[pkgsrc/trunk]: pkgsrc/multimedia/gst-plugins0.10-base add a patch from upstr...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/multimedia/gst-plugins0.10-base add a patch from upstr...
From: drochner <drochner%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 07:30:53 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/baf95bf7f3f9
branches:  trunk
changeset: 556612:baf95bf7f3f9
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Mon Mar 23 12:03:24 2009 +0000

description:
add a patch from upstream to fix a buffer overflow in vorbis coverart
code (CVE-2009-0586), bump PKGREVISION

diffstat:

 multimedia/gst-plugins0.10-base/Makefile         |   4 +-
 multimedia/gst-plugins0.10-base/distinfo         |   3 +-
 multimedia/gst-plugins0.10-base/patches/patch-ad |  86 ++++++++++++++++++++++++
 3 files changed, 91 insertions(+), 2 deletions(-)

diffs (120 lines):

diff -r cce82d244e6a -r baf95bf7f3f9 multimedia/gst-plugins0.10-base/Makefile
--- a/multimedia/gst-plugins0.10-base/Makefile  Mon Mar 23 09:57:36 2009 +0000
+++ b/multimedia/gst-plugins0.10-base/Makefile  Mon Mar 23 12:03:24 2009 +0000
@@ -1,9 +1,11 @@
-# $NetBSD: Makefile,v 1.10 2009/01/26 10:39:01 drochner Exp $
+# $NetBSD: Makefile,v 1.11 2009/03/23 12:03:24 drochner Exp $
 #
 PKG_DESTDIR_SUPPORT=   user-destdir
 
 .include "Makefile.common"
 
+PKGREVISION=           1
+
 COMMENT+=              base plugins
 
 # some plugins were moved from bad to base
diff -r cce82d244e6a -r baf95bf7f3f9 multimedia/gst-plugins0.10-base/distinfo
--- a/multimedia/gst-plugins0.10-base/distinfo  Mon Mar 23 09:57:36 2009 +0000
+++ b/multimedia/gst-plugins0.10-base/distinfo  Mon Mar 23 12:03:24 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2009/01/26 10:39:01 drochner Exp $
+$NetBSD: distinfo,v 1.21 2009/03/23 12:03:24 drochner Exp $
 
 SHA1 (gst-plugins-base-0.10.22.tar.bz2) = 8e6a894858f5412234ce1591bbb773102c150cb7
 RMD160 (gst-plugins-base-0.10.22.tar.bz2) = 013de77422d6e89b64cf55ff7299b0ff1e38ef8a
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = be36e5a0f1de11900df7c510e7a9a03dd19d6e85
 SHA1 (patch-ab) = 0a739fbee2c49d75e9164c2b083820fd9d27c34a
 SHA1 (patch-ac) = 3a8a102f2c0740f481e115d68bc44d9e2bf66aae
+SHA1 (patch-ad) = f10ef3184acacf800ca50839e95fbd358f892cc9
diff -r cce82d244e6a -r baf95bf7f3f9 multimedia/gst-plugins0.10-base/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/gst-plugins0.10-base/patches/patch-ad  Mon Mar 23 12:03:24 2009 +0000
@@ -0,0 +1,86 @@
+$NetBSD: patch-ad,v 1.1 2009/03/23 12:03:24 drochner Exp $
+
+--- gst-libs/gst/tag/gstvorbistag.c.orig       2008-10-11 01:22:50.000000000 +0200
++++ gst-libs/gst/tag/gstvorbistag.c
+@@ -305,30 +305,32 @@ gst_vorbis_tag_add (GstTagList * list, c
+ }
+ 
+ static void
+-gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,
++gst_vorbis_tag_add_coverart (GstTagList * tags, gchar * img_data_base64,
+     gint base64_len)
+ {
+   GstBuffer *img;
+-  guchar *img_data;
+   gsize img_len;
++  guchar *out;
+   guint save = 0;
+   gint state = 0;
+ 
+   if (base64_len < 2)
+     goto not_enough_data;
+ 
+-  img_data = g_try_malloc0 (base64_len * 3 / 4);
+-
+-  if (img_data == NULL)
+-    goto alloc_failed;
+-
+-  img_len = g_base64_decode_step (img_data_base64, base64_len, img_data,
+-      &state, &save);
++  /* img_data_base64 points to a temporary copy of the base64 encoded data, so
++   * it's safe to do inpace decoding here
++   * TODO: glib 2.20 and later provides g_base64_decode_inplace, so change this
++   * to use glib's API instead once it's in wider use:
++   *  http://bugzilla.gnome.org/show_bug.cgi?id=564728
++   *  http://svn.gnome.org/viewvc/glib?view=revision&revision=7807 */
++  out = (guchar *) img_data_base64;
++  img_len = g_base64_decode_step (img_data_base64, base64_len,
++      out, &state, &save);
+ 
+   if (img_len == 0)
+     goto decode_failed;
+ 
+-  img = gst_tag_image_data_to_image_buffer (img_data, img_len,
++  img = gst_tag_image_data_to_image_buffer (out, img_len,
+       GST_TAG_IMAGE_TYPE_NONE);
+ 
+   if (img == NULL)
+@@ -338,7 +340,6 @@ gst_vorbis_tag_add_coverart (GstTagList 
+       GST_TAG_PREVIEW_IMAGE, img, NULL);
+ 
+   gst_buffer_unref (img);
+-  g_free (img_data);
+   return;
+ 
+ /* ERRORS */
+@@ -347,21 +348,14 @@ not_enough_data:
+     GST_WARNING ("COVERART tag with too little base64-encoded data");
+     return;
+   }
+-alloc_failed:
+-  {
+-    GST_WARNING ("Couldn't allocate enough memory to decode COVERART tag");
+-    return;
+-  }
+ decode_failed:
+   {
+-    GST_WARNING ("Couldn't decode bas64 image data from COVERART tag");
+-    g_free (img_data);
++    GST_WARNING ("Couldn't decode base64 image data from COVERART tag");
+     return;
+   }
+ convert_failed:
+   {
+     GST_WARNING ("Couldn't extract image or image type from COVERART tag");
+-    g_free (img_data);
+     return;
+   }
+ }
+@@ -457,6 +451,7 @@ error:
+   return NULL;
+ #undef ADVANCE
+ }
++
+ typedef struct
+ {
+   guint count;

Prev by Date: [pkgsrc/trunk]: pkgsrc/games/ioquake3 Make it build on DragonFly.
Next by Date: [pkgsrc/trunk]: pkgsrc/net Add URL for mirror on "ftp.belnet.be" to master si...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/games/ioquake3 Make it build on DragonFly.
Next by Thread: [pkgsrc/trunk]: pkgsrc/net Add URL for mirror on "ftp.belnet.be" to master si...
Indexes:

Home | Main Index | Thread Index | Old Index