From a12a99487d7d8c776ea727e53d3a75ca6cbf7142 Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Wed, 20 Jan 2021 08:51:39 +0000 Subject: [PATCH] MFH: r562095 r562120 Fix potential buffer overflow. Along the way improve port Makefile PR: 252321 Submitted by: daniel.engberg.lists@pyret.net multimedia/libdvdcss: unbreak wit recent doxygen With hat: ports-secteam PR: 252848 Suggested by: VVD in PR 252321 --- multimedia/libdvdcss/Makefile | 10 +++++--- .../libdvdcss/files/patch-src_libdvdcss.c | 23 +++++++++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 multimedia/libdvdcss/files/patch-src_libdvdcss.c diff --git a/multimedia/libdvdcss/Makefile b/multimedia/libdvdcss/Makefile index 131259cc24a3..3cfe5ad4e63c 100644 --- a/multimedia/libdvdcss/Makefile +++ b/multimedia/libdvdcss/Makefile @@ -2,9 +2,10 @@ # $FreeBSD$ PORTNAME= libdvdcss -PORTVERSION= 1.4.2 +DISTVERSION= 1.4.2 +PORTREVISION= 2 CATEGORIES= multimedia -MASTER_SITES= http://download.videolan.org/pub/${PORTNAME}/${PORTVERSION}/ +MASTER_SITES= https://download.videolan.org/pub/${PORTNAME}/${DISTVERSION}/ MAINTAINER= jpaetzel@FreeBSD.org COMMENT= Portable abstraction library for DVD decryption @@ -12,9 +13,10 @@ COMMENT= Portable abstraction library for DVD decryption LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING +USES= libtool pathfix tar:bzip2 + RESTRICTED= CSS code may violate the DMCA -USES= gmake libtool pathfix tar:bzip2 GNU_CONFIGURE= yes USE_LDCONFIG= yes INSTALL_TARGET= install-strip @@ -24,6 +26,8 @@ PORTDOCS= * OPTIONS_DEFINE= DOXYGEN DOCS DOXYGEN_BUILD_DEPENDS= doxygen:devel/doxygen +DOXYGEN_CONFIGURE_ENABLE= doc +DOXYGEN_USES= gmake post-install-DOXYGEN-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} diff --git a/multimedia/libdvdcss/files/patch-src_libdvdcss.c b/multimedia/libdvdcss/files/patch-src_libdvdcss.c new file mode 100644 index 000000000000..f9fddff4d7f6 --- /dev/null +++ b/multimedia/libdvdcss/files/patch-src_libdvdcss.c @@ -0,0 +1,23 @@ +--- src/libdvdcss.c.orig 2018-03-02 15:44:29 UTC ++++ src/libdvdcss.c +@@ -320,7 +320,19 @@ static int init_cache_dir( dvdcss_t dvdcss ) + return -1; + } + +- sprintf( psz_tagfile, "%s/" CACHE_TAG_NAME, dvdcss->psz_cachefile ); ++ i_ret = snprintf( psz_tagfile, PATH_MAX, "%s/" CACHE_TAG_NAME, ++ dvdcss->psz_cachefile ); ++ if ( i_ret < 0 || i_ret >= PATH_MAX) ++ { ++ if ( i_ret < 0) ++ print_error( dvdcss, "failed to compose cache directory tag path"); ++ else ++ print_error( dvdcss, "cache directory tag path too long: %s/" CACHE_TAG_NAME, ++ dvdcss->psz_cachefile ); ++ dvdcss->psz_cachefile[0] = '\0'; ++ return -1; ++ } ++ + i_fd = open( psz_tagfile, O_RDWR|O_CREAT, 0644 ); + if( i_fd >= 0 ) + {