pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q4]: pkgsrc/multimedia/xine-lib Pullup ticket 317 - reques...
details: https://anonhg.NetBSD.org/pkgsrc/rev/edbbcb0d79c4
branches: pkgsrc-2004Q4
changeset: 485939:edbbcb0d79c4
user: snj <snj%pkgsrc.org@localhost>
date: Mon Feb 28 21:11:50 2005 +0000
description:
Pullup ticket 317 - requested by Lubomir Sedlacik
security fix for xine-lib
Apply a manual patch that fixes the vulnerabilities noted in
http://www.xinehq.de/index.php/security/XSA-2004-6
diffstat:
multimedia/xine-lib/Makefile | 4 +-
multimedia/xine-lib/distinfo | 4 +-
multimedia/xine-lib/patches/patch-bc | 102 +++++++++++++++++++++++++++++++++++
multimedia/xine-lib/patches/patch-bd | 27 +++++++++
4 files changed, 134 insertions(+), 3 deletions(-)
diffs (167 lines):
diff -r 49d0d0b719a7 -r edbbcb0d79c4 multimedia/xine-lib/Makefile
--- a/multimedia/xine-lib/Makefile Sat Feb 26 07:25:47 2005 +0000
+++ b/multimedia/xine-lib/Makefile Mon Feb 28 21:11:50 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.14.2.1 2005/01/07 01:22:20 salo Exp $
+# $NetBSD: Makefile,v 1.14.2.2 2005/02/28 21:11:50 snj Exp $
#
.include "Makefile.common"
-PKGREVISION= 2
+PKGREVISION= 3
.if ${MACHINE_ARCH} == "i386"
DEPENDS+= win32-codecs>=011227:../../multimedia/win32-codecs
diff -r 49d0d0b719a7 -r edbbcb0d79c4 multimedia/xine-lib/distinfo
--- a/multimedia/xine-lib/distinfo Sat Feb 26 07:25:47 2005 +0000
+++ b/multimedia/xine-lib/distinfo Mon Feb 28 21:11:50 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9.2.1 2005/01/07 01:22:20 salo Exp $
+$NetBSD: distinfo,v 1.9.2.2 2005/02/28 21:11:50 snj Exp $
SHA1 (xine-lib-1-rc6a.tar.gz) = 9359543ae3cc34f25af08ef42cbd13f08cae8398
Size (xine-lib-1-rc6a.tar.gz) = 7003035 bytes
@@ -22,3 +22,5 @@
SHA1 (patch-av) = 56f462e6091a72e87544ece689557d60fbb749aa
SHA1 (patch-ba) = a527975fe9675358090bddc1361b707aa122f89b
SHA1 (patch-bb) = fcfdf5dae066837cb35e51a5d114c366a5b3a7b2
+SHA1 (patch-bc) = c07129e89ed5b958c9361b864e227cc7569e4a33
+SHA1 (patch-bd) = 2af09a00178b2cc499f98a454667e9dbfcc8e072
diff -r 49d0d0b719a7 -r edbbcb0d79c4 multimedia/xine-lib/patches/patch-bc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-bc Mon Feb 28 21:11:50 2005 +0000
@@ -0,0 +1,102 @@
+$NetBSD: patch-bc,v 1.2.2.2 2005/02/28 21:11:50 snj Exp $
+
+--- src/input/pnm.c 2003/12/12 22:53:15 1.20
++++ src/input/pnm.c 2004/12/15 12:53:36 1.21
+@@ -205,16 +205,21 @@
+ char *data, int *need_response) {
+
+ unsigned int chunk_size;
+- int n;
++ unsigned int n;
+ char *ptr;
+-
++
++ if( max < PREAMBLE_SIZE )
++ return -1;
++
+ /* get first PREAMBLE_SIZE bytes and ignore checksum */
+ _x_io_tcp_read (p->stream, p->s, data, CHECKSUM_SIZE);
+ if (data[0] == 0x72)
+ _x_io_tcp_read (p->stream, p->s, data, PREAMBLE_SIZE);
+ else
+ _x_io_tcp_read (p->stream, p->s, data+CHECKSUM_SIZE, PREAMBLE_SIZE-CHECKSUM_SIZE);
+-
++
++ max -= PREAMBLE_SIZE;
++
+ *chunk_type = be2me_32(*((uint32_t *)data));
+ chunk_size = be2me_32(*((uint32_t *)(data+4)));
+
+@@ -222,7 +227,11 @@
+ case PNA_TAG:
+ *need_response=0;
+ ptr=data+PREAMBLE_SIZE;
++
++ if( max < 1 )
++ return -1;
+ _x_io_tcp_read (p->stream, p->s, ptr++, 1);
++ max -= 1;
+
+ while(1) {
+ /* The pna chunk is devided into subchunks.
+@@ -235,17 +244,29 @@
+ * if first byte is 'F', we got an error
+ */
+
++ if( max < 2 )
++ return -1;
+ _x_io_tcp_read (p->stream, p->s, ptr, 2);
++ max -= 2;
++
+ if (*ptr == 'X') /* checking for server message */
+ {
+ xprintf(p->stream->xine, XINE_VERBOSITY_DEBUG, "input_pnm: got a message from server:\n");
++ if( max < 1 )
++ return -1;
+ _x_io_tcp_read (p->stream, p->s, ptr+2, 1);
++ max -= 1;
+
+ /* two bytes of message length*/
+ n=be2me_16(*(uint16_t*)(ptr+1));
+
+ /* message itself */
++ if( max < n )
++ return -1;
+ _x_io_tcp_read (p->stream, p->s, ptr+3, n);
++ max -= n;
++ if( max < 1 )
++ return -1;
+ ptr[3+n]=0;
+ xprintf(p->stream->xine, XINE_VERBOSITY_DEBUG, "%s\n", ptr+3);
+ return -1;
+@@ -265,10 +286,15 @@
+ }
+ if (*ptr != 0x4f) break;
+ n=ptr[1];
+- _x_io_tcp_read (p->stream, p->s, ptr+2, n);
++ if( max < n )
++ return -1;
++ _x_io_tcp_read (p->stream, p->s, ptr+2, n);
+ ptr+=(n+2);
++ max-=n;
+ }
+ /* the checksum of the next chunk is ignored here */
++ if( max < 1 )
++ return -1;
+ _x_io_tcp_read (p->stream, p->s, ptr+2, 1);
+ ptr+=3;
+ chunk_size=ptr-data;
+@@ -278,11 +304,11 @@
+ case PROP_TAG:
+ case MDPR_TAG:
+ case CONT_TAG:
+- if (chunk_size > max) {
++ if (chunk_size > max || chunk_size < PREAMBLE_SIZE) {
+ xprintf(p->stream->xine, XINE_VERBOSITY_DEBUG, "error: max chunk size exeeded (max was 0x%04x)\n", max);
++#ifdef LOG
+ /* reading some bytes for debugging */
+ n=_x_io_tcp_read (p->stream, p->s, &data[PREAMBLE_SIZE], 0x100 - PREAMBLE_SIZE);
+-#ifdef LOG
+ xine_hexdump(data,n+PREAMBLE_SIZE);
+ #endif
+ return -1;
diff -r 49d0d0b719a7 -r edbbcb0d79c4 multimedia/xine-lib/patches/patch-bd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-bd Mon Feb 28 21:11:50 2005 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-bd,v 1.1.2.2 2005/02/28 21:11:50 snj Exp $
+
+--- src/input/libreal/real.c 2004/09/08 15:09:30 1.19
++++ src/input/libreal/real.c 2004/12/15 12:53:46 1.20
+@@ -604,6 +604,8 @@
+ return (n <= 0) ? 0 : n+12;
+ }
+
++//! maximum size of the rtsp description, must be < INT_MAX
++#define MAX_DESC_BUF (20 * 1024 * 1024)
+ rmff_header_t *real_setup_and_get_header(rtsp_t *rtsp_session, uint32_t bandwidth) {
+
+ char *description=NULL;
+@@ -652,6 +654,13 @@
+ else
+ size=atoi(rtsp_search_answers(rtsp_session,"Content-length"));
+
++ if (size > MAX_DESC_BUF) {
++ printf("real: Content-length for description too big (> %uMB)!\n",
++ MAX_DESC_BUF/(1024*1024) );
++ xine_buffer_free(buf);
++ return NULL;
++ }
++
+ if (!rtsp_search_answers(rtsp_session,"ETag"))
+ lprintf("real: got no ETag!\n");
+ else
Home |
Main Index |
Thread Index |
Old Index