[pkgsrc/trunk]: pkgsrc/multimedia Add a patch for CVE-2008-1558 to mplayer. T...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5e9b06e75c86
branches:  trunk
changeset: 542278:5e9b06e75c86
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun May 11 03:46:24 2008 +0000

description:
Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow in
the RealRTSP SDP code which can be exploited to execute arbitrary code
remotely.

diffstat:

 multimedia/mplayer-share/distinfo         |   3 ++-
 multimedia/mplayer-share/patches/patch-al |  14 ++++++++++++++
 multimedia/mplayer/Makefile               |   4 ++--
 3 files changed, 18 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r a01d4ccaae35 -r 5e9b06e75c86 multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Sun May 11 00:02:27 2008 +0000
+++ b/multimedia/mplayer-share/distinfo Sun May 11 03:46:24 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.49 2008/04/14 06:55:47 joerg Exp $
+$NetBSD: distinfo,v 1.50 2008/05/11 03:46:24 tonnerre Exp $
 
 SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
 RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
@@ -14,6 +14,7 @@
 SHA1 (patch-ai) = ec79d6a1b0c2790ca826a91a48040c64632ac988
 SHA1 (patch-aj) = 772d083dfa5eac789abfd5e925eeeba400bbc527
 SHA1 (patch-ak) = 072b4391e5fde58f6b01bd43133f1d017fc14d58
+SHA1 (patch-al) = 9538b10cf5b3802381d7aabc798676b3cb9ef00d
 SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
 SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
 SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
diff -r a01d4ccaae35 -r 5e9b06e75c86 multimedia/mplayer-share/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-al Sun May 11 03:46:24 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-al,v 1.3 2008/05/11 03:46:24 tonnerre Exp $
+
+--- stream/realrtsp/sdpplin.c.orig     2007-10-07 21:49:25.000000000 +0200
++++ stream/realrtsp/sdpplin.c
+@@ -330,7 +330,8 @@ sdpplin_t *sdpplin_parse(char *data) {
+     
+     if(filter(data,"a=StreamCount:integer;",&buf)) {
+       desc->stream_count=(unsigned int)atoi(buf);
+-      desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count);
++      desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*));
++      if (!desc->stream) desc->stream_count = 0;
+       handled=1;
+       data=nl(data);
+     }
diff -r a01d4ccaae35 -r 5e9b06e75c86 multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile       Sun May 11 00:02:27 2008 +0000
+++ b/multimedia/mplayer/Makefile       Sun May 11 03:46:24 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2008/04/28 14:32:11 drochner Exp $
+# $NetBSD: Makefile,v 1.59 2008/05/11 03:46:24 tonnerre Exp $
 
 PKGNAME=       mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION=   6
+PKGREVISION=   7
 
 COMMENT=       Software-only MPEG-1/2/4 video decoder