diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-05-11 03:46:24 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-05-11 03:46:24 +0000 |
| commit | 634506bef23903dd1decb383d17f9c38854922e7 (patch) | |
| tree | 319951d0a442a84760ff9a5c05e855493492c29c /multimedia | |
| parent | c38d6a330e33f04a6b2410285a610e3a8ccb8a57 (diff) | |
| download | pkgsrc-634506bef23903dd1decb383d17f9c38854922e7.tar.gz | |
Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow in
the RealRTSP SDP code which can be exploited to execute arbitrary code
remotely.
Diffstat (limited to 'multimedia')
| -rw-r--r-- | multimedia/mplayer-share/distinfo | 3 | ||||
| -rw-r--r-- | multimedia/mplayer-share/patches/patch-al | 14 | ||||
| -rw-r--r-- | multimedia/mplayer/Makefile | 4 |
3 files changed, 18 insertions, 3 deletions
diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo index 404c0a377d1..c557d6c62dd 100644 --- a/multimedia/mplayer-share/distinfo +++ b/multimedia/mplayer-share/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.49 2008/04/14 06:55:47 joerg Exp $ +$NetBSD: distinfo,v 1.50 2008/05/11 03:46:24 tonnerre Exp $ SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52 @@ -14,6 +14,7 @@ SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b SHA1 (patch-ai) = ec79d6a1b0c2790ca826a91a48040c64632ac988 SHA1 (patch-aj) = 772d083dfa5eac789abfd5e925eeeba400bbc527 SHA1 (patch-ak) = 072b4391e5fde58f6b01bd43133f1d017fc14d58 +SHA1 (patch-al) = 9538b10cf5b3802381d7aabc798676b3cb9ef00d SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057 SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d diff --git a/multimedia/mplayer-share/patches/patch-al b/multimedia/mplayer-share/patches/patch-al new file mode 100644 index 00000000000..fa13b92065b --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-al @@ -0,0 +1,14 @@ +$NetBSD: patch-al,v 1.3 2008/05/11 03:46:24 tonnerre Exp $ + +--- stream/realrtsp/sdpplin.c.orig 2007-10-07 21:49:25.000000000 +0200 ++++ stream/realrtsp/sdpplin.c +@@ -330,7 +330,8 @@ sdpplin_t *sdpplin_parse(char *data) { + + if(filter(data,"a=StreamCount:integer;",&buf)) { + desc->stream_count=(unsigned int)atoi(buf); +- desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count); ++ desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*)); ++ if (!desc->stream) desc->stream_count = 0; + handled=1; + data=nl(data); + } diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile index e08259b838d..ff0bfdc3ad3 100644 --- a/multimedia/mplayer/Makefile +++ b/multimedia/mplayer/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.58 2008/04/28 14:32:11 drochner Exp $ +# $NetBSD: Makefile,v 1.59 2008/05/11 03:46:24 tonnerre Exp $ PKGNAME= mplayer-${MPLAYER_PKG_VERSION} -PKGREVISION= 6 +PKGREVISION= 7 COMMENT= Software-only MPEG-1/2/4 video decoder |