diff options
author | drochner <drochner> | 2014-06-27 17:27:39 +0000 |
---|---|---|
committer | drochner <drochner> | 2014-06-27 17:27:39 +0000 |
commit | fcc823b8ccf1fe32c2aafaed64cd2ab1a7b0b8ee (patch) | |
tree | 56807463e46980acfc1a1cc4bb96a5f9685661f9 /multimedia | |
parent | 42c7c24bdc69c34434f700823f03f2c4a74d479f (diff) | |
download | pkgsrc-fcc823b8ccf1fe32c2aafaed64cd2ab1a7b0b8ee.tar.gz |
add patch from 1.2.7 to fix recent integer overflow, bump PKGREV
(update to 1.2.7 will be done after the freeze)
Diffstat (limited to 'multimedia')
-rw-r--r-- | multimedia/ffmpeg/Makefile | 4 | ||||
-rw-r--r-- | multimedia/ffmpeg/distinfo | 3 | ||||
-rw-r--r-- | multimedia/ffmpeg/patches/patch-CVE-2014-4610 | 47 |
3 files changed, 51 insertions, 3 deletions
diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index d6f5d100015..c9f065f7bd4 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.120 2014/04/10 05:39:14 obache Exp $ +# $NetBSD: Makefile,v 1.121 2014/06/27 17:27:39 drochner Exp $ PKGNAME= ffmpeg-20140305.${DISTVERSION} -PKGREVISION= 1 +PKGREVISION= 2 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://ffmpeg.mplayerhq.hu/ COMMENT= Decoding, encoding and streaming software diff --git a/multimedia/ffmpeg/distinfo b/multimedia/ffmpeg/distinfo index c61be12028e..89efe92e5c3 100644 --- a/multimedia/ffmpeg/distinfo +++ b/multimedia/ffmpeg/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.73 2014/03/11 10:25:22 adam Exp $ +$NetBSD: distinfo,v 1.74 2014/06/27 17:27:39 drochner Exp $ SHA1 (ffmpeg-1.2.6.tar.bz2) = b38c441bca3644027e2e2cfb3aef587ae43082d6 RMD160 (ffmpeg-1.2.6.tar.bz2) = 54fe18fc32b9d6893bd3aab9007373499646d643 Size (ffmpeg-1.2.6.tar.bz2) = 5970714 bytes +SHA1 (patch-CVE-2014-4610) = dc77f6f37760c0e34f730f241af1ba3ce72ef5b1 SHA1 (patch-aa) = 14006874aee07e7e41803269040f0ae0157d931d SHA1 (patch-ac) = ff8a7a5fdfd4987ef2835bd7360a78efd4310253 SHA1 (patch-ap) = ebbd0c169f228af37ae2dd54b27d5dba11a34c5e diff --git a/multimedia/ffmpeg/patches/patch-CVE-2014-4610 b/multimedia/ffmpeg/patches/patch-CVE-2014-4610 new file mode 100644 index 00000000000..52c670e0978 --- /dev/null +++ b/multimedia/ffmpeg/patches/patch-CVE-2014-4610 @@ -0,0 +1,47 @@ +$NetBSD: patch-CVE-2014-4610,v 1.1 2014/06/27 17:27:39 drochner Exp $ + +--- libavutil/lzo.c.orig 2014-06-27 16:32:34.000000000 +0000 ++++ libavutil/lzo.c +@@ -22,6 +22,7 @@ + #include <string.h> + + #include "avutil.h" ++#include "avassert.h" + #include "common.h" + #include "intreadwrite.h" + #include "lzo.h" +@@ -65,8 +66,13 @@ static inline int get_len(LZOContext *c, + { + int cnt = x & mask; + if (!cnt) { +- while (!(x = get_byte(c))) ++ while (!(x = get_byte(c))) { ++ if (cnt >= INT_MAX - 1000) { ++ c->error |= AV_LZO_ERROR; ++ break; ++ } + cnt += 255; ++ } + cnt += mask + x; + } + return cnt; +@@ -80,6 +86,7 @@ static inline void copy(LZOContext *c, i + { + register const uint8_t *src = c->in; + register uint8_t *dst = c->out; ++ av_assert0(cnt >= 0); + if (cnt > c->in_end - src) { + cnt = FFMAX(c->in_end - src, 0); + c->error |= AV_LZO_INPUT_DEPLETED; +@@ -110,9 +117,9 @@ static inline void copy(LZOContext *c, i + */ + static inline void copy_backptr(LZOContext *c, int back, int cnt) + { +- register const uint8_t *src = &c->out[-back]; + register uint8_t *dst = c->out; +- if (src < c->out_start || src > dst) { ++ av_assert0(cnt > 0); ++ if (dst - c->out_start < back) { + c->error |= AV_LZO_INVALID_BACKPTR; + return; + } |