PKGREVISION++

Fix remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. http://www.mplayerhq.hu/homepage/design6/news.html
author: salo <salo@pkgsrc.org> 2003-09-26 12:04:46 +0000
committer: salo <salo@pkgsrc.org> 2003-09-26 12:04:46 +0000
commit: b5856856126434a5f97941db8e40288bb85a6cb5 (patch)
tree: db9d4d6f5fc5b7823092317d9e6a1fd94571f8e8
parent: d2dc939936b42ac4f753a07c6348a34720b7cdc8 (diff)
download: pkgsrc-b5856856126434a5f97941db8e40288bb85a6cb5.tar.gz
6 files changed, 32 insertions, 6 deletions
diff --git a/graphics/gmplayer/distinfo b/graphics/gmplayer/distinfo
index 278f4362f9c..098dc625042 100644
--- a/graphics/gmplayer/distinfo
+++ b/graphics/gmplayer/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2003/09/21 12:40:22 markd Exp $
+$NetBSD: distinfo,v 1.40 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
@@ -43,5 +43,6 @@ Size (mplayer/xanim-1.5.tar.bz2) = 94535 bytes
 SHA1 (mplayer/xine-lcd-1.0.tar.bz2) = 1edbf1703e64f7a7c2aa3837d3383ba60a6d2f2d
 Size (mplayer/xine-lcd-1.0.tar.bz2) = 168441 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
diff --git a/graphics/mencoder/distinfo b/graphics/mencoder/distinfo
index 836edc37b10..10dddb16e3e 100644
--- a/graphics/mencoder/distinfo
+++ b/graphics/mencoder/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.23 2003/09/19 10:13:41 wiz Exp $
+$NetBSD: distinfo,v 1.24 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
diff --git a/graphics/mplayer-share/Makefile.common b/graphics/mplayer-share/Makefile.common
index d99d589d127..f64389af53c 100644
--- a/graphics/mplayer-share/Makefile.common
+++ b/graphics/mplayer-share/Makefile.common
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.39 2003/09/02 17:46:32 jmmv Exp $
+# $NetBSD: Makefile.common,v 1.40 2003/09/26 12:04:46 salo Exp $
 #
 
 MPLAYER_DIST_VERSION=	1.0pre1
-#PKGREVISION=		0
+PKGREVISION=		1
 
 # This variable is used in all packages which depend on this package
 MPLAYER_PKG_VERSION=	1.0rc1
diff --git a/graphics/mplayer-share/distinfo b/graphics/mplayer-share/distinfo
index ba4c896687f..2059e527040 100644
--- a/graphics/mplayer-share/distinfo
+++ b/graphics/mplayer-share/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2003/09/02 17:46:32 jmmv Exp $
+$NetBSD: distinfo,v 1.28 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
@@ -9,5 +9,6 @@ Size (mplayer/font-arial-iso-8859-2.tar.bz2) = 222208 bytes
 SHA1 (mplayer/font-arial-cp1250.tar.bz2) = ccf11dce5d0fb72fd3af97f788b7471cd0cd0b68
 Size (mplayer/font-arial-cp1250.tar.bz2) = 249705 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
diff --git a/graphics/mplayer-share/patches/patch-ab b/graphics/mplayer-share/patches/patch-ab
new file mode 100644
index 00000000000..e52fec34870
--- /dev/null
+++ b/graphics/mplayer-share/patches/patch-ab
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.9 2003/09/26 12:04:46 salo Exp $
+
+Fixes remotely exploitable buffer overflow vulnerability. A malicious host can
+craft a harmful ASX header, and trick MPlayer into executing arbitrary code
+upon parsing that header.
+
+--- libmpdemux/asf_streaming.c.orig	2003-08-15 21:13:23.000000000 +0200
++++ libmpdemux/asf_streaming.c	2003-09-26 13:27:04.000000000 +0200
+@@ -502,11 +502,11 @@
+ 			return NULL;
+ 		}
+ 		http_set_uri( http_hdr, server_url->url );
+-		sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port );
++		sprintf( str, "Host: %.220s:%d", server_url->hostname, server_url->port );
+ 		url_free( server_url );
+ 	} else {
+ 		http_set_uri( http_hdr, url->file );
+-		sprintf( str, "Host: %s:%d", url->hostname, url->port );
++		sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
+ 	}
+ 	
+ 	http_set_field( http_hdr, str );
diff --git a/graphics/mplayer/distinfo b/graphics/mplayer/distinfo
index 55333815bd0..b173b9adf09 100644
--- a/graphics/mplayer/distinfo
+++ b/graphics/mplayer/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.37 2003/09/19 10:13:41 wiz Exp $
+$NetBSD: distinfo,v 1.38 2003/09/26 12:04:46 salo Exp $
 
 SHA1 (mplayer/MPlayer-1.0pre1.tar.bz2) = 34482db6102a0d4b2a3692617926a92e44116f81
 Size (mplayer/MPlayer-1.0pre1.tar.bz2) = 4190784 bytes
 SHA1 (patch-aa) = 6938dbdccb9b760dadad304f3bf61245e8b1baa6
+SHA1 (patch-ab) = a9765eaba21c68242bf106b6d679af851d6480fb
 SHA1 (patch-ad) = e77e938e7f4b9a2849f816bbc662db277d7898d3
 SHA1 (patch-ae) = 12d16a7dda6be9d950d09d23d41d0de03ca70425
author	salo <salo@pkgsrc.org>	2003-09-26 12:04:46 +0000
committer	salo <salo@pkgsrc.org>	2003-09-26 12:04:46 +0000
commit	b5856856126434a5f97941db8e40288bb85a6cb5 (patch)
tree	db9d4d6f5fc5b7823092317d9e6a1fd94571f8e8
parent	d2dc939936b42ac4f753a07c6348a34720b7cdc8 (diff)
download	pkgsrc-b5856856126434a5f97941db8e40288bb85a6cb5.tar.gz