diff options
author | snj <snj@pkgsrc.org> | 2005-04-27 02:53:42 +0000 |
---|---|---|
committer | snj <snj@pkgsrc.org> | 2005-04-27 02:53:42 +0000 |
commit | 22dc635ebc08168b75893afe741374af38639481 (patch) | |
tree | 24bfd93b6676b31387b938a715449c1b77eb60ed /multimedia/xine-lib | |
parent | 5329aac17a9d401e701d117332c9055064427b87 (diff) | |
download | pkgsrc-22dc635ebc08168b75893afe741374af38639481.tar.gz |
Pullup ticket 469 - requested by Matthias Scheler
security fix for xine-lib
Revisions pulled up:
- pkgsrc/multimedia/xine-lib/Makefile 1.20
- pkgsrc/multimedia/xine-lib/buildlink3.mk 1.10
- pkgsrc/multimedia/xine-lib/distinfo 1.17
- pkgsrc/multimedia/xine-lib/patches/patch-aj 1.5
- pkgsrc/multimedia/xine-lib/patches/patch-ak 1.3
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 26 12:48:35 UTC 2005
Modified Files:
pkgsrc/multimedia/xine-lib: Makefile distinfo
Added Files:
pkgsrc/multimedia/xine-lib/patches: patch-aj patch-ak
Log Message:
Add patches to fix security vulnerability reported in XSA-2004-8.
Bump package revision because of this change.
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 27 02:40:07 UTC 2005
Modified Files:
pkgsrc/multimedia/xine-lib: buildlink3.mk
Log Message:
Bump BUIDLINK_RECOMMENDED after the recent security fix. (hi tron!)
Diffstat (limited to 'multimedia/xine-lib')
-rw-r--r-- | multimedia/xine-lib/Makefile | 4 | ||||
-rw-r--r-- | multimedia/xine-lib/buildlink3.mk | 4 | ||||
-rw-r--r-- | multimedia/xine-lib/distinfo | 4 | ||||
-rw-r--r-- | multimedia/xine-lib/patches/patch-aj | 21 | ||||
-rw-r--r-- | multimedia/xine-lib/patches/patch-ak | 21 |
5 files changed, 50 insertions, 4 deletions
diff --git a/multimedia/xine-lib/Makefile b/multimedia/xine-lib/Makefile index 11e93fe8af9..335c14b40f8 100644 --- a/multimedia/xine-lib/Makefile +++ b/multimedia/xine-lib/Makefile @@ -1,7 +1,9 @@ -# $NetBSD: Makefile,v 1.18 2005/01/07 14:54:47 drochner Exp $ +# $NetBSD: Makefile,v 1.18.2.1 2005/04/27 02:53:42 snj Exp $ .include "Makefile.common" +PKGREVISION= 2 + .if ${MACHINE_ARCH} == "i386" DEPENDS+= win32-codecs>=011227:../../multimedia/win32-codecs PLIST_SUBST+= I386="" diff --git a/multimedia/xine-lib/buildlink3.mk b/multimedia/xine-lib/buildlink3.mk index d80c063a098..a715ce38044 100644 --- a/multimedia/xine-lib/buildlink3.mk +++ b/multimedia/xine-lib/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.9 2005/01/07 14:54:47 drochner Exp $ +# $NetBSD: buildlink3.mk,v 1.9.2.1 2005/04/27 02:53:42 snj Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ XINE_LIB_BUILDLINK3_MK:= ${XINE_LIB_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= xine-lib .if !empty(XINE_LIB_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.xine-lib+= xine-lib>=1rc3c -BUILDLINK_RECOMMENDED.xine-lib+=xine-lib>=1rc8nb2 +BUILDLINK_RECOMMENDED.xine-lib+=xine-lib>=1.0nb2 BUILDLINK_PKGSRCDIR.xine-lib?= ../../multimedia/xine-lib .endif # XINE_LIB_BUILDLINK3_MK diff --git a/multimedia/xine-lib/distinfo b/multimedia/xine-lib/distinfo index fd42d0f23cb..38057af5460 100644 --- a/multimedia/xine-lib/distinfo +++ b/multimedia/xine-lib/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.14 2005/02/24 11:24:05 agc Exp $ +$NetBSD: distinfo,v 1.14.2.1 2005/04/27 02:53:42 snj Exp $ SHA1 (xine-lib-1.0.tar.gz) = dd02fb31c68ae68e2283d02e16bb8e80fcced9fd RMD160 (xine-lib-1.0.tar.gz) = ad84871d50d51552ba8913c0744e4a2b2b21f124 @@ -11,6 +11,8 @@ SHA1 (patch-ae) = cf7486ed50a782fcfb17ad0985e76a7ae09a2938 SHA1 (patch-ag) = 1a439f8025c07d183f054fea77a70ef86ff59217 SHA1 (patch-ah) = 3f9b23c4a7994259056b73209a9e194db759f06d SHA1 (patch-ai) = f71e3cb57bf30cbf9653a469c040b6e3f717ba97 +SHA1 (patch-aj) = e9a26ede23d53d83c2799076770e49562a4fc1ea +SHA1 (patch-ak) = 1dfd2c3d86904ef4869dde4f4309564ac6c9323c SHA1 (patch-am) = 10f6433a8549bdce60ace5dcbd51df85eaa7ea16 SHA1 (patch-ao) = 1247ba7ef23f2b28b2c0a177208c912e2fc259a0 SHA1 (patch-ap) = aaf63024c1049c1f2175d9974367a6b84ac3028f diff --git a/multimedia/xine-lib/patches/patch-aj b/multimedia/xine-lib/patches/patch-aj new file mode 100644 index 00000000000..f1ba3d9f182 --- /dev/null +++ b/multimedia/xine-lib/patches/patch-aj @@ -0,0 +1,21 @@ +$NetBSD: patch-aj,v 1.4.2.1 2005/04/27 02:53:42 snj Exp $ + +--- src/input/mms.c 2005/01/18 23:25:34 1.55 ++++ src/input/mms.c 2005/04/21 19:02:43 1.56 +@@ -583,9 +583,13 @@ + lprintf ("stream object, stream id: %d, type: %d, encrypted: %d\n", + stream_id, type, encrypted); + +- this->stream_types[stream_id] = type; +- this->stream_ids[this->num_stream_ids] = stream_id; +- this->num_stream_ids++; ++ if (this->num_stream_ids < ASF_MAX_NUM_STREAMS && stream_id < ASF_MAX_NUM_STREAMS) { ++ this->stream_types[stream_id] = type; ++ this->stream_ids[this->num_stream_ids] = stream_id; ++ this->num_stream_ids++; ++ } else { ++ lprintf ("too many streams, skipping\n"); ++ } + + } + break; diff --git a/multimedia/xine-lib/patches/patch-ak b/multimedia/xine-lib/patches/patch-ak new file mode 100644 index 00000000000..e81a7f13a95 --- /dev/null +++ b/multimedia/xine-lib/patches/patch-ak @@ -0,0 +1,21 @@ +$NetBSD: patch-ak,v 1.2.10.1 2005/04/27 02:53:42 snj Exp $ + +--- src/input/librtsp/rtsp.c 2004/07/25 17:13:54 1.18 ++++ src/input/librtsp/rtsp.c 2005/04/16 07:10:51 1.19 +@@ -218,6 +218,7 @@ + unsigned int answer_seq; + char **answer_ptr=s->answers; + int code; ++ int ans_count = 0; + + answer=rtsp_get(s); + if (!answer) +@@ -268,7 +269,7 @@ + } + *answer_ptr=answer; + answer_ptr++; +- } while (strlen(answer)!=0); ++ } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS)); + + s->cseq++; + |