[pkgsrc/pkgsrc-2005Q1]: pkgsrc/multimedia/xine-lib Pullup ticket 469 - reques...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/588a2f322c2a
branches:  pkgsrc-2005Q1
changeset: 490992:588a2f322c2a
user:      snj <snj%pkgsrc.org@localhost>
date:      Wed Apr 27 02:53:42 2005 +0000

description:
Pullup ticket 469 - requested by Matthias Scheler
security fix for xine-lib

Revisions pulled up:
- pkgsrc/multimedia/xine-lib/Makefile           1.20
- pkgsrc/multimedia/xine-lib/buildlink3.mk      1.10
- pkgsrc/multimedia/xine-lib/distinfo           1.17
- pkgsrc/multimedia/xine-lib/patches/patch-aj   1.5
- pkgsrc/multimedia/xine-lib/patches/patch-ak   1.3

    Module Name:    pkgsrc
    Committed By:   tron
    Date:           Tue Apr 26 12:48:35 UTC 2005

    Modified Files:
            pkgsrc/multimedia/xine-lib: Makefile distinfo
    Added Files:
            pkgsrc/multimedia/xine-lib/patches: patch-aj patch-ak

    Log Message:
    Add patches to fix security vulnerability reported in XSA-2004-8.
    Bump package revision because of this change.
----
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Wed Apr 27 02:40:07 UTC 2005

    Modified Files:
            pkgsrc/multimedia/xine-lib: buildlink3.mk

    Log Message:
    Bump BUIDLINK_RECOMMENDED after the recent security fix. (hi tron!)

diffstat:

 multimedia/xine-lib/Makefile         |   4 +++-
 multimedia/xine-lib/buildlink3.mk    |   4 ++--
 multimedia/xine-lib/distinfo         |   4 +++-
 multimedia/xine-lib/patches/patch-aj |  21 +++++++++++++++++++++
 multimedia/xine-lib/patches/patch-ak |  21 +++++++++++++++++++++
 5 files changed, 50 insertions(+), 4 deletions(-)

diffs (100 lines):

diff -r 89280a90327c -r 588a2f322c2a multimedia/xine-lib/Makefile
--- a/multimedia/xine-lib/Makefile      Wed Apr 27 02:28:51 2005 +0000
+++ b/multimedia/xine-lib/Makefile      Wed Apr 27 02:53:42 2005 +0000
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2005/01/07 14:54:47 drochner Exp $
+# $NetBSD: Makefile,v 1.18.2.1 2005/04/27 02:53:42 snj Exp $
 
 .include "Makefile.common"
 
+PKGREVISION=           2
+
 .if ${MACHINE_ARCH} == "i386"
 DEPENDS+=              win32-codecs>=011227:../../multimedia/win32-codecs
 PLIST_SUBST+=          I386=""
diff -r 89280a90327c -r 588a2f322c2a multimedia/xine-lib/buildlink3.mk
--- a/multimedia/xine-lib/buildlink3.mk Wed Apr 27 02:28:51 2005 +0000
+++ b/multimedia/xine-lib/buildlink3.mk Wed Apr 27 02:53:42 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.9 2005/01/07 14:54:47 drochner Exp $
+# $NetBSD: buildlink3.mk,v 1.9.2.1 2005/04/27 02:53:42 snj Exp $
 
 BUILDLINK_DEPTH:=              ${BUILDLINK_DEPTH}+
 XINE_LIB_BUILDLINK3_MK:=       ${XINE_LIB_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(XINE_LIB_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.xine-lib+=   xine-lib>=1rc3c
-BUILDLINK_RECOMMENDED.xine-lib+=xine-lib>=1rc8nb2
+BUILDLINK_RECOMMENDED.xine-lib+=xine-lib>=1.0nb2
 BUILDLINK_PKGSRCDIR.xine-lib?= ../../multimedia/xine-lib
 .endif # XINE_LIB_BUILDLINK3_MK
 
diff -r 89280a90327c -r 588a2f322c2a multimedia/xine-lib/distinfo
--- a/multimedia/xine-lib/distinfo      Wed Apr 27 02:28:51 2005 +0000
+++ b/multimedia/xine-lib/distinfo      Wed Apr 27 02:53:42 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2005/02/24 11:24:05 agc Exp $
+$NetBSD: distinfo,v 1.14.2.1 2005/04/27 02:53:42 snj Exp $
 
 SHA1 (xine-lib-1.0.tar.gz) = dd02fb31c68ae68e2283d02e16bb8e80fcced9fd
 RMD160 (xine-lib-1.0.tar.gz) = ad84871d50d51552ba8913c0744e4a2b2b21f124
@@ -11,6 +11,8 @@
 SHA1 (patch-ag) = 1a439f8025c07d183f054fea77a70ef86ff59217
 SHA1 (patch-ah) = 3f9b23c4a7994259056b73209a9e194db759f06d
 SHA1 (patch-ai) = f71e3cb57bf30cbf9653a469c040b6e3f717ba97
+SHA1 (patch-aj) = e9a26ede23d53d83c2799076770e49562a4fc1ea
+SHA1 (patch-ak) = 1dfd2c3d86904ef4869dde4f4309564ac6c9323c
 SHA1 (patch-am) = 10f6433a8549bdce60ace5dcbd51df85eaa7ea16
 SHA1 (patch-ao) = 1247ba7ef23f2b28b2c0a177208c912e2fc259a0
 SHA1 (patch-ap) = aaf63024c1049c1f2175d9974367a6b84ac3028f
diff -r 89280a90327c -r 588a2f322c2a multimedia/xine-lib/patches/patch-aj
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-aj      Wed Apr 27 02:53:42 2005 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-aj,v 1.4.2.1 2005/04/27 02:53:42 snj Exp $
+
+--- src/input/mms.c    2005/01/18 23:25:34     1.55
++++ src/input/mms.c    2005/04/21 19:02:43     1.56
+@@ -583,9 +583,13 @@
+           lprintf ("stream object, stream id: %d, type: %d, encrypted: %d\n",
+                    stream_id, type, encrypted);
+           
+-          this->stream_types[stream_id] = type;
+-          this->stream_ids[this->num_stream_ids] = stream_id;
+-          this->num_stream_ids++;
++          if (this->num_stream_ids < ASF_MAX_NUM_STREAMS && stream_id < ASF_MAX_NUM_STREAMS) {
++            this->stream_types[stream_id] = type;
++            this->stream_ids[this->num_stream_ids] = stream_id;
++            this->num_stream_ids++;
++          } else {
++            lprintf ("too many streams, skipping\n");
++          }
+       
+         }
+         break;
diff -r 89280a90327c -r 588a2f322c2a multimedia/xine-lib/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-ak      Wed Apr 27 02:53:42 2005 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-ak,v 1.2.10.1 2005/04/27 02:53:42 snj Exp $
+
+--- src/input/librtsp/rtsp.c   2004/07/25 17:13:54     1.18
++++ src/input/librtsp/rtsp.c   2005/04/16 07:10:51     1.19
+@@ -218,6 +218,7 @@
+   unsigned int answer_seq;
+   char **answer_ptr=s->answers;
+   int code;
++  int ans_count = 0;
+   
+   answer=rtsp_get(s);
+   if (!answer)
+@@ -268,7 +269,7 @@
+     }
+     *answer_ptr=answer;
+     answer_ptr++;
+-  } while (strlen(answer)!=0);
++  } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS));
+   
+   s->cseq++;
+