From f412506948ed5e7e88007dc699d3c49bf090fab8 Mon Sep 17 00:00:00 2001 From: drochner Date: Tue, 9 Jan 2007 14:49:33 +0000 Subject: add limit check to real parser (identical to CVE-2006-6172) from mplayer svn bump PKGREVISIONs --- multimedia/gmplayer/Makefile | 3 ++- multimedia/gmplayer/distinfo | 5 ++++- multimedia/mencoder/Makefile | 4 ++-- multimedia/mplayer-share/distinfo | 5 ++++- multimedia/mplayer-share/patches/patch-ba | 25 +++++++++++++++++++++++++ multimedia/mplayer-share/patches/patch-bb | 13 +++++++++++++ multimedia/mplayer-share/patches/patch-bc | 13 +++++++++++++ multimedia/mplayer/Makefile | 4 ++-- 8 files changed, 65 insertions(+), 7 deletions(-) create mode 100644 multimedia/mplayer-share/patches/patch-ba create mode 100644 multimedia/mplayer-share/patches/patch-bb create mode 100644 multimedia/mplayer-share/patches/patch-bc (limited to 'multimedia') diff --git a/multimedia/gmplayer/Makefile b/multimedia/gmplayer/Makefile index 7b0b7be60b3..4d5d0499d37 100644 --- a/multimedia/gmplayer/Makefile +++ b/multimedia/gmplayer/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.57 2006/11/30 15:00:45 joerg Exp $ +# $NetBSD: Makefile,v 1.58 2007/01/09 14:49:33 drochner Exp $ # # NOTE: if you are updating both mplayer and gmplayer, you must ensure @@ -9,6 +9,7 @@ # PKGNAME= gmplayer-${MPLAYER_PKG_VERSION} +PKGREVISION= 1 SKIN_SITES= http://www1.mplayerhq.hu/MPlayer/skins/ \ http://www2.mplayerhq.hu/MPlayer/skins/ \ diff --git a/multimedia/gmplayer/distinfo b/multimedia/gmplayer/distinfo index 2b2f2de6f4c..8941249d631 100644 --- a/multimedia/gmplayer/distinfo +++ b/multimedia/gmplayer/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.43 2006/11/30 14:03:13 abs Exp $ +$NetBSD: distinfo,v 1.44 2007/01/09 14:49:33 drochner Exp $ SHA1 (gmplayer-1.0rc9-20060123/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc RMD160 (gmplayer-1.0rc9-20060123/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998 @@ -68,4 +68,7 @@ SHA1 (patch-ab) = 29bf59ecb3d283708ae1c5002d1fa71cac627cc9 SHA1 (patch-ac) = 6d0de4bd41d9842ea1bf46e9fbe60bf6a943b913 SHA1 (patch-ad) = d0b72eaa5e63d2cfd7828ea1a9973f1728c607b5 SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b +SHA1 (patch-ba) = bdb20f4ead6f55c0847534b5b1f06ea865e438e6 +SHA1 (patch-bb) = 554ca2074716ada4f817f55be61e808e1dc5c93e +SHA1 (patch-bc) = c073f6e5d2d71030346fda82ff3a1f474ad49c0f SHA1 (patch-tc) = e67443cec273d7aa168fb160e2409d2ce352a8bf diff --git a/multimedia/mencoder/Makefile b/multimedia/mencoder/Makefile index 3eb0ebcce0b..0655362798c 100644 --- a/multimedia/mencoder/Makefile +++ b/multimedia/mencoder/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.30 2007/01/07 09:14:01 rillig Exp $ +# $NetBSD: Makefile,v 1.31 2007/01/09 14:49:33 drochner Exp $ PKGNAME= mencoder-${MPLAYER_PKG_VERSION} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= Simple movie encoder for MPlayer-playable movies diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo index ab0218cc110..ce9c2965f43 100644 --- a/multimedia/mplayer-share/distinfo +++ b/multimedia/mplayer-share/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.35 2006/11/30 14:03:13 abs Exp $ +$NetBSD: distinfo,v 1.36 2007/01/09 14:49:33 drochner Exp $ SHA1 (mplayer-1.0rc9/MPlayer-1.0rc1.tar.bz2) = a450c0b0749c343a8496ba7810363c9d46dfa73c RMD160 (mplayer-1.0rc9/MPlayer-1.0rc1.tar.bz2) = 8cea02e832aec5d9e090829d61d0f131dcc177a2 @@ -8,4 +8,7 @@ SHA1 (patch-ab) = 29bf59ecb3d283708ae1c5002d1fa71cac627cc9 SHA1 (patch-ac) = 6d0de4bd41d9842ea1bf46e9fbe60bf6a943b913 SHA1 (patch-ad) = d0b72eaa5e63d2cfd7828ea1a9973f1728c607b5 SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b +SHA1 (patch-ba) = bdb20f4ead6f55c0847534b5b1f06ea865e438e6 +SHA1 (patch-bb) = 554ca2074716ada4f817f55be61e808e1dc5c93e +SHA1 (patch-bc) = c073f6e5d2d71030346fda82ff3a1f474ad49c0f SHA1 (patch-tc) = e67443cec273d7aa168fb160e2409d2ce352a8bf diff --git a/multimedia/mplayer-share/patches/patch-ba b/multimedia/mplayer-share/patches/patch-ba new file mode 100644 index 00000000000..d85cc740ae1 --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-ba @@ -0,0 +1,25 @@ +$NetBSD: patch-ba,v 1.5 2007/01/09 14:49:33 drochner Exp $ + +--- stream/realrtsp/asmrp.c.orig 2006-10-23 00:32:25.000000000 +0200 ++++ stream/realrtsp/asmrp.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include "asmrp.h" + + /* + #define LOG +@@ -645,8 +646,10 @@ static int asmrp_eval (asmrp_t *p, int * + #ifdef LOG + printf ("rule #%d is true\n", rule_num); + #endif +- matches[num_matches] = rule_num; +- num_matches++; ++ if(num_matches < MAX_RULEMATCHES - 1) ++ matches[num_matches++] = rule_num; ++ else ++ printf("Ignoring matched asm rule %d, too many matched rules.\n", rule_num); + } + + rule_num++; diff --git a/multimedia/mplayer-share/patches/patch-bb b/multimedia/mplayer-share/patches/patch-bb new file mode 100644 index 00000000000..6a03902e6c6 --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-bb @@ -0,0 +1,13 @@ +$NetBSD: patch-bb,v 1.5 2007/01/09 14:49:33 drochner Exp $ + +--- stream/realrtsp/real.c.orig 2006-10-23 00:32:25.000000000 +0200 ++++ stream/realrtsp/real.c +@@ -271,7 +271,7 @@ static rmff_header_t *real_parse_sdp(cha + int j=0; + int n; + char b[64]; +- int rulematches[16]; ++ int rulematches[MAX_RULEMATCHES]; + + #ifdef LOG + printf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth); diff --git a/multimedia/mplayer-share/patches/patch-bc b/multimedia/mplayer-share/patches/patch-bc new file mode 100644 index 00000000000..330dbdfa0ec --- /dev/null +++ b/multimedia/mplayer-share/patches/patch-bc @@ -0,0 +1,13 @@ +$NetBSD: patch-bc,v 1.3 2007/01/09 14:49:33 drochner Exp $ + +--- stream/realrtsp/asmrp.h.orig 2006-10-23 00:32:25.000000000 +0200 ++++ stream/realrtsp/asmrp.h +@@ -40,6 +40,8 @@ + #ifndef HAVE_ASMRP_H + #define HAVE_ASMRP_H + ++#define MAX_RULEMATCHES 16 ++ + int asmrp_match (const char *rules, int bandwidth, int *matches) ; + + #endif diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile index e1ba7deb2f0..b613b464509 100644 --- a/multimedia/mplayer/Makefile +++ b/multimedia/mplayer/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.37 2006/12/27 21:14:12 joerg Exp $ +# $NetBSD: Makefile,v 1.38 2007/01/09 14:49:34 drochner Exp $ PKGNAME= mplayer-${MPLAYER_PKG_VERSION} -PKGREVISION= 2 +PKGREVISION= 3 COMMENT= Software-only MPEG-1/2/4 video decoder -- cgit v1.2.3