pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia Security fix for SA17892:
details: https://anonhg.NetBSD.org/pkgsrc/rev/9205b22c9ac2
branches: trunk
changeset: 504396:9205b22c9ac2
user: salo <salo%pkgsrc.org@localhost>
date: Sat Dec 10 23:34:41 2005 +0000
description:
Security fix for SA17892:
"A vulnerability in FFmpeg libavcodec can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially to compromise a user's
system."
http://secunia.com/advisories/17892/
Fix from ffmpeg CVS repository, libavcodec/utils.c rev. 1.162:
"default_get_buffer() cleanup
fixes probably exploitable heap overflow
heap overflow found by (Simon Kilvington)"
diffstat:
multimedia/gmplayer/Makefile | 4 +-
multimedia/gmplayer/distinfo | 3 +-
multimedia/mencoder/Makefile | 4 +-
multimedia/mplayer-share/distinfo | 3 +-
multimedia/mplayer-share/patches/patch-ai | 82 +++++++++++++++++++++++++++++++
multimedia/mplayer/Makefile | 4 +-
6 files changed, 92 insertions(+), 8 deletions(-)
diffs (164 lines):
diff -r 6a6fab201b24 -r 9205b22c9ac2 multimedia/gmplayer/Makefile
--- a/multimedia/gmplayer/Makefile Sat Dec 10 23:28:13 2005 +0000
+++ b/multimedia/gmplayer/Makefile Sat Dec 10 23:34:41 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.40 2005/11/09 06:23:04 minskim Exp $
+# $NetBSD: Makefile,v 1.41 2005/12/10 23:34:42 salo Exp $
#
# NOTE: if you are updating both mplayer and gmplayer, you must ensure
@@ -9,7 +9,7 @@
#
PKGNAME= gmplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
SKIN_SITES= http://www1.mplayerhq.hu/MPlayer/Skin/ \
ftp://ftp1.mplayerhq.hu/MPlayer/Skin/ \
diff -r 6a6fab201b24 -r 9205b22c9ac2 multimedia/gmplayer/distinfo
--- a/multimedia/gmplayer/distinfo Sat Dec 10 23:28:13 2005 +0000
+++ b/multimedia/gmplayer/distinfo Sat Dec 10 23:34:41 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2005/11/09 06:23:04 minskim Exp $
+$NetBSD: distinfo,v 1.31 2005/12/10 23:34:42 salo Exp $
SHA1 (gmplayer-1.0rc7-20050409/MPlayer-1.0pre7.tar.bz2) = df1e8d4f2f44d72c6f7989932f3b272e815ecb80
RMD160 (gmplayer-1.0rc7-20050409/MPlayer-1.0pre7.tar.bz2) = a4bac10df287c4b134ea49b3bc9bf7fb0126cae6
@@ -71,6 +71,7 @@
SHA1 (patch-af) = 6eab8572b239f6ac7afc03ad6254a7c97f90663e
SHA1 (patch-ag) = 9bc3466ef24970e3f26fc64601d9f2c27fa394d2
SHA1 (patch-ah) = 744f073e791257768e5ec7da8e321d2f25d1fb2c
+SHA1 (patch-ai) = a884b7a23ff8b2c31e6190d2ba9989a8f0057a0c
SHA1 (patch-da) = be092da4f854708c1ef47f10c26e361c095a6799
SHA1 (patch-dc) = b11ef06a89f13e2ae5e013d569aa5acc99c770aa
SHA1 (patch-dd) = e5b23b73a1e53e3185ecbac26042432395cd5e63
diff -r 6a6fab201b24 -r 9205b22c9ac2 multimedia/mencoder/Makefile
--- a/multimedia/mencoder/Makefile Sat Dec 10 23:28:13 2005 +0000
+++ b/multimedia/mencoder/Makefile Sat Dec 10 23:34:41 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.22 2005/08/27 06:59:52 dogcow Exp $
+# $NetBSD: Makefile,v 1.23 2005/12/10 23:34:42 salo Exp $
PKGNAME= mencoder-${MPLAYER_PKG_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= Simple movie encoder for MPlayer-playable movies
diff -r 6a6fab201b24 -r 9205b22c9ac2 multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Sat Dec 10 23:28:13 2005 +0000
+++ b/multimedia/mplayer-share/distinfo Sat Dec 10 23:34:41 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2005/10/24 19:46:05 minskim Exp $
+$NetBSD: distinfo,v 1.25 2005/12/10 23:34:42 salo Exp $
SHA1 (mplayer-1.0rc7/MPlayer-1.0pre7.tar.bz2) = df1e8d4f2f44d72c6f7989932f3b272e815ecb80
RMD160 (mplayer-1.0rc7/MPlayer-1.0pre7.tar.bz2) = a4bac10df287c4b134ea49b3bc9bf7fb0126cae6
@@ -20,6 +20,7 @@
SHA1 (patch-af) = 6eab8572b239f6ac7afc03ad6254a7c97f90663e
SHA1 (patch-ag) = 9bc3466ef24970e3f26fc64601d9f2c27fa394d2
SHA1 (patch-ah) = 744f073e791257768e5ec7da8e321d2f25d1fb2c
+SHA1 (patch-ai) = a884b7a23ff8b2c31e6190d2ba9989a8f0057a0c
SHA1 (patch-da) = be092da4f854708c1ef47f10c26e361c095a6799
SHA1 (patch-dc) = b11ef06a89f13e2ae5e013d569aa5acc99c770aa
SHA1 (patch-dd) = e5b23b73a1e53e3185ecbac26042432395cd5e63
diff -r 6a6fab201b24 -r 9205b22c9ac2 multimedia/mplayer-share/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ai Sat Dec 10 23:34:41 2005 +0000
@@ -0,0 +1,82 @@
+$NetBSD: patch-ai,v 1.1 2005/12/10 23:34:42 salo Exp $
+
+Security fix for SA17892, from ffmpeg CVS repository.
+
+--- libavcodec/utils.c.orig 2005-04-16 22:41:13.000000000 +0200
++++ libavcodec/utils.c 2005-12-10 23:59:36.000000000 +0100
+@@ -276,49 +276,50 @@
+ buf->last_pic_num= *picture_number;
+ }else{
+ int h_chroma_shift, v_chroma_shift;
+- int pixel_size;
++ int pixel_size, size[3];
++ AVPicture picture;
+
+ avcodec_get_chroma_sub_sample(s->pix_fmt, &h_chroma_shift, &v_chroma_shift);
+
+- switch(s->pix_fmt){
+- case PIX_FMT_RGB555:
+- case PIX_FMT_RGB565:
+- case PIX_FMT_YUV422:
+- case PIX_FMT_UYVY422:
+- pixel_size=2;
+- break;
+- case PIX_FMT_RGB24:
+- case PIX_FMT_BGR24:
+- pixel_size=3;
+- break;
+- case PIX_FMT_RGBA32:
+- pixel_size=4;
+- break;
+- default:
+- pixel_size=1;
+- }
+-
+ avcodec_align_dimensions(s, &w, &h);
+
+ if(!(s->flags&CODEC_FLAG_EMU_EDGE)){
+ w+= EDGE_WIDTH*2;
+ h+= EDGE_WIDTH*2;
+ }
++ avpicture_fill(&picture, NULL, s->pix_fmt, w, h);
++ pixel_size= picture.linesize[0]*8 / w;
++//av_log(NULL, AV_LOG_ERROR, "%d %d %d %d\n", (int)picture.data[1], w, h, s->pix_fmt);
++ assert(pixel_size>=1);
++ //FIXME next ensures that linesize= 2^x uvlinesize, thats needed because some MC code assumes it
++ if(pixel_size == 3*8)
++ w= ALIGN(w, STRIDE_ALIGN<<h_chroma_shift);
++ else
++ w= ALIGN(pixel_size*w, STRIDE_ALIGN<<(h_chroma_shift+3)) / pixel_size;
++ size[1] = avpicture_fill(&picture, NULL, s->pix_fmt, w, h);
++ size[0] = picture.linesize[0] * h;
++ size[1] -= size[0];
++ if(picture.data[2])
++ size[1]= size[2]= size[1]/2;
++ else
++ size[2]= 0;
+
+ buf->last_pic_num= -256*256*256*64;
++ memset(buf->base, 0, sizeof(buf->base));
++ memset(buf->data, 0, sizeof(buf->data));
+
+- for(i=0; i<3; i++){
++ for(i=0; i<3 && size[i]; i++){
+ const int h_shift= i==0 ? 0 : h_chroma_shift;
+ const int v_shift= i==0 ? 0 : v_chroma_shift;
+
+- //FIXME next ensures that linesize= 2^x uvlinesize, thats needed because some MC code assumes it
+- buf->linesize[i]= ALIGN(pixel_size*w>>h_shift, STRIDE_ALIGN<<(h_chroma_shift-h_shift));
++ buf->linesize[i]= picture.linesize[i];
+
+- buf->base[i]= av_malloc((buf->linesize[i]*h>>v_shift)+16); //FIXME 16
++ buf->base[i]= av_malloc(size[i]+16); //FIXME 16
+ if(buf->base[i]==NULL) return -1;
+- memset(buf->base[i], 128, buf->linesize[i]*h>>v_shift);
++ memset(buf->base[i], 128, size[i]);
+
+- if(s->flags&CODEC_FLAG_EMU_EDGE)
++ // no edge if EDEG EMU or not planar YUV, we check for PAL8 redundantly to protect against a exploitable bug regression ...
++ if((s->flags&CODEC_FLAG_EMU_EDGE) || (s->pix_fmt == PIX_FMT_PAL8) || !size[2])
+ buf->data[i] = buf->base[i];
+ else
+ buf->data[i] = buf->base[i] + ALIGN((buf->linesize[i]*EDGE_WIDTH>>v_shift) + (EDGE_WIDTH>>h_shift), STRIDE_ALIGN);
diff -r 6a6fab201b24 -r 9205b22c9ac2 multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile Sat Dec 10 23:28:13 2005 +0000
+++ b/multimedia/mplayer/Makefile Sat Dec 10 23:34:41 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2005/11/26 01:31:50 ben Exp $
+# $NetBSD: Makefile,v 1.24 2005/12/10 23:34:41 salo Exp $
PKGNAME= mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 5
+PKGREVISION= 6
COMMENT= Software-only MPEG-1/2/4 video decoder
Home |
Main Index |
Thread Index |
Old Index