Update to 0.8.6i and fixes for CVE-2008-3732, CVE-2008-3794

author: sborrill <sborrill@pkgsrc.org> 2008-09-12 14:47:39 +0000
committer: sborrill <sborrill@pkgsrc.org> 2008-09-12 14:47:39 +0000
commit: ced90e26211db2e0b783966fc819f9b2751f62fe (patch)
tree: 59a311a227af25064e6b684fb4db97a1600b85b0 /multimedia
parent: b67dcb0f656e9ab3d257542105c2c75f36347f8f (diff)
download: pkgsrc-ced90e26211db2e0b783966fc819f9b2751f62fe.tar.gz
11 files changed, 278 insertions, 106 deletions
diff --git a/multimedia/vlc08/DESCR b/multimedia/vlc08/DESCR
index 6ea7f1224c6..1da7ff93df0 100644
--- a/multimedia/vlc08/DESCR
+++ b/multimedia/vlc08/DESCR
@@ -8,3 +8,10 @@ and display it. It can also be used to display video read locally on
 the computer : DVDs, VCDs, MPEG and DivX files and from a satellite
 card. It is multi-plaform : Linux, Windows, Mac OS X, BeOS, BSD, Solaris,
 QNX, iPaq... The VideoLAN Client and Server now have a full IPv6 support.
+
+*** Please note: ffmpeg must NOT be built with the swscale option ***
+For more information see: http://trac.videolan.org/vlc/ticket/1594
+
+To disable swscale, please add the following to your /etc/mk.conf before
+building ffmpeg:
+PKG_OPTIONS.ffmpeg=-swscale
diff --git a/multimedia/vlc08/Makefile b/multimedia/vlc08/Makefile
index 4855b65ecd9..2101a7b8174 100644
--- a/multimedia/vlc08/Makefile
+++ b/multimedia/vlc08/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2008/09/08 18:42:21 ahoka Exp $
+# $NetBSD: Makefile,v 1.12 2008/09/12 14:47:39 sborrill Exp $
 #
 
 DISTNAME=		vlc-${VLC_VER}
 PKGNAME=		vlc08-${VLC_VER}
-VLC_VER=		0.8.6f
+VLC_VER=		0.8.6i
 CATEGORIES=		multimedia
 MASTER_SITES=		http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
 EXTRACT_SUFX=		.tar.bz2
@@ -118,6 +118,7 @@ CONFIGURE_ARGS+=	x_libraries=${PREFIX}/lib
 .include "../../multimedia/libmatroska/buildlink3.mk"
 .include "../../multimedia/libmpeg2/buildlink3.mk"
 .include "../../multimedia/libogg/buildlink3.mk"
+.include "../../multimedia/x264-devel/buildlink3.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
 .include "../../x11/libXv/buildlink3.mk"
 .include "../../x11/libXxf86vm/buildlink3.mk"
diff --git a/multimedia/vlc08/PLIST b/multimedia/vlc08/PLIST
index 766b455bc0b..d87ffb7ffef 100644
--- a/multimedia/vlc08/PLIST
+++ b/multimedia/vlc08/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2008/09/08 18:42:21 ahoka Exp $
+@comment $NetBSD: PLIST,v 1.9 2008/09/12 14:47:39 sborrill Exp $
 ${PLIST.skins}bin/svlc
 bin/vlc
 bin/vlc-config
@@ -263,6 +263,7 @@ share/locale/ru/LC_MESSAGES/vlc.mo
 share/locale/sk/LC_MESSAGES/vlc.mo
 share/locale/sl/LC_MESSAGES/vlc.mo
 share/locale/sq/LC_MESSAGES/vlc.mo
+share/locale/sr/LC_MESSAGES/vlc.mo
 share/locale/sv/LC_MESSAGES/vlc.mo
 share/locale/th/LC_MESSAGES/vlc.mo
 share/locale/tr/LC_MESSAGES/vlc.mo
diff --git a/multimedia/vlc08/distinfo b/multimedia/vlc08/distinfo
index f708cf9a9ff..be1e52a7c5c 100644
--- a/multimedia/vlc08/distinfo
+++ b/multimedia/vlc08/distinfo
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.5 2008/09/08 18:42:21 ahoka Exp $
+$NetBSD: distinfo,v 1.6 2008/09/12 14:47:39 sborrill Exp $
 
-SHA1 (vlc-0.8.6f.tar.bz2) = 9684bb7504636d3e3143734698c2bbac250f4a03
-RMD160 (vlc-0.8.6f.tar.bz2) = c52d0cb7e8ba36f9d0959b9d6e1e8b1b36b71b04
-Size (vlc-0.8.6f.tar.bz2) = 11433698 bytes
+SHA1 (vlc-0.8.6i.tar.bz2) = 4c6f45dffe3a8309ce201897040dc1f82b9cde99
+RMD160 (vlc-0.8.6i.tar.bz2) = a5da4e1e0980594c678c04016491c8a373df4017
+Size (vlc-0.8.6i.tar.bz2) = 11786172 bytes
 SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c
-SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671
-SHA1 (patch-ac) = 69f90b13aa4c398a00c12279c8bd8af922e9e8aa
-SHA1 (patch-ad) = 29660533b468e6871fa8104e081f9321cfb30aa5
-SHA1 (patch-ae) = 21b6292e77469375edbfb7b828e298427e1ed118
+SHA1 (patch-mmstu.c) = ef4bed6fb5871790bb9198dad4961384f3e38d16
+SHA1 (patch-mmstu.h) = a11be24360948bcd8ca32bd7d01020e34c0801ad
+SHA1 (patch-tta.c) = 923852b9aedeb75eed052e532ce5ddf50ab19951
diff --git a/multimedia/vlc08/patches/patch-ab b/multimedia/vlc08/patches/patch-ab
deleted file mode 100644
index 4487708f6f0..00000000000
--- a/multimedia/vlc08/patches/patch-ab
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.5 2008/09/08 18:42:21 ahoka Exp $
-
---- modules/gui/wxwidgets/dialogs.cpp.orig	2007-11-26 14:08:05.000000000 +0100
-+++ modules/gui/wxwidgets/dialogs.cpp
-@@ -376,7 +376,7 @@ void DialogsProvider::OnOpenFileGeneric(
-     {
-         p_file_generic_dialog->SetMessage( wxU(p_arg->psz_title) );
-         p_file_generic_dialog->SetWildcard( wxU(p_arg->psz_extensions) );
--        p_file_generic_dialog->SetStyle( (p_arg->b_save ? wxSAVE : wxOPEN) |
-+        p_file_generic_dialog->SetWindowStyle( (p_arg->b_save ? wxSAVE : wxOPEN) |
-                                          (p_arg->b_multiple ? wxMULTIPLE:0) );
-     }
- 
diff --git a/multimedia/vlc08/patches/patch-ac b/multimedia/vlc08/patches/patch-ac
deleted file mode 100644
index ce327ad9531..00000000000
--- a/multimedia/vlc08/patches/patch-ac
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
-Fix wrong boundary check in Speex decoder (CVE-2008-1686).
-
---- modules/codec/speex.c.orig	2008-03-23 22:41:48.000000000 +0000
-+++ modules/codec/speex.c
-@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder
-         msg_Err( p_dec, "cannot read Speex header" );
-         return VLC_EGENERIC;
-     }
--    if( p_header->mode >= SPEEX_NB_MODES )
-+    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
-     {
-         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
-                  "this version of libspeex.", p_header->mode );
diff --git a/multimedia/vlc08/patches/patch-ad b/multimedia/vlc08/patches/patch-ad
deleted file mode 100644
index e9f7a3263b7..00000000000
--- a/multimedia/vlc08/patches/patch-ad
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
-Fix compilability of CDDA code with modern libcdio versions.
-
---- modules/access/cdda/cdda.h.orig	2008-03-23 22:41:48.000000000 +0000
-+++ modules/access/cdda/cdda.h
-@@ -75,7 +75,7 @@ typedef enum {
-   paranoia_none    = 0, /* Note: We make use of 0 as being the same as false */
-   paranoia_overlap = 1, 
-   paranoia_full    = 2
--} paranoia_mode_t;
-+} vlc_paranoia_mode_t;
- 
-   
- /*****************************************************************************
-@@ -107,7 +107,7 @@ typedef struct cdda_data_s
- 
- #if LIBCDIO_VERSION_NUM >= 72
-   /* Paranoia support */
--  paranoia_mode_t e_paranoia;         /* Use cd paranoia for reads? */
-+  vlc_paranoia_mode_t e_paranoia;     /* Use cd paranoia for reads? */
-   cdrom_drive_t *paranoia_cd;         /* Place to store drive
- 					 handle given by paranoia. */
-   cdrom_paranoia_t *paranoia;
diff --git a/multimedia/vlc08/patches/patch-ae b/multimedia/vlc08/patches/patch-ae
deleted file mode 100644
index 81ffd8c0119..00000000000
--- a/multimedia/vlc08/patches/patch-ae
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2008/09/08 18:42:21 ahoka Exp $
-
---- modules/demux/wav.c.orig	2008-03-23 23:41:49.000000000 +0100
-+++ modules/demux/wav.c
-@@ -103,7 +103,8 @@ static int Open( vlc_object_t * p_this )
-     demux_sys_t *p_sys;
- 
-     uint8_t     *p_peek;
--    unsigned int i_size, i_extended;
-+    uint32_t	 i_size;
-+    unsigned int i_extended;
-     char        *psz_name;
- 
-     WAVEFORMATEXTENSIBLE *p_wf_ext = NULL;
-@@ -136,7 +137,8 @@ static int Open( vlc_object_t * p_this )
-         msg_Err( p_demux, "cannot find 'fmt ' chunk" );
-         goto error;
-     }
--    if( i_size < sizeof( WAVEFORMATEX ) - 2 )   /* XXX -2 isn't a typo */
-+    i_size += 2;
-+    if( i_size < sizeof( WAVEFORMATEX ) )
-     {
-         msg_Err( p_demux, "invalid 'fmt ' chunk" );
-         goto error;
-@@ -144,14 +146,15 @@ static int Open( vlc_object_t * p_this )
-     stream_Read( p_demux->s, NULL, 8 );   /* Cannot fail */
- 
-     /* load waveformatex */
--    p_wf_ext = malloc( __EVEN( i_size ) + 2 );
-+    p_wf_ext = malloc( i_size );
-     if( p_wf_ext == NULL )
-          goto error;
- 
-     p_wf = (WAVEFORMATEX *)p_wf_ext;
-     p_wf->cbSize = 0;
--    if( stream_Read( p_demux->s,
--                     p_wf, __EVEN( i_size ) ) < (int)__EVEN( i_size ) )
-+    i_size -= 2;
-+    if( stream_Read( p_demux->s, p_wf, i_size ) != (int)i_size
-+     || ( ( i_size & 1 ) && stream_Read( p_demux->s, NULL, 1 ) != 1 ) )
-     {
-         msg_Err( p_demux, "cannot load 'fmt ' chunk" );
-         goto error;
diff --git a/multimedia/vlc08/patches/patch-mmstu.c b/multimedia/vlc08/patches/patch-mmstu.c
new file mode 100644
index 00000000000..2a9f0cd88e4
--- /dev/null
+++ b/multimedia/vlc08/patches/patch-mmstu.c
@@ -0,0 +1,83 @@
+$NetBSD: patch-mmstu.c,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* A signedness error leading to a stack-based buffer overflow in the
+mms_ReceiveCommand() function in modules/access/mms/mmstu.c
+(CVE-2008-3794).
+
+--- modules/access/mms/mmstu.c.orig	2008-07-08 21:59:23.000000000 +0100
++++ modules/access/mms/mmstu.c	2008-09-12 11:16:01.000000000 +0100
+@@ -28,6 +28,7 @@
+ #include <stdlib.h>
+ #include <vlc/vlc.h>
+ #include <string.h>
++#include <inttypes.h>
+ #include <vlc/input.h>
+ #include <errno.h>
+ 
+@@ -695,7 +696,7 @@
+         GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE + 60 );
+ 
+     msg_Dbg( p_access,
+-             "answer 0x06 flags:0x%8.8x media_length:%us packet_length:%lu packet_count:%u max_bit_rate:%d header_size:%d",
++             "answer 0x06 flags:0x%8.8"PRIx32" media_length:%"PRIu32"s packet_length:%zu packet_count:%"PRIu32" max_bit_rate:%d header_size:%zu",
+              p_sys->i_flags_broadcast,
+              p_sys->i_media_length,
+              p_sys->i_packet_length,
+@@ -749,12 +750,12 @@
+         if( p_sys->i_header >= p_sys->i_header_size )
+         {
+             msg_Dbg( p_access,
+-                     "header complete(%d)",
++                     "header complete(%zu)",
+                      p_sys->i_header );
+             break;
+         }
+         msg_Dbg( p_access,
+-                 "header incomplete (%d/%d), reading more",
++                 "header incomplete (%zu/%zu), reading more",
+                  p_sys->i_header,
+                  p_sys->i_header_size );
+     }
+@@ -1128,7 +1129,7 @@
+ 
+ static int  mms_ParseCommand( access_t *p_access,
+                               uint8_t *p_data,
+-                              int i_data,
++                              size_t i_data,
+                               int *pi_used )
+ {
+  #define GET32( i_pos ) \
+@@ -1137,7 +1138,7 @@
+       ( p_sys->p_cmd[i_pos + 3] << 24 ) )
+ 
+     access_sys_t        *p_sys = p_access->p_sys;
+-    int         i_length;
++    uint32_t    i_length;
+     uint32_t    i_id;
+ 
+     if( p_sys->p_cmd )
+@@ -1159,10 +1160,10 @@
+     i_id =  GetDWLE( p_data + 4 );
+     i_length = GetDWLE( p_data + 8 ) + 16;
+ 
+-    if( i_id != 0xb00bface )
++    if( i_id != 0xb00bface || i_length < 16 )
+     {
+         msg_Err( p_access,
+-                 "incorrect command header (0x%x)", i_id );
++                 "incorrect command header (0x%"PRIx32")", i_id );
+         p_sys->i_command = 0;
+         return -1;
+     }
+@@ -1170,8 +1171,8 @@
+     if( i_length > p_sys->i_cmd )
+     {
+         msg_Warn( p_access,
+-                  "truncated command (missing %d bytes)",
+-                   i_length - i_data  );
++                  "truncated command (missing %zu bytes)",
++                   (size_t)i_length - i_data  );
+         p_sys->i_command = 0;
+         return -1;
+     }
diff --git a/multimedia/vlc08/patches/patch-mmstu.h b/multimedia/vlc08/patches/patch-mmstu.h
new file mode 100644
index 00000000000..aa4d8ae9ed5
--- /dev/null
+++ b/multimedia/vlc08/patches/patch-mmstu.h
@@ -0,0 +1,31 @@
+$NetBSD: patch-mmstu.h,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* A signedness error leading to a stack-based buffer overflow in the
+mms_ReceiveCommand() function in modules/access/mms/mmstu.c
+(CVE-2008-3794).
+
+--- modules/access/mms/mmstu.h.orig	2008-07-08 21:59:23.000000000 +0100
++++ modules/access/mms/mmstu.h	2008-09-12 11:16:06.000000000 +0100
+@@ -62,10 +62,10 @@
+     int         i_packet_seq_num;
+ 
+     uint8_t     *p_cmd;     /* latest command read */
+-    int         i_cmd;      /* allocated at the begining */
++    size_t      i_cmd;      /* allocated at the begining */
+ 
+     uint8_t     *p_header;  /* allocated by mms_ReadPacket */
+-    int         i_header;
++    size_t      i_header;
+ 
+     uint8_t     *p_media;   /* allocated by mms_ReadPacket */
+     size_t      i_media;
+@@ -86,7 +86,7 @@
+     size_t      i_packet_length;
+     uint32_t    i_packet_count;
+     int         i_max_bit_rate;
+-    int         i_header_size;
++    size_t      i_header_size;
+ 
+     /* */
+     vlc_bool_t  b_seekable;
diff --git a/multimedia/vlc08/patches/patch-tta.c b/multimedia/vlc08/patches/patch-tta.c
new file mode 100644
index 00000000000..1923c02eb86
--- /dev/null
+++ b/multimedia/vlc08/patches/patch-tta.c
@@ -0,0 +1,145 @@
+$NetBSD: patch-tta.c,v 1.1 2008/09/12 14:47:39 sborrill Exp $
+
+Fix for:
+* An integer overflow leading to a heap-based buffer overflow in the
+Open() function in modules/demux/tta.c (CVE-2008-3732).
+
+--- modules/demux/tta.c.orig	2008-07-08 21:59:23.000000000 +0100
++++ modules/demux/tta.c	2008-09-12 11:16:11.000000000 +0100
+@@ -60,10 +60,10 @@
+     es_out_id_t *p_es;
+ 
+     /* */
+-    int      i_totalframes;
+-    int      i_currentframe;
++    uint32_t i_totalframes;
++    uint32_t i_currentframe;
+     uint32_t *pi_seektable;
+-    int      i_datalength;
++    uint32_t i_datalength;
+     int      i_framelength;
+ 
+     /* */
+@@ -81,10 +81,11 @@
+     es_format_t fmt;
+     uint8_t     *p_peek;
+     uint8_t     p_header[22];
+-    uint8_t     *p_seektable;
+-    int         i_seektable_size = 0, i;
++    uint8_t     *p_fullheader;
++    int         i_seektable_size = 0;
+     //char        psz_info[4096];
+     //module_t    *p_id3;
++    uint32_t    i;
+ 
+     if( stream_Peek( p_demux->s, &p_peek, 4 ) < 4 )
+         return VLC_EGENERIC;
+@@ -94,7 +95,7 @@
+         if( !p_demux->b_force ) return VLC_EGENERIC;
+ 
+         /* User forced */
+-        msg_Err( p_demux, "this doesn't look like a flac stream, "
++        msg_Err( p_demux, "this doesn't look like a true-audio stream, "
+                  "continuing anyway" );
+     }
+ 
+@@ -106,11 +107,22 @@
+     p_demux->pf_control = Control;
+     p_demux->p_sys = p_sys = malloc( sizeof( demux_sys_t ) );
+     
++    if( !p_sys )
++        return VLC_ENOMEM;
++
++    p_sys->pi_seektable = NULL;
++
+     /* Read the metadata */
+     es_format_Init( &fmt, AUDIO_ES, VLC_FOURCC( 'T', 'T', 'A', '1' ) );
+     fmt.audio.i_channels = GetWLE( &p_header[6] );
+     fmt.audio.i_bitspersample = GetWLE( &p_header[8] );
+     fmt.audio.i_rate = GetDWLE( &p_header[10] );
++    if( fmt.audio.i_rate == 0 || /* Avoid divide by 0 */
++        fmt.audio.i_rate > ( 1 << 20 ) /* Avoid i_framelength overflow */ )
++    {
++        msg_Warn( p_demux, "Wrong sample rate" );
++        goto error;
++    }
+ 
+     p_sys->i_datalength = GetDWLE( &p_header[14] );
+     p_sys->i_framelength = TTA_FRAMETIME * fmt.audio.i_rate;
+@@ -118,25 +130,36 @@
+     p_sys->i_totalframes = p_sys->i_datalength / p_sys->i_framelength + 
+                           ((p_sys->i_datalength % p_sys->i_framelength) ? 1 : 0);
+     p_sys->i_currentframe = 0;
++    if( p_sys->i_totalframes > (1 << 29))
++        goto error;
+ 
+     i_seektable_size = sizeof(uint32_t)*p_sys->i_totalframes;
+-    p_seektable = (uint8_t *)malloc( i_seektable_size );
+-    stream_Read( p_demux->s, p_seektable, i_seektable_size );
+-    p_sys->pi_seektable = (uint32_t *)malloc(i_seektable_size);
+ 
++    /* Store the header and Seektable for avcodec */
++    fmt.i_extra = 22 + i_seektable_size + 4;
++    fmt.p_extra = p_fullheader = malloc( fmt.i_extra );
++    if( !p_fullheader )
++        goto error;
++
++    memcpy( p_fullheader, p_header, 22 );
++    p_fullheader += 22;
++    if( stream_Read( p_demux->s, p_fullheader, i_seektable_size )
++             != i_seektable_size )
++        goto error;
++
++    p_sys->pi_seektable = calloc( p_sys->i_totalframes, sizeof(uint32_t) );
++    if( !p_sys->pi_seektable )
++        goto error;
+     for( i = 0; i < p_sys->i_totalframes; i++ )
+-        p_sys->pi_seektable[i] = GetDWLE( &p_seektable[i*4] );
+-
+-    stream_Read( p_demux->s, NULL, 4 ); /* CRC */
++    {
++        p_sys->pi_seektable[i] = GetDWLE( p_fullheader );
++        p_fullheader += 4;
++    }
+ 
+-    /* Store the header and Seektable for avcodec */
+-    fmt.i_extra = 22 + (p_sys->i_totalframes * 4) + 4;
+-    fmt.p_extra = malloc( fmt.i_extra );
+-    memcpy( fmt.p_extra, p_header, 22 );
+-    memcpy( fmt.p_extra+22, p_seektable, fmt.i_extra -22 );
++    stream_Read( p_demux->s, p_fullheader, 4 ); /* CRC */
++    p_fullheader += 4;
+ 
+     p_sys->p_es = es_out_Add( p_demux->out, &fmt );
+-    free( p_seektable );
+     p_sys->i_start = stream_Tell( p_demux->s );
+     
+ #if 0
+@@ -152,6 +175,10 @@
+         p_sys->p_meta = vlc_meta_New();
+ #endif
+     return VLC_SUCCESS;
++error:
++    es_format_Clean( &fmt );
++    Close( p_this );
++    return VLC_EGENERIC;
+ }
+ 
+ /*****************************************************************************
+@@ -162,6 +189,7 @@
+     demux_t        *p_demux = (demux_t*)p_this;
+     demux_sys_t    *p_sys = p_demux->p_sys;
+ 
++    free( p_sys->pi_seektable );
+     free( p_sys );
+ }
+ 
+@@ -221,7 +249,7 @@
+             if( i64 > 0 )
+             {
+                 int64_t tmp = 0;
+-                int     i;
++                uint32_t i;
+                 for( i=0; i < p_sys->i_totalframes && tmp+p_sys->pi_seektable[i] < i64; i++)
+                 {
+                     tmp += p_sys->pi_seektable[i];
author	sborrill <sborrill@pkgsrc.org>	2008-09-12 14:47:39 +0000
committer	sborrill <sborrill@pkgsrc.org>	2008-09-12 14:47:39 +0000
commit	ced90e26211db2e0b783966fc819f9b2751f62fe (patch)
tree	59a311a227af25064e6b684fb4db97a1600b85b0 /multimedia
parent	b67dcb0f656e9ab3d257542105c2c75f36347f8f (diff)
download	pkgsrc-ced90e26211db2e0b783966fc819f9b2751f62fe.tar.gz