diff options
| author | tron <tron> | 2008-12-15 15:37:58 +0000 |
|---|---|---|
| committer | tron <tron> | 2008-12-15 15:37:58 +0000 |
| commit | 8d0c6c344f8a17570a22ac3c3ffe039d2b7031cf (patch) | |
| tree | 187d6a36c52b0868c79aa8875dd91efe650d1992 /multimedia | |
| parent | 72aba096fe871c1a18c4938362fd63bc392529eb (diff) | |
| download | pkgsrc-8d0c6c344f8a17570a22ac3c3ffe039d2b7031cf.tar.gz | |
Add security patch from MPlayer SVN repository to fix a buffer overflow
in the TwinVQ media file decoder.
Diffstat (limited to 'multimedia')
| -rw-r--r-- | multimedia/gmplayer/Makefile | 4 | ||||
| -rw-r--r-- | multimedia/gmplayer/distinfo | 3 | ||||
| -rw-r--r-- | multimedia/mencoder/Makefile | 4 | ||||
| -rw-r--r-- | multimedia/mplayer-share/distinfo | 3 | ||||
| -rw-r--r-- | multimedia/mplayer-share/patches/patch-ca | 61 | ||||
| -rw-r--r-- | multimedia/mplayer/Makefile | 4 |
6 files changed, 71 insertions, 8 deletions
diff --git a/multimedia/gmplayer/Makefile b/multimedia/gmplayer/Makefile index 87f1046b3c0..3ef5d1209e4 100644 --- a/multimedia/gmplayer/Makefile +++ b/multimedia/gmplayer/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.72 2008/10/20 07:40:00 wiz Exp $ +# $NetBSD: Makefile,v 1.73 2008/12/15 15:37:58 tron Exp $ # # NOTE: if you are updating both mplayer and gmplayer, you must ensure @@ -9,7 +9,7 @@ # PKGNAME= gmplayer-${MPLAYER_PKG_VERSION} -PKGREVISION= 7 +PKGREVISION= 8 BROKEN_IN= pkgsrc-2006Q4 diff --git a/multimedia/gmplayer/distinfo b/multimedia/gmplayer/distinfo index 1d1ced4b5a4..4e191aa3fac 100644 --- a/multimedia/gmplayer/distinfo +++ b/multimedia/gmplayer/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.58 2008/10/20 07:40:00 wiz Exp $ +$NetBSD: distinfo,v 1.59 2008/12/15 15:37:58 tron Exp $ SHA1 (gmplayer-1.0rc10-20060123/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc RMD160 (gmplayer-1.0rc10-20060123/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998 @@ -81,6 +81,7 @@ SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057 SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d SHA1 (patch-bd) = 9132118a143758b6c9e9dffb713f7dadd29ce3c3 +SHA1 (patch-ca) = 68603a92b3dd8c7a33e6bc982f8ced1219fa419d SHA1 (patch-tc) = 89f802ff0ebfc14d6f2a4b17177915f66c9f9038 SHA1 (patch-va) = db69c373e78048924c536055c68c7de0feabc623 SHA1 (patch-vb) = 28b1dd82fb61a4fc0be4a4f4599f75823cae5f11 diff --git a/multimedia/mencoder/Makefile b/multimedia/mencoder/Makefile index e97f609e9b8..02fd829b11f 100644 --- a/multimedia/mencoder/Makefile +++ b/multimedia/mencoder/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.40 2008/10/20 07:40:00 wiz Exp $ +# $NetBSD: Makefile,v 1.41 2008/12/15 15:37:58 tron Exp $ PKGNAME= mencoder-${MPLAYER_PKG_VERSION} -PKGREVISION= 4 +PKGREVISION= 5 COMMENT= Simple movie encoder for MPlayer-playable movies diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo index b1b0b767ad0..e69e70e5b1f 100644 --- a/multimedia/mplayer-share/distinfo +++ b/multimedia/mplayer-share/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.55 2008/10/20 07:40:00 wiz Exp $ +$NetBSD: distinfo,v 1.56 2008/12/15 15:37:58 tron Exp $ SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52 @@ -21,6 +21,7 @@ SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057 SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d SHA1 (patch-bd) = 9132118a143758b6c9e9dffb713f7dadd29ce3c3 +SHA1 (patch-ca) = 68603a92b3dd8c7a33e6bc982f8ced1219fa419d SHA1 (patch-tc) = 89f802ff0ebfc14d6f2a4b17177915f66c9f9038 SHA1 (patch-va) = db69c373e78048924c536055c68c7de0feabc623 SHA1 (patch-vb) = 28b1dd82fb61a4fc0be4a4f4599f75823cae5f11 diff --git a/multimedia/mplayer-share/patches/patch-ca b/multimedia/mplayer-share/patches/patch-ca new file mode 100644 index 00000000000..9822526a14d --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-ca @@ -0,0 +1,61 @@ +$NetBSD: patch-ca,v 1.1 2008/12/15 15:37:58 tron Exp $ + +Security fix for vulnerability reported in TKADV2008-014 taken from: + +http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=patch&r1=24723&r2=28150&pathrev=28150 + +--- libmpdemux/demux_vqf.c.orig 2007-10-07 20:49:33.000000000 +0100 ++++ libmpdemux/demux_vqf.c 2008-12-15 14:29:58.000000000 +0000 +@@ -50,11 +50,14 @@ + unsigned chunk_size; + hi->size=chunk_size=stream_read_dword(s); /* include itself */ + stream_read(s,chunk_id,4); ++ if (chunk_size < 8) return NULL; ++ chunk_size -= 8; + if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M')) + { +- char buf[chunk_size-8]; ++ char buf[BUFSIZ]; + unsigned i,subchunk_size; +- if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL; ++ if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL; ++ if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL; + i=0; + subchunk_size=be2me_32(*((uint32_t *)&buf[0])); + hi->channelMode=be2me_32(*((uint32_t *)&buf[4])); +@@ -83,13 +86,15 @@ + sh_audio->samplesize = 4; + w->wBitsPerSample = 8*sh_audio->samplesize; + w->cbSize = 0; ++ if (subchunk_size > chunk_size - 4) continue; + i+=subchunk_size+4; +- while(i<chunk_size-8) ++ while(i + 8 < chunk_size) + { + unsigned slen,sid; +- char sdata[chunk_size]; ++ char sdata[BUFSIZ]; + sid=*((uint32_t *)&buf[i]); i+=4; + slen=be2me_32(*((uint32_t *)&buf[i])); i+=4; ++ if (slen > sizeof(sdata) - 1 || slen > chunk_size - i) break; + if(sid==mmioFOURCC('D','S','I','Z')) + { + hi->Dsiz=be2me_32(*((uint32_t *)&buf[i])); +@@ -141,7 +146,7 @@ + if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A')) + { + demuxer->movi_start=stream_tell(s); +- demuxer->movi_end=demuxer->movi_start+chunk_size-8; ++ demuxer->movi_end=demuxer->movi_start+chunk_size; + mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end); + /* Done! play it */ + break; +@@ -149,7 +154,7 @@ + else + { + mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size); +- stream_skip(s,chunk_size-8); /*unknown chunk type */ ++ stream_skip(s,chunk_size); /*unknown chunk type */ + } + } + diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile index 40c5a971c43..be28adaa2f3 100644 --- a/multimedia/mplayer/Makefile +++ b/multimedia/mplayer/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.62 2008/10/20 07:40:00 wiz Exp $ +# $NetBSD: Makefile,v 1.63 2008/12/15 15:37:58 tron Exp $ PKGNAME= mplayer-${MPLAYER_PKG_VERSION} -PKGREVISION= 9 +PKGREVISION= 10 COMMENT= Software-only MPEG-1/2/4 video decoder |