53b074b2791d7bf69d5f09c7c32d873608f3086
SHA1 (patch-at) = 5761ec0809d2b03511666ae81f7b4ae01b6f5930
+SHA1 (patch-au) = 7d2371e38e3c34f85f18b7ea5662633fa156c13c
SHA1 (patch-configure) = 83f476cc71d795a69f787713a04471e078c0ec52
SHA1 (patch-modules_audio__output_pulse.c) = 994389b214f3e2b7b8b7ccaf3bb535a94523f81b
diff --git a/multimedia/vlc/patches/patch-au b/multimedia/vlc/patches/patch-au
new file mode 100644
index 00000000000..dcf6bc175ed
--- /dev/null
+++ b/multimedia/vlc/patches/patch-au
@@ -0,0 +1,38 @@
+$NetBSD: patch-au,v 1.9 2011/10/07 12:30:17 drochner Exp $
+
+VideoLAN-SA-1107
+
+--- src/network/httpd.c.orig 2010-12-23 13:26:53.000000000 +0000
++++ src/network/httpd.c
+@@ -1755,16 +1755,27 @@ static void httpd_ClientRecv( httpd_clie
+ *p2++ = '\0';
+ }
+ if( !strncasecmp( p, ( cl->query.i_proto
+- == HTTPD_PROTO_HTTP ) ? "http" : "rtsp", 4 )
+- && p[4 + !!strchr( "sS", p[4] )] == ':' )
++ == HTTPD_PROTO_HTTP ) ? "http" : "rtsp", 5 ) )
+ { /* Skip hier-part of URL (if present) */
+- p = strchr( p, ':' ) + 1; /* skip URI scheme */
++ p += 5;
+ if( !strncmp( p, "//", 2 ) ) /* skip authority */
+ { /* see RFC3986 ยง3.2 */
+ p += 2;
+- while( *p && !strchr( "/?#", *p ) ) p++;
++ p += strcspn( p, "/?#" );
+ }
+ }
++ else
++ if( !strncasecmp( p, ( cl->query.i_proto
++ == HTTPD_PROTO_HTTP ) ? "https:" : "rtsps:", 6 ) )
++ { /* Skip hier-part of URL (if present) */
++ p += 6;
++ if( !strncmp( p, "//", 2 ) ) /* skip authority */
++ { /* see RFC3986 ?3.2 */
++ p += 2;
++ p += strcspn( p, "/?#" );
++ }
++ }
++
+ cl->query.psz_url = strdup( p );
+ if( ( p3 = strchr( cl->query.psz_url, '?' ) ) )
+ {