diff options
author | seb <seb> | 2005-12-12 13:18:46 +0000 |
---|---|---|
committer | seb <seb> | 2005-12-12 13:18:46 +0000 |
commit | 814af5a751148e737972f9908d48ce3912b4d35a (patch) | |
tree | 33ba0f88461eecd7cf936d24f55522cfdacb940f | |
parent | 7f14cf298001da4a3be2bde6f99bf6f23595ee41 (diff) | |
download | pkgsrc-814af5a751148e737972f9908d48ce3912b4d35a.tar.gz |
Pullup ticket 952 - requested by Lubomir Sedlacik
Security fix via patch for mplayer, gmplayer and mencoder.
Module Name: pkgsrc
Committed By: salo
Date: Sat Dec 10 23:34:42 UTC 2005
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
pkgsrc/multimedia/mencoder: Makefile
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-ai
Log Message:
Security fix for SA17892:
"A vulnerability in FFmpeg libavcodec can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially to compromise a user's
system."
http://secunia.com/advisories/17892/
Fix from ffmpeg CVS repository, libavcodec/utils.c rev. 1.162:
"default_get_buffer() cleanup
fixes probably exploitable heap overflow
heap overflow found by (Simon Kilvington)"
-rw-r--r-- | multimedia/gmplayer/Makefile | 4 | ||||
-rw-r--r-- | multimedia/gmplayer/distinfo | 3 | ||||
-rw-r--r-- | multimedia/mencoder/Makefile | 4 | ||||
-rw-r--r-- | multimedia/mplayer-share/distinfo | 3 | ||||
-rw-r--r-- | multimedia/mplayer-share/patches/patch-ai | 82 | ||||
-rw-r--r-- | multimedia/mplayer/Makefile | 4 |
6 files changed, 92 insertions, 8 deletions
diff --git a/multimedia/gmplayer/Makefile b/multimedia/gmplayer/Makefile index 93f4211ba32..b6bce8171aa 100644 --- a/multimedia/gmplayer/Makefile +++ b/multimedia/gmplayer/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.37 2005/08/27 06:59:52 dogcow Exp $ +# $NetBSD: Makefile,v 1.37.2.1 2005/12/12 13:18:47 seb Exp $ # # NOTE: if you are updating both mplayer and gmplayer, you must ensure @@ -9,7 +9,7 @@ # PKGNAME= gmplayer-${MPLAYER_PKG_VERSION} -PKGREVISION= 1 +PKGREVISION= 4 SKIN_SITES= http://www.mplayerhq.hu/MPlayer/Skin/ \ ftp://ftp.mplayerhq.hu/MPlayer/Skin/ \ diff --git a/multimedia/gmplayer/distinfo b/multimedia/gmplayer/distinfo index feef3346676..22497e5b173 100644 --- a/multimedia/gmplayer/distinfo +++ b/multimedia/gmplayer/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.29 2005/09/02 10:52:09 rillig Exp $ +$NetBSD: distinfo,v 1.29.2.1 2005/12/12 13:18:47 seb Exp $ SHA1 (gmplayer-1.0rc7-20050409/MPlayer-1.0pre7.tar.bz2) = df1e8d4f2f44d72c6f7989932f3b272e815ecb80 RMD160 (gmplayer-1.0rc7-20050409/MPlayer-1.0pre7.tar.bz2) = a4bac10df287c4b134ea49b3bc9bf7fb0126cae6 @@ -70,6 +70,7 @@ SHA1 (patch-ad) = d705dd315e913593223b83e533c60a9620d34cc8 SHA1 (patch-ae) = 601808d8c89cba68156fb3c95fe9fcfb8da4fca0 SHA1 (patch-af) = 6eab8572b239f6ac7afc03ad6254a7c97f90663e SHA1 (patch-ag) = 9bc3466ef24970e3f26fc64601d9f2c27fa394d2 +SHA1 (patch-ai) = a884b7a23ff8b2c31e6190d2ba9989a8f0057a0c SHA1 (patch-da) = be092da4f854708c1ef47f10c26e361c095a6799 SHA1 (patch-dc) = b11ef06a89f13e2ae5e013d569aa5acc99c770aa SHA1 (patch-dd) = e5b23b73a1e53e3185ecbac26042432395cd5e63 diff --git a/multimedia/mencoder/Makefile b/multimedia/mencoder/Makefile index 3c11004cc87..29c4e28338f 100644 --- a/multimedia/mencoder/Makefile +++ b/multimedia/mencoder/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.22 2005/08/27 06:59:52 dogcow Exp $ +# $NetBSD: Makefile,v 1.22.2.1 2005/12/12 13:18:47 seb Exp $ PKGNAME= mencoder-${MPLAYER_PKG_VERSION} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= Simple movie encoder for MPlayer-playable movies diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo index 364ff9f0994..f0173ea9f08 100644 --- a/multimedia/mplayer-share/distinfo +++ b/multimedia/mplayer-share/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.23 2005/08/27 06:59:52 dogcow Exp $ +$NetBSD: distinfo,v 1.23.2.1 2005/12/12 13:18:46 seb Exp $ SHA1 (mplayer-1.0rc7/MPlayer-1.0pre7.tar.bz2) = df1e8d4f2f44d72c6f7989932f3b272e815ecb80 RMD160 (mplayer-1.0rc7/MPlayer-1.0pre7.tar.bz2) = a4bac10df287c4b134ea49b3bc9bf7fb0126cae6 @@ -19,6 +19,7 @@ SHA1 (patch-ad) = d705dd315e913593223b83e533c60a9620d34cc8 SHA1 (patch-ae) = 601808d8c89cba68156fb3c95fe9fcfb8da4fca0 SHA1 (patch-af) = 6eab8572b239f6ac7afc03ad6254a7c97f90663e SHA1 (patch-ag) = 9bc3466ef24970e3f26fc64601d9f2c27fa394d2 +SHA1 (patch-ai) = a884b7a23ff8b2c31e6190d2ba9989a8f0057a0c SHA1 (patch-da) = be092da4f854708c1ef47f10c26e361c095a6799 SHA1 (patch-dc) = b11ef06a89f13e2ae5e013d569aa5acc99c770aa SHA1 (patch-dd) = e5b23b73a1e53e3185ecbac26042432395cd5e63 diff --git a/multimedia/mplayer-share/patches/patch-ai b/multimedia/mplayer-share/patches/patch-ai new file mode 100644 index 00000000000..0e1b464da7d --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-ai @@ -0,0 +1,82 @@ +$NetBSD: patch-ai,v 1.1.2.2 2005/12/12 13:18:47 seb Exp $ + +Security fix for SA17892, from ffmpeg CVS repository. + +--- libavcodec/utils.c.orig 2005-04-16 22:41:13.000000000 +0200 ++++ libavcodec/utils.c 2005-12-10 23:59:36.000000000 +0100 +@@ -276,49 +276,50 @@ + buf->last_pic_num= *picture_number; + }else{ + int h_chroma_shift, v_chroma_shift; +- int pixel_size; ++ int pixel_size, size[3]; ++ AVPicture picture; + + avcodec_get_chroma_sub_sample(s->pix_fmt, &h_chroma_shift, &v_chroma_shift); + +- switch(s->pix_fmt){ +- case PIX_FMT_RGB555: +- case PIX_FMT_RGB565: +- case PIX_FMT_YUV422: +- case PIX_FMT_UYVY422: +- pixel_size=2; +- break; +- case PIX_FMT_RGB24: +- case PIX_FMT_BGR24: +- pixel_size=3; +- break; +- case PIX_FMT_RGBA32: +- pixel_size=4; +- break; +- default: +- pixel_size=1; +- } +- + avcodec_align_dimensions(s, &w, &h); + + if(!(s->flags&CODEC_FLAG_EMU_EDGE)){ + w+= EDGE_WIDTH*2; + h+= EDGE_WIDTH*2; + } ++ avpicture_fill(&picture, NULL, s->pix_fmt, w, h); ++ pixel_size= picture.linesize[0]*8 / w; ++//av_log(NULL, AV_LOG_ERROR, "%d %d %d %d\n", (int)picture.data[1], w, h, s->pix_fmt); ++ assert(pixel_size>=1); ++ //FIXME next ensures that linesize= 2^x uvlinesize, thats needed because some MC code assumes it ++ if(pixel_size == 3*8) ++ w= ALIGN(w, STRIDE_ALIGN<<h_chroma_shift); ++ else ++ w= ALIGN(pixel_size*w, STRIDE_ALIGN<<(h_chroma_shift+3)) / pixel_size; ++ size[1] = avpicture_fill(&picture, NULL, s->pix_fmt, w, h); ++ size[0] = picture.linesize[0] * h; ++ size[1] -= size[0]; ++ if(picture.data[2]) ++ size[1]= size[2]= size[1]/2; ++ else ++ size[2]= 0; + + buf->last_pic_num= -256*256*256*64; ++ memset(buf->base, 0, sizeof(buf->base)); ++ memset(buf->data, 0, sizeof(buf->data)); + +- for(i=0; i<3; i++){ ++ for(i=0; i<3 && size[i]; i++){ + const int h_shift= i==0 ? 0 : h_chroma_shift; + const int v_shift= i==0 ? 0 : v_chroma_shift; + +- //FIXME next ensures that linesize= 2^x uvlinesize, thats needed because some MC code assumes it +- buf->linesize[i]= ALIGN(pixel_size*w>>h_shift, STRIDE_ALIGN<<(h_chroma_shift-h_shift)); ++ buf->linesize[i]= picture.linesize[i]; + +- buf->base[i]= av_malloc((buf->linesize[i]*h>>v_shift)+16); //FIXME 16 ++ buf->base[i]= av_malloc(size[i]+16); //FIXME 16 + if(buf->base[i]==NULL) return -1; +- memset(buf->base[i], 128, buf->linesize[i]*h>>v_shift); ++ memset(buf->base[i], 128, size[i]); + +- if(s->flags&CODEC_FLAG_EMU_EDGE) ++ // no edge if EDEG EMU or not planar YUV, we check for PAL8 redundantly to protect against a exploitable bug regression ... ++ if((s->flags&CODEC_FLAG_EMU_EDGE) || (s->pix_fmt == PIX_FMT_PAL8) || !size[2]) + buf->data[i] = buf->base[i]; + else + buf->data[i] = buf->base[i] + ALIGN((buf->linesize[i]*EDGE_WIDTH>>v_shift) + (EDGE_WIDTH>>h_shift), STRIDE_ALIGN); diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile index 50741e8d89f..4f84e14401b 100644 --- a/multimedia/mplayer/Makefile +++ b/multimedia/mplayer/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.20 2005/08/27 06:59:52 dogcow Exp $ +# $NetBSD: Makefile,v 1.20.2.1 2005/12/12 13:18:46 seb Exp $ PKGNAME= mplayer-${MPLAYER_PKG_VERSION} -PKGREVISION= 2 +PKGREVISION= 6 COMMENT= Software-only MPEG-1/2/4 video decoder |