From 2d8e2d5ffbd45fa29c28201da81f460837227026 Mon Sep 17 00:00:00 2001 From: drochner Date: Fri, 1 Feb 2008 20:35:09 +0000 Subject: update to 1.1.10 changes: This release contains a security fix (remotely-expoitable buffer overflow, CVE-2006-1664). (This is not the first time that that bug has been fixed?) It also fixes a few more recent bugs, such as the audio output problems in 1.1.9. (The fix for CVE-2008-0225 which we had patches for was included upstream too.) --- multimedia/xine-lib/Makefile.common | 4 +- multimedia/xine-lib/distinfo | 11 +-- multimedia/xine-lib/patches/patch-ga | 164 ----------------------------------- multimedia/xine-lib/patches/patch-gb | 26 ------ multimedia/xine-lib/patches/patch-gc | 24 ----- 5 files changed, 6 insertions(+), 223 deletions(-) delete mode 100644 multimedia/xine-lib/patches/patch-ga delete mode 100644 multimedia/xine-lib/patches/patch-gb delete mode 100644 multimedia/xine-lib/patches/patch-gc (limited to 'multimedia/xine-lib') diff --git a/multimedia/xine-lib/Makefile.common b/multimedia/xine-lib/Makefile.common index 6ec590f54b7..389769eb318 100644 --- a/multimedia/xine-lib/Makefile.common +++ b/multimedia/xine-lib/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.43 2008/01/11 16:05:27 drochner Exp $ +# $NetBSD: Makefile.common,v 1.44 2008/02/01 20:35:09 drochner Exp $ # DISTNAME= xine-lib-${XINE_LIB_VER} @@ -11,7 +11,7 @@ EXTRACT_SUFX= .tar.bz2 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://xinehq.de/ -XINE_LIB_VER= 1.1.9 +XINE_LIB_VER= 1.1.10 PLIST_SUBST+= XINE_LIB_VER=${XINE_LIB_VER:Q} DISTINFO_FILE= ${.CURDIR}/../../multimedia/xine-lib/distinfo diff --git a/multimedia/xine-lib/distinfo b/multimedia/xine-lib/distinfo index 8a15b42b7a5..ea7f35546af 100644 --- a/multimedia/xine-lib/distinfo +++ b/multimedia/xine-lib/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.49 2008/01/11 16:05:27 drochner Exp $ +$NetBSD: distinfo,v 1.50 2008/02/01 20:35:10 drochner Exp $ -SHA1 (xine-lib-1.1.9.tar.bz2) = f9e36b6cc69f76fed3b95de8a29ef2255770aa33 -RMD160 (xine-lib-1.1.9.tar.bz2) = 179dc66d13f5f1dcdf134ac82ed71b905c7332e8 -Size (xine-lib-1.1.9.tar.bz2) = 7391259 bytes +SHA1 (xine-lib-1.1.10.tar.bz2) = a1b3c9d1aa707f4354403401902a6967cbbde8d1 +RMD160 (xine-lib-1.1.10.tar.bz2) = 4ea58dbdd103364614afd45d8215e53772fe6251 +Size (xine-lib-1.1.10.tar.bz2) = 7392937 bytes SHA1 (patch-aa) = e09d34a121080b03bc67b2d8a3ca27463b771acc SHA1 (patch-ab) = ef13b60c2bea54f354acf1b2d70c04594dac36c9 SHA1 (patch-ad) = 94aaac03f74c72a1ca753d1320aac07d1bb8a846 @@ -30,6 +30,3 @@ SHA1 (patch-dc) = 11c4212029e67f22796e57706b42400a0dbcac3a SHA1 (patch-eb) = b65e2c7c30fc04115d55da1ce1f6f65216ac1d23 SHA1 (patch-ee) = 49efc9d722f2141e88106d87414586ab80e4f5a9 SHA1 (patch-fa) = a69fe09588596bfc3d74fad29e5a1aeeeead4dfd -SHA1 (patch-ga) = 3f987a5660e48e86d0edab3ab15436227282eed1 -SHA1 (patch-gb) = 8d104ac33a7f8dbd47ff4f132b4360788efa29b8 -SHA1 (patch-gc) = 876e9c319d8ff01c57267c90f3f1b8c55a3fb766 diff --git a/multimedia/xine-lib/patches/patch-ga b/multimedia/xine-lib/patches/patch-ga deleted file mode 100644 index 57ce3b080ac..00000000000 --- a/multimedia/xine-lib/patches/patch-ga +++ /dev/null @@ -1,164 +0,0 @@ -$NetBSD: patch-ga,v 1.1 2008/01/11 16:05:28 drochner Exp $ - ---- src/input/libreal/rmff.c.orig 2008-01-01 14:30:08.000000000 +0100 -+++ src/input/libreal/rmff.c -@@ -35,9 +35,14 @@ - * writes header data to a buffer - */ - --static void rmff_dump_fileheader(rmff_fileheader_t *fileheader, char *buffer) { -+static int rmff_dump_fileheader(rmff_fileheader_t *fileheader, uint8_t *buffer, -+int bufsize) { -+ -+ if (!fileheader) return 0; -+ -+ if (bufsize < RMFF_FILEHEADER_SIZE) -+ return -1; - -- if (!fileheader) return; - fileheader->object_id=_X_BE_32(&fileheader->object_id); - fileheader->size=_X_BE_32(&fileheader->size); - fileheader->object_version=_X_BE_16(&fileheader->object_version); -@@ -53,11 +58,17 @@ static void rmff_dump_fileheader(rmff_fi - fileheader->file_version=_X_BE_32(&fileheader->file_version); - fileheader->num_headers=_X_BE_32(&fileheader->num_headers); - fileheader->object_id=_X_BE_32(&fileheader->object_id); -+ -+ return RMFF_FILEHEADER_SIZE; - } - --static void rmff_dump_prop(rmff_prop_t *prop, char *buffer) { -+static int rmff_dump_prop(rmff_prop_t *prop, uint8_t *buffer, int bufsize) { -+ -+ if (!prop) return 0; -+ -+ if (bufsize < RMFF_PROPHEADER_SIZE) -+ return -1; - -- if (!prop) return; - prop->object_id=_X_BE_32(&prop->object_id); - prop->size=_X_BE_32(&prop->size); - prop->object_version=_X_BE_16(&prop->object_version); -@@ -93,13 +104,20 @@ static void rmff_dump_prop(rmff_prop_t * - prop->num_streams=_X_BE_16(&prop->num_streams); - prop->flags=_X_BE_16(&prop->flags); - prop->object_id=_X_BE_32(&prop->object_id); -+ -+ return RMFF_PROPHEADER_SIZE; - } - --static void rmff_dump_mdpr(rmff_mdpr_t *mdpr, char *buffer) { -+static int rmff_dump_mdpr(rmff_mdpr_t *mdpr, uint8_t *buffer, int bufsize) { - - int s1, s2, s3; - -- if (!mdpr) return; -+ if (!mdpr) return 0; -+ -+ if (bufsize < RMFF_MDPRHEADER_SIZE + mdpr->type_specific_len + -+ mdpr->stream_name_size + mdpr->mime_type_size) -+ return -1; -+ - mdpr->object_id=_X_BE_32(&mdpr->object_id); - mdpr->size=_X_BE_32(&mdpr->size); - mdpr->object_version=_X_BE_16(&mdpr->object_version); -@@ -141,13 +159,19 @@ static void rmff_dump_mdpr(rmff_mdpr_t * - mdpr->duration=_X_BE_32(&mdpr->duration); - mdpr->object_id=_X_BE_32(&mdpr->object_id); - -+ return RMFF_MDPRHEADER_SIZE + s1 + s2 + s3; - } - --static void rmff_dump_cont(rmff_cont_t *cont, char *buffer) { -+static int rmff_dump_cont(rmff_cont_t *cont, uint8_t *buffer, int bufsize) { - - int p; - -- if (!cont) return; -+ if (!cont) return 0; -+ -+ if (bufsize < RMFF_CONTHEADER_SIZE + cont->title_len + cont->author_len + -+ cont->copyright_len + cont->comment_len) -+ return -1; -+ - cont->object_id=_X_BE_32(&cont->object_id); - cont->size=_X_BE_32(&cont->size); - cont->object_version=_X_BE_16(&cont->object_version); -@@ -181,11 +205,19 @@ static void rmff_dump_cont(rmff_cont_t * - cont->size=_X_BE_32(&cont->size); - cont->object_version=_X_BE_16(&cont->object_version); - cont->object_id=_X_BE_32(&cont->object_id); -+ -+ return RMFF_CONTHEADER_SIZE + cont->title_len + cont->author_len + -+ cont->copyright_len + cont->comment_len; - } - --static void rmff_dump_dataheader(rmff_data_t *data, char *buffer) { -+static int rmff_dump_dataheader(rmff_data_t *data, uint8_t *buffer, int -+bufsize) { -+ -+ if (!data) return 0; -+ -+ if (bufsize < RMFF_DATAHEADER_SIZE) -+ return -1; - -- if (!data) return; - data->object_id=_X_BE_32(&data->object_id); - data->size=_X_BE_32(&data->size); - data->object_version=_X_BE_16(&data->object_version); -@@ -201,31 +233,43 @@ static void rmff_dump_dataheader(rmff_da - data->size=_X_BE_32(&data->size); - data->object_version=_X_BE_16(&data->object_version); - data->object_id=_X_BE_32(&data->object_id); -+ -+ return RMFF_DATAHEADER_SIZE; - } - --int rmff_dump_header(rmff_header_t *h, char *buffer, int max) { -+int rmff_dump_header(rmff_header_t *h, void *buf_gen, int max) { -+ uint8_t *buffer = buf_gen; - -- int written=0; -+ int written=0, size; - rmff_mdpr_t **stream=h->streams; - -- rmff_dump_fileheader(h->fileheader, &buffer[written]); -- written+=h->fileheader->size; -- rmff_dump_prop(h->prop, &buffer[written]); -- written+=h->prop->size; -- rmff_dump_cont(h->cont, &buffer[written]); -- written+=h->cont->size; -+ if ((size=rmff_dump_fileheader(h->fileheader, &buffer[written], max)) < 0) -+ return -1; -+ written+=size; -+ max -= size; -+ if ((size=rmff_dump_prop(h->prop, &buffer[written], max)) < 0) -+ return -1; -+ written+=size; -+ max -= size; -+ if ((size=rmff_dump_cont(h->cont, &buffer[written], max)) < 0) -+ return -1; -+ written+=size; -+ max -= size; - if (stream) - { - while(*stream) - { -- rmff_dump_mdpr(*stream, &buffer[written]); -- written+=(*stream)->size; -+ if ((size=rmff_dump_mdpr(*stream, &buffer[written], max)) < 0) -+ return -1; -+ written+=size; -+ max -= size; - stream++; - } - } - -- rmff_dump_dataheader(h->data, &buffer[written]); -- written+=18; -+ if ((size=rmff_dump_dataheader(h->data, &buffer[written], max)) < 0) -+ return -1; -+ written+=size; - - return written; - } diff --git a/multimedia/xine-lib/patches/patch-gb b/multimedia/xine-lib/patches/patch-gb deleted file mode 100644 index 5b2c8cd333b..00000000000 --- a/multimedia/xine-lib/patches/patch-gb +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-gb,v 1.1 2008/01/11 16:05:28 drochner Exp $ - ---- src/input/libreal/rmff.h.orig 2008-01-01 14:30:08.000000000 +0100 -+++ src/input/libreal/rmff.h -@@ -39,6 +39,12 @@ - - #define RMFF_HEADER_SIZE 0x12 - -+#define RMFF_FILEHEADER_SIZE 18 -+#define RMFF_PROPHEADER_SIZE 50 -+#define RMFF_MDPRHEADER_SIZE 46 -+#define RMFF_CONTHEADER_SIZE 18 -+#define RMFF_DATAHEADER_SIZE 18 -+ - #define FOURCC_TAG( ch0, ch1, ch2, ch3 ) \ - (((long)(unsigned char)(ch3) ) | \ - ( (long)(unsigned char)(ch2) << 8 ) | \ -@@ -245,7 +251,7 @@ int rmff_get_header_size(rmff_header_t * - /* - * dumps the header to . is the size of - */ --int rmff_dump_header(rmff_header_t *h, char *buffer, int max); -+int rmff_dump_header(rmff_header_t *h, void *buffer, int max); - - /* - * dumps a packet header diff --git a/multimedia/xine-lib/patches/patch-gc b/multimedia/xine-lib/patches/patch-gc deleted file mode 100644 index 45daa1f8f41..00000000000 --- a/multimedia/xine-lib/patches/patch-gc +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-gc,v 1.1 2008/01/11 16:05:28 drochner Exp $ - ---- src/input/librtsp/rtsp_session.c.orig 2008-01-01 14:30:08.000000000 +0100 -+++ src/input/librtsp/rtsp_session.c -@@ -148,6 +148,11 @@ connect: - - rtsp_session->header_left = - rtsp_session->header_len = rmff_dump_header(h,rtsp_session->header,HEADER_SIZE); -+ if (rtsp_session->header_len < 0) { -+ xprintf (stream->xine, XINE_VERBOSITY_LOG, -+ _("rtsp_session: rtsp server returned overly-large headers, session can not be established.\n")); -+ goto session_abort; -+ } - - xine_buffer_copyin(rtsp_session->recv, 0, rtsp_session->header, rtsp_session->header_len); - rtsp_session->recv_size = rtsp_session->header_len; -@@ -157,6 +162,7 @@ connect: - { - xprintf(stream->xine, XINE_VERBOSITY_LOG, - _("rtsp_session: rtsp server type '%s' not supported yet. sorry.\n"), server); -+session_abort: - rtsp_close(rtsp_session->s); - free(server); - xine_buffer_free(rtsp_session->recv); -- cgit v1.2.3