pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/xine-lib fix stack overflow, see http://www...
details: https://anonhg.NetBSD.org/pkgsrc/rev/775804afac6d
branches: trunk
changeset: 479271:775804afac6d
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Aug 10 11:24:46 2004 +0000
description:
fix stack overflow, see http://www.open-security.org/advisories/6
(patch from xine CVS)
bump PKGREVISION
diffstat:
multimedia/xine-lib/Makefile | 4 +-
multimedia/xine-lib/distinfo | 3 +-
multimedia/xine-lib/patches/patch-ba | 57 ++++++++++++++++++++++++++++++++++++
3 files changed, 62 insertions(+), 2 deletions(-)
diffs (90 lines):
diff -r 5d3b662ac4f6 -r 775804afac6d multimedia/xine-lib/Makefile
--- a/multimedia/xine-lib/Makefile Tue Aug 10 10:07:20 2004 +0000
+++ b/multimedia/xine-lib/Makefile Tue Aug 10 11:24:46 2004 +0000
@@ -1,8 +1,10 @@
-# $NetBSD: Makefile,v 1.11 2004/06/21 15:55:54 drochner Exp $
+# $NetBSD: Makefile,v 1.12 2004/08/10 11:24:46 drochner Exp $
#
.include "Makefile.common"
+PKGREVISION= 1
+
.if ${MACHINE_ARCH} == "i386"
DEPENDS+= win32-codecs>=011227:../../multimedia/win32-codecs
PLIST_SUBST+= I386=""
diff -r 5d3b662ac4f6 -r 775804afac6d multimedia/xine-lib/distinfo
--- a/multimedia/xine-lib/distinfo Tue Aug 10 10:07:20 2004 +0000
+++ b/multimedia/xine-lib/distinfo Tue Aug 10 11:24:46 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2004/08/02 19:09:45 shannonjr Exp $
+$NetBSD: distinfo,v 1.8 2004/08/10 11:24:46 drochner Exp $
SHA1 (xine-lib-1-rc5.tar.gz) = b38aa71ab717ba04f03591d1d003da4ce23ed1cf
Size (xine-lib-1-rc5.tar.gz) = 7052663 bytes
@@ -21,3 +21,4 @@
SHA1 (patch-au) = 569ac1d00402eb3679bf99f0afe5832f425b3b0e
SHA1 (patch-av) = 56f462e6091a72e87544ece689557d60fbb749aa
SHA1 (patch-aw) = 748feea39a7c41f40e56f463dde9186430c2a74f
+SHA1 (patch-ba) = 82b69dd37c287a23efb9b80188e47cb1d97cb359
diff -r 5d3b662ac4f6 -r 775804afac6d multimedia/xine-lib/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-ba Tue Aug 10 11:24:46 2004 +0000
@@ -0,0 +1,57 @@
+$NetBSD: patch-ba,v 1.1 2004/08/10 11:24:46 drochner Exp $
+
+--- src/input/vcd/xineplug_inp_vcd.c.orig 2004-06-13 23:28:56.000000000 +0200
++++ src/input/vcd/xineplug_inp_vcd.c
+@@ -48,6 +48,7 @@
+ #define SHORT_PLUGIN_NAME "VCD"
+ #define MRL_PREFIX "vcd://"
+ #define MRL_PREFIX_LEN strlen(MRL_PREFIX)
++#define MRL_MAX_LEN 1024
+
+ #define xine_config_entry_t xine_cfg_entry_t
+
+@@ -474,7 +475,7 @@ vcd_parse_mrl(/*in*/ const char *default
+ return false;
+ }
+
+- count = sscanf (p, "%[^@]@%1[EePpSsTt]%u",
++ count = sscanf (p, "%1024[^@]@%1[EePpSsTt]%u",
+ device_str, type_str, &num);
+ itemid->num = num;
+
+@@ -498,7 +499,7 @@ vcd_parse_mrl(/*in*/ const char *default
+ {
+ /* No device/file given, so use the default device and try again. */
+ if (NULL == default_vcd_device) return false;
+- strcpy(device_str, default_vcd_device);
++ strncpy(device_str, default_vcd_device, MRL_MAX_LEN);
+ if (p[0] == '@') p++;
+ count = sscanf (p, "%1[EePpSsTt]%u", type_str, &num);
+ type_str[0] = toupper(type_str[0]);
+@@ -790,7 +791,7 @@ static xine_mrl_t **
+ vcd_class_get_dir (input_class_t *this_gen, const char *filename,
+ int *num_files) {
+
+- char intended_vcd_device[1024]="";
++ char intended_vcd_device[MRL_MAX_LEN+1]="";
+ vcdinfo_itemid_t itemid;
+
+ vcd_input_class_t *class = (vcd_input_class_t *) this_gen;
+@@ -922,7 +923,7 @@ vcd_class_get_description (input_class_t
+ static char *
+ vcd_class_get_identifier (input_class_t *this_gen) {
+ dbg_print((INPUT_DBG_CALL|INPUT_DBG_EXT), "called\n");
+- return SHORT_PLUGIN_NAME;
++ return strdup(SHORT_PLUGIN_NAME);
+ }
+
+ /*
+@@ -1452,7 +1453,7 @@ vcd_class_get_instance (input_class_t *c
+ {
+ vcd_input_class_t *class = (vcd_input_class_t *) class_gen;
+
+- char intended_vcd_device[1024]="";
++ char intended_vcd_device[MRL_MAX_LEN+1]="";
+ vcdinfo_itemid_t itemid;
+ char *check_mrl=NULL;
+ bool used_default;
Home |
Main Index |
Thread Index |
Old Index