medainfo: fix two CVEs using upstream patches

Bump PKGREVISION
author: wiz <wiz@pkgsrc.org> 2021-10-14 07:03:02 +0000
committer: wiz <wiz@pkgsrc.org> 2021-10-14 07:03:02 +0000
commit: f8154e1ceb5a924f39066f9a9600998392a5c8d2 (patch)
tree: e9bac2436a5392618643517ca034d07564e14764
parent: e1b0f9f4815e980915470f811ae1221026eaea30 (diff)
download: pkgsrc-f8154e1ceb5a924f39066f9a9600998392a5c8d2.tar.gz
5 files changed, 39 insertions, 3 deletions
diff --git a/multimedia/libmediainfo/Makefile b/multimedia/libmediainfo/Makefile
index 93e22ce5c90..2aefd7bcc6b 100644
--- a/multimedia/libmediainfo/Makefile
+++ b/multimedia/libmediainfo/Makefile
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2020/05/20 06:09:05 rillig Exp $
+# $NetBSD: Makefile,v 1.8 2021/10/14 07:03:02 wiz Exp $
 
+PKGREVISION=		1
 .include "../../multimedia/mediainfo/Makefile.common"
 
 PKGNAME=		libmediainfo-${MIVER}
diff --git a/multimedia/mediainfo/Makefile b/multimedia/mediainfo/Makefile
index ad1c116cd51..d690414f9f4 100644
--- a/multimedia/mediainfo/Makefile
+++ b/multimedia/mediainfo/Makefile
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2015/09/07 01:02:00 dsainty Exp $
+# $NetBSD: Makefile,v 1.15 2021/10/14 07:03:02 wiz Exp $
 
+PKGREVISION=		1
 .include "../../multimedia/mediainfo/Makefile.common"
 
 PKGNAME=		mediainfo-${MIVER}
diff --git a/multimedia/mediainfo/distinfo b/multimedia/mediainfo/distinfo
index 8021cdc3039..38347f0e3d2 100644
--- a/multimedia/mediainfo/distinfo
+++ b/multimedia/mediainfo/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.16 2021/10/07 14:32:14 nia Exp $
+$NetBSD: distinfo,v 1.17 2021/10/14 07:03:02 wiz Exp $
 
 RMD160 (mediainfo_20.03_AllInclusive.7z) = 976c635af03faa44d9a4cca2bc5c143efa44601d
 SHA512 (mediainfo_20.03_AllInclusive.7z) = 850f4ee5f8ceb3a91a4466ff73c9f2fb70a1a63f8bdd7ffd8dd40e83b619b71c59e9b8659a8636758c90a62d7024b4e617b17025c72f23a7bcd25a3823d2ee39
 Size (mediainfo_20.03_AllInclusive.7z) = 3706487 bytes
 SHA1 (patch-MediaInfoLib_Source_MediaInfo_MediaInfo__Config.h) = 19d6cba816c9e282e31fac527cbc39b9303f9f08
+SHA1 (patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp) = 04f3533bf6a79a2dd8dcee80fd0f68e73303ccbb
+SHA1 (patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp) = 800904386799b205a366f4f693ad9a7ff3d5856b
diff --git a/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp b/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp
new file mode 100644
index 00000000000..27abc8c41aa
--- /dev/null
+++ b/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp
@@ -0,0 +1,16 @@
+$NetBSD: patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp,v 1.1 2021/10/14 07:03:02 wiz Exp $
+
+Fix CVE-2020-26797
+https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead
+
+--- MediaInfoLib/Source/MediaInfo/Multiple/File_Gxf.cpp.orig	2020-04-03 12:46:46.000000000 +0000
++++ MediaInfoLib/Source/MediaInfo/Multiple/File_Gxf.cpp
+@@ -1577,7 +1577,7 @@ File__Analyze* File_Gxf::ChooseParser_Ch
+     File_ChannelGrouping* Parser;
+     if (Audio_Count%2)
+     {
+-        if (!Streams[TrackID-1].IsChannelGrouping)
++        if (!TrackID || !Streams[TrackID-1].IsChannelGrouping)
+             return NULL; //Not a channel grouping
+ 
+         Parser=new File_ChannelGrouping;
diff --git a/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp b/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp
new file mode 100644
index 00000000000..e0cf0517402
--- /dev/null
+++ b/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp
@@ -0,0 +1,16 @@
+$NetBSD: patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp,v 1.1 2021/10/14 07:03:02 wiz Exp $
+
+Fix for CVE-2020-15395
+https://github.com/MediaArea/MediaInfoLib/commit/7b935cda2db88bfb63bda157bb93d69091c2c199
+
+--- MediaInfoLib/Source/MediaInfo/Multiple/File_MpegPs.cpp.orig	2020-04-03 12:46:46.000000000 +0000
++++ MediaInfoLib/Source/MediaInfo/Multiple/File_MpegPs.cpp
+@@ -405,7 +405,7 @@ void File_MpegPs::Streams_Fill_PerStream
+             Fill(Stream_Audio, StreamPos_Last, Audio_MuxingMode, "SL");
+     #endif //MEDIAINFO_MPEG4_YES
+ 
+-    if (Counts[StreamKind_Last]+Count==Count_Get(StreamKind_Last)) //Old method
++    if (StreamKind_Last<Stream_Max && Counts[StreamKind_Last]+Count==Count_Get(StreamKind_Last)) //Old method
+         Streams_Fill_PerStream_PerKind(StreamID, Temp, KindOfStream, Count);
+     else
+     {
author	wiz <wiz@pkgsrc.org>	2021-10-14 07:03:02 +0000
committer	wiz <wiz@pkgsrc.org>	2021-10-14 07:03:02 +0000
commit	f8154e1ceb5a924f39066f9a9600998392a5c8d2 (patch)
tree	e9bac2436a5392618643517ca034d07564e14764
parent	e1b0f9f4815e980915470f811ae1221026eaea30 (diff)
download	pkgsrc-f8154e1ceb5a924f39066f9a9600998392a5c8d2.tar.gz