Thu Oct 2 12:32:42 2008 UTC ()

Apply patch from MPlayer subversion repository to fix CVE-2008-3827.
Bump package revisions of "mplayer", "gmplayer" and "mencoder" packages.


(tron)

diff -r1.70 -r1.71 pkgsrc/multimedia/gmplayer/Makefile
diff -r1.38 -r1.39 pkgsrc/multimedia/mencoder/Makefile
diff -r1.60 -r1.61 pkgsrc/multimedia/mplayer/Makefile
diff -r1.53 -r1.54 pkgsrc/multimedia/mplayer-share/distinfo
diff -r0 -r1.1 pkgsrc/multimedia/mplayer-share/patches/patch-am

--- pkgsrc/multimedia/gmplayer/Makefile 2008/05/19 20:55:51 1.70
+++ pkgsrc/multimedia/gmplayer/Makefile 2008/10/02 12:32:41 1.71

 @@ -1,25 +1,25 @@
-# $NetBSD: Makefile,v 1.70 2008/05/19 20:55:51 tonnerre Exp $
+# $NetBSD: Makefile,v 1.71 2008/10/02 12:32:41 tron Exp $
+#
 # NOTE: if you are updating both mplayer and gmplayer, you must ensure
 # that *both* distinfo files contain the correct, up-to-date files and
 # checksums.
+#
 # NOTE: patches are shared between mplayer and gmplayer!
+#
 PKGNAME=	gmplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION=	5
+PKGREVISION=	6
 BROKEN_IN=		pkgsrc-2006Q4
 SKIN_SITES=	http://www1.mplayerhq.hu/MPlayer/skins/		\
 		http://www2.mplayerhq.hu/MPlayer/skins/		\
 		ftp://ftp1.mplayerhq.hu/MPlayer/skins/		\
 		ftp://ftp2.mplayerhq.hu/MPlayer/skins/		\
 		http://ftp5.mplayerhq.hu/MPlayer/skins/		\
 		ftp://ftp5.mplayerhq.hu/MPlayer/skins/		\
 		ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/mplayer/ \
 		${MASTER_SITE_LOCAL:=mplayer/}
 PKG_DESTDIR_SUPPORT=	user-destdir

--- pkgsrc/multimedia/mencoder/Makefile 2008/03/16 11:56:49 1.38
+++ pkgsrc/multimedia/mencoder/Makefile 2008/10/02 12:32:42 1.39

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.38 2008/03/16 11:56:49 wiz Exp $
+# $NetBSD: Makefile,v 1.39 2008/10/02 12:32:42 tron Exp $
 PKGNAME=	mencoder-${MPLAYER_PKG_VERSION}
-PKGREVISION=	2
+PKGREVISION=	3
 COMMENT=	Simple movie encoder for MPlayer-playable movies
 PKG_DESTDIR_SUPPORT=	user-destdir
 .include "../../multimedia/mplayer-share/Makefile.common"
 CONFIGURE_ARGS+=	--confdir=${PREFIX}/share/mplayer
 BUILD_TARGET=	mencoder
 MANCOMPRESSED_IF_MANZ=	1
 INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1

--- pkgsrc/multimedia/mplayer/Makefile 2008/08/10 16:21:40 1.60
+++ pkgsrc/multimedia/mplayer/Makefile 2008/10/02 12:32:41 1.61

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.60 2008/08/10 16:21:40 joerg Exp $
+# $NetBSD: Makefile,v 1.61 2008/10/02 12:32:41 tron Exp $
 PKGNAME=	mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION=	7
+PKGREVISION=	8
 COMMENT=	Software-only MPEG-1/2/4 video decoder
 PKG_DESTDIR_SUPPORT=	user-destdir
 .include "../../multimedia/mplayer-share/Makefile.common"
 USE_TOOLS+=	pkg-config
 CONFIGURE_ARGS+=	--disable-mencoder
 CONFIGURE_ARGS+=	--confdir=${PREFIX}/share/mplayer
 # Solaris/x86 has Xv, but the header files live in /usr/X11R6, not

--- pkgsrc/multimedia/mplayer-share/distinfo 2008/09/09 12:13:13 1.53
+++ pkgsrc/multimedia/mplayer-share/distinfo 2008/10/02 12:32:41 1.54

 @@ -1,24 +1,25 @@
-$NetBSD: distinfo,v 1.53 2008/09/09 12:13:13 jmcneill Exp $
+$NetBSD: distinfo,v 1.54 2008/10/02 12:32:41 tron Exp $
 SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
 RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
 Size (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 9338201 bytes
 SHA1 (patch-aa) = cd6735a7fd2db3eeccc2f1417cb187648775bff6
 SHA1 (patch-ab) = 29bf59ecb3d283708ae1c5002d1fa71cac627cc9
 SHA1 (patch-ac) = 6d0de4bd41d9842ea1bf46e9fbe60bf6a943b913
 SHA1 (patch-ad) = d0b72eaa5e63d2cfd7828ea1a9973f1728c607b5
 SHA1 (patch-ae) = 24ac251b3f8d7a94cf61dbe4c960ac76884649f9
 SHA1 (patch-af) = e8b6f2b914f9b8e9f12d92cb49b91b4381a46ce5
 SHA1 (patch-ag) = b46d902d88e05d6f61a017e8a1be79fad5a1fa00
 SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b
 SHA1 (patch-ai) = ec79d6a1b0c2790ca826a91a48040c64632ac988
 SHA1 (patch-aj) = 772d083dfa5eac789abfd5e925eeeba400bbc527
 SHA1 (patch-ak) = 072b4391e5fde58f6b01bd43133f1d017fc14d58
 SHA1 (patch-al) = 9538b10cf5b3802381d7aabc798676b3cb9ef00d
 SHA1 (patch-am) = bae1e03f7265cb6b07947f052f0774d1c17da88e
 SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
 SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
 SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
 SHA1 (patch-bd) = 9132118a143758b6c9e9dffb713f7dadd29ce3c3
 SHA1 (patch-tc) = 89f802ff0ebfc14d6f2a4b17177915f66c9f9038
 SHA1 (patch-va) = db69c373e78048924c536055c68c7de0feabc623
 SHA1 (patch-vb) = 28b1dd82fb61a4fc0be4a4f4599f75823cae5f11

$NetBSD: patch-am,v 1.1 2008/10/02 12:32:41 tron Exp $

--- libmpdemux/demux_real.c.orig	2007-10-07 20:49:33.000000000 +0100
+++ libmpdemux/demux_real.c	2008-10-02 13:04:25.000000000 +0100
@@ -958,6 +958,7 @@
 			    // last fragment!
 			    if(dp_hdr->len!=vpkg_length-vpkg_offset)
 				mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d  frag.len=%d  total.len=%d  \n",dp->len,vpkg_offset,vpkg_length-vpkg_offset);
+			    if (vpkg_offset > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) vpkg_offset = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
             		    stream_read(demuxer->stream, dp_data+dp_hdr->len, vpkg_offset);
 			    if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else
 			    dp_hdr->len+=vpkg_offset;
@@ -981,6 +982,7 @@
 			// non-last fragment:
 			if(dp_hdr->len!=vpkg_offset)
 			    mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d  offset=%d  frag.len=%d  total.len=%d  \n",dp->len,vpkg_offset,len,vpkg_length);
+			if (len > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) len = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
             		stream_read(demuxer->stream, dp_data+dp_hdr->len, len);
 			if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else
 			dp_hdr->len+=len;
@@ -1003,6 +1005,7 @@
 		extra[0]=1; extra[1]=0; // offset of the first chunk
 		if(0x00==(vpkg_header&0xc0)){
 		    // first fragment:
+		    if (len > dp->len - sizeof(dp_hdr_t)) len = dp->len - sizeof(dp_hdr_t);
 		    dp_hdr->len=len;
 		    stream_read(demuxer->stream, dp_data, len);
 		    ds->asf_packet=dp;