From a62e3406ed621a2ebe11e42e4c17b0d4f67719f7 Mon Sep 17 00:00:00 2001
From: tron <tron@pkgsrc.org>
Date: Tue, 26 Apr 2005 12:48:34 +0000
Subject: Add patches to fix security vulnerability reported in XSA-2004-8.
 Bump package revision because of this change.

---
 multimedia/xine-lib/patches/patch-aj | 21 +++++++++++++++++++++
 multimedia/xine-lib/patches/patch-ak | 21 +++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 multimedia/xine-lib/patches/patch-aj
 create mode 100644 multimedia/xine-lib/patches/patch-ak

(limited to 'multimedia/xine-lib/patches')

diff --git a/multimedia/xine-lib/patches/patch-aj b/multimedia/xine-lib/patches/patch-aj
new file mode 100644
index 00000000000..62b62d561f5
--- /dev/null
+++ b/multimedia/xine-lib/patches/patch-aj
@@ -0,0 +1,21 @@
+$NetBSD: patch-aj,v 1.5 2005/04/26 12:48:35 tron Exp $
+
+--- src/input/mms.c	2005/01/18 23:25:34	1.55
++++ src/input/mms.c	2005/04/21 19:02:43	1.56
+@@ -583,9 +583,13 @@
+           lprintf ("stream object, stream id: %d, type: %d, encrypted: %d\n",
+                    stream_id, type, encrypted);
+           
+-          this->stream_types[stream_id] = type;
+-          this->stream_ids[this->num_stream_ids] = stream_id;
+-          this->num_stream_ids++;
++          if (this->num_stream_ids < ASF_MAX_NUM_STREAMS && stream_id < ASF_MAX_NUM_STREAMS) {
++            this->stream_types[stream_id] = type;
++            this->stream_ids[this->num_stream_ids] = stream_id;
++            this->num_stream_ids++;
++          } else {
++            lprintf ("too many streams, skipping\n");
++          }
+       
+         }
+         break;
diff --git a/multimedia/xine-lib/patches/patch-ak b/multimedia/xine-lib/patches/patch-ak
new file mode 100644
index 00000000000..b5d02e71fae
--- /dev/null
+++ b/multimedia/xine-lib/patches/patch-ak
@@ -0,0 +1,21 @@
+$NetBSD: patch-ak,v 1.3 2005/04/26 12:48:35 tron Exp $
+
+--- src/input/librtsp/rtsp.c	2004/07/25 17:13:54	1.18
++++ src/input/librtsp/rtsp.c	2005/04/16 07:10:51	1.19
+@@ -218,6 +218,7 @@
+   unsigned int answer_seq;
+   char **answer_ptr=s->answers;
+   int code;
++  int ans_count = 0;
+   
+   answer=rtsp_get(s);
+   if (!answer)
+@@ -268,7 +269,7 @@
+     }
+     *answer_ptr=answer;
+     answer_ptr++;
+-  } while (strlen(answer)!=0);
++  } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS));
+   
+   s->cseq++;
+   
-- 
cgit v1.2.3