diff options
author | tnn <tnn@pkgsrc.org> | 2008-03-26 02:32:17 +0000 |
---|---|---|
committer | tnn <tnn@pkgsrc.org> | 2008-03-26 02:32:17 +0000 |
commit | 1bb62b386aaa71214a3bbd92885ab3a63eaddc56 (patch) | |
tree | aad278df86cbecbbe79227cd93b16b0ccf756dc4 /multimedia | |
parent | 7e2fba260637aa26e7d0209f767a4ffc59ddabae (diff) | |
download | pkgsrc-1bb62b386aaa71214a3bbd92885ab3a63eaddc56.tar.gz |
Patch for CVE-2008-1489, mp4 buffer overflow. Bump rev.
Diffstat (limited to 'multimedia')
-rw-r--r-- | multimedia/vlc/Makefile | 4 | ||||
-rw-r--r-- | multimedia/vlc/distinfo | 3 | ||||
-rw-r--r-- | multimedia/vlc/patches/patch-ae | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index 38ac1ad0e21..f6eeb6da2b9 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.49 2008/02/28 16:18:53 kefren Exp $ +# $NetBSD: Makefile,v 1.50 2008/03/26 02:32:17 tnn Exp $ # DISTNAME= vlc-${VLC_VER} CATEGORIES= multimedia MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/ EXTRACT_SUFX= .tar.bz2 -PKGREVISION= 2 +PKGREVISION= 3 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.videolan.org/ diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo index 81224ce4920..8da4ca06eb7 100644 --- a/multimedia/vlc/distinfo +++ b/multimedia/vlc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.14 2008/02/28 16:18:53 kefren Exp $ +$NetBSD: distinfo,v 1.15 2008/03/26 02:32:17 tnn Exp $ SHA1 (vlc-0.8.6d.tar.bz2) = 63afd15cc782795c8d8f3de5edc614389465c577 RMD160 (vlc-0.8.6d.tar.bz2) = 16c1998dbc30ad96bebdd8792d135b5f7899166e @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671 SHA1 (patch-ac) = 54526feb8f88cd1f61e40abd62ed5f68ce6b934b SHA1 (patch-ad) = dd92aeabc8d21ebf4113558b9d63f7737add2d91 +SHA1 (patch-ae) = 6282c601bb7c1f6c5b55f57a02e965216bd38cd3 diff --git a/multimedia/vlc/patches/patch-ae b/multimedia/vlc/patches/patch-ae new file mode 100644 index 00000000000..b5e4b6d513c --- /dev/null +++ b/multimedia/vlc/patches/patch-ae @@ -0,0 +1,20 @@ +$NetBSD: patch-ae,v 1.3 2008/03/26 02:32:17 tnn Exp $ + +--- modules/demux/mp4/libmp4.c.orig 2007-11-26 14:08:01.000000000 +0100 ++++ modules/demux/mp4/libmp4.c +@@ -1959,10 +1959,14 @@ static int MP4_ReadBox_rdrf( stream_t *p + MP4_GETVERSIONFLAGS( p_box->data.p_rdrf ); + MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type ); + MP4_GET4BYTES( i_len ); ++ i_len++; ++ + if( i_len > 0 ) + { + uint32_t i; +- p_box->data.p_rdrf->psz_ref = malloc( i_len + 1); ++ p_box->data.p_rdrf->psz_ref = malloc( i_len ); ++ i_len--; ++ + for( i = 0; i < i_len; i++ ) + { + MP4_GET1BYTE( p_box->data.p_rdrf->psz_ref[i] ); |