diff options
author | salo <salo> | 2007-02-17 22:48:16 +0000 |
---|---|---|
committer | salo <salo> | 2007-02-17 22:48:16 +0000 |
commit | fcf780999100eb0497112e88af17d37f1ccf8680 (patch) | |
tree | b092d4604b7520d13f22c3c05bb14e6e7a544ef0 | |
parent | 02bc3782257b7fb635d22699f1614b0f346d9d91 (diff) | |
download | pkgsrc-fcf780999100eb0497112e88af17d37f1ccf8680.tar.gz |
Security fixes for CVE-2007-0254 (and more):
"A vulnerability has been reported in xine-ui, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format string error within the
"errors_create_window()" function in errors.c. This may be exploited to
execute arbitrary code by e.g. tricking a user into opening a specially
crafted playlist file."
Patch from SUSE.
Bump PKGREVISION.
XXX: The sources are a real mess. My condolences to everyone using it.
And good luck, you'll need it!..
-rw-r--r-- | multimedia/xine-ui/Makefile | 4 | ||||
-rw-r--r-- | multimedia/xine-ui/distinfo | 15 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-ai | 123 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-aq | 15 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-au | 20 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-av | 22 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-aw | 40 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-ax | 13 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-ay | 13 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-az | 22 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-ba | 17 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-bb | 31 | ||||
-rw-r--r-- | multimedia/xine-ui/patches/patch-bc | 14 |
13 files changed, 338 insertions, 11 deletions
diff --git a/multimedia/xine-ui/Makefile b/multimedia/xine-ui/Makefile index 9ff48f281d5..dc9b482a561 100644 --- a/multimedia/xine-ui/Makefile +++ b/multimedia/xine-ui/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.33 2007/02/11 17:19:49 drochner Exp $ +# $NetBSD: Makefile,v 1.34 2007/02/17 22:48:16 salo Exp $ # DISTNAME= xine-ui-0.99.4 -PKGREVISION= 7 +PKGREVISION= 8 CATEGORIES= multimedia MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xine/} diff --git a/multimedia/xine-ui/distinfo b/multimedia/xine-ui/distinfo index ff81ef58e74..c53329701ea 100644 --- a/multimedia/xine-ui/distinfo +++ b/multimedia/xine-ui/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.13 2007/02/11 17:19:49 drochner Exp $ +$NetBSD: distinfo,v 1.14 2007/02/17 22:48:16 salo Exp $ SHA1 (xine-ui-0.99.4.tar.gz) = b982e5697f183559c216f9243b9410d61b9c58aa RMD160 (xine-ui-0.99.4.tar.gz) = eeead5c6e566ade5505c8fcb924272c74eb4f49a @@ -7,12 +7,21 @@ SHA1 (patch-aa) = 4221e235da0b2047d218a9123f82a40cce92e15b SHA1 (patch-ae) = 1d5887168efd340f047dfdb9e135ce12c18e2d5f SHA1 (patch-ag) = dddbea5257a5b21e3a7ba21207661f4a47a9fa7e SHA1 (patch-ah) = 9d61282de803459e4b9c49814796dcc97658849d -SHA1 (patch-ai) = 78228fa174cb0d455a9debec18125d9ee13d34dd +SHA1 (patch-ai) = 68bd0bdb39ecacd993335707a8843fd696067633 SHA1 (patch-al) = d00f3ad348450e209d55ba69c1c053fce7d359b3 SHA1 (patch-am) = 57567b2c1f86ef575ff4abcbfaa5f06e3178a056 SHA1 (patch-ao) = 09e83615b88dffbdfeb0b0bad07dcdc60024ba67 SHA1 (patch-ap) = f4f360e5fc8008882f07c649b7ea29ef163c6731 -SHA1 (patch-aq) = 212d5c561422e5866cdc05cd39c609b1274aa8b6 +SHA1 (patch-aq) = 393f889a397c60a9cb1940f197e92efd12cb13bb SHA1 (patch-ar) = 50c45ce7c272385100bc562b8d1d668c3d860df7 SHA1 (patch-as) = 96f680bcab84c7a832f0ea4ae2b6a5b687f79244 SHA1 (patch-at) = 4d11203d056c45474e24b4e840e031720d840d55 +SHA1 (patch-au) = 1ab308585b3c806931fc0dd60dd82794a46cc4a9 +SHA1 (patch-av) = 0d36d3f7603752e5bfe98215ced4a878d4ec2058 +SHA1 (patch-aw) = 2cbb4e5a17faa79fb8d6607e52a9fa9d965ac884 +SHA1 (patch-ax) = 5388a8cb6fa73bbc001e7b1ad2ed4d25dc2425a8 +SHA1 (patch-ay) = f7252e705e017957238c3be37fbe52aea698785b +SHA1 (patch-az) = 696c9a25ac25ba7940d976399519caadc4932c4b +SHA1 (patch-ba) = 02493f55c8c1330a1eae6c109b51a4f5cdbe12d1 +SHA1 (patch-bb) = ebbfcc327d3918b152205a7907fc7c4252b7e1c2 +SHA1 (patch-bc) = 584d14552fd0acaaf32e64a4fa8c2886b4b16b84 diff --git a/multimedia/xine-ui/patches/patch-ai b/multimedia/xine-ui/patches/patch-ai index dd7f4e1f024..5ecf6aa276f 100644 --- a/multimedia/xine-ui/patches/patch-ai +++ b/multimedia/xine-ui/patches/patch-ai @@ -1,7 +1,7 @@ -$NetBSD: patch-ai,v 1.1 2004/05/12 16:42:49 drochner Exp $ +$NetBSD: patch-ai,v 1.2 2007/02/17 22:48:16 salo Exp $ ---- src/xitk/xine-remote.c.orig 2004-05-11 23:39:22.000000000 +0200 -+++ src/xitk/xine-remote.c 2004-05-11 23:45:24.000000000 +0200 +--- src/xitk/xine-remote.c.orig 2005-07-16 21:05:32.000000000 +0200 ++++ src/xitk/xine-remote.c 2007-02-17 22:24:26.000000000 +0100 @@ -30,6 +30,7 @@ #endif /* required for strncasecmp() */ @@ -30,3 +30,120 @@ $NetBSD: patch-ai,v 1.1 2004/05/12 16:42:49 drochner Exp $ #include "common.h" +@@ -638,7 +639,7 @@ static int write_to_console(session_t *s + va_end(args); + + pthread_mutex_lock(&session->console_mutex); +- err = write_to_console_unlocked(session, buf); ++ err = write_to_console_unlocked(session, "%s", buf); + pthread_mutex_unlock(&session->console_mutex); + + return err; +@@ -998,7 +999,7 @@ static void *select_thread(void *data) { + write_to_console_unlocked_nocr(session, "\b \b"); + pos--; + } +- write_to_console_unlocked(session, obuffer); ++ write_to_console_unlocked(session, "%s", obuffer); + + rl_crlf(); + rl_forced_update_display(); +@@ -1082,7 +1083,7 @@ static void client_handle_command(sessio + + *pp = '\0'; + +- if((sock_write(session->socket, buf)) == -1) { ++ if((sock_write(session->socket, "%s", buf)) == -1) { + session->running = 0; + } + } +@@ -1094,7 +1095,7 @@ static void client_handle_command(sessio + + /* Perhaps a ';' separated commands, so send anyway to server */ + if(found == 0) { +- sock_write(session->socket, (char *)command); ++ sock_write(session->socket, "%s", (char *)command); + } + + if((!strncasecmp(cmd, "exit", strlen(cmd))) || (!strncasecmp(cmd, "halt", strlen(cmd)))) { +@@ -1714,7 +1715,7 @@ static void do_commands(commands_t *cmd, + i++; + } + sprintf(buf, "%s.\n", buf); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + + static void do_help(commands_t *cmd, client_info_t *client_info) { +@@ -1760,7 +1761,7 @@ static void do_help(commands_t *cmd, cli + } + + sprintf(buf, "%s\n", buf); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + else { + int i; +@@ -2096,7 +2097,7 @@ static void do_get(commands_t *cmd, clie + sprintf(buf, "%s%s", buf, "*UNKNOWN*"); + + sprintf(buf, "%s%c", buf, '\n'); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + else if(is_arg_contain(client_info, 1, "speed")) { + char buf[64]; +@@ -2116,7 +2117,7 @@ static void do_get(commands_t *cmd, clie + sprintf(buf, "%s%s", buf, "*UNKNOWN*"); + + sprintf(buf, "%s%c", buf, '\n'); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + else if(is_arg_contain(client_info, 1, "position")) { + char buf[64]; +@@ -2128,7 +2129,7 @@ static void do_get(commands_t *cmd, clie + &pos_time, + &length_time); + snprintf(buf, sizeof(buf), "%s: %d\n", "Current position", pos_time); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + else if(is_arg_contain(client_info, 1, "length")) { + char buf[64]; +@@ -2140,7 +2141,7 @@ static void do_get(commands_t *cmd, clie + &pos_time, + &length_time); + snprintf(buf, sizeof(buf), "%s: %d\n", "Current length", length_time); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + else if(is_arg_contain(client_info, 1, "loop")) { + char buf[64]; +@@ -2169,7 +2170,7 @@ static void do_get(commands_t *cmd, clie + } + + sprintf(buf, "%s.\n", buf); +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + } + } + else if(nargs >= 2) { +@@ -2552,7 +2553,7 @@ static void do_halt(commands_t *cmd, cli + static void network_messenger(void *data, char *message) { + int socket = (int) data; + +- sock_write(socket, message); ++ sock_write(socket, "%s", message); + } + + static void do_snap(commands_t *cmd, client_info_t *client_info) { +@@ -2577,7 +2578,7 @@ static void say_hello(client_info_t *cli + else { + snprintf(buf, sizeof(buf), "%s %s %s\n", PACKAGE, VERSION, "remote server. Nice to meet you."); + } +- sock_write(client_info->socket, buf); ++ sock_write(client_info->socket, "%s", buf); + + } + diff --git a/multimedia/xine-ui/patches/patch-aq b/multimedia/xine-ui/patches/patch-aq index 735ed737e98..46a576d8ce1 100644 --- a/multimedia/xine-ui/patches/patch-aq +++ b/multimedia/xine-ui/patches/patch-aq @@ -1,7 +1,7 @@ -$NetBSD: patch-aq,v 1.1 2006/04/21 11:11:26 drochner Exp $ +$NetBSD: patch-aq,v 1.2 2007/02/17 22:48:16 salo Exp $ ---- src/xitk/main.c.orig 2006-04-20 11:59:48.000000000 +0200 -+++ src/xitk/main.c +--- src/xitk/main.c.orig 2007-02-17 22:10:56.000000000 +0100 ++++ src/xitk/main.c 2007-02-17 22:10:38.000000000 +0100 @@ -456,7 +456,7 @@ static void print_formatted(char *title, int len; char *blanks = " "; @@ -29,3 +29,12 @@ $NetBSD: patch-aq,v 1.1 2006/04/21 11:11:26 drochner Exp $ printf(".\n\n"); } +@@ -1249,7 +1249,7 @@ static void event_listener(void *user_da + snprintf(buffer, sizeof(buffer), "%s [%d%%]\n", pevent->description, pevent->percent); + gGui->mrl_overrided = 3; + panel_set_title(buffer); +- osd_display_info(buffer); ++ osd_display_info("%s", buffer); + } + break; + diff --git a/multimedia/xine-ui/patches/patch-au b/multimedia/xine-ui/patches/patch-au new file mode 100644 index 00000000000..f3c2d921551 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-au @@ -0,0 +1,20 @@ +$NetBSD: patch-au,v 1.1 2007/02/17 22:48:16 salo Exp $ + +--- src/fb/osd.c.orig 2003-12-01 18:23:27.000000000 +0100 ++++ src/fb/osd.c 2007-02-17 21:56:02.000000000 +0100 +@@ -589,7 +589,7 @@ void osd_display_spu_lang(void) { + } + + sprintf(buffer, "Subtitles: %s", lang); +- osd_display_info(buffer); ++ osd_display_info("%s", buffer); + } + + void osd_display_audio_lang(void) { +@@ -618,5 +618,5 @@ void osd_display_audio_lang(void) { + } + + sprintf(buffer, "Audio Channel: %s", lang); +- osd_display_info(buffer); ++ osd_display_info("%s", buffer); + } diff --git a/multimedia/xine-ui/patches/patch-av b/multimedia/xine-ui/patches/patch-av new file mode 100644 index 00000000000..c45f9d37309 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-av @@ -0,0 +1,22 @@ +$NetBSD: patch-av,v 1.1 2007/02/17 22:48:16 salo Exp $ + +--- src/xitk/actions.c.orig 2005-07-24 04:40:36.000000000 +0200 ++++ src/xitk/actions.c 2007-02-17 21:56:02.000000000 +0100 +@@ -398,7 +398,7 @@ int gui_xine_play(xine_stream_t *stream, + + + if(v_unhandled && a_unhandled) { +- xine_error(buffer); ++ xine_error("%s", buffer); + return 0; + } + +@@ -416,7 +416,7 @@ int gui_xine_play(xine_stream_t *stream, + xw = xitk_window_dialog_yesno_with_width(gGui->imlib_data, _("Start Playback ?"), + start_anyway_yesno, start_anyway_yesno, + NULL, 400, ALIGN_CENTER, +- buffer); ++ "%s", buffer); + XLockDisplay(gGui->display); + if(!gGui->use_root_window && gGui->video_display == gGui->display) + XSetTransientForHint(gGui->display, xitk_window_get_window(xw), gGui->video_window); diff --git a/multimedia/xine-ui/patches/patch-aw b/multimedia/xine-ui/patches/patch-aw new file mode 100644 index 00000000000..1c8935db45c --- /dev/null +++ b/multimedia/xine-ui/patches/patch-aw @@ -0,0 +1,40 @@ +$NetBSD: patch-aw,v 1.1 2007/02/17 22:48:16 salo Exp $ + +--- src/xitk/errors.c.orig 2005-02-07 19:16:28.000000000 +0100 ++++ src/xitk/errors.c 2007-02-17 21:56:02.000000000 +0100 +@@ -68,7 +68,7 @@ static void errors_create_window(char *t + _("Done"), _("More..."), + NULL, _errors_display_log, + NULL, 400, ALIGN_CENTER, +- message); ++ "%s", message); + + xitk_window_set_parent_window(xw, gGui->video_window); + +@@ -125,7 +125,7 @@ void xine_error(char *message, ...) { + } else { + xitk_window_t *xw; + +- xw = xitk_window_dialog_error(gGui->imlib_data, buf2); ++ xw = xitk_window_dialog_error(gGui->imlib_data, "%s", buf2); + + if(!gGui->use_root_window && gGui->video_display == gGui->display) { + XLockDisplay(gGui->display); +@@ -228,7 +228,7 @@ void xine_info(char *message, ...) { + } else { + xitk_window_t *xw; + +- xw = xitk_window_dialog_info(gGui->imlib_data, buf2); ++ xw = xitk_window_dialog_info(gGui->imlib_data, "%s", buf2); + + if(!gGui->use_root_window && gGui->video_display == gGui->display) { + XLockDisplay(gGui->display); +@@ -354,7 +354,7 @@ void too_slow_window(void) { + _("Disable this warning."), + checked, _dont_show_too_slow_again, + NULL, 500, ALIGN_CENTER, +- message); ++ "%s", message); + if(!gGui->use_root_window && gGui->video_display == gGui->display) { + XLockDisplay(gGui->display); + XSetTransientForHint(gGui->display, xitk_window_get_window(xw), gGui->video_window); diff --git a/multimedia/xine-ui/patches/patch-ax b/multimedia/xine-ui/patches/patch-ax new file mode 100644 index 00000000000..6a776a364c8 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-ax @@ -0,0 +1,13 @@ +$NetBSD: patch-ax,v 1.1 2007/02/17 22:48:17 salo Exp $ + +--- src/xitk/file_browser.c.orig 2005-05-29 12:43:40.000000000 +0200 ++++ src/xitk/file_browser.c 2007-02-17 21:56:02.000000000 +0100 +@@ -1012,7 +1012,7 @@ static void fb_delete_file(xitk_widget_t + xitk_window_dialog_yesno(gGui->imlib_data, _("Confirm deletion ?"), + fb_delete_file_cb, + fb_delete_file_cb, +- (void *)fb, ALIGN_DEFAULT, buf); ++ (void *)fb, ALIGN_DEFAULT, "%s", buf); + } + } + diff --git a/multimedia/xine-ui/patches/patch-ay b/multimedia/xine-ui/patches/patch-ay new file mode 100644 index 00000000000..3d2a8e1cbd3 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-ay @@ -0,0 +1,13 @@ +$NetBSD: patch-ay,v 1.1 2007/02/17 22:48:17 salo Exp $ + +--- src/xitk/kbindings.c.orig 2005-07-16 21:05:31.000000000 +0200 ++++ src/xitk/kbindings.c 2007-02-17 21:56:02.000000000 +0100 +@@ -622,7 +622,7 @@ static void _kbindings_check_redundancy( + _("Reset"), _("Editor"), _("Cancel"), + _kbinding_reset_cb, _kbinding_editor_cb, NULL, + (void *) kbt, 450, ALIGN_CENTER, +- kmsg); ++ "%s", kmsg); + free(kmsg); + XLockDisplay(gGui->display); + if(!gGui->use_root_window && gGui->video_display == gGui->display) diff --git a/multimedia/xine-ui/patches/patch-az b/multimedia/xine-ui/patches/patch-az new file mode 100644 index 00000000000..7d7b1068d7c --- /dev/null +++ b/multimedia/xine-ui/patches/patch-az @@ -0,0 +1,22 @@ +$NetBSD: patch-az,v 1.1 2007/02/17 22:48:17 salo Exp $ + +--- src/xitk/osd.c.orig 2005-07-16 21:05:32.000000000 +0200 ++++ src/xitk/osd.c 2007-02-17 21:56:02.000000000 +0100 +@@ -698,7 +698,7 @@ void osd_display_spu_lang(void) { + } + + snprintf(buffer, sizeof(buffer), "%s%s", _("Subtitles: "), get_language_from_iso639_1(lang)); +- osd_display_info(buffer); ++ osd_display_info("%s", buffer); + } + + void osd_display_audio_lang(void) { +@@ -727,7 +727,7 @@ void osd_display_audio_lang(void) { + } + + snprintf(buffer, sizeof(buffer), "%s%s", _("Audio Channel: "), get_language_from_iso639_1(lang)); +- osd_display_info(buffer); ++ osd_display_info("%s", buffer); + } + + int osd_is_visible(void) { diff --git a/multimedia/xine-ui/patches/patch-ba b/multimedia/xine-ui/patches/patch-ba new file mode 100644 index 00000000000..e5b7b8839f3 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-ba @@ -0,0 +1,17 @@ +$NetBSD: patch-ba,v 1.1 2007/02/17 22:48:18 salo Exp $ + +--- src/xitk/panel.c.orig 2005-07-24 04:40:37.000000000 +0200 ++++ src/xitk/panel.c 2007-02-17 21:56:02.000000000 +0100 +@@ -845,10 +845,10 @@ void panel_toggle_audio_mute(xitk_widget + * to snapshot current frame. + */ + static void panel_snapshot_error(void *data, char *message) { +- xine_error(message); ++ xine_error("%s", message); + } + static void panel_snapshot_info(void *data, char *message) { +- xine_info(message); ++ xine_info("%s", message); + } + void panel_snapshot(xitk_widget_t *w, void *data) { + create_snapshot(gGui->mmk.mrl, panel_snapshot_error, panel_snapshot_info, NULL); diff --git a/multimedia/xine-ui/patches/patch-bb b/multimedia/xine-ui/patches/patch-bb new file mode 100644 index 00000000000..bf9db02dbb6 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-bb @@ -0,0 +1,31 @@ +$NetBSD: patch-bb,v 1.1 2007/02/17 22:48:18 salo Exp $ + +--- src/xitk/xine-toolkit/window.c.orig 2004-12-31 01:52:15.000000000 +0100 ++++ src/xitk/xine-toolkit/window.c 2007-02-17 21:56:02.000000000 +0100 +@@ -1088,7 +1088,7 @@ xitk_window_t *xitk_window_dialog_ok_wit + char buf2[(strlen(buf) * 2) + 1]; + xitk_subst_special_chars(buf, buf2); + xw = xitk_window_dialog_one_button_with_width(im, title, _("OK"), cb, userdata, window_width, +- align, buf2); ++ align, "%s", buf2); + } + XITK_FREE(buf); + return xw; +@@ -1337,7 +1337,7 @@ xitk_window_t *xitk_window_dialog_yesno_ + + xitk_subst_special_chars(buf, buf2); + xw = xitk_window_dialog_two_buttons_with_width(im, title, _("Yes"), _("No"), +- ycb, ncb, userdata, window_width, align, buf2); ++ ycb, ncb, userdata, window_width, align, "%s", buf2); + } + + XITK_FREE(buf); +@@ -1559,7 +1559,7 @@ xitk_window_t *xitk_window_dialog_yesnoc + + xitk_subst_special_chars(buf, buf2); + xw = xitk_window_dialog_three_buttons_with_width(im, title, _("Yes"), _("No"), _("Cancel"), +- ycb, ncb, ccb, userdata, window_width, align, buf2); ++ ycb, ncb, ccb, userdata, window_width, align, "%s", buf2); + } + XITK_FREE(buf); + return xw; diff --git a/multimedia/xine-ui/patches/patch-bc b/multimedia/xine-ui/patches/patch-bc new file mode 100644 index 00000000000..15117f18db3 --- /dev/null +++ b/multimedia/xine-ui/patches/patch-bc @@ -0,0 +1,14 @@ +$NetBSD: patch-bc,v 1.1 2007/02/17 22:48:18 salo Exp $ + +--- src/xitk/xine-toolkit/xitk.h.orig 2004-12-16 22:35:30.000000000 +0100 ++++ src/xitk/xine-toolkit/xitk.h 2007-02-17 21:56:02.000000000 +0100 +@@ -2310,7 +2310,8 @@ xitk_window_t *xitk_window_dialog_checkb + char *checkbox_label, int checkbox_state, + xitk_state_callback_t cb3, + void *userdata, +- int window_width, int align, char *message, ...); ++ int window_width, int align, char *message, ...) ++ __attribute__((__format__(__printf__, 13, 14))); + + #ifdef __GNUC__ + #define xitk_window_dialog_two_buttons_with_width(im, title, bl1, bl2, cb1, cb2, userdata, window_width, align, message, args...) \ |