diff options
| author | drochner <drochner> | 2014-06-27 17:58:09 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2014-06-27 17:58:09 +0000 |
| commit | cbb3886aaba2ab0c1cf559e40e452045f916e807 (patch) | |
| tree | 9d89eafa7deac7d0bf4177aa5618b2502ab5a754 | |
| parent | fcc823b8ccf1fe32c2aafaed64cd2ab1a7b0b8ee (diff) | |
| download | pkgsrc-cbb3886aaba2ab0c1cf559e40e452045f916e807.tar.gz | |
add patch from 1.2.7 to fix recent integer overflow, bump PKGREV
| -rw-r--r-- | multimedia/ffmpeg010/Makefile | 4 | ||||
| -rw-r--r-- | multimedia/ffmpeg010/distinfo | 3 | ||||
| -rw-r--r-- | multimedia/ffmpeg010/patches/patch-CVE-2014-4610 | 43 |
3 files changed, 47 insertions, 3 deletions
diff --git a/multimedia/ffmpeg010/Makefile b/multimedia/ffmpeg010/Makefile index bc115909c76..c1fd9695516 100644 --- a/multimedia/ffmpeg010/Makefile +++ b/multimedia/ffmpeg010/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.15 2014/04/10 05:39:14 obache Exp $ +# $NetBSD: Makefile,v 1.16 2014/06/27 17:58:09 drochner Exp $ PKGNAME= ffmpeg010-20130731.${DISTVERSION} -PKGREVISION= 1 +PKGREVISION= 2 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://ffmpeg.mplayerhq.hu/ COMMENT= Decoding, encoding and streaming software diff --git a/multimedia/ffmpeg010/distinfo b/multimedia/ffmpeg010/distinfo index de09bfa54e0..ba694e953c1 100644 --- a/multimedia/ffmpeg010/distinfo +++ b/multimedia/ffmpeg010/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.9 2013/08/03 09:22:58 obache Exp $ +$NetBSD: distinfo,v 1.10 2014/06/27 17:58:09 drochner Exp $ SHA1 (ffmpeg-0.10.8.tar.bz2) = 23b6713b5a403feab4bf57f9363353312ba77995 RMD160 (ffmpeg-0.10.8.tar.bz2) = 1916b6fab6ec3f32d0f0f54d7964adf6f2852e57 Size (ffmpeg-0.10.8.tar.bz2) = 5782880 bytes +SHA1 (patch-CVE-2014-4610) = e70bb36823edae0a00aa557453328e43c850e954 SHA1 (patch-aa) = b30c822e03bb1766181d7b8b8d4122c196fd1d16 SHA1 (patch-ac) = 14b39a2663be41395be0faae8270e18e2ba0891f SHA1 (patch-ap) = b67db14f412bbca036b5e6573df68b64ac5dabc2 diff --git a/multimedia/ffmpeg010/patches/patch-CVE-2014-4610 b/multimedia/ffmpeg010/patches/patch-CVE-2014-4610 new file mode 100644 index 00000000000..ecf3d379887 --- /dev/null +++ b/multimedia/ffmpeg010/patches/patch-CVE-2014-4610 @@ -0,0 +1,43 @@ +$NetBSD: patch-CVE-2014-4610,v 1.1 2014/06/27 17:58:09 drochner Exp $ + +--- libavutil/lzo.c.orig 2014-06-27 17:34:06.000000000 +0000 ++++ libavutil/lzo.c +@@ -20,6 +20,7 @@ + */ + + #include "avutil.h" ++#include "avassert.h" + #include "common.h" + /// Avoid e.g. MPlayers fast_memcpy, it slows things down here. + #undef memcpy +@@ -62,7 +63,13 @@ static inline int get_byte(LZOContext *c + static inline int get_len(LZOContext *c, int x, int mask) { + int cnt = x & mask; + if (!cnt) { +- while (!(x = get_byte(c))) cnt += 255; ++ while (!(x = get_byte(c))) { ++ if (cnt >= INT_MAX - 1000) { ++ c->error |= AV_LZO_ERROR; ++ break; ++ } ++ cnt += 255; ++ } + cnt += mask + x; + } + return cnt; +@@ -88,6 +95,7 @@ static inline int get_len(LZOContext *c, + static inline void copy(LZOContext *c, int cnt) { + register const uint8_t *src = c->in; + register uint8_t *dst = c->out; ++ av_assert0(cnt >= 0); + if (cnt > c->in_end - src) { + cnt = FFMAX(c->in_end - src, 0); + c->error |= AV_LZO_INPUT_DEPLETED; +@@ -120,6 +128,7 @@ static inline void memcpy_backptr(uint8_ + */ + static inline void copy_backptr(LZOContext *c, int back, int cnt) { + register uint8_t *dst = c->out; ++ av_assert0(cnt > 0); + if (dst - c->out_start < back) { + c->error |= AV_LZO_INVALID_BACKPTR; + return; |