diff options
author | Jaka Kranjc | 2008-10-01 12:03:58 +0200 |
---|---|---|
committer | Jaka Kranjc | 2008-10-01 12:03:58 +0200 |
commit | 4e33bdf8f6bc35d4424f5aec39a945b325ec08c0 (patch) | |
tree | 9e4547cbf90be326898c7eb31638d8db3a936e31 | |
parent | 78918bbd58d16a80ae60aa0ec70dfecd5465a527 (diff) |
video/mplayer: added security patch, fixes http://www.ocert.org/advisories/ocert-2008-013.html
(cherry-picked from commit 273b25c4bd43328950fcaf43d518134ec23f2aca)
-rwxr-xr-x | video/mplayer/DETAILS | 2 | ||||
-rwxr-xr-x[-rw-r--r--] | video/mplayer/HISTORY | 5 | ||||
-rwxr-xr-x | video/mplayer/PRE_BUILD | 3 | ||||
-rwxr-xr-x | video/mplayer/mplayer_demux_real.patch | 28 |
4 files changed, 36 insertions, 2 deletions
diff --git a/video/mplayer/DETAILS b/video/mplayer/DETAILS index 6b7da33709..3c68d31d8a 100755 --- a/video/mplayer/DETAILS +++ b/video/mplayer/DETAILS @@ -18,7 +18,7 @@ else SOURCE_URL[2]=ftp://ftp5.mplayerhq.hu/MPlayer/releases/$SOURCE SOURCE_GPG="gurus.gpg:$SOURCE.sig:WORKS_FOR_ME" SOURCE_DIRECTORY=$BUILD_DIRECTORY/MPlayer-$VERSION - SECURITY_PATCH=2 + SECURITY_PATCH=3 fi PATCHLEVEL=1 WEB_SITE=http://www.mplayerhq.hu diff --git a/video/mplayer/HISTORY b/video/mplayer/HISTORY index 9f091dc8c6..267ab6ca9e 100644..100755 --- a/video/mplayer/HISTORY +++ b/video/mplayer/HISTORY @@ -1,3 +1,8 @@ +2008-09-30 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> + * PRE_BUILD, mplayer_demux_real.patch: added security relevant + patch, fixes http://www.ocert.org/advisories/ocert-2008-013.html + * DETAILS: SECURITY_PATCH++ + 2008-07-14 Remko van der Vossen <wich@sourcemage.org> * INSTALL: Create /usr/share/pixmaps before installing icon, otherwise /usr/share/pixmaps will be a file diff --git a/video/mplayer/PRE_BUILD b/video/mplayer/PRE_BUILD index e1581bc842..4a7ebed082 100755 --- a/video/mplayer/PRE_BUILD +++ b/video/mplayer/PRE_BUILD @@ -4,7 +4,8 @@ if [[ ! $MPLAYER_SVN = y ]]; then for i in demux_audio_fix_20080129.diff \ demux_mov_fix_20080129.diff \ stream_cddb_fix_20080120.diff \ - url_fix_20080120.diff; do + url_fix_20080120.diff \ + mplayer_demux_real.patch; do patch -p0 < $SCRIPT_DIRECTORY/$i done fi diff --git a/video/mplayer/mplayer_demux_real.patch b/video/mplayer/mplayer_demux_real.patch new file mode 100755 index 0000000000..88566fe0b0 --- /dev/null +++ b/video/mplayer/mplayer_demux_real.patch @@ -0,0 +1,28 @@ +Index: libmpdemux/demux_real.c +=================================================================== +--- libmpdemux/demux_real.c (revision 27605) ++++ libmpdemux/demux_real.c (working copy) +@@ -947,6 +947,7 @@ + // last fragment! + if(dp_hdr->len!=vpkg_length-vpkg_offset) + mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,vpkg_length-vpkg_offset); ++ if (vpkg_offset > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) vpkg_offset = dp->len - sizeof(dp_hdr_t) - dp_hdr->len; + stream_read(demuxer->stream, dp_data+dp_hdr->len, vpkg_offset); + if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else + dp_hdr->len+=vpkg_offset; +@@ -970,6 +971,7 @@ + // non-last fragment: + if(dp_hdr->len!=vpkg_offset) + mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d offset=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,len,vpkg_length); ++ if (len > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) len = dp->len - sizeof(dp_hdr_t) - dp_hdr->len; + stream_read(demuxer->stream, dp_data+dp_hdr->len, len); + if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else + dp_hdr->len+=len; +@@ -992,6 +994,7 @@ + extra[0]=1; extra[1]=0; // offset of the first chunk + if(0x00==(vpkg_header&0xc0)){ + // first fragment: ++ if (len > dp->len - sizeof(dp_hdr_t)) len = dp->len - sizeof(dp_hdr_t); + dp_hdr->len=len; + stream_read(demuxer->stream, dp_data, len); + ds->asf_packet=dp; |