[pkgsrc/trunk]: pkgsrc/multimedia/gst-plugins0.8 old gstreamer0.8 is also aff...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/57083926c8b5
branches:  trunk
changeset: 554246:57083926c8b5
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Feb 11 12:42:59 2009 +0000

description:
old gstreamer0.8 is also affected by the qt demux security problem
recently fixed in 0.10 (known as CVE-2009-0398 now), so add
the applicable part of the upstream patch and bump PKGREVISION
(this has reached the end of its useful life anyway, it is only
used by "tunesbrowser" and as non-default option in KDE3)

diffstat:

 multimedia/gst-plugins0.8/Makefile         |   4 ++--
 multimedia/gst-plugins0.8/distinfo         |   3 ++-
 multimedia/gst-plugins0.8/patches/patch-am |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (58 lines):

diff -r 57a58f6cca7c -r 57083926c8b5 multimedia/gst-plugins0.8/Makefile
--- a/multimedia/gst-plugins0.8/Makefile        Wed Feb 11 11:45:24 2009 +0000
+++ b/multimedia/gst-plugins0.8/Makefile        Wed Feb 11 12:42:59 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.15 2008/06/20 01:09:28 joerg Exp $
+# $NetBSD: Makefile,v 1.16 2009/02/11 12:42:59 drochner Exp $
 #
 
 PKG_DESTDIR_SUPPORT=   user-destdir
@@ -8,7 +8,7 @@
 .include "Makefile.common"
 
 COMMENT+=              base plugins
-PKGREVISION=           10
+PKGREVISION=           11
 
 USE_TOOLS+=            perl:run
 
diff -r 57a58f6cca7c -r 57083926c8b5 multimedia/gst-plugins0.8/distinfo
--- a/multimedia/gst-plugins0.8/distinfo        Wed Feb 11 11:45:24 2009 +0000
+++ b/multimedia/gst-plugins0.8/distinfo        Wed Feb 11 12:42:59 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2006/04/28 22:27:36 wiz Exp $
+$NetBSD: distinfo,v 1.4 2009/02/11 12:42:59 drochner Exp $
 
 SHA1 (gst-plugins-0.8.11.tar.bz2) = 4a9be6b62dd0e8a73616e8e93f7a3ace8aec8c59
 RMD160 (gst-plugins-0.8.11.tar.bz2) = 833aec123a52cd0f36ec883c349cc8d69090d749
@@ -14,3 +14,4 @@
 SHA1 (patch-aj) = b0af98ac299f1b52387de14c5f3a0173efd7ca8f
 SHA1 (patch-ak) = 9907506f1d7bab87d6857fc159bbe58b82b1b585
 SHA1 (patch-al) = 363b9f17c1a09e1283f73104c6fb83cd880c9847
+SHA1 (patch-am) = b53630192ae2ed108c642ca9675338b2951e5126
diff -r 57a58f6cca7c -r 57083926c8b5 multimedia/gst-plugins0.8/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/gst-plugins0.8/patches/patch-am        Wed Feb 11 12:42:59 2009 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-am,v 1.1 2009/02/11 12:42:59 drochner Exp $
+
+--- gst/qtdemux/qtdemux.c.orig 2005-08-29 13:50:51.000000000 +0200
++++ gst/qtdemux/qtdemux.c
+@@ -2360,7 +2360,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
+     n_sample_times = QTDEMUX_GUINT32_GET (stts->data + 12);
+     timestamp = 0;
+     index = 0;
+-    for (i = 0; i < n_sample_times; i++) {
++    for (i = 0; (i < n_sample_times) && (index < n_samples); i++) {
+       int n;
+       int duration;
+       guint64 time;
+@@ -2368,7 +2368,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
+       n = QTDEMUX_GUINT32_GET (stts->data + 16 + 8 * i);
+       duration = QTDEMUX_GUINT32_GET (stts->data + 16 + 8 * i + 4);
+       time = (GST_SECOND * duration) / stream->timescale;
+-      for (j = 0; j < n; j++) {
++      for (j = 0; (j < n) && (index < n_samples); j++) {
+         //GST_INFO("moo %lld", timestamp);
+         samples[index].timestamp = timestamp;
+         samples[index].duration = time;