pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/xvidcore Aims to fix CVE-2007-3329 security...
details: https://anonhg.NetBSD.org/pkgsrc/rev/194e9f8627ee
branches: trunk
changeset: 530354:194e9f8627ee
user: lkundrak <lkundrak%pkgsrc.org@localhost>
date: Tue Jun 26 11:45:16 2007 +0000
description:
Aims to fix CVE-2007-3329 security vulnerability.
diffstat:
multimedia/xvidcore/Makefile | 3 +-
multimedia/xvidcore/distinfo | 3 +-
multimedia/xvidcore/patches/patch-ac | 48 ++++++++++++++++++++++++++++++++++++
3 files changed, 52 insertions(+), 2 deletions(-)
diffs (77 lines):
diff -r b7494be09ab7 -r 194e9f8627ee multimedia/xvidcore/Makefile
--- a/multimedia/xvidcore/Makefile Tue Jun 26 11:44:27 2007 +0000
+++ b/multimedia/xvidcore/Makefile Tue Jun 26 11:45:16 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2007/01/06 16:31:48 jmmv Exp $
+# $NetBSD: Makefile,v 1.28 2007/06/26 11:45:16 lkundrak Exp $
DISTNAME= xvidcore-1.1.2
+PKGREVISION= 1
CATEGORIES= multimedia
MASTER_SITES= http://downloads.xvid.org/downloads/
EXTRACT_SUFX= .tar.bz2
diff -r b7494be09ab7 -r 194e9f8627ee multimedia/xvidcore/distinfo
--- a/multimedia/xvidcore/distinfo Tue Jun 26 11:44:27 2007 +0000
+++ b/multimedia/xvidcore/distinfo Tue Jun 26 11:45:16 2007 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.15 2007/01/06 16:31:48 jmmv Exp $
+$NetBSD: distinfo,v 1.16 2007/06/26 11:45:16 lkundrak Exp $
SHA1 (xvidcore-1.1.2.tar.bz2) = a524c18f34133dc83b7be90abda7d0ae4ab3b7fb
RMD160 (xvidcore-1.1.2.tar.bz2) = bc3dfbd176ece5f54bbd72f1e655eba4da9baeb4
Size (xvidcore-1.1.2.tar.bz2) = 626741 bytes
SHA1 (patch-aa) = 593ae63ddb5ec646d7f531b99783de64a9d6ceb3
SHA1 (patch-ab) = 19306e1db22eeb58e703b1b416b019c0d2c4a694
+SHA1 (patch-ac) = 3865b2daac5d157154c30f248860d05707d62fd4
diff -r b7494be09ab7 -r 194e9f8627ee multimedia/xvidcore/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xvidcore/patches/patch-ac Tue Jun 26 11:45:16 2007 +0000
@@ -0,0 +1,48 @@
+$NetBSD: patch-ac,v 1.1 2007/06/26 11:45:17 lkundrak Exp $
+
+This is believed to fix CVE-2007-3329.
+Though there is no more information about the vulnerability apart from function names,
+it seems that coeff is the only index that could point out of bounds causing harm
+and only these three functions share this code.
+
+--- src/bitstream/mbcoding.c.orig 2007-06-26 13:38:17.000000000 +0200
++++ src/bitstream/mbcoding.c
+@@ -1073,12 +1073,10 @@ get_intra_block(Bitstream * bs,
+ }
+ coeff += run;
+
+-#ifdef _DEBUG
+ if(coeff>=64) {
+ DPRINTF(XVID_DEBUG_ERROR,"error: overflow in coefficient index\n");
+ return;
+ }
+-#endif
+
+ block[scan[coeff]] = level;
+
+@@ -1121,12 +1119,10 @@ get_inter_block_h263(
+ }
+ p += run;
+
+-#ifdef _DEBUG
+ if(p>=64) {
+ DPRINTF(XVID_DEBUG_ERROR,"error: overflow in coefficient index\n");
+ return;
+ }
+-#endif
+
+ if (level < 0) {
+ level = level*quant_m_2 - quant_add;
+@@ -1163,12 +1159,10 @@ get_inter_block_mpeg(
+ }
+ p += run;
+
+-#ifdef _DEBUG
+ if(p>=64) {
+ DPRINTF(XVID_DEBUG_ERROR,"error: overflow in coefficient index\n");
+ return;
+ }
+-#endif
+
+ if (level < 0) {
+ level = ((2 * -level + 1) * matrix[scan[p]] * quant) >> 4;
Home |
Main Index |
Thread Index |
Old Index