[pkgsrc/pkgsrc-2006Q4]: pkgsrc/multimedia/mplayer-share Pullup ticket 1986 - ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/multimedia/mplayer-share Pullup ticket 1986 - ...
From: ghen <ghen%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:22:06 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/70c976b3f7f6
branches:  pkgsrc-2006Q4
changeset: 522989:70c976b3f7f6
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Sun Jan 28 20:37:59 2007 +0000

description:
Pullup ticket 1986 - requested by drochner
security fix for mplayer, gmplayer, mencoder
(I forgot to commit multimedia/mplayer-share/patches/patch-* the first time)

- pkgsrc/multimedia/gmplayer/Makefile                   1.58
- pkgsrc/multimedia/gmplayer/distinfo                   1.44
- pkgsrc/multimedia/mencoder/Makefile                   1.31
- pkgsrc/multimedia/mplayer/Makefile                    1.38
- pkgsrc/multimedia/mplayer-share/distinfo              1.36
- pkgsrc/multimedia/mplayer-share/patches/patch-ba      1.5
- pkgsrc/multimedia/mplayer-share/patches/patch-bb      1.5
- pkgsrc/multimedia/mplayer-share/patches/patch-bc      1.3

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Jan  9 14:49:34 UTC 2007

   Modified Files:
        pkgsrc/multimedia/gmplayer: Makefile distinfo
        pkgsrc/multimedia/mencoder: Makefile
        pkgsrc/multimedia/mplayer: Makefile
        pkgsrc/multimedia/mplayer-share: distinfo
   Added Files:
        pkgsrc/multimedia/mplayer-share/patches: patch-ba patch-bb patch-bc

   Log Message:
   add limit check to real parser (identical to CVE-2006-6172)
   from mplayer svn

   bump PKGREVISIONs

diffstat:

 multimedia/mplayer-share/distinfo         |   5 ++++-
 multimedia/mplayer-share/patches/patch-ba |  25 +++++++++++++++++++++++++
 multimedia/mplayer-share/patches/patch-bb |  13 +++++++++++++
 multimedia/mplayer-share/patches/patch-bc |  13 +++++++++++++
 4 files changed, 55 insertions(+), 1 deletions(-)

diffs (80 lines):

diff -r 5f074e302116 -r 70c976b3f7f6 multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Sun Jan 28 20:32:49 2007 +0000
+++ b/multimedia/mplayer-share/distinfo Sun Jan 28 20:37:59 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2006/11/30 14:03:13 abs Exp $
+$NetBSD: distinfo,v 1.35.2.1 2007/01/28 20:37:59 ghen Exp $
 
 SHA1 (mplayer-1.0rc9/MPlayer-1.0rc1.tar.bz2) = a450c0b0749c343a8496ba7810363c9d46dfa73c
 RMD160 (mplayer-1.0rc9/MPlayer-1.0rc1.tar.bz2) = 8cea02e832aec5d9e090829d61d0f131dcc177a2
@@ -8,4 +8,7 @@
 SHA1 (patch-ac) = 6d0de4bd41d9842ea1bf46e9fbe60bf6a943b913
 SHA1 (patch-ad) = d0b72eaa5e63d2cfd7828ea1a9973f1728c607b5
 SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b
+SHA1 (patch-ba) = bdb20f4ead6f55c0847534b5b1f06ea865e438e6
+SHA1 (patch-bb) = 554ca2074716ada4f817f55be61e808e1dc5c93e
+SHA1 (patch-bc) = c073f6e5d2d71030346fda82ff3a1f474ad49c0f
 SHA1 (patch-tc) = e67443cec273d7aa168fb160e2409d2ce352a8bf
diff -r 5f074e302116 -r 70c976b3f7f6 multimedia/mplayer-share/patches/patch-ba
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ba Sun Jan 28 20:37:59 2007 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ba,v 1.4.14.1 2007/01/28 20:37:59 ghen Exp $
+
+--- stream/realrtsp/asmrp.c.orig       2006-10-23 00:32:25.000000000 +0200
++++ stream/realrtsp/asmrp.c
+@@ -40,6 +40,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include "asmrp.h"
+ 
+ /*
+ #define LOG
+@@ -645,8 +646,10 @@ static int asmrp_eval (asmrp_t *p, int *
+ #ifdef LOG
+       printf ("rule #%d is true\n", rule_num);
+ #endif
+-      matches[num_matches] = rule_num;
+-      num_matches++;
++      if(num_matches < MAX_RULEMATCHES - 1)
++        matches[num_matches++] = rule_num;
++      else
++        printf("Ignoring matched asm rule %d, too many matched rules.\n", rule_num);
+     }
+ 
+     rule_num++;
diff -r 5f074e302116 -r 70c976b3f7f6 multimedia/mplayer-share/patches/patch-bb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-bb Sun Jan 28 20:37:59 2007 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.4.14.1 2007/01/28 20:37:59 ghen Exp $
+
+--- stream/realrtsp/real.c.orig        2006-10-23 00:32:25.000000000 +0200
++++ stream/realrtsp/real.c
+@@ -271,7 +271,7 @@ static rmff_header_t *real_parse_sdp(cha
+     int j=0;
+     int n;
+     char b[64];
+-    int rulematches[16];
++    int rulematches[MAX_RULEMATCHES];
+ 
+ #ifdef LOG
+     printf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);
diff -r 5f074e302116 -r 70c976b3f7f6 multimedia/mplayer-share/patches/patch-bc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-bc Sun Jan 28 20:37:59 2007 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bc,v 1.2.20.1 2007/01/28 20:37:59 ghen Exp $
+
+--- stream/realrtsp/asmrp.h.orig       2006-10-23 00:32:25.000000000 +0200
++++ stream/realrtsp/asmrp.h
+@@ -40,6 +40,8 @@
+ #ifndef HAVE_ASMRP_H
+ #define HAVE_ASMRP_H
+ 
++#define MAX_RULEMATCHES 16
++
+ int asmrp_match (const char *rules, int bandwidth, int *matches) ;
+ 
+ #endif

Prev by Date: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/net/proftpd Pullup ticket 1991 - requested by ...
Next by Date: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/misc/koffice/patches Pullup ticket 1996 - requ...
Previous by Thread: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/net/proftpd Pullup ticket 1991 - requested by ...
Next by Thread: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/misc/koffice/patches Pullup ticket 1996 - requ...
Indexes:

Home | Main Index | Thread Index | Old Index