pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2007Q1]: pkgsrc/multimedia/mplayer-share/patches Pullup ticket...
details: https://anonhg.NetBSD.org/pkgsrc/rev/d71e86beaee9
branches: pkgsrc-2007Q1
changeset: 527427:d71e86beaee9
user: ghen <ghen%pkgsrc.org@localhost>
date: Fri Jun 15 06:31:53 2007 +0000
description:
Pullup ticket 2107 - requested by tron
security fix for mplayer
- pkgsrc/multimedia/gmplayer/Makefile 1.60
- pkgsrc/multimedia/gmplayer/distinfo 1.47
- pkgsrc/multimedia/mplayer/Makefile 1.42-1.43
- pkgsrc/multimedia/mplayer-share/distinfo 1.40
- pkgsrc/multimedia/mplayer-share/patches/patch-ae 1.7
Module Name: pkgsrc
Committed By: tron
Date: Thu Jun 7 13:19:55 UTC 2007
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
pkgsrc/multimedia/mplayer: Makefile
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-ae
Log Message:
Add patch from the MPlayer SVN repository to fix an overflow in the
CDDB code reported in CVE-2007-2948. Bump package revision.
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Jun 8 10:07:17 UTC 2007
Modified Files:
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Log Message:
Regenerate the "distinfo" for the "mplayer" package, too. Bump the
package revision again because the patch didn't get applied previously.
Problem pointed out by Geert Hendrickx.
diffstat:
multimedia/mplayer-share/patches/patch-ae | 31 +++++++++++++++++++++++++++++++
1 files changed, 31 insertions(+), 0 deletions(-)
diffs (35 lines):
diff -r 369df88bf8b5 -r d71e86beaee9 multimedia/mplayer-share/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ae Fri Jun 15 06:31:53 2007 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ae,v 1.6.8.1 2007/06/15 06:31:53 ghen Exp $
+
+--- stream/stream_cddb.c.orig 2006-10-22 23:32:25.000000000 +0100
++++ stream/stream_cddb.c 2007-06-07 13:57:35.000000000 +0100
+@@ -435,7 +435,7 @@
+
+ switch(status) {
+ case 210:
+- ret = sscanf( http_hdr->body, "%d %s %08lx", &status, category, &disc_id);
++ ret = sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &disc_id);
+ if( ret!=3 ) {
+ mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ return -1;
+@@ -496,7 +496,7 @@
+ ptr++;
+ // We have a list of exact/inexact matches, so which one do we use?
+ // So let's take the first one.
+- ret = sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->disc_id), album_title);
++ ret = sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data->disc_id), album_title);
+ if( ret!=3 ) {
+ mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ return -1;
+@@ -533,7 +533,7 @@
+ switch(status) {
+ case 200:
+ // Found exact match
+- ret = sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
++ ret = sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
+ if( ret!=4 ) {
+ mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ return -1;
Home |
Main Index |
Thread Index |
Old Index