diff options
| author | drochner <drochner@pkgsrc.org> | 2011-07-18 17:06:42 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2011-07-18 17:06:42 +0000 |
| commit | 4f0f038eb9a0108ec3ca158ec1b7faffb1194934 (patch) | |
| tree | d70525841d99e4bf52bfc56aa4fb10f4a040df7b /multimedia | |
| parent | 54fc631051b0fbf3b9363aa1c8cbd9b756d57373 (diff) | |
| download | pkgsrc-4f0f038eb9a0108ec3ca158ec1b7faffb1194934.tar.gz | |
add patches from upstream to plug 2 security problems:
-heap overflow in the AVI file parser (CVE-2011-2588)
-heap overflow in the Real Media file parser (CVE-2011-2587)
bump PKGREV
Diffstat (limited to 'multimedia')
| -rw-r--r-- | multimedia/vlc/Makefile | 3 | ||||
| -rw-r--r-- | multimedia/vlc/distinfo | 4 | ||||
| -rw-r--r-- | multimedia/vlc/patches/patch-au | 25 | ||||
| -rw-r--r-- | multimedia/vlc/patches/patch-av | 24 |
4 files changed, 54 insertions, 2 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index a704d73b957..81b504e47a2 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.112 2011/06/07 13:59:17 drochner Exp $ +# $NetBSD: Makefile,v 1.113 2011/07/18 17:06:42 drochner Exp $ # DISTNAME= vlc-${VLC_VERSION} +PKGREVISION= 1 CATEGORIES= multimedia MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=vlc/} \ http://download.videolan.org/pub/videolan/vlc/${VLC_VERSION}/ diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo index 440a889d8c7..380b07b17af 100644 --- a/multimedia/vlc/distinfo +++ b/multimedia/vlc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.45 2011/06/07 13:59:17 drochner Exp $ +$NetBSD: distinfo,v 1.46 2011/07/18 17:06:42 drochner Exp $ SHA1 (vlc-1.1.10.tar.bz2) = 6c7b3fefb2ad1e2ab53d17eabf509a318b76ef03 RMD160 (vlc-1.1.10.tar.bz2) = 8a4b32bceb2eb3d9a3a062477f772a53098cad0b @@ -9,4 +9,6 @@ SHA1 (patch-ap) = 423b571ca8a1b740812aea021e331912ba34c868 SHA1 (patch-ar) = 25d22167cef8b8fa2a07ef633de196726eb354d2 SHA1 (patch-as) = b53b074b2791d7bf69d5f09c7c32d873608f3086 SHA1 (patch-at) = 5761ec0809d2b03511666ae81f7b4ae01b6f5930 +SHA1 (patch-au) = 551dd7d84e3e74a95891a708330af8a9e315c4d8 +SHA1 (patch-av) = 892a0e260e594d0ec736f79b1e0e037d6c1a9685 SHA1 (patch-configure) = 83f476cc71d795a69f787713a04471e078c0ec52 diff --git a/multimedia/vlc/patches/patch-au b/multimedia/vlc/patches/patch-au new file mode 100644 index 00000000000..b853199fac2 --- /dev/null +++ b/multimedia/vlc/patches/patch-au @@ -0,0 +1,25 @@ +$NetBSD: patch-au,v 1.7 2011/07/18 17:06:43 drochner Exp $ + +CVE-2011-2588 + +--- modules/demux/avi/libavi.c.orig 2011-05-06 15:41:42.000000000 +0000 ++++ modules/demux/avi/libavi.c +@@ -386,7 +386,8 @@ static int AVI_ChunkRead_strf( stream_t + case( AVIFOURCC_vids ): + p_strh->strh.i_samplesize = 0; /* XXX for ffmpeg avi file */ + p_chk->strf.vids.i_cat = VIDEO_ES; +- p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); ++ p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size, ++ sizeof( *p_chk->strf.vids.p_bih ) ) ); + AVI_READ4BYTES( p_chk->strf.vids.p_bih->biSize ); + AVI_READ4BYTES( p_chk->strf.vids.p_bih->biWidth ); + AVI_READ4BYTES( p_chk->strf.vids.p_bih->biHeight ); +@@ -402,7 +403,7 @@ static int AVI_ChunkRead_strf( stream_t + { + p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; + } +- if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) ++ if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) + { + memcpy( &p_chk->strf.vids.p_bih[1], + p_buff + 8 + sizeof(BITMAPINFOHEADER), /* 8=fourrc+size */ diff --git a/multimedia/vlc/patches/patch-av b/multimedia/vlc/patches/patch-av new file mode 100644 index 00000000000..42f62bf48d0 --- /dev/null +++ b/multimedia/vlc/patches/patch-av @@ -0,0 +1,24 @@ +$NetBSD: patch-av,v 1.3 2011/07/18 17:06:43 drochner Exp $ + +CVE-2011-2587 + +--- modules/demux/real.c.orig 2010-12-29 21:38:25.000000000 +0000 ++++ modules/demux/real.c +@@ -841,7 +841,8 @@ static void DemuxAudioSipr( demux_t *p_d + demux_sys_t *p_sys = p_demux->p_sys; + block_t *p_block = tk->p_sipr_packet; + +- if( p_sys->i_buffer < tk->i_frame_size ) ++ if( p_sys->i_buffer < tk->i_frame_size ++ || tk->i_sipr_subpacket_count >= tk->i_subpacket_h ) + return; + + if( !p_block ) +@@ -851,7 +852,6 @@ static void DemuxAudioSipr( demux_t *p_d + return; + tk->p_sipr_packet = p_block; + } +- + memcpy( p_block->p_buffer + tk->i_sipr_subpacket_count * tk->i_frame_size, + p_sys->buffer, tk->i_frame_size ); + if (!tk->i_sipr_subpacket_count) |