diff options
author | snj <snj> | 2017-03-06 08:01:40 +0000 |
---|---|---|
committer | snj <snj> | 2017-03-06 08:01:40 +0000 |
commit | da881d0afe63bb9d01b907ef0f68e1ba0764944b (patch) | |
tree | 5b04af1e6e7ea96e98af69cd870ad09ff3fc4d19 /multimedia | |
parent | 062fd982129be9f84979f3baa87b55205a9882a0 (diff) | |
download | pkgsrc-da881d0afe63bb9d01b907ef0f68e1ba0764944b.tar.gz |
fix CVE-2017-5847. bump PKGREVISION.
Diffstat (limited to 'multimedia')
-rw-r--r-- | multimedia/gst-plugins1-ugly/Makefile | 3 | ||||
-rw-r--r-- | multimedia/gst-plugins1-ugly/distinfo | 3 | ||||
-rw-r--r-- | multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c | 36 |
3 files changed, 40 insertions, 2 deletions
diff --git a/multimedia/gst-plugins1-ugly/Makefile b/multimedia/gst-plugins1-ugly/Makefile index 37acfcb23a1..38c1ccd55d3 100644 --- a/multimedia/gst-plugins1-ugly/Makefile +++ b/multimedia/gst-plugins1-ugly/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2014/08/08 21:29:39 wiz Exp $ +# $NetBSD: Makefile,v 1.4 2017/03/06 08:01:40 snj Exp $ .include "Makefile.common" COMMENT+= Ugly plugins +PKGREVISION= 1 .include "../../mk/bsd.pkg.mk" diff --git a/multimedia/gst-plugins1-ugly/distinfo b/multimedia/gst-plugins1-ugly/distinfo index c19821b26d7..f8e344536dc 100644 --- a/multimedia/gst-plugins1-ugly/distinfo +++ b/multimedia/gst-plugins1-ugly/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.23 2017/02/03 15:28:40 maya Exp $ +$NetBSD: distinfo,v 1.24 2017/03/06 08:01:40 snj Exp $ SHA1 (gst-plugins-ugly-1.10.3.tar.xz) = 47a965570a9fc07d058e7ecb85e0026251129911 RMD160 (gst-plugins-ugly-1.10.3.tar.xz) = 12a45808c456ea543a1d993fdd310eb76c6414bf SHA512 (gst-plugins-ugly-1.10.3.tar.xz) = 56272eda1af3017d9b53a3a049c5446e97dbea0e45567b4d1626c6a210dba90d216c01707e2d49130da00d483dcbace642bfb88ebaa1a822ecd5475394b5d116 Size (gst-plugins-ugly-1.10.3.tar.xz) = 907352 bytes SHA1 (patch-configure) = 4bba5af550b211d45533ee001fb1bc77bcfa6213 +SHA1 (patch-gst_asfdemux_gstasfdemux.c) = 6ec643fbb59b27b87b2621a2b2aaff6a0c3939af diff --git a/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c b/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c new file mode 100644 index 00000000000..d05ba179da3 --- /dev/null +++ b/multimedia/gst-plugins1-ugly/patches/patch-gst_asfdemux_gstasfdemux.c @@ -0,0 +1,36 @@ +$NetBSD: patch-gst_asfdemux_gstasfdemux.c,v 1.1 2017/03/06 08:01:40 snj Exp $ + +CVE-2017-5847 + +https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37 + +--- gst/asfdemux/gstasfdemux.c.orig 2017-01-30 05:41:35.000000000 -0800 ++++ gst/asfdemux/gstasfdemux.c 2017-03-05 23:45:12.000000000 -0800 +@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc ( + break; + } + case ASF_DEMUX_DATA_TYPE_DWORD:{ +- guint uint_val = GST_READ_UINT32_LE (value); ++ guint uint_val; ++ ++ if (value_len < 4) ++ break; ++ ++ uint_val = GST_READ_UINT32_LE (value); + + /* this is the track number */ + g_value_init (&tag_value, G_TYPE_UINT); +@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc ( + } + /* Detect 3D */ + case ASF_DEMUX_DATA_TYPE_BOOL:{ +- gboolean bool_val = GST_READ_UINT32_LE (value); ++ gboolean bool_val; ++ ++ if (value_len < 4) ++ break; ++ ++ bool_val = GST_READ_UINT32_LE (value); + + if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) { + if (bool_val) { |