diff options
author | spz <spz@pkgsrc.org> | 2010-11-24 20:34:23 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2010-11-24 20:34:23 +0000 |
commit | 759c568ac5aaea092c17f10997d9b6bc99072ff8 (patch) | |
tree | db19b520426a7e88c4534feb52194f8543c242f5 /multimedia | |
parent | d3ca7bc3e6f69a73777bc74a866022f41abd54c8 (diff) | |
download | pkgsrc-759c568ac5aaea092c17f10997d9b6bc99072ff8.tar.gz |
Pullup ticket 3283 - requested by tron
security fixes
Revisions pulled up:
- pkgsrc/multimedia/gmplayer/Makefile 1.86
- pkgsrc/multimedia/gmplayer/distinfo 1.70
- pkgsrc/multimedia/mencoder/Makefile 1.50
- pkgsrc/multimedia/mplayer/Makefile 1.73
- pkgsrc/multimedia/mplayer-share/distinfo 1.68
Files added:
pkgsrc/multimedia/mplayer-share/patches/patch-ab
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 23 12:31:30 UTC 2010
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
pkgsrc/multimedia/mencoder: Makefile
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-ab
Log Message:
Add fix for the vulnerability reported in CVE-2010-3429 taken from
MPlayer's GIT repository.
To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.86 pkgsrc/multimedia/gmplayer/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/multimedia/gmplayer/distinfo
cvs rdiff -u -r1.49 -r1.50 pkgsrc/multimedia/mencoder/Makefile
cvs rdiff -u -r1.72 -r1.73 pkgsrc/multimedia/mplayer/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/multimedia/mplayer-share/distinfo
cvs rdiff -u -r0 -r1.10 pkgsrc/multimedia/mplayer-share/patches/patch-ab
Diffstat (limited to 'multimedia')
-rw-r--r-- | multimedia/gmplayer/Makefile | 3 | ||||
-rw-r--r-- | multimedia/gmplayer/distinfo | 3 | ||||
-rw-r--r-- | multimedia/mencoder/Makefile | 3 | ||||
-rw-r--r-- | multimedia/mplayer-share/distinfo | 3 | ||||
-rw-r--r-- | multimedia/mplayer-share/patches/patch-ab | 100 | ||||
-rw-r--r-- | multimedia/mplayer/Makefile | 3 |
6 files changed, 110 insertions, 5 deletions
diff --git a/multimedia/gmplayer/Makefile b/multimedia/gmplayer/Makefile index 10a8073d266..2795b73d0d6 100644 --- a/multimedia/gmplayer/Makefile +++ b/multimedia/gmplayer/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.84 2010/09/16 18:56:12 wiz Exp $ +# $NetBSD: Makefile,v 1.84.2.1 2010/11/24 20:34:23 spz Exp $ # # NOTE: if you are updating both mplayer and gmplayer, you must ensure @@ -9,6 +9,7 @@ # PKGNAME= gmplayer-${MPLAYER_VERSION} +PKGREVISION= 2 SKIN_SITES= http://www1.mplayerhq.hu/MPlayer/skins/ \ http://www2.mplayerhq.hu/MPlayer/skins/ \ diff --git a/multimedia/gmplayer/distinfo b/multimedia/gmplayer/distinfo index 06403348c59..80705ed0462 100644 --- a/multimedia/gmplayer/distinfo +++ b/multimedia/gmplayer/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.69 2010/09/16 18:56:12 wiz Exp $ +$NetBSD: distinfo,v 1.69.2.1 2010/11/24 20:34:23 spz Exp $ SHA1 (mplayer/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc RMD160 (mplayer/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998 @@ -64,6 +64,7 @@ SHA1 (mplayer/xine-lcd-1.2.tar.bz2) = 2fa7811e0dc7316d0c996b0a5bc37f5c97d1dd18 RMD160 (mplayer/xine-lcd-1.2.tar.bz2) = 785f6826d49eddabd7ebc431db77139771f208f5 Size (mplayer/xine-lcd-1.2.tar.bz2) = 172270 bytes SHA1 (patch-aa) = 8ee4f3d12500bcff8d06b1a3300bb821e4ffd8ba +SHA1 (patch-ab) = 1a927d956155a7b9a2daa1a4f522e47d830c5af6 SHA1 (patch-ac) = 3d037c96537233cdbda582afdb878dcf3f43e923 SHA1 (patch-ae) = 7e1f05cd6e09f8755debfff7061dadf0a8ca3a3f SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2 diff --git a/multimedia/mencoder/Makefile b/multimedia/mencoder/Makefile index 644b4764469..89d7e4f7387 100644 --- a/multimedia/mencoder/Makefile +++ b/multimedia/mencoder/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.49 2010/09/19 22:23:32 tron Exp $ +# $NetBSD: Makefile,v 1.49.2.1 2010/11/24 20:34:24 spz Exp $ PKGNAME= mencoder-${MPLAYER_VERSION} +PKGREVISION= 1 COMMENT= Simple movie encoder for MPlayer-playable movies diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo index 8ba0f6056c6..fdf6185cd3c 100644 --- a/multimedia/mplayer-share/distinfo +++ b/multimedia/mplayer-share/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.67 2010/09/16 18:56:12 wiz Exp $ +$NetBSD: distinfo,v 1.67.2.1 2010/11/24 20:34:24 spz Exp $ SHA1 (mplayer/mplayer-20100913.tar.bz2) = 6fd3acb29fa8455636bcd86f9f333da4763daa6d RMD160 (mplayer/mplayer-20100913.tar.bz2) = 79085d4ebdb824fc34f7bc128070ef11e874897d Size (mplayer/mplayer-20100913.tar.bz2) = 9073690 bytes SHA1 (patch-aa) = 8ee4f3d12500bcff8d06b1a3300bb821e4ffd8ba +SHA1 (patch-ab) = 1a927d956155a7b9a2daa1a4f522e47d830c5af6 SHA1 (patch-ac) = 3d037c96537233cdbda582afdb878dcf3f43e923 SHA1 (patch-ae) = 7e1f05cd6e09f8755debfff7061dadf0a8ca3a3f SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2 diff --git a/multimedia/mplayer-share/patches/patch-ab b/multimedia/mplayer-share/patches/patch-ab new file mode 100644 index 00000000000..c8ece264e9d --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-ab @@ -0,0 +1,100 @@ +$NetBSD: patch-ab,v 1.10.2.2 2010/11/24 20:34:24 spz Exp $ + +Fix for CVE-2010-3429 taken from here: + +http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b;hp=2abacdf610d598073838a7e72698b8421461aead + +--- libavcodec/flicvideo.c.orig 2010-04-20 15:45:34.000000000 +0100 ++++ libavcodec/flicvideo.c 2010-11-23 12:14:07.000000000 +0000 +@@ -159,7 +159,7 @@ + int pixel_skip; + int pixel_countdown; + unsigned char *pixels; +- int pixel_limit; ++ unsigned int pixel_limit; + + s->frame.reference = 1; + s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; +@@ -253,10 +253,13 @@ + av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets); + } else if ((line_packets & 0xC000) == 0x8000) { + // "last byte" opcode +- pixels[y_ptr + s->frame.linesize[0] - 1] = line_packets & 0xff; ++ pixel_ptr= y_ptr + s->frame.linesize[0] - 1; ++ CHECK_PIXEL_PTR(0); ++ pixels[pixel_ptr] = line_packets & 0xff; + } else { + compressed_lines--; + pixel_ptr = y_ptr; ++ CHECK_PIXEL_PTR(0); + pixel_countdown = s->avctx->width; + for (i = 0; i < line_packets; i++) { + /* account for the skip bytes */ +@@ -268,7 +271,7 @@ + byte_run = -byte_run; + palette_idx1 = buf[stream_ptr++]; + palette_idx2 = buf[stream_ptr++]; +- CHECK_PIXEL_PTR(byte_run); ++ CHECK_PIXEL_PTR(byte_run * 2); + for (j = 0; j < byte_run; j++, pixel_countdown -= 2) { + pixels[pixel_ptr++] = palette_idx1; + pixels[pixel_ptr++] = palette_idx2; +@@ -298,6 +301,7 @@ + stream_ptr += 2; + while (compressed_lines > 0) { + pixel_ptr = y_ptr; ++ CHECK_PIXEL_PTR(0); + pixel_countdown = s->avctx->width; + line_packets = buf[stream_ptr++]; + if (line_packets > 0) { +@@ -453,7 +457,7 @@ + int pixel_countdown; + unsigned char *pixels; + int pixel; +- int pixel_limit; ++ unsigned int pixel_limit; + + s->frame.reference = 1; + s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; +@@ -503,6 +507,7 @@ + } else { + compressed_lines--; + pixel_ptr = y_ptr; ++ CHECK_PIXEL_PTR(0); + pixel_countdown = s->avctx->width; + for (i = 0; i < line_packets; i++) { + /* account for the skip bytes */ +@@ -514,13 +519,13 @@ + byte_run = -byte_run; + pixel = AV_RL16(&buf[stream_ptr]); + stream_ptr += 2; +- CHECK_PIXEL_PTR(byte_run); ++ CHECK_PIXEL_PTR(2 * byte_run); + for (j = 0; j < byte_run; j++, pixel_countdown -= 2) { + *((signed short*)(&pixels[pixel_ptr])) = pixel; + pixel_ptr += 2; + } + } else { +- CHECK_PIXEL_PTR(byte_run); ++ CHECK_PIXEL_PTR(2 * byte_run); + for (j = 0; j < byte_run; j++, pixel_countdown--) { + *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); + stream_ptr += 2; +@@ -611,7 +616,7 @@ + if (byte_run > 0) { + pixel = AV_RL16(&buf[stream_ptr]); + stream_ptr += 2; +- CHECK_PIXEL_PTR(byte_run); ++ CHECK_PIXEL_PTR(2 * byte_run); + for (j = 0; j < byte_run; j++) { + *((signed short*)(&pixels[pixel_ptr])) = pixel; + pixel_ptr += 2; +@@ -622,7 +627,7 @@ + } + } else { /* copy pixels if byte_run < 0 */ + byte_run = -byte_run; +- CHECK_PIXEL_PTR(byte_run); ++ CHECK_PIXEL_PTR(2 * byte_run); + for (j = 0; j < byte_run; j++) { + *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); + stream_ptr += 2; diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile index 771746c45c9..9561ff0053a 100644 --- a/multimedia/mplayer/Makefile +++ b/multimedia/mplayer/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.72 2010/09/16 18:56:11 wiz Exp $ +# $NetBSD: Makefile,v 1.72.2.1 2010/11/24 20:34:24 spz Exp $ PKGNAME= mplayer-${MPLAYER_VERSION} +PKGREVISION= 1 COMMENT= Fast, cross-platform movie player |