pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia/xine-ui xine-ui: fix two buffer overflows f...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/d4ef604e04cc
branches:  trunk
changeset: 374354:d4ef604e04cc
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sun Jan 21 18:44:58 2018 +0000

description:
xine-ui: fix two buffer overflows found by SSP

>From Anon.

Bump PKGREVISION.

diffstat:

 multimedia/xine-ui/Makefile                                 |   4 +-
 multimedia/xine-ui/distinfo                                 |   5 ++-
 multimedia/xine-ui/patches/patch-aj                         |  15 +++++++++++-
 multimedia/xine-ui/patches/patch-src_xitk_session__common.c |  15 +++++++++++++
 4 files changed, 33 insertions(+), 6 deletions(-)

diffs (80 lines):

diff -r 1f8603677bca -r d4ef604e04cc multimedia/xine-ui/Makefile
--- a/multimedia/xine-ui/Makefile       Sun Jan 21 16:49:45 2018 +0000
+++ b/multimedia/xine-ui/Makefile       Sun Jan 21 18:44:58 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2018/01/01 21:18:46 adam Exp $
+# $NetBSD: Makefile,v 1.82 2018/01/21 18:44:58 wiz Exp $
 
 DISTNAME=              xine-ui-0.99.8
-PKGREVISION=           14
+PKGREVISION=           15
 CATEGORIES=            multimedia
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=xine/}
 EXTRACT_SUFX=          .tar.xz
diff -r 1f8603677bca -r d4ef604e04cc multimedia/xine-ui/distinfo
--- a/multimedia/xine-ui/distinfo       Sun Jan 21 16:49:45 2018 +0000
+++ b/multimedia/xine-ui/distinfo       Sun Jan 21 18:44:58 2018 +0000
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.26 2015/11/03 23:54:34 agc Exp $
+$NetBSD: distinfo,v 1.27 2018/01/21 18:44:58 wiz Exp $
 
 SHA1 (xine-ui-0.99.8.tar.xz) = ffe8e6507a95f92f1e29aa4e3751f4b505e8da1a
 RMD160 (xine-ui-0.99.8.tar.xz) = 5f876d2dd24ab2bec8f1027dee071b8f3f3e76f9
 SHA512 (xine-ui-0.99.8.tar.xz) = a2d11b0c512b9d485e0bbe418b36fb5fd52fe1a9c68cdb865771fc580b30bff513825f3e24ef85a902669c2c1ea8947512dd9abe4c12fdef94b8852cc8588da3
 Size (xine-ui-0.99.8.tar.xz) = 1758372 bytes
 SHA1 (patch-ab) = 93cd824f2b85affb8847d84dd8562ef4bb12f6eb
-SHA1 (patch-aj) = 8030659d18f9a28c0d56a0a95748f070b912f95e
+SHA1 (patch-aj) = faa52c1a42d6053fc03b722286b2021d5508c8ac
 SHA1 (patch-ba) = 58cb4076d7034b252015c51de9260452bf63f37d
 SHA1 (patch-bb) = 2dcc5d1df7d46226f4f2c2a53ff6772bc513bf51
+SHA1 (patch-src_xitk_session__common.c) = 7040122ba6351989226584adb2c16a0d9fee31e6
 SHA1 (patch-zz) = d97dfaf773f5e69c18f6163e7262fdfbd330e5ed
diff -r 1f8603677bca -r d4ef604e04cc multimedia/xine-ui/patches/patch-aj
--- a/multimedia/xine-ui/patches/patch-aj       Sun Jan 21 16:49:45 2018 +0000
+++ b/multimedia/xine-ui/patches/patch-aj       Sun Jan 21 18:44:58 2018 +0000
@@ -1,9 +1,11 @@
-$NetBSD: patch-aj,v 1.6 2014/05/07 18:44:28 wiz Exp $
+$NetBSD: patch-aj,v 1.7 2018/01/21 18:44:59 wiz Exp $
 
 Support NetBSD and DragonFlyBSD.
 https://bugs.xine-project.org/show_bug.cgi?id=515
 
---- src/xitk/session.c.orig    2010-03-11 09:40:12.000000000 +0000
+Fix buffer overflow
+
+--- src/xitk/session.c.orig    2014-02-25 16:52:58.000000000 +0000
 +++ src/xitk/session.c
 @@ -21,7 +21,7 @@
  /* Largely inspired of xmms control socket stuff */
@@ -14,3 +16,12 @@
  #define _XOPEN_SOURCE 500
  #endif
  
+@@ -453,7 +453,7 @@ int init_session(void) {
+     for(i = 0;; i++)  {
+       saddr.un.sun_family = AF_UNIX;
+       
+-      snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
++      snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
+       if(!is_remote_running(i)) {
+       if((unlink(saddr.un.sun_path) == -1) && errno != ENOENT) {
+         fprintf(stderr, "setup_ctrlsocket(): Failed to unlink %s (Error: %s)", 
diff -r 1f8603677bca -r d4ef604e04cc multimedia/xine-ui/patches/patch-src_xitk_session__common.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-ui/patches/patch-src_xitk_session__common.c       Sun Jan 21 18:44:58 2018 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_xitk_session__common.c,v 1.1 2018/01/21 18:44:59 wiz Exp $
+
+Fix buffer overflow
+
+--- src/xitk/session_common.c.orig     2014-02-25 16:52:58.000000000 +0000
++++ src/xitk/session_common.c
+@@ -61,7 +61,7 @@ int connect_to_session(int session) {
+     euid             = geteuid();
+     setuid(euid);
+ 
+-    snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", session);
++    snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", session);
+     setreuid(stored_uid, euid);
+ 
+     if((connect(fd,&saddr.sa, sizeof(saddr.un))) != -1) {



Home | Main Index | Thread Index | Old Index