Pullup ticket 3283 - requested by tron

security fixes

Revisions pulled up:
- pkgsrc/multimedia/gmplayer/Makefile		1.86
- pkgsrc/multimedia/gmplayer/distinfo		1.70
- pkgsrc/multimedia/mencoder/Makefile		1.50
- pkgsrc/multimedia/mplayer/Makefile		1.73
- pkgsrc/multimedia/mplayer-share/distinfo	1.68

Files added:
pkgsrc/multimedia/mplayer-share/patches/patch-ab

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Tue Nov 23 12:31:30 UTC 2010

   Modified Files:
           pkgsrc/multimedia/gmplayer: Makefile distinfo
           pkgsrc/multimedia/mencoder: Makefile
           pkgsrc/multimedia/mplayer: Makefile
           pkgsrc/multimedia/mplayer-share: distinfo
   Added Files:
           pkgsrc/multimedia/mplayer-share/patches: patch-ab

   Log Message:
   Add fix for the vulnerability reported in CVE-2010-3429 taken from
   MPlayer's GIT repository.


   To generate a diff of this commit:
   cvs rdiff -u -r1.85 -r1.86 pkgsrc/multimedia/gmplayer/Makefile
   cvs rdiff -u -r1.69 -r1.70 pkgsrc/multimedia/gmplayer/distinfo
   cvs rdiff -u -r1.49 -r1.50 pkgsrc/multimedia/mencoder/Makefile
   cvs rdiff -u -r1.72 -r1.73 pkgsrc/multimedia/mplayer/Makefile
   cvs rdiff -u -r1.67 -r1.68 pkgsrc/multimedia/mplayer-share/distinfo
   cvs rdiff -u -r0 -r1.10 pkgsrc/multimedia/mplayer-share/patches/patch-ab

6 files changed, 110 insertions, 5 deletions

diff --git a/multimedia/gmplayer/Makefile b/multimedia/gmplayer/Makefile
index 10a8073d266..2795b73d0d6 100644
--- a/multimedia/gmplayer/Makefile
+++ b/multimedia/gmplayer/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.84 2010/09/16 18:56:12 wiz Exp $
+# $NetBSD: Makefile,v 1.84.2.1 2010/11/24 20:34:23 spz Exp $
 
 #
 # NOTE: if you are updating both mplayer and gmplayer, you must ensure
@@ -9,6 +9,7 @@
 #
 
 PKGNAME=	gmplayer-${MPLAYER_VERSION}
+PKGREVISION=	2
 
 SKIN_SITES=	http://www1.mplayerhq.hu/MPlayer/skins/		\
 		http://www2.mplayerhq.hu/MPlayer/skins/		\
diff --git a/multimedia/gmplayer/distinfo b/multimedia/gmplayer/distinfo
index 06403348c59..80705ed0462 100644
--- a/multimedia/gmplayer/distinfo
+++ b/multimedia/gmplayer/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.69 2010/09/16 18:56:12 wiz Exp $
+$NetBSD: distinfo,v 1.69.2.1 2010/11/24 20:34:23 spz Exp $
 
 SHA1 (mplayer/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc
 RMD160 (mplayer/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998
@@ -64,6 +64,7 @@ SHA1 (mplayer/xine-lcd-1.2.tar.bz2) = 2fa7811e0dc7316d0c996b0a5bc37f5c97d1dd18
 RMD160 (mplayer/xine-lcd-1.2.tar.bz2) = 785f6826d49eddabd7ebc431db77139771f208f5
 Size (mplayer/xine-lcd-1.2.tar.bz2) = 172270 bytes
 SHA1 (patch-aa) = 8ee4f3d12500bcff8d06b1a3300bb821e4ffd8ba
+SHA1 (patch-ab) = 1a927d956155a7b9a2daa1a4f522e47d830c5af6
 SHA1 (patch-ac) = 3d037c96537233cdbda582afdb878dcf3f43e923
 SHA1 (patch-ae) = 7e1f05cd6e09f8755debfff7061dadf0a8ca3a3f
 SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2
diff --git a/multimedia/mencoder/Makefile b/multimedia/mencoder/Makefile
index 644b4764469..89d7e4f7387 100644
--- a/multimedia/mencoder/Makefile
+++ b/multimedia/mencoder/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2010/09/19 22:23:32 tron Exp $
+# $NetBSD: Makefile,v 1.49.2.1 2010/11/24 20:34:24 spz Exp $
 
 PKGNAME=	mencoder-${MPLAYER_VERSION}
+PKGREVISION=	1
 
 COMMENT=	Simple movie encoder for MPlayer-playable movies
 
diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo
index 8ba0f6056c6..fdf6185cd3c 100644
--- a/multimedia/mplayer-share/distinfo
+++ b/multimedia/mplayer-share/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.67 2010/09/16 18:56:12 wiz Exp $
+$NetBSD: distinfo,v 1.67.2.1 2010/11/24 20:34:24 spz Exp $
 
 SHA1 (mplayer/mplayer-20100913.tar.bz2) = 6fd3acb29fa8455636bcd86f9f333da4763daa6d
 RMD160 (mplayer/mplayer-20100913.tar.bz2) = 79085d4ebdb824fc34f7bc128070ef11e874897d
 Size (mplayer/mplayer-20100913.tar.bz2) = 9073690 bytes
 SHA1 (patch-aa) = 8ee4f3d12500bcff8d06b1a3300bb821e4ffd8ba
+SHA1 (patch-ab) = 1a927d956155a7b9a2daa1a4f522e47d830c5af6
 SHA1 (patch-ac) = 3d037c96537233cdbda582afdb878dcf3f43e923
 SHA1 (patch-ae) = 7e1f05cd6e09f8755debfff7061dadf0a8ca3a3f
 SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2
diff --git a/multimedia/mplayer-share/patches/patch-ab b/multimedia/mplayer-share/patches/patch-ab
new file mode 100644
index 00000000000..c8ece264e9d
--- /dev/null
+++ b/multimedia/mplayer-share/patches/patch-ab
@@ -0,0 +1,100 @@
+$NetBSD: patch-ab,v 1.10.2.2 2010/11/24 20:34:24 spz Exp $
+
+Fix for CVE-2010-3429 taken from here:
+
+http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b;hp=2abacdf610d598073838a7e72698b8421461aead
+
+--- libavcodec/flicvideo.c.orig	2010-04-20 15:45:34.000000000 +0100
++++ libavcodec/flicvideo.c	2010-11-23 12:14:07.000000000 +0000
+@@ -159,7 +159,7 @@
+     int pixel_skip;
+     int pixel_countdown;
+     unsigned char *pixels;
+-    int pixel_limit;
++    unsigned int pixel_limit;
+ 
+     s->frame.reference = 1;
+     s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
+@@ -253,10 +253,13 @@
+                     av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets);
+                 } else if ((line_packets & 0xC000) == 0x8000) {
+                     // "last byte" opcode
+-                    pixels[y_ptr + s->frame.linesize[0] - 1] = line_packets & 0xff;
++                    pixel_ptr= y_ptr + s->frame.linesize[0] - 1;
++                    CHECK_PIXEL_PTR(0);
++                    pixels[pixel_ptr] = line_packets & 0xff;
+                 } else {
+                     compressed_lines--;
+                     pixel_ptr = y_ptr;
++                    CHECK_PIXEL_PTR(0);
+                     pixel_countdown = s->avctx->width;
+                     for (i = 0; i < line_packets; i++) {
+                         /* account for the skip bytes */
+@@ -268,7 +271,7 @@
+                             byte_run = -byte_run;
+                             palette_idx1 = buf[stream_ptr++];
+                             palette_idx2 = buf[stream_ptr++];
+-                            CHECK_PIXEL_PTR(byte_run);
++                            CHECK_PIXEL_PTR(byte_run * 2);
+                             for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
+                                 pixels[pixel_ptr++] = palette_idx1;
+                                 pixels[pixel_ptr++] = palette_idx2;
+@@ -298,6 +301,7 @@
+             stream_ptr += 2;
+             while (compressed_lines > 0) {
+                 pixel_ptr = y_ptr;
++                CHECK_PIXEL_PTR(0);
+                 pixel_countdown = s->avctx->width;
+                 line_packets = buf[stream_ptr++];
+                 if (line_packets > 0) {
+@@ -453,7 +457,7 @@
+     int pixel_countdown;
+     unsigned char *pixels;
+     int pixel;
+-    int pixel_limit;
++    unsigned int pixel_limit;
+ 
+     s->frame.reference = 1;
+     s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
+@@ -503,6 +507,7 @@
+                 } else {
+                     compressed_lines--;
+                     pixel_ptr = y_ptr;
++                    CHECK_PIXEL_PTR(0);
+                     pixel_countdown = s->avctx->width;
+                     for (i = 0; i < line_packets; i++) {
+                         /* account for the skip bytes */
+@@ -514,13 +519,13 @@
+                             byte_run = -byte_run;
+                             pixel    = AV_RL16(&buf[stream_ptr]);
+                             stream_ptr += 2;
+-                            CHECK_PIXEL_PTR(byte_run);
++                            CHECK_PIXEL_PTR(2 * byte_run);
+                             for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
+                                 *((signed short*)(&pixels[pixel_ptr])) = pixel;
+                                 pixel_ptr += 2;
+                             }
+                         } else {
+-                            CHECK_PIXEL_PTR(byte_run);
++                            CHECK_PIXEL_PTR(2 * byte_run);
+                             for (j = 0; j < byte_run; j++, pixel_countdown--) {
+                                 *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
+                                 stream_ptr += 2;
+@@ -611,7 +616,7 @@
+                     if (byte_run > 0) {
+                         pixel    = AV_RL16(&buf[stream_ptr]);
+                         stream_ptr += 2;
+-                        CHECK_PIXEL_PTR(byte_run);
++                        CHECK_PIXEL_PTR(2 * byte_run);
+                         for (j = 0; j < byte_run; j++) {
+                             *((signed short*)(&pixels[pixel_ptr])) = pixel;
+                             pixel_ptr += 2;
+@@ -622,7 +627,7 @@
+                         }
+                     } else {  /* copy pixels if byte_run < 0 */
+                         byte_run = -byte_run;
+-                        CHECK_PIXEL_PTR(byte_run);
++                        CHECK_PIXEL_PTR(2 * byte_run);
+                         for (j = 0; j < byte_run; j++) {
+                             *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
+                             stream_ptr += 2;
diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile
index 771746c45c9..9561ff0053a 100644
--- a/multimedia/mplayer/Makefile
+++ b/multimedia/mplayer/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.72 2010/09/16 18:56:11 wiz Exp $
+# $NetBSD: Makefile,v 1.72.2.1 2010/11/24 20:34:24 spz Exp $
 
 PKGNAME=	mplayer-${MPLAYER_VERSION}
+PKGREVISION=	1
 
 COMMENT=	Fast, cross-platform movie player