Received: by mail.netbsd.org (Postfix, from userid 605)
	id 12EBF8D862; Fri, 15 Oct 2021 03:45:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 0CD7A8FC03
	for <pkgsrc-changes@NetBSD.org>; Thu, 14 Oct 2021 22:26:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id 1EXM448pVvFk for <pkgsrc-changes@netbsd.org>;
	Thu, 14 Oct 2021 22:26:43 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 06D42AD91D
	for <pkgsrc-changes@NetBSD.org>; Thu, 14 Oct 2021 07:03:03 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id F2A04FA97; Thu, 14 Oct 2021 07:03:02 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1634194982138910"
MIME-Version: 1.0
Date: Thu, 14 Oct 2021 07:03:02 +0000
From: "Thomas Klausner" <wiz@netbsd.org>
Subject: CVS commit: pkgsrc/multimedia
To: pkgsrc-changes@NetBSD.org
Reply-To: wiz@netbsd.org
X-Mailer: log_accum
Message-Id: <20211014070302.F2A04FA97@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1634194982138910
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	wiz
Date:		Thu Oct 14 07:03:02 UTC 2021

Modified Files:
	pkgsrc/multimedia/libmediainfo: Makefile
	pkgsrc/multimedia/mediainfo: Makefile distinfo
Added Files:
	pkgsrc/multimedia/mediainfo/patches:
	    patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp
	    patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp

Log Message:
medainfo: fix two CVEs using upstream patches

Bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/multimedia/libmediainfo/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/multimedia/mediainfo/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/multimedia/mediainfo/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp \
    pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1634194982138910
Content-Disposition: inline
Content-Length: 4525
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/multimedia/libmediainfo/Makefile
diff -u pkgsrc/multimedia/libmediainfo/Makefile:1.7 pkgsrc/multimedia/libmediainfo/Makefile:1.8
--- pkgsrc/multimedia/libmediainfo/Makefile:1.7	Wed May 20 06:09:05 2020
+++ pkgsrc/multimedia/libmediainfo/Makefile	Thu Oct 14 07:03:02 2021
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2020/05/20 06:09:05 rillig Exp $
+# $NetBSD: Makefile,v 1.8 2021/10/14 07:03:02 wiz Exp $
 
+PKGREVISION=		1
 .include "../../multimedia/mediainfo/Makefile.common"
 
 PKGNAME=		libmediainfo-${MIVER}

Index: pkgsrc/multimedia/mediainfo/Makefile
diff -u pkgsrc/multimedia/mediainfo/Makefile:1.14 pkgsrc/multimedia/mediainfo/Makefile:1.15
--- pkgsrc/multimedia/mediainfo/Makefile:1.14	Mon Sep  7 01:02:00 2015
+++ pkgsrc/multimedia/mediainfo/Makefile	Thu Oct 14 07:03:02 2021
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2015/09/07 01:02:00 dsainty Exp $
+# $NetBSD: Makefile,v 1.15 2021/10/14 07:03:02 wiz Exp $
 
+PKGREVISION=		1
 .include "../../multimedia/mediainfo/Makefile.common"
 
 PKGNAME=		mediainfo-${MIVER}

Index: pkgsrc/multimedia/mediainfo/distinfo
diff -u pkgsrc/multimedia/mediainfo/distinfo:1.16 pkgsrc/multimedia/mediainfo/distinfo:1.17
--- pkgsrc/multimedia/mediainfo/distinfo:1.16	Thu Oct  7 14:32:14 2021
+++ pkgsrc/multimedia/mediainfo/distinfo	Thu Oct 14 07:03:02 2021
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.16 2021/10/07 14:32:14 nia Exp $
+$NetBSD: distinfo,v 1.17 2021/10/14 07:03:02 wiz Exp $
 
 RMD160 (mediainfo_20.03_AllInclusive.7z) = 976c635af03faa44d9a4cca2bc5c143efa44601d
 SHA512 (mediainfo_20.03_AllInclusive.7z) = 850f4ee5f8ceb3a91a4466ff73c9f2fb70a1a63f8bdd7ffd8dd40e83b619b71c59e9b8659a8636758c90a62d7024b4e617b17025c72f23a7bcd25a3823d2ee39
 Size (mediainfo_20.03_AllInclusive.7z) = 3706487 bytes
 SHA1 (patch-MediaInfoLib_Source_MediaInfo_MediaInfo__Config.h) = 19d6cba816c9e282e31fac527cbc39b9303f9f08
+SHA1 (patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp) = 04f3533bf6a79a2dd8dcee80fd0f68e73303ccbb
+SHA1 (patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp) = 800904386799b205a366f4f693ad9a7ff3d5856b

Added files:

Index: pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp
diff -u /dev/null pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp:1.1
--- /dev/null	Thu Oct 14 07:03:02 2021
+++ pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp	Thu Oct 14 07:03:02 2021
@@ -0,0 +1,16 @@
+$NetBSD: patch-MediaInfoLib_Source_MediaInfo_Multiple_File__Gxf.cpp,v 1.1 2021/10/14 07:03:02 wiz Exp $
+
+Fix CVE-2020-26797
+https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead
+
+--- MediaInfoLib/Source/MediaInfo/Multiple/File_Gxf.cpp.orig	2020-04-03 12:46:46.000000000 +0000
++++ MediaInfoLib/Source/MediaInfo/Multiple/File_Gxf.cpp
+@@ -1577,7 +1577,7 @@ File__Analyze* File_Gxf::ChooseParser_Ch
+     File_ChannelGrouping* Parser;
+     if (Audio_Count%2)
+     {
+-        if (!Streams[TrackID-1].IsChannelGrouping)
++        if (!TrackID || !Streams[TrackID-1].IsChannelGrouping)
+             return NULL; //Not a channel grouping
+ 
+         Parser=new File_ChannelGrouping;
Index: pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp
diff -u /dev/null pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp:1.1
--- /dev/null	Thu Oct 14 07:03:02 2021
+++ pkgsrc/multimedia/mediainfo/patches/patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp	Thu Oct 14 07:03:02 2021
@@ -0,0 +1,16 @@
+$NetBSD: patch-MediaInfoLib_Source_MediaInfo_Multiple_File__MpegPs.cpp,v 1.1 2021/10/14 07:03:02 wiz Exp $
+
+Fix for CVE-2020-15395
+https://github.com/MediaArea/MediaInfoLib/commit/7b935cda2db88bfb63bda157bb93d69091c2c199
+
+--- MediaInfoLib/Source/MediaInfo/Multiple/File_MpegPs.cpp.orig	2020-04-03 12:46:46.000000000 +0000
++++ MediaInfoLib/Source/MediaInfo/Multiple/File_MpegPs.cpp
+@@ -405,7 +405,7 @@ void File_MpegPs::Streams_Fill_PerStream
+             Fill(Stream_Audio, StreamPos_Last, Audio_MuxingMode, "SL");
+     #endif //MEDIAINFO_MPEG4_YES
+ 
+-    if (Counts[StreamKind_Last]+Count==Count_Get(StreamKind_Last)) //Old method
++    if (StreamKind_Last<Stream_Max && Counts[StreamKind_Last]+Count==Count_Get(StreamKind_Last)) //Old method
+         Streams_Fill_PerStream_PerKind(StreamID, Temp, KindOfStream, Count);
+     else
+     {


--_----------=_1634194982138910--