From 959175cf04cbb2fef7b6b6efdc7d6b96557cf75a Mon Sep 17 00:00:00 2001
From: drochner <drochner@pkgsrc.org>
Date: Fri, 27 Jun 2014 17:58:09 +0000
Subject: add patch from 1.2.7 to fix recent integer overflow, bump PKGREV

---
 multimedia/ffmpeg010/Makefile                    |  4 +--
 multimedia/ffmpeg010/distinfo                    |  3 +-
 multimedia/ffmpeg010/patches/patch-CVE-2014-4610 | 43 ++++++++++++++++++++++++
 3 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 multimedia/ffmpeg010/patches/patch-CVE-2014-4610

(limited to 'multimedia')

diff --git a/multimedia/ffmpeg010/Makefile b/multimedia/ffmpeg010/Makefile
index bc115909c76..c1fd9695516 100644
--- a/multimedia/ffmpeg010/Makefile
+++ b/multimedia/ffmpeg010/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.15 2014/04/10 05:39:14 obache Exp $
+# $NetBSD: Makefile,v 1.16 2014/06/27 17:58:09 drochner Exp $
 
 PKGNAME=	ffmpeg010-20130731.${DISTVERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://ffmpeg.mplayerhq.hu/
 COMMENT=	Decoding, encoding and streaming software
diff --git a/multimedia/ffmpeg010/distinfo b/multimedia/ffmpeg010/distinfo
index de09bfa54e0..ba694e953c1 100644
--- a/multimedia/ffmpeg010/distinfo
+++ b/multimedia/ffmpeg010/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.9 2013/08/03 09:22:58 obache Exp $
+$NetBSD: distinfo,v 1.10 2014/06/27 17:58:09 drochner Exp $
 
 SHA1 (ffmpeg-0.10.8.tar.bz2) = 23b6713b5a403feab4bf57f9363353312ba77995
 RMD160 (ffmpeg-0.10.8.tar.bz2) = 1916b6fab6ec3f32d0f0f54d7964adf6f2852e57
 Size (ffmpeg-0.10.8.tar.bz2) = 5782880 bytes
+SHA1 (patch-CVE-2014-4610) = e70bb36823edae0a00aa557453328e43c850e954
 SHA1 (patch-aa) = b30c822e03bb1766181d7b8b8d4122c196fd1d16
 SHA1 (patch-ac) = 14b39a2663be41395be0faae8270e18e2ba0891f
 SHA1 (patch-ap) = b67db14f412bbca036b5e6573df68b64ac5dabc2
diff --git a/multimedia/ffmpeg010/patches/patch-CVE-2014-4610 b/multimedia/ffmpeg010/patches/patch-CVE-2014-4610
new file mode 100644
index 00000000000..ecf3d379887
--- /dev/null
+++ b/multimedia/ffmpeg010/patches/patch-CVE-2014-4610
@@ -0,0 +1,43 @@
+$NetBSD: patch-CVE-2014-4610,v 1.1 2014/06/27 17:58:09 drochner Exp $
+
+--- libavutil/lzo.c.orig	2014-06-27 17:34:06.000000000 +0000
++++ libavutil/lzo.c
+@@ -20,6 +20,7 @@
+  */
+ 
+ #include "avutil.h"
++#include "avassert.h"
+ #include "common.h"
+ /// Avoid e.g. MPlayers fast_memcpy, it slows things down here.
+ #undef memcpy
+@@ -62,7 +63,13 @@ static inline int get_byte(LZOContext *c
+ static inline int get_len(LZOContext *c, int x, int mask) {
+     int cnt = x & mask;
+     if (!cnt) {
+-        while (!(x = get_byte(c))) cnt += 255;
++        while (!(x = get_byte(c))) {
++	    if (cnt >= INT_MAX - 1000) {
++		c->error |= AV_LZO_ERROR;
++		break;
++	    }
++	    cnt += 255;
++	}
+         cnt += mask + x;
+     }
+     return cnt;
+@@ -88,6 +95,7 @@ static inline int get_len(LZOContext *c,
+ static inline void copy(LZOContext *c, int cnt) {
+     register const uint8_t *src = c->in;
+     register uint8_t *dst = c->out;
++    av_assert0(cnt >= 0);
+     if (cnt > c->in_end - src) {
+         cnt = FFMAX(c->in_end - src, 0);
+         c->error |= AV_LZO_INPUT_DEPLETED;
+@@ -120,6 +128,7 @@ static inline void memcpy_backptr(uint8_
+  */
+ static inline void copy_backptr(LZOContext *c, int back, int cnt) {
+     register uint8_t *dst = c->out;
++    av_assert0(cnt > 0);
+     if (dst - c->out_start < back) {
+         c->error |= AV_LZO_INVALID_BACKPTR;
+         return;
-- 
cgit v1.2.3