Pullup ticket 469 - requested by Matthias Scheler

security fix for xine-lib Revisions pulled up: - pkgsrc/multimedia/xine-lib/Makefile 1.20 - pkgsrc/multimedia/xine-lib/buildlink3.mk 1.10 - pkgsrc/multimedia/xine-lib/distinfo 1.17 - pkgsrc/multimedia/xine-lib/patches/patch-aj 1.5 - pkgsrc/multimedia/xine-lib/patches/patch-ak 1.3 Module Name: pkgsrc Committed By: tron Date: Tue Apr 26 12:48:35 UTC 2005 Modified Files: pkgsrc/multimedia/xine-lib: Makefile distinfo Added Files: pkgsrc/multimedia/xine-lib/patches: patch-aj patch-ak Log Message: Add patches to fix security vulnerability reported in XSA-2004-8. Bump package revision because of this change. ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 27 02:40:07 UTC 2005 Modified Files: pkgsrc/multimedia/xine-lib: buildlink3.mk Log Message: Bump BUIDLINK_RECOMMENDED after the recent security fix. (hi tron!)
author: snj <snj@pkgsrc.org> 2005-04-27 02:53:42 +0000
committer: snj <snj@pkgsrc.org> 2005-04-27 02:53:42 +0000
commit: 22dc635ebc08168b75893afe741374af38639481 (patch)
tree: 24bfd93b6676b31387b938a715449c1b77eb60ed /multimedia/xine-lib
parent: 5329aac17a9d401e701d117332c9055064427b87 (diff)
download: pkgsrc-22dc635ebc08168b75893afe741374af38639481.tar.gz
5 files changed, 50 insertions, 4 deletions
diff --git a/multimedia/xine-lib/Makefile b/multimedia/xine-lib/Makefile
index 11e93fe8af9..335c14b40f8 100644
--- a/multimedia/xine-lib/Makefile
+++ b/multimedia/xine-lib/Makefile
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2005/01/07 14:54:47 drochner Exp $
+# $NetBSD: Makefile,v 1.18.2.1 2005/04/27 02:53:42 snj Exp $
 
 .include "Makefile.common"
 
+PKGREVISION=		2
+
 .if ${MACHINE_ARCH} == "i386"
 DEPENDS+=       	win32-codecs>=011227:../../multimedia/win32-codecs
 PLIST_SUBST+=		I386=""
diff --git a/multimedia/xine-lib/buildlink3.mk b/multimedia/xine-lib/buildlink3.mk
index d80c063a098..a715ce38044 100644
--- a/multimedia/xine-lib/buildlink3.mk
+++ b/multimedia/xine-lib/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.9 2005/01/07 14:54:47 drochner Exp $
+# $NetBSD: buildlink3.mk,v 1.9.2.1 2005/04/27 02:53:42 snj Exp $
 
 BUILDLINK_DEPTH:=		${BUILDLINK_DEPTH}+
 XINE_LIB_BUILDLINK3_MK:=	${XINE_LIB_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+=	xine-lib
 
 .if !empty(XINE_LIB_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.xine-lib+=	xine-lib>=1rc3c
-BUILDLINK_RECOMMENDED.xine-lib+=xine-lib>=1rc8nb2
+BUILDLINK_RECOMMENDED.xine-lib+=xine-lib>=1.0nb2
 BUILDLINK_PKGSRCDIR.xine-lib?=	../../multimedia/xine-lib
 .endif	# XINE_LIB_BUILDLINK3_MK
 
diff --git a/multimedia/xine-lib/distinfo b/multimedia/xine-lib/distinfo
index fd42d0f23cb..38057af5460 100644
--- a/multimedia/xine-lib/distinfo
+++ b/multimedia/xine-lib/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2005/02/24 11:24:05 agc Exp $
+$NetBSD: distinfo,v 1.14.2.1 2005/04/27 02:53:42 snj Exp $
 
 SHA1 (xine-lib-1.0.tar.gz) = dd02fb31c68ae68e2283d02e16bb8e80fcced9fd
 RMD160 (xine-lib-1.0.tar.gz) = ad84871d50d51552ba8913c0744e4a2b2b21f124
@@ -11,6 +11,8 @@ SHA1 (patch-ae) = cf7486ed50a782fcfb17ad0985e76a7ae09a2938
 SHA1 (patch-ag) = 1a439f8025c07d183f054fea77a70ef86ff59217
 SHA1 (patch-ah) = 3f9b23c4a7994259056b73209a9e194db759f06d
 SHA1 (patch-ai) = f71e3cb57bf30cbf9653a469c040b6e3f717ba97
+SHA1 (patch-aj) = e9a26ede23d53d83c2799076770e49562a4fc1ea
+SHA1 (patch-ak) = 1dfd2c3d86904ef4869dde4f4309564ac6c9323c
 SHA1 (patch-am) = 10f6433a8549bdce60ace5dcbd51df85eaa7ea16
 SHA1 (patch-ao) = 1247ba7ef23f2b28b2c0a177208c912e2fc259a0
 SHA1 (patch-ap) = aaf63024c1049c1f2175d9974367a6b84ac3028f
diff --git a/multimedia/xine-lib/patches/patch-aj b/multimedia/xine-lib/patches/patch-aj
new file mode 100644
index 00000000000..f1ba3d9f182
--- /dev/null
+++ b/multimedia/xine-lib/patches/patch-aj
@@ -0,0 +1,21 @@
+$NetBSD: patch-aj,v 1.4.2.1 2005/04/27 02:53:42 snj Exp $
+
+--- src/input/mms.c	2005/01/18 23:25:34	1.55
++++ src/input/mms.c	2005/04/21 19:02:43	1.56
+@@ -583,9 +583,13 @@
+           lprintf ("stream object, stream id: %d, type: %d, encrypted: %d\n",
+                    stream_id, type, encrypted);
+           
+-          this->stream_types[stream_id] = type;
+-          this->stream_ids[this->num_stream_ids] = stream_id;
+-          this->num_stream_ids++;
++          if (this->num_stream_ids < ASF_MAX_NUM_STREAMS && stream_id < ASF_MAX_NUM_STREAMS) {
++            this->stream_types[stream_id] = type;
++            this->stream_ids[this->num_stream_ids] = stream_id;
++            this->num_stream_ids++;
++          } else {
++            lprintf ("too many streams, skipping\n");
++          }
+       
+         }
+         break;
diff --git a/multimedia/xine-lib/patches/patch-ak b/multimedia/xine-lib/patches/patch-ak
new file mode 100644
index 00000000000..e81a7f13a95
--- /dev/null
+++ b/multimedia/xine-lib/patches/patch-ak
@@ -0,0 +1,21 @@
+$NetBSD: patch-ak,v 1.2.10.1 2005/04/27 02:53:42 snj Exp $
+
+--- src/input/librtsp/rtsp.c	2004/07/25 17:13:54	1.18
++++ src/input/librtsp/rtsp.c	2005/04/16 07:10:51	1.19
+@@ -218,6 +218,7 @@
+   unsigned int answer_seq;
+   char **answer_ptr=s->answers;
+   int code;
++  int ans_count = 0;
+   
+   answer=rtsp_get(s);
+   if (!answer)
+@@ -268,7 +269,7 @@
+     }
+     *answer_ptr=answer;
+     answer_ptr++;
+-  } while (strlen(answer)!=0);
++  } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS));
+   
+   s->cseq++;
+
author	snj <snj@pkgsrc.org>	2005-04-27 02:53:42 +0000
committer	snj <snj@pkgsrc.org>	2005-04-27 02:53:42 +0000
commit	22dc635ebc08168b75893afe741374af38639481 (patch)
tree	24bfd93b6676b31387b938a715449c1b77eb60ed /multimedia/xine-lib
parent	5329aac17a9d401e701d117332c9055064427b87 (diff)
download	pkgsrc-22dc635ebc08168b75893afe741374af38639481.tar.gz