pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q3]: pkgsrc/multimedia pullup ticket #2611 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/593167cf4af5
branches: pkgsrc-2008Q3
changeset: 547937:593167cf4af5
user: rtr <rtr%pkgsrc.org@localhost>
date: Wed Dec 17 12:50:31 2008 +0000
description:
pullup ticket #2611 - requested by tron
mplayer, gmplayer, mencoder: security and vcd support patches
revisions pulled up:
pkgsrc/multimedia/gmplayer/Makefile 1.72, 1.73
pkgsrc/multimedia/gmplayer/distinfo 1.58, 1.59
pkgsrc/multimedia/mencoder/Makefile 1.40, 1.41
pkgsrc/multimedia/mplayer-share/distinfo 1.55, 1.56
pkgsrc/multimedia/mplayer-share/patches/patch-an 1.1
pkgsrc/multimedia/mplayer-share/patches/patch-ca 1.1
pkgsrc/multimedia/mplayer/Makefile 1.62, 1.63
Module Name: pkgsrc
Committed By: wiz
Date: Mon Oct 20 07:40:00 UTC 2008
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
pkgsrc/multimedia/mencoder: Makefile
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-an
Log Message:
Add a patch for better VCD support from Sergey Svishchev.
Fixes PR 20549.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Mon Dec 15 15:37:59 UTC 2008
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
pkgsrc/multimedia/mencoder: Makefile
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-ca
Log Message:
Add security patch from MPlayer SVN repository to fix a buffer overflow
in the TwinVQ media file decoder.
diffstat:
multimedia/gmplayer/Makefile | 4 +-
multimedia/gmplayer/distinfo | 5 ++-
multimedia/mencoder/Makefile | 5 +-
multimedia/mplayer-share/distinfo | 4 +-
multimedia/mplayer-share/patches/patch-an | 37 ++++++++++++++++++
multimedia/mplayer-share/patches/patch-ca | 61 +++++++++++++++++++++++++++++++
multimedia/mplayer/Makefile | 4 +-
7 files changed, 111 insertions(+), 9 deletions(-)
diffs (196 lines):
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/gmplayer/Makefile
--- a/multimedia/gmplayer/Makefile Tue Dec 16 12:02:38 2008 +0000
+++ b/multimedia/gmplayer/Makefile Wed Dec 17 12:50:31 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.71 2008/10/02 12:32:41 tron Exp $
+# $NetBSD: Makefile,v 1.71.2.1 2008/12/17 12:50:31 rtr Exp $
#
# NOTE: if you are updating both mplayer and gmplayer, you must ensure
@@ -9,7 +9,7 @@
#
PKGNAME= gmplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 6
+PKGREVISION= 8
BROKEN_IN= pkgsrc-2006Q4
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/gmplayer/distinfo
--- a/multimedia/gmplayer/distinfo Tue Dec 16 12:02:38 2008 +0000
+++ b/multimedia/gmplayer/distinfo Wed Dec 17 12:50:31 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.57 2008/09/12 19:41:57 abs Exp $
+$NetBSD: distinfo,v 1.57.4.1 2008/12/17 12:50:31 rtr Exp $
SHA1 (gmplayer-1.0rc10-20060123/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc
RMD160 (gmplayer-1.0rc10-20060123/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998
@@ -75,10 +75,13 @@
SHA1 (patch-aj) = 772d083dfa5eac789abfd5e925eeeba400bbc527
SHA1 (patch-ak) = 072b4391e5fde58f6b01bd43133f1d017fc14d58
SHA1 (patch-al) = 9538b10cf5b3802381d7aabc798676b3cb9ef00d
+SHA1 (patch-am) = bae1e03f7265cb6b07947f052f0774d1c17da88e
+SHA1 (patch-an) = a967a47b0d0846fe89f91f9d3faa6055975a5a73
SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
SHA1 (patch-bd) = 9132118a143758b6c9e9dffb713f7dadd29ce3c3
+SHA1 (patch-ca) = 68603a92b3dd8c7a33e6bc982f8ced1219fa419d
SHA1 (patch-tc) = 89f802ff0ebfc14d6f2a4b17177915f66c9f9038
SHA1 (patch-va) = db69c373e78048924c536055c68c7de0feabc623
SHA1 (patch-vb) = 28b1dd82fb61a4fc0be4a4f4599f75823cae5f11
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/mencoder/Makefile
--- a/multimedia/mencoder/Makefile Tue Dec 16 12:02:38 2008 +0000
+++ b/multimedia/mencoder/Makefile Wed Dec 17 12:50:31 2008 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2008/10/02 12:32:42 tron Exp $
+# $NetBSD: Makefile,v 1.39.2.1 2008/12/17 12:50:32 rtr Exp $
PKGNAME= mencoder-${MPLAYER_PKG_VERSION}
-
-PKGREVISION= 3
+PKGREVISION= 5
COMMENT= Simple movie encoder for MPlayer-playable movies
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Tue Dec 16 12:02:38 2008 +0000
+++ b/multimedia/mplayer-share/distinfo Wed Dec 17 12:50:31 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.54 2008/10/02 12:32:41 tron Exp $
+$NetBSD: distinfo,v 1.54.2.1 2008/12/17 12:50:31 rtr Exp $
SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
@@ -16,10 +16,12 @@
SHA1 (patch-ak) = 072b4391e5fde58f6b01bd43133f1d017fc14d58
SHA1 (patch-al) = 9538b10cf5b3802381d7aabc798676b3cb9ef00d
SHA1 (patch-am) = bae1e03f7265cb6b07947f052f0774d1c17da88e
+SHA1 (patch-an) = a967a47b0d0846fe89f91f9d3faa6055975a5a73
SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
SHA1 (patch-bd) = 9132118a143758b6c9e9dffb713f7dadd29ce3c3
+SHA1 (patch-ca) = 68603a92b3dd8c7a33e6bc982f8ced1219fa419d
SHA1 (patch-tc) = 89f802ff0ebfc14d6f2a4b17177915f66c9f9038
SHA1 (patch-va) = db69c373e78048924c536055c68c7de0feabc623
SHA1 (patch-vb) = 28b1dd82fb61a4fc0be4a4f4599f75823cae5f11
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/mplayer-share/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-an Wed Dec 17 12:50:31 2008 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-an,v 1.1.2.2 2008/12/17 12:50:31 rtr Exp $
+
+--- stream/vcd_read_fbsd.h.orig 2007-10-07 19:49:26.000000000 +0000
++++ stream/vcd_read_fbsd.h
+@@ -37,9 +37,8 @@ typedef struct mp_vcd_priv_st {
+ vcd_tocentry entry;
+ #ifdef VCD_NETBSD
+ struct cd_toc_entry entry_data;
+-#else
+- cdsector_t buf;
+ #endif
++ cdsector_t buf;
+ } mp_vcd_priv_t;
+
+ static inline void
+@@ -208,8 +207,8 @@ vcd_read(mp_vcd_priv_t* vcd, char *mem)
+ sc.cmd[9] = 1 << 4; // user data only
+ sc.cmd[10] = 0; // no subchannel
+ sc.cmdlen = 12;
+- sc.databuf = (caddr_t) mem;
+- sc.datalen = 2328;
++ sc.databuf = (caddr_t) vcd->buf.data;
++ sc.datalen = VCD_SECTOR_DATA + 4; // MMC-3 spec says there are 4 extra bytes
+ sc.senselen = sizeof(sc.sense);
+ sc.flags = SCCMD_READ;
+ sc.timeout = 10000;
+@@ -226,9 +225,9 @@ vcd_read(mp_vcd_priv_t* vcd, char *mem)
+ #else
+ if (pread(vcd->fd,&vcd->buf,VCD_SECTOR_SIZE,vcd_get_msf(vcd)*VCD_SECTOR_SIZE)
+ != VCD_SECTOR_SIZE) return 0; // EOF?
++#endif
+
+ memcpy(mem,vcd->buf.data,VCD_SECTOR_DATA);
+-#endif
+ vcd_inc_msf(vcd);
+ return VCD_SECTOR_DATA;
+ }
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/mplayer-share/patches/patch-ca
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ca Wed Dec 17 12:50:31 2008 +0000
@@ -0,0 +1,61 @@
+$NetBSD: patch-ca,v 1.1.2.2 2008/12/17 12:50:31 rtr Exp $
+
+Security fix for vulnerability reported in TKADV2008-014 taken from:
+
+http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=patch&r1=24723&r2=28150&pathrev=28150
+
+--- libmpdemux/demux_vqf.c.orig 2007-10-07 20:49:33.000000000 +0100
++++ libmpdemux/demux_vqf.c 2008-12-15 14:29:58.000000000 +0000
+@@ -50,11 +50,14 @@
+ unsigned chunk_size;
+ hi->size=chunk_size=stream_read_dword(s); /* include itself */
+ stream_read(s,chunk_id,4);
++ if (chunk_size < 8) return NULL;
++ chunk_size -= 8;
+ if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M'))
+ {
+- char buf[chunk_size-8];
++ char buf[BUFSIZ];
+ unsigned i,subchunk_size;
+- if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL;
++ if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL;
++ if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL;
+ i=0;
+ subchunk_size=be2me_32(*((uint32_t *)&buf[0]));
+ hi->channelMode=be2me_32(*((uint32_t *)&buf[4]));
+@@ -83,13 +86,15 @@
+ sh_audio->samplesize = 4;
+ w->wBitsPerSample = 8*sh_audio->samplesize;
+ w->cbSize = 0;
++ if (subchunk_size > chunk_size - 4) continue;
+ i+=subchunk_size+4;
+- while(i<chunk_size-8)
++ while(i + 8 < chunk_size)
+ {
+ unsigned slen,sid;
+- char sdata[chunk_size];
++ char sdata[BUFSIZ];
+ sid=*((uint32_t *)&buf[i]); i+=4;
+ slen=be2me_32(*((uint32_t *)&buf[i])); i+=4;
++ if (slen > sizeof(sdata) - 1 || slen > chunk_size - i) break;
+ if(sid==mmioFOURCC('D','S','I','Z'))
+ {
+ hi->Dsiz=be2me_32(*((uint32_t *)&buf[i]));
+@@ -141,7 +146,7 @@
+ if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A'))
+ {
+ demuxer->movi_start=stream_tell(s);
+- demuxer->movi_end=demuxer->movi_start+chunk_size-8;
++ demuxer->movi_end=demuxer->movi_start+chunk_size;
+ mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end);
+ /* Done! play it */
+ break;
+@@ -149,7 +154,7 @@
+ else
+ {
+ mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size);
+- stream_skip(s,chunk_size-8); /*unknown chunk type */
++ stream_skip(s,chunk_size); /*unknown chunk type */
+ }
+ }
+
diff -r 2b996c4395aa -r 593167cf4af5 multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile Tue Dec 16 12:02:38 2008 +0000
+++ b/multimedia/mplayer/Makefile Wed Dec 17 12:50:31 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.61 2008/10/02 12:32:41 tron Exp $
+# $NetBSD: Makefile,v 1.61.2.1 2008/12/17 12:50:31 rtr Exp $
PKGNAME= mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 8
+PKGREVISION= 10
COMMENT= Software-only MPEG-1/2/4 video decoder
Home |
Main Index |
Thread Index |
Old Index