diff options
author | drochner <drochner@pkgsrc.org> | 2009-03-23 12:03:24 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2009-03-23 12:03:24 +0000 |
commit | 789ba336e9f02b9cd6d60bc89639848f58a0a42e (patch) | |
tree | 89eff8ffe7b5b3bf07e239130cf65cfe2b6bea9a /multimedia/gst-plugins0.10-base | |
parent | 002231483dabfe3def8aece704a2ae0641b2c77f (diff) | |
download | pkgsrc-789ba336e9f02b9cd6d60bc89639848f58a0a42e.tar.gz |
add a patch from upstream to fix a buffer overflow in vorbis coverart
code (CVE-2009-0586), bump PKGREVISION
Diffstat (limited to 'multimedia/gst-plugins0.10-base')
-rw-r--r-- | multimedia/gst-plugins0.10-base/Makefile | 4 | ||||
-rw-r--r-- | multimedia/gst-plugins0.10-base/distinfo | 3 | ||||
-rw-r--r-- | multimedia/gst-plugins0.10-base/patches/patch-ad | 86 |
3 files changed, 91 insertions, 2 deletions
diff --git a/multimedia/gst-plugins0.10-base/Makefile b/multimedia/gst-plugins0.10-base/Makefile index 63cf3e402d3..bd3de671942 100644 --- a/multimedia/gst-plugins0.10-base/Makefile +++ b/multimedia/gst-plugins0.10-base/Makefile @@ -1,9 +1,11 @@ -# $NetBSD: Makefile,v 1.10 2009/01/26 10:39:01 drochner Exp $ +# $NetBSD: Makefile,v 1.11 2009/03/23 12:03:24 drochner Exp $ # PKG_DESTDIR_SUPPORT= user-destdir .include "Makefile.common" +PKGREVISION= 1 + COMMENT+= base plugins # some plugins were moved from bad to base diff --git a/multimedia/gst-plugins0.10-base/distinfo b/multimedia/gst-plugins0.10-base/distinfo index c5e59aa1eb3..e6b53b28831 100644 --- a/multimedia/gst-plugins0.10-base/distinfo +++ b/multimedia/gst-plugins0.10-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.20 2009/01/26 10:39:01 drochner Exp $ +$NetBSD: distinfo,v 1.21 2009/03/23 12:03:24 drochner Exp $ SHA1 (gst-plugins-base-0.10.22.tar.bz2) = 8e6a894858f5412234ce1591bbb773102c150cb7 RMD160 (gst-plugins-base-0.10.22.tar.bz2) = 013de77422d6e89b64cf55ff7299b0ff1e38ef8a @@ -6,3 +6,4 @@ Size (gst-plugins-base-0.10.22.tar.bz2) = 2118085 bytes SHA1 (patch-aa) = be36e5a0f1de11900df7c510e7a9a03dd19d6e85 SHA1 (patch-ab) = 0a739fbee2c49d75e9164c2b083820fd9d27c34a SHA1 (patch-ac) = 3a8a102f2c0740f481e115d68bc44d9e2bf66aae +SHA1 (patch-ad) = f10ef3184acacf800ca50839e95fbd358f892cc9 diff --git a/multimedia/gst-plugins0.10-base/patches/patch-ad b/multimedia/gst-plugins0.10-base/patches/patch-ad new file mode 100644 index 00000000000..b7da3332822 --- /dev/null +++ b/multimedia/gst-plugins0.10-base/patches/patch-ad @@ -0,0 +1,86 @@ +$NetBSD: patch-ad,v 1.1 2009/03/23 12:03:24 drochner Exp $ + +--- gst-libs/gst/tag/gstvorbistag.c.orig 2008-10-11 01:22:50.000000000 +0200 ++++ gst-libs/gst/tag/gstvorbistag.c +@@ -305,30 +305,32 @@ gst_vorbis_tag_add (GstTagList * list, c + } + + static void +-gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64, ++gst_vorbis_tag_add_coverart (GstTagList * tags, gchar * img_data_base64, + gint base64_len) + { + GstBuffer *img; +- guchar *img_data; + gsize img_len; ++ guchar *out; + guint save = 0; + gint state = 0; + + if (base64_len < 2) + goto not_enough_data; + +- img_data = g_try_malloc0 (base64_len * 3 / 4); +- +- if (img_data == NULL) +- goto alloc_failed; +- +- img_len = g_base64_decode_step (img_data_base64, base64_len, img_data, +- &state, &save); ++ /* img_data_base64 points to a temporary copy of the base64 encoded data, so ++ * it's safe to do inpace decoding here ++ * TODO: glib 2.20 and later provides g_base64_decode_inplace, so change this ++ * to use glib's API instead once it's in wider use: ++ * http://bugzilla.gnome.org/show_bug.cgi?id=564728 ++ * http://svn.gnome.org/viewvc/glib?view=revision&revision=7807 */ ++ out = (guchar *) img_data_base64; ++ img_len = g_base64_decode_step (img_data_base64, base64_len, ++ out, &state, &save); + + if (img_len == 0) + goto decode_failed; + +- img = gst_tag_image_data_to_image_buffer (img_data, img_len, ++ img = gst_tag_image_data_to_image_buffer (out, img_len, + GST_TAG_IMAGE_TYPE_NONE); + + if (img == NULL) +@@ -338,7 +340,6 @@ gst_vorbis_tag_add_coverart (GstTagList + GST_TAG_PREVIEW_IMAGE, img, NULL); + + gst_buffer_unref (img); +- g_free (img_data); + return; + + /* ERRORS */ +@@ -347,21 +348,14 @@ not_enough_data: + GST_WARNING ("COVERART tag with too little base64-encoded data"); + return; + } +-alloc_failed: +- { +- GST_WARNING ("Couldn't allocate enough memory to decode COVERART tag"); +- return; +- } + decode_failed: + { +- GST_WARNING ("Couldn't decode bas64 image data from COVERART tag"); +- g_free (img_data); ++ GST_WARNING ("Couldn't decode base64 image data from COVERART tag"); + return; + } + convert_failed: + { + GST_WARNING ("Couldn't extract image or image type from COVERART tag"); +- g_free (img_data); + return; + } + } +@@ -457,6 +451,7 @@ error: + return NULL; + #undef ADVANCE + } ++ + typedef struct + { + guint count; |