diff options
| author | drochner <drochner> | 2013-10-01 14:50:38 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2013-10-01 14:50:38 +0000 |
| commit | 3fdc0878fcc53142bf2bfc34cf411497483953eb (patch) | |
| tree | bccd6203344ba5299bc544011981c9f150123b12 /multimedia | |
| parent | b06dcfd3cf6f0a04af2222be477c94c41d80ed2e (diff) | |
| download | pkgsrc-3fdc0878fcc53142bf2bfc34cf411497483953eb.tar.gz | |
add patch from upstream to fix buffer overflow in the mp4a packetizer
(CVE-2013-4388)
bump PKGREV
Diffstat (limited to 'multimedia')
| -rw-r--r-- | multimedia/vlc2/Makefile | 4 | ||||
| -rw-r--r-- | multimedia/vlc2/distinfo | 3 | ||||
| -rw-r--r-- | multimedia/vlc2/patches/patch-CVE-2013-4388 | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/multimedia/vlc2/Makefile b/multimedia/vlc2/Makefile index 7fcbc98c131..0f3a93f01bc 100644 --- a/multimedia/vlc2/Makefile +++ b/multimedia/vlc2/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.39 2013/09/02 19:51:19 adam Exp $ +# $NetBSD: Makefile,v 1.40 2013/10/01 14:50:38 drochner Exp $ DISTNAME= vlc-${VLC_VERSION} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= multimedia MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=vlc/} \ http://download.videolan.org/pub/videolan/vlc/${VLC_VERSION}/ diff --git a/multimedia/vlc2/distinfo b/multimedia/vlc2/distinfo index 4e005ccb514..ce772977548 100644 --- a/multimedia/vlc2/distinfo +++ b/multimedia/vlc2/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.20 2013/08/23 12:45:50 drochner Exp $ +$NetBSD: distinfo,v 1.21 2013/10/01 14:50:38 drochner Exp $ SHA1 (vlc-2.0.8.tar.xz) = 8937ed30412bef49db77d2187a9e4734866f8ab7 RMD160 (vlc-2.0.8.tar.xz) = cd2483e4447b8bc4a91dbcf95ff1213244dcf40f Size (vlc-2.0.8.tar.xz) = 18858236 bytes +SHA1 (patch-CVE-2013-4388) = 19496eb8c81fd06adbc9d736e1ceafe55fa7c14d SHA1 (patch-aa) = 46003ac47b0b0ab97f481cbd755d48f624b0fa87 SHA1 (patch-ab) = 7833e9d1e023f53dd1125af5049eb9d74b733905 SHA1 (patch-ac) = 9cdb4bdad7f8e6a09e35b5a1142350d47d77f270 diff --git a/multimedia/vlc2/patches/patch-CVE-2013-4388 b/multimedia/vlc2/patches/patch-CVE-2013-4388 new file mode 100644 index 00000000000..8990f925508 --- /dev/null +++ b/multimedia/vlc2/patches/patch-CVE-2013-4388 @@ -0,0 +1,19 @@ +$NetBSD: patch-CVE-2013-4388,v 1.1 2013/10/01 14:50:38 drochner Exp $ + +upstream commit 9794ec1cd268c04c8bca13a5fae15df6594dff3e + +--- modules/packetizer/mpeg4audio.c.orig 2012-04-27 17:14:57.000000000 +0000 ++++ modules/packetizer/mpeg4audio.c +@@ -892,8 +892,11 @@ static int LOASParse( decoder_t *p_dec, + continue; + + /* FIXME that's slow (and a bit ugly to write in place) */ +- for( i = 0; i < pi_payload[i_program][i_layer]; i++ ) ++ for( i = 0; i < pi_payload[i_program][i_layer]; i++ ) { ++ if (i_accumulated >= i_buffer) ++ return 0; + p_buffer[i_accumulated++] = bs_read( &s, 8 ); ++ } + } + } + } |