diff options
| author | lkundrak <lkundrak@pkgsrc.org> | 2007-06-22 14:13:16 +0000 |
|---|---|---|
| committer | lkundrak <lkundrak@pkgsrc.org> | 2007-06-22 14:13:16 +0000 |
| commit | fb7a2972184351a6c4fedbf0ef49f61bc466d933 (patch) | |
| tree | d1890af30d96dc7486406acee961287238f32754 /multimedia/vlc | |
| parent | 6cd1aa2b1aad8a45da0e6975352d9c7a36414895 (diff) | |
| download | pkgsrc-fb7a2972184351a6c4fedbf0ef49f61bc466d933.tar.gz | |
Fix for CVE-2007-3316 format-string vulnerability described by
VideoLAN-SA-0702 upstream advisory. Backported from 0.8.6c.
Diffstat (limited to 'multimedia/vlc')
| -rw-r--r-- | multimedia/vlc/Makefile | 4 | ||||
| -rw-r--r-- | multimedia/vlc/distinfo | 6 | ||||
| -rw-r--r-- | multimedia/vlc/patches/patch-ak | 27 | ||||
| -rw-r--r-- | multimedia/vlc/patches/patch-al | 16 | ||||
| -rw-r--r-- | multimedia/vlc/patches/patch-am | 16 | ||||
| -rw-r--r-- | multimedia/vlc/patches/patch-an | 22 |
6 files changed, 88 insertions, 3 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index 85720441005..2aa1eee8831 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.44 2007/02/22 19:26:51 wiz Exp $ +# $NetBSD: Makefile,v 1.45 2007/06/22 14:13:16 lkundrak Exp $ # DISTNAME= vlc-${VLC_VER} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= multimedia MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/ EXTRACT_SUFX= .tar.bz2 diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo index f0b1db9eceb..94d6342befb 100644 --- a/multimedia/vlc/distinfo +++ b/multimedia/vlc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10 2007/02/22 16:36:10 drochner Exp $ +$NetBSD: distinfo,v 1.11 2007/06/22 14:13:16 lkundrak Exp $ SHA1 (vlc-0.8.5.tar.bz2) = 2f0a26a336a5211f32c7bcc653dfd0b27f1fb26b RMD160 (vlc-0.8.5.tar.bz2) = d24140a5b4bf771754028090e103bb5c171e4fd8 @@ -10,3 +10,7 @@ SHA1 (patch-ag) = 44061c0018d97c45d4edfdb2a16192f3c99024f8 SHA1 (patch-ah) = 5a355a70b7b39c0a33db7cc37e3944f903686d3f SHA1 (patch-ai) = 655df187ab529eb30753531dafbf4b68f7a85785 SHA1 (patch-aj) = ff16b192696f7a8517b2bf343697cb81c6041015 +SHA1 (patch-ak) = 62e4c366c6ad39fdadf3e9484f1ee46a2f5680ab +SHA1 (patch-al) = d363baa7a1d4150b2b12376652650295e546f0fe +SHA1 (patch-am) = 7d212c47879c718a7685fe94660c9fa71a02f4c3 +SHA1 (patch-an) = 6388e50ad6b7c4cc6860759d514ca691b996ee45 diff --git a/multimedia/vlc/patches/patch-ak b/multimedia/vlc/patches/patch-ak new file mode 100644 index 00000000000..c366edc6261 --- /dev/null +++ b/multimedia/vlc/patches/patch-ak @@ -0,0 +1,27 @@ +$NetBSD: patch-ak,v 1.1 2007/06/22 14:13:16 lkundrak Exp $ + +Fix for CVE-2007-3316 format-string vulnerability in CDDA module described +by VideoLAN-SA-0702 advisory. Backported from 0.8.6c. + +--- modules/access/cdda.c.orig 2007-06-22 16:00:43.000000000 +0200 ++++ modules/access/cdda.c +@@ -630,7 +630,9 @@ static int GetTracks( access_t *p_access + { + vlc_input_item_AddInfo( &p_item->input, + _(VLC_META_INFO_CAT), +- _(VLC_META_TITLE), ++ _(VLC_META_TITLE), "%s", ++ cddb_track_get_title( t ) ); ++ + cddb_track_get_title( t ) ); + if( p_item->input.psz_name ) + free( p_item->input.psz_name ); +@@ -641,7 +643,7 @@ static int GetTracks( access_t *p_access + if( psz_result ) + { + vlc_input_item_AddInfo( &p_item->input, +- _(VLC_META_INFO_CAT), ++ _(VLC_META_INFO_CAT), "%s", + _(VLC_META_ARTIST), psz_result ); + } + } diff --git a/multimedia/vlc/patches/patch-al b/multimedia/vlc/patches/patch-al new file mode 100644 index 00000000000..acc6ea81132 --- /dev/null +++ b/multimedia/vlc/patches/patch-al @@ -0,0 +1,16 @@ +$NetBSD: patch-al,v 1.1 2007/06/22 14:13:16 lkundrak Exp $ + +Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described +by VideoLAN-SA-0702 advisory. Backported from 0.8.6c. + +--- modules/codec/vorbis.c.orig 2007-06-22 16:03:12.000000000 +0200 ++++ modules/codec/vorbis.c +@@ -614,7 +614,7 @@ static void ParseVorbisComments( decoder + *psz_value = '\0'; + psz_value++; + input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"), +- psz_name, psz_value ); ++ psz_name, "%s", psz_value ); + if( strcasestr( psz_name, "artist" ) ) + { + vlc_input_item_AddInfo( p_input->input.p_item, diff --git a/multimedia/vlc/patches/patch-am b/multimedia/vlc/patches/patch-am new file mode 100644 index 00000000000..52f8e31a18d --- /dev/null +++ b/multimedia/vlc/patches/patch-am @@ -0,0 +1,16 @@ +$NetBSD: patch-am,v 1.1 2007/06/22 14:13:16 lkundrak Exp $ + +Fix for CVE-2007-3316 format-string vulnerability in Theora module described +by VideoLAN-SA-0702 advisory. Backported from 0.8.6c. + +--- modules/codec/theora.c.orig 2007-06-22 16:04:59.000000000 +0200 ++++ modules/codec/theora.c +@@ -510,7 +510,7 @@ static void ParseTheoraComments( decoder + *psz_value = '\0'; + psz_value++; + input_Control( p_input, INPUT_ADD_INFO, _("Theora comment"), +- psz_name, psz_value ); ++ psz_name, "%s", psz_value ); + } + free( psz_comment ); + i++; diff --git a/multimedia/vlc/patches/patch-an b/multimedia/vlc/patches/patch-an new file mode 100644 index 00000000000..23226b07059 --- /dev/null +++ b/multimedia/vlc/patches/patch-an @@ -0,0 +1,22 @@ +$NetBSD: patch-an,v 1.1 2007/06/22 14:13:17 lkundrak Exp $ + +Fix for CVE-2007-3316 format-string vulnerability in SAP module described +by VideoLAN-SA-0702 advisory. Backported from 0.8.6c. + +--- modules/services_discovery/sap.c.orig 2007-06-22 16:06:09.000000000 +0200 ++++ modules/services_discovery/sap.c +@@ -818,12 +818,12 @@ sap_announce_t *CreateAnnounce( services + if( psz_value != NULL ) + { + vlc_input_item_AddInfo( &p_item->input, _("Session"), +- _("Tool"), psz_value ); ++ _("Tool"), "%s", psz_value ); + } + if( strcmp( p_sdp->psz_username, "-" ) ) + { + vlc_input_item_AddInfo( &p_item->input, _("Session"), +- _("User"), p_sdp->psz_username ); ++ _("User"), "%s", p_sdp->psz_username ); + } + + psz_value = GetAttribute( p_sap->p_sdp, "x-plgroup" ); |