pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/vlc2 add patch from upstream to fix buffer ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/23be63791822
branches: trunk
changeset: 624824:23be63791822
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Oct 01 14:50:38 2013 +0000
description:
add patch from upstream to fix buffer overflow in the mp4a packetizer
(CVE-2013-4388)
bump PKGREV
diffstat:
multimedia/vlc2/Makefile | 4 ++--
multimedia/vlc2/distinfo | 3 ++-
multimedia/vlc2/patches/patch-CVE-2013-4388 | 19 +++++++++++++++++++
3 files changed, 23 insertions(+), 3 deletions(-)
diffs (50 lines):
diff -r 2d671a1c08d2 -r 23be63791822 multimedia/vlc2/Makefile
--- a/multimedia/vlc2/Makefile Tue Oct 01 14:48:45 2013 +0000
+++ b/multimedia/vlc2/Makefile Tue Oct 01 14:50:38 2013 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2013/09/02 19:51:19 adam Exp $
+# $NetBSD: Makefile,v 1.40 2013/10/01 14:50:38 drochner Exp $
DISTNAME= vlc-${VLC_VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= multimedia
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=vlc/} \
http://download.videolan.org/pub/videolan/vlc/${VLC_VERSION}/
diff -r 2d671a1c08d2 -r 23be63791822 multimedia/vlc2/distinfo
--- a/multimedia/vlc2/distinfo Tue Oct 01 14:48:45 2013 +0000
+++ b/multimedia/vlc2/distinfo Tue Oct 01 14:50:38 2013 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.20 2013/08/23 12:45:50 drochner Exp $
+$NetBSD: distinfo,v 1.21 2013/10/01 14:50:38 drochner Exp $
SHA1 (vlc-2.0.8.tar.xz) = 8937ed30412bef49db77d2187a9e4734866f8ab7
RMD160 (vlc-2.0.8.tar.xz) = cd2483e4447b8bc4a91dbcf95ff1213244dcf40f
Size (vlc-2.0.8.tar.xz) = 18858236 bytes
+SHA1 (patch-CVE-2013-4388) = 19496eb8c81fd06adbc9d736e1ceafe55fa7c14d
SHA1 (patch-aa) = 46003ac47b0b0ab97f481cbd755d48f624b0fa87
SHA1 (patch-ab) = 7833e9d1e023f53dd1125af5049eb9d74b733905
SHA1 (patch-ac) = 9cdb4bdad7f8e6a09e35b5a1142350d47d77f270
diff -r 2d671a1c08d2 -r 23be63791822 multimedia/vlc2/patches/patch-CVE-2013-4388
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc2/patches/patch-CVE-2013-4388 Tue Oct 01 14:50:38 2013 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-CVE-2013-4388,v 1.1 2013/10/01 14:50:38 drochner Exp $
+
+upstream commit 9794ec1cd268c04c8bca13a5fae15df6594dff3e
+
+--- modules/packetizer/mpeg4audio.c.orig 2012-04-27 17:14:57.000000000 +0000
++++ modules/packetizer/mpeg4audio.c
+@@ -892,8 +892,11 @@ static int LOASParse( decoder_t *p_dec,
+ continue;
+
+ /* FIXME that's slow (and a bit ugly to write in place) */
+- for( i = 0; i < pi_payload[i_program][i_layer]; i++ )
++ for( i = 0; i < pi_payload[i_program][i_layer]; i++ ) {
++ if (i_accumulated >= i_buffer)
++ return 0;
+ p_buffer[i_accumulated++] = bs_read( &s, 8 );
++ }
+ }
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index