Add fix for the vulnerability reported in CVE-2010-3429 taken from MPlayer's GIT repository.diff -r1.85 -r1.86 pkgsrc/multimedia/gmplayer/Makefile
(tron)
| @@ -1,25 +1,25 @@ | @@ -1,25 +1,25 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.85 2010/11/15 22:58:04 abs Exp $ | 1 | # $NetBSD: Makefile,v 1.86 2010/11/23 12:31:29 tron Exp $ | |
| 2 | 2 | |||
| 3 | # | 3 | # | |
| 4 | # NOTE: if you are updating both mplayer and gmplayer, you must ensure | 4 | # NOTE: if you are updating both mplayer and gmplayer, you must ensure | |
| 5 | # that *both* distinfo files contain the correct, up-to-date files and | 5 | # that *both* distinfo files contain the correct, up-to-date files and | |
| 6 | # checksums. | 6 | # checksums. | |
| 7 | # | 7 | # | |
| 8 | # NOTE: patches are shared between mplayer and gmplayer! | 8 | # NOTE: patches are shared between mplayer and gmplayer! | |
| 9 | # | 9 | # | |
| 10 | 10 | |||
| 11 | PKGNAME= gmplayer-${MPLAYER_VERSION} | 11 | PKGNAME= gmplayer-${MPLAYER_VERSION} | |
| 12 | PKGREVISION= 1 | 12 | PKGREVISION= 2 | |
| 13 | 13 | |||
| 14 | SKIN_SITES= http://www1.mplayerhq.hu/MPlayer/skins/ \ | 14 | SKIN_SITES= http://www1.mplayerhq.hu/MPlayer/skins/ \ | |
| 15 | http://www2.mplayerhq.hu/MPlayer/skins/ \ | 15 | http://www2.mplayerhq.hu/MPlayer/skins/ \ | |
| 16 | ftp://ftp1.mplayerhq.hu/MPlayer/skins/ \ | 16 | ftp://ftp1.mplayerhq.hu/MPlayer/skins/ \ | |
| 17 | ftp://ftp2.mplayerhq.hu/MPlayer/skins/ \ | 17 | ftp://ftp2.mplayerhq.hu/MPlayer/skins/ \ | |
| 18 | http://ftp5.mplayerhq.hu/MPlayer/skins/ \ | 18 | http://ftp5.mplayerhq.hu/MPlayer/skins/ \ | |
| 19 | ftp://ftp5.mplayerhq.hu/MPlayer/skins/ \ | 19 | ftp://ftp5.mplayerhq.hu/MPlayer/skins/ \ | |
| 20 | 20 | |||
| 21 | PKG_DESTDIR_SUPPORT= user-destdir | 21 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 22 | 22 | |||
| 23 | .include "../../multimedia/mplayer-share/Makefile.common" | 23 | .include "../../multimedia/mplayer-share/Makefile.common" | |
| 24 | 24 | |||
| 25 | .if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64" | 25 | .if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64" |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | $NetBSD: distinfo,v 1.69 2010/09/16 18:56:12 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.70 2010/11/23 12:31:29 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (mplayer/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc | 3 | SHA1 (mplayer/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc | |
| 4 | RMD160 (mplayer/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998 | 4 | RMD160 (mplayer/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998 | |
| 5 | Size (mplayer/AlienMind-1.2.tar.bz2) = 131295 bytes | 5 | Size (mplayer/AlienMind-1.2.tar.bz2) = 131295 bytes | |
| 6 | SHA1 (mplayer/Blue-1.7.tar.bz2) = 45e5ee7a5541a5f1cfd2678a6c9b5911ca473cb9 | 6 | SHA1 (mplayer/Blue-1.7.tar.bz2) = 45e5ee7a5541a5f1cfd2678a6c9b5911ca473cb9 | |
| 7 | RMD160 (mplayer/Blue-1.7.tar.bz2) = 1f8c539ccadc54eea5e6678839bcc8ae1e16e6eb | 7 | RMD160 (mplayer/Blue-1.7.tar.bz2) = 1f8c539ccadc54eea5e6678839bcc8ae1e16e6eb | |
| 8 | Size (mplayer/Blue-1.7.tar.bz2) = 222567 bytes | 8 | Size (mplayer/Blue-1.7.tar.bz2) = 222567 bytes | |
| 9 | SHA1 (mplayer/BlueHeart-1.5.tar.bz2) = 157aca7420e8003ced2f4f1cb38a33c1bfd0db13 | 9 | SHA1 (mplayer/BlueHeart-1.5.tar.bz2) = 157aca7420e8003ced2f4f1cb38a33c1bfd0db13 | |
| 10 | RMD160 (mplayer/BlueHeart-1.5.tar.bz2) = 39e139b5428a695e5eb56e72e0e626cb3a5a2eea | 10 | RMD160 (mplayer/BlueHeart-1.5.tar.bz2) = 39e139b5428a695e5eb56e72e0e626cb3a5a2eea | |
| 11 | Size (mplayer/BlueHeart-1.5.tar.bz2) = 281051 bytes | 11 | Size (mplayer/BlueHeart-1.5.tar.bz2) = 281051 bytes | |
| 12 | SHA1 (mplayer/CornerMP-1.2.tar.bz2) = 4de70d5232dd44d9366cb8b876e89db8e48b2d8c | 12 | SHA1 (mplayer/CornerMP-1.2.tar.bz2) = 4de70d5232dd44d9366cb8b876e89db8e48b2d8c | |
| 13 | RMD160 (mplayer/CornerMP-1.2.tar.bz2) = eb563c083111923b4fddd30df074ba08bb78feec | 13 | RMD160 (mplayer/CornerMP-1.2.tar.bz2) = eb563c083111923b4fddd30df074ba08bb78feec | |
| 14 | Size (mplayer/CornerMP-1.2.tar.bz2) = 232731 bytes | 14 | Size (mplayer/CornerMP-1.2.tar.bz2) = 232731 bytes | |
| @@ -54,21 +54,22 @@ Size (mplayer/plastic-1.2.tar.bz2) = 454 | @@ -54,21 +54,22 @@ Size (mplayer/plastic-1.2.tar.bz2) = 454 | |||
| 54 | SHA1 (mplayer/proton-1.2.tar.bz2) = a5178bc09a75464183abc78c380b5b661a3aaf68 | 54 | SHA1 (mplayer/proton-1.2.tar.bz2) = a5178bc09a75464183abc78c380b5b661a3aaf68 | |
| 55 | RMD160 (mplayer/proton-1.2.tar.bz2) = 276e93b2c7cf695fdfa5a723fc6074bfa6405172 | 55 | RMD160 (mplayer/proton-1.2.tar.bz2) = 276e93b2c7cf695fdfa5a723fc6074bfa6405172 | |
| 56 | Size (mplayer/proton-1.2.tar.bz2) = 322612 bytes | 56 | Size (mplayer/proton-1.2.tar.bz2) = 322612 bytes | |
| 57 | SHA1 (mplayer/slim-1.2.tar.bz2) = 3913748d9bfb126ec677e84b068c54fb7111196f | 57 | SHA1 (mplayer/slim-1.2.tar.bz2) = 3913748d9bfb126ec677e84b068c54fb7111196f | |
| 58 | RMD160 (mplayer/slim-1.2.tar.bz2) = 2ec2b2362c4b89ffbe79421b14f3f5f4341996f1 | 58 | RMD160 (mplayer/slim-1.2.tar.bz2) = 2ec2b2362c4b89ffbe79421b14f3f5f4341996f1 | |
| 59 | Size (mplayer/slim-1.2.tar.bz2) = 398873 bytes | 59 | Size (mplayer/slim-1.2.tar.bz2) = 398873 bytes | |
| 60 | SHA1 (mplayer/xanim-1.6.tar.bz2) = 1b63395d12bfe6eb63c6aa6ea3b870ddbdd26658 | 60 | SHA1 (mplayer/xanim-1.6.tar.bz2) = 1b63395d12bfe6eb63c6aa6ea3b870ddbdd26658 | |
| 61 | RMD160 (mplayer/xanim-1.6.tar.bz2) = 5c0f34bb4cd722469402cd69de3c4d75e10611f9 | 61 | RMD160 (mplayer/xanim-1.6.tar.bz2) = 5c0f34bb4cd722469402cd69de3c4d75e10611f9 | |
| 62 | Size (mplayer/xanim-1.6.tar.bz2) = 94564 bytes | 62 | Size (mplayer/xanim-1.6.tar.bz2) = 94564 bytes | |
| 63 | SHA1 (mplayer/xine-lcd-1.2.tar.bz2) = 2fa7811e0dc7316d0c996b0a5bc37f5c97d1dd18 | 63 | SHA1 (mplayer/xine-lcd-1.2.tar.bz2) = 2fa7811e0dc7316d0c996b0a5bc37f5c97d1dd18 | |
| 64 | RMD160 (mplayer/xine-lcd-1.2.tar.bz2) = 785f6826d49eddabd7ebc431db77139771f208f5 | 64 | RMD160 (mplayer/xine-lcd-1.2.tar.bz2) = 785f6826d49eddabd7ebc431db77139771f208f5 | |
| 65 | Size (mplayer/xine-lcd-1.2.tar.bz2) = 172270 bytes | 65 | Size (mplayer/xine-lcd-1.2.tar.bz2) = 172270 bytes | |
| 66 | SHA1 (patch-aa) = 8ee4f3d12500bcff8d06b1a3300bb821e4ffd8ba | 66 | SHA1 (patch-aa) = 8ee4f3d12500bcff8d06b1a3300bb821e4ffd8ba | |
| 67 | SHA1 (patch-ab) = 1a927d956155a7b9a2daa1a4f522e47d830c5af6 | |||
| 67 | SHA1 (patch-ac) = 3d037c96537233cdbda582afdb878dcf3f43e923 | 68 | SHA1 (patch-ac) = 3d037c96537233cdbda582afdb878dcf3f43e923 | |
| 68 | SHA1 (patch-ae) = 7e1f05cd6e09f8755debfff7061dadf0a8ca3a3f | 69 | SHA1 (patch-ae) = 7e1f05cd6e09f8755debfff7061dadf0a8ca3a3f | |
| 69 | SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2 | 70 | SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2 | |
| 70 | SHA1 (patch-ah) = 8cbd14c61e74023055770baf27201687aa34fede | 71 | SHA1 (patch-ah) = 8cbd14c61e74023055770baf27201687aa34fede | |
| 71 | SHA1 (patch-an) = 3e72fb86abe7ab572f12a4fef002edb623ab6fae | 72 | SHA1 (patch-an) = 3e72fb86abe7ab572f12a4fef002edb623ab6fae | |
| 72 | SHA1 (patch-ar) = df7e7cdc6fb8187bbcf0b285afc14d275a51e17a | 73 | SHA1 (patch-ar) = df7e7cdc6fb8187bbcf0b285afc14d275a51e17a | |
| 73 | SHA1 (patch-vb) = ce584c31e0e32865e87aa1f537a1f9e4817c7442 | 74 | SHA1 (patch-vb) = ce584c31e0e32865e87aa1f537a1f9e4817c7442 | |
| 74 | SHA1 (patch-ve_x264) = 1946a2b2a7643bbc1d3f6a8963e21c4f6cbd2c89 | 75 | SHA1 (patch-ve_x264) = 1946a2b2a7643bbc1d3f6a8963e21c4f6cbd2c89 |
| @@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.49 2010/09/19 22:23:32 tron Exp $ | 1 | # $NetBSD: Makefile,v 1.50 2010/11/23 12:31:29 tron Exp $ | |
| 2 | 2 | |||
| 3 | PKGNAME= mencoder-${MPLAYER_VERSION} | 3 | PKGNAME= mencoder-${MPLAYER_VERSION} | |
| 4 | PKGREVISION= 1 | |||
| 4 | 5 | |||
| 5 | COMMENT= Simple movie encoder for MPlayer-playable movies | 6 | COMMENT= Simple movie encoder for MPlayer-playable movies | |
| 6 | 7 | |||
| 7 | PKG_DESTDIR_SUPPORT= user-destdir | 8 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 8 | 9 | |||
| 9 | .include "../../multimedia/mplayer-share/Makefile.common" | 10 | .include "../../multimedia/mplayer-share/Makefile.common" | |
| 10 | 11 | |||
| 11 | .if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64" | 12 | .if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64" | |
| 12 | BUILD_DEPENDS+= yasm-[0-9]*:../../devel/yasm | 13 | BUILD_DEPENDS+= yasm-[0-9]*:../../devel/yasm | |
| 13 | .endif | 14 | .endif | |
| 14 | 15 | |||
| 15 | # Fix build under Mac OS X, please see here for details: | 16 | # Fix build under Mac OS X, please see here for details: | |
| 16 | # http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2009-May/061515.html | 17 | # http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2009-May/061515.html |
| @@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.72 2010/09/16 18:56:11 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.73 2010/11/23 12:31:29 tron Exp $ | |
| 2 | 2 | |||
| 3 | PKGNAME= mplayer-${MPLAYER_VERSION} | 3 | PKGNAME= mplayer-${MPLAYER_VERSION} | |
| 4 | PKGREVISION= 1 | |||
| 4 | 5 | |||
| 5 | COMMENT= Fast, cross-platform movie player | 6 | COMMENT= Fast, cross-platform movie player | |
| 6 | 7 | |||
| 7 | PKG_DESTDIR_SUPPORT= user-destdir | 8 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 8 | 9 | |||
| 9 | .include "../../multimedia/mplayer-share/Makefile.common" | 10 | .include "../../multimedia/mplayer-share/Makefile.common" | |
| 10 | 11 | |||
| 11 | USE_TOOLS+= pkg-config | 12 | USE_TOOLS+= pkg-config | |
| 12 | 13 | |||
| 13 | .if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64" | 14 | .if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64" | |
| 14 | BUILD_DEPENDS+= yasm-[0-9]*:../../devel/yasm | 15 | BUILD_DEPENDS+= yasm-[0-9]*:../../devel/yasm | |
| 15 | .endif | 16 | .endif | |
| 16 | 17 |
$NetBSD: patch-ab,v 1.10 2010/11/23 12:31:30 tron Exp $
Fix for CVE-2010-3429 taken from here:
http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b;hp=2abacdf610d598073838a7e72698b8421461aead
--- libavcodec/flicvideo.c.orig 2010-04-20 15:45:34.000000000 +0100
+++ libavcodec/flicvideo.c 2010-11-23 12:14:07.000000000 +0000
@@ -159,7 +159,7 @@
int pixel_skip;
int pixel_countdown;
unsigned char *pixels;
- int pixel_limit;
+ unsigned int pixel_limit;
s->frame.reference = 1;
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
@@ -253,10 +253,13 @@
av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets);
} else if ((line_packets & 0xC000) == 0x8000) {
// "last byte" opcode
- pixels[y_ptr + s->frame.linesize[0] - 1] = line_packets & 0xff;
+ pixel_ptr= y_ptr + s->frame.linesize[0] - 1;
+ CHECK_PIXEL_PTR(0);
+ pixels[pixel_ptr] = line_packets & 0xff;
} else {
compressed_lines--;
pixel_ptr = y_ptr;
+ CHECK_PIXEL_PTR(0);
pixel_countdown = s->avctx->width;
for (i = 0; i < line_packets; i++) {
/* account for the skip bytes */
@@ -268,7 +271,7 @@
byte_run = -byte_run;
palette_idx1 = buf[stream_ptr++];
palette_idx2 = buf[stream_ptr++];
- CHECK_PIXEL_PTR(byte_run);
+ CHECK_PIXEL_PTR(byte_run * 2);
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
pixels[pixel_ptr++] = palette_idx1;
pixels[pixel_ptr++] = palette_idx2;
@@ -298,6 +301,7 @@
stream_ptr += 2;
while (compressed_lines > 0) {
pixel_ptr = y_ptr;
+ CHECK_PIXEL_PTR(0);
pixel_countdown = s->avctx->width;
line_packets = buf[stream_ptr++];
if (line_packets > 0) {
@@ -453,7 +457,7 @@
int pixel_countdown;
unsigned char *pixels;
int pixel;
- int pixel_limit;
+ unsigned int pixel_limit;
s->frame.reference = 1;
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
@@ -503,6 +507,7 @@
} else {
compressed_lines--;
pixel_ptr = y_ptr;
+ CHECK_PIXEL_PTR(0);
pixel_countdown = s->avctx->width;
for (i = 0; i < line_packets; i++) {
/* account for the skip bytes */
@@ -514,13 +519,13 @@
byte_run = -byte_run;
pixel = AV_RL16(&buf[stream_ptr]);
stream_ptr += 2;
- CHECK_PIXEL_PTR(byte_run);
+ CHECK_PIXEL_PTR(2 * byte_run);
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
*((signed short*)(&pixels[pixel_ptr])) = pixel;
pixel_ptr += 2;
}
} else {
- CHECK_PIXEL_PTR(byte_run);
+ CHECK_PIXEL_PTR(2 * byte_run);
for (j = 0; j < byte_run; j++, pixel_countdown--) {
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
stream_ptr += 2;
@@ -611,7 +616,7 @@
if (byte_run > 0) {
pixel = AV_RL16(&buf[stream_ptr]);
stream_ptr += 2;
- CHECK_PIXEL_PTR(byte_run);
+ CHECK_PIXEL_PTR(2 * byte_run);
for (j = 0; j < byte_run; j++) {
*((signed short*)(&pixels[pixel_ptr])) = pixel;
pixel_ptr += 2;
@@ -622,7 +627,7 @@
}
} else { /* copy pixels if byte_run < 0 */
byte_run = -byte_run;
- CHECK_PIXEL_PTR(byte_run);
+ CHECK_PIXEL_PTR(2 * byte_run);
for (j = 0; j < byte_run; j++) {
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
stream_ptr += 2;