SECURITY update vlc to 0.8.6h

- fixes *many* null pointer deref, error handling failures, leaks, use-after-free and double-free found by Coverity - fixes some MPEG2 TS audio packet loss - numerous security fixes in 0.8.6g - fixes some memory leaks Also: mark altivec FLAVOR as broken; ajacoutot reports that the altivec-enabled binary fails to start. ok ajacoutot
2008-06-09 22:55:43 +00:00 · 2008-06-09 22:55:43 +00:00 · 7b22162fa2
commit 7b22162fa2
parent 0f7fbd66f0
10 changed files with 40 additions and 52 deletions
--- a/x11/vlc/Makefile
+++ b/x11/vlc/Makefile
@ -1,12 +1,12 @@
-# $OpenBSD: Makefile,v 1.70 2008/05/16 05:54:09 bernd Exp $
+# $OpenBSD: Makefile,v 1.71 2008/06/09 22:55:43 sthen Exp $

 SHARED_ONLY=	Yes

 COMMENT-main=	videolan client; multimedia player

-V=		0.8.6f
+V=		0.8.6h
 DISTNAME=	vlc-${V}
-PKGNAME-main=	${DISTNAME}p1
+PKGNAME-main=	${DISTNAME}
 CATEGORIES=	x11
 MASTER_SITES=	http://download.videolan.org/pub/videolan/vlc/${V}/

@ -179,7 +179,7 @@ CONFIGURE_ENV+=	MOZILLA_CONFIG="${LOCALBASE}/bin/xulrunner-config" \
 PORTPATH=	${WRKDIR}/bin:/usr/bin:/bin:/usr/sbin:/sbin:${DEPBASE}/bin:${LOCALBASE}/bin:${X11BASE}/bin:${LOCALBASE}/xulrunner
 LIB_DEPENDS-web=${LIB_DEPENDS}
 RUN_DEPENDS-web=::${BUILD_PKGPATH}
-WANTLIB-web=	ICE SM X11 Xau Xdmcp Xext Xinerama Xt Xv Xxf86vm dvbpsi m ogg theora
+WANTLIB-web=	ICE SM X11 Xau Xdmcp Xext Xinerama Xv Xxf86vm dvbpsi m ogg theora
 .else
 CONFIGURE_ARGS+=--disable-mozilla
 .endif
@ -238,6 +238,7 @@ PKG_ARGS+=-Dwin32=0
 .endif

 .if ${FLAVOR:L:Maltivec}
+BROKEN=altivec-enabled binary does not start
 ONLY_FOR_ARCHS=	powerpc
 CONFIGURE_ARGS+=--enable-altivec
 PKG_ARGS+=-Daltivec=1
--- a/x11/vlc/distinfo
+++ b/x11/vlc/distinfo
@ -1,5 +1,5 @@
-MD5 (vlc-0.8.6f.tar.gz) = KUuDry02FliNlH4dAIumzQ==
-RMD160 (vlc-0.8.6f.tar.gz) = DPeg1THUhBRhqiV5IBB5rtDXCXE=
-SHA1 (vlc-0.8.6f.tar.gz) = WmHZ2i3rmEFx8u6bpd10+NdpQIk=
-SHA256 (vlc-0.8.6f.tar.gz) = V7AFtA3uT6d39gBZlDp4mwXsKa2QmIDoLZCvNDaS2Qo=
-SIZE (vlc-0.8.6f.tar.gz) = 16661357
+MD5 (vlc-0.8.6h.tar.gz) = mz4VgCtILLEuedLrjMTqmA==
+RMD160 (vlc-0.8.6h.tar.gz) = gBNL3OR05Yy0IOzV1SSPnO7oceI=
+SHA1 (vlc-0.8.6h.tar.gz) = gpslmakYglTRwQm+N3tKnBjhRII=
+SHA256 (vlc-0.8.6h.tar.gz) = kqmY8spTt3YQxghDay6NmRRCdC8leTwTbLTuCV7sHv8=
+SIZE (vlc-0.8.6h.tar.gz) = 16977154
--- a/x11/vlc/patches/patch-configure_ac
+++ b/x11/vlc/patches/patch-configure_ac
@ -1,6 +1,6 @@
-$OpenBSD: patch-configure_ac,v 1.11 2008/03/02 02:27:04 jakemsr Exp $
--- configure.ac.orig	Sun Feb 24 14:01:55 2008
-+++ configure.ac	Thu Feb 28 11:22:52 2008
+$OpenBSD: patch-configure_ac,v 1.12 2008/06/09 22:55:43 sthen Exp $
+--- configure.ac.orig	Mon Jun  2 14:35:52 2008
+++ configure.ac	Sat Jun  7 20:57:23 2008
@@ -199,7 +199,7 @@ case "${target_os}" in
     VLC_ADD_CFLAGS([libvlc],[-x objective-c])
     VLC_ADD_CFLAGS([vlc],[-x objective-c])
@ -29,16 +29,16 @@ $OpenBSD: patch-configure_ac,v 1.11 2008/03/02 02:27:04 jakemsr Exp $
   AC_CHECK_LIB(pthread,main,THREAD_LIB="-lpthread")
 fi
 if test "${THREAD_LIB}" = "error"; then
-@@ -2694,7 +2697,7 @@ dnl Look for a ffmpeg-config (we are on debian )
+@@ -2703,7 +2706,7 @@ dnl Look for a ffmpeg-config (we are on debian )
  else
 
 dnl Trying with pkg-config
 -   PKG_CHECK_MODULES(FFMPEG,[libavcodec, libavformat],
 +   PKG_CHECK_MODULES(FFMPEG,[libavcodec, libavformat, libpostproc],
     [
-      AC_CHECK_HEADERS(ffmpeg/avcodec.h, [], [AC_MSG_ERROR([Missing header file ffmpeg/avcodec.h.])] )
-      AC_CHECK_HEADERS(ffmpeg/avformat.h)
-@@ -3356,13 +3359,13 @@ AC_ARG_ENABLE(png,
+      VLC_SAVE_FLAGS
+      CPPFLAGS="${CPPFLAGS} ${FFMPEG_CFLAGS}"
+@@ -3380,13 +3383,13 @@ AC_ARG_ENABLE(png,
   [  --enable-png            PNG support (default enabled)])
 if test "${enable_png}" != "no"; then
 AC_CHECK_HEADERS(png.h, [
--- a/x11/vlc/patches/patch-include_vlc_threads_funcs_h
+++ b/x11/vlc/patches/patch-include_vlc_threads_funcs_h
@ -1,14 +0,0 @@
-$OpenBSD: patch-include_vlc_threads_funcs_h,v 1.5 2008/04/04 00:53:01 jakemsr Exp $
--- include/vlc_threads_funcs.h.orig	Mon Mar 31 15:07:51 2008
-+++ include/vlc_threads_funcs.h	Thu Apr  3 03:51:08 2008
-@@ -486,8 +486,8 @@ static inline int __vlc_cond_wait( const char * psz_fi
-     {
-         /* People keep pissing me off with this. --Meuuh */
-         msg_Dbg( p_condvar->p_this,
-                  "thread %u: secret message triggered "
-                  "at %s:%d (%s)", (int)pthread_self(),
-+                  "thread %lu: secret message triggered "
-+                  "at %s:%d (%s)", (long)pthread_self(),
-                   psz_file, i_line, strerror(i_result) );
- 
-         i_result = pthread_cond_wait( &p_condvar->cond, &p_mutex->mutex );
--- a/x11/vlc/patches/patch-modules_audio_output_Makefile_in
+++ b/x11/vlc/patches/patch-modules_audio_output_Makefile_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-modules_audio_output_Makefile_in,v 1.3 2008/03/02 02:27:04 jakemsr Exp $
--- modules/audio_output/Makefile.in.orig	Sun Feb 24 14:07:20 2008
-+++ modules/audio_output/Makefile.in	Thu Feb 28 11:18:09 2008
+$OpenBSD: patch-modules_audio_output_Makefile_in,v 1.4 2008/06/09 22:55:43 sthen Exp $
+--- modules/audio_output/Makefile.in.orig	Tue Jun  3 10:03:19 2008
+++ modules/audio_output/Makefile.in	Sat Jun  7 20:57:24 2008
@@ -715,6 +715,7 @@ libarts_plugin_la_LDFLAGS = `$(VLC_CONFIG) --libs plug
 	-rpath '$(libvlcdir)' -avoid-version -module -shrext $(LIBEXT)
 
--- a/x11/vlc/patches/patch-modules_demux_Makefile_in
+++ b/x11/vlc/patches/patch-modules_demux_Makefile_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-modules_demux_Makefile_in,v 1.4 2007/12/11 11:07:54 jakemsr Exp $
--- modules/demux/Makefile.in.orig	Tue Nov 27 14:23:24 2007
-+++ modules/demux/Makefile.in	Sat Dec  1 22:36:40 2007
+$OpenBSD: patch-modules_demux_Makefile_in,v 1.5 2008/06/09 22:55:43 sthen Exp $
+--- modules/demux/Makefile.in.orig	Tue Jun  3 10:03:31 2008
+++ modules/demux/Makefile.in	Sat Jun  7 23:56:56 2008
@@ -626,7 +626,7 @@ LTCXXCOMPILE = $(LIBTOOL) --tag=CXX --mode=compile $(C
 	$(AM_CXXFLAGS) $(CXXFLAGS)
 CXXLD = $(CXX)
--- a/x11/vlc/patches/patch-modules_gui_wxwidgets_Makefile_in
+++ b/x11/vlc/patches/patch-modules_gui_wxwidgets_Makefile_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-modules_gui_wxwidgets_Makefile_in,v 1.4 2007/12/11 11:07:54 jakemsr Exp $
--- modules/gui/wxwidgets/Makefile.in.orig	Tue Nov 27 14:23:36 2007
-+++ modules/gui/wxwidgets/Makefile.in	Sat Dec  1 22:37:33 2007
+$OpenBSD: patch-modules_gui_wxwidgets_Makefile_in,v 1.5 2008/06/09 22:55:43 sthen Exp $
+--- modules/gui/wxwidgets/Makefile.in.orig	Tue Jun  3 10:03:49 2008
+++ modules/gui/wxwidgets/Makefile.in	Sat Jun  7 23:57:26 2008
@@ -213,7 +213,7 @@ LTCXXCOMPILE = $(LIBTOOL) --tag=CXX --mode=compile $(C
 	$(AM_CXXFLAGS) $(CXXFLAGS)
 CXXLD = $(CXX)
--- a/x11/vlc/patches/patch-share_Makefile_in
+++ b/x11/vlc/patches/patch-share_Makefile_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-share_Makefile_in,v 1.5 2008/03/02 02:27:04 jakemsr Exp $
--- share/Makefile.in.orig	Sun Feb 24 14:07:49 2008
-+++ share/Makefile.in	Thu Feb 28 11:18:09 2008
+$OpenBSD: patch-share_Makefile_in,v 1.6 2008/06/09 22:55:43 sthen Exp $
+--- share/Makefile.in.orig	Tue Jun  3 10:04:16 2008
+++ share/Makefile.in	Sat Jun  7 20:57:24 2008
@@ -850,7 +850,6 @@ skins2/default.vlt: $(skins2_default_vlt_FILES)
 
 skins2/default.vlt:
--- a/x11/vlc/patches/patch-src_misc_modules_c
+++ b/x11/vlc/patches/patch-src_misc_modules_c
@ -1,7 +1,7 @@
-$OpenBSD: patch-src_misc_modules_c,v 1.6 2007/04/08 17:34:20 ajacoutot Exp $
--- src/misc/modules.c.orig	Sat Dec  9 02:12:08 2006
-+++ src/misc/modules.c	Sun Apr  8 10:45:30 2007
-@@ -1589,6 +1589,7 @@ static char * GetWindowsError( void )
+$OpenBSD: patch-src_misc_modules_c,v 1.7 2008/06/09 22:55:43 sthen Exp $
+--- src/misc/modules.c.orig	Sat May 10 12:26:00 2008
+++ src/misc/modules.c	Wed Jun  4 10:14:32 2008
+@@ -1591,6 +1591,7 @@ static char * GetWindowsError( void )
  *****************************************************************************/
 static void CacheLoad( vlc_object_t *p_this )
 {
@ -9,7 +9,7 @@ $OpenBSD: patch-src_misc_modules_c,v 1.6 2007/04/08 17:34:20 ajacoutot Exp $
     char *psz_filename, *psz_homedir;
     FILE *file;
     int i, j, i_size, i_read;
-@@ -1707,6 +1708,7 @@ static void CacheLoad( vlc_object_t *p_this )
+@@ -1709,6 +1710,7 @@ static void CacheLoad( vlc_object_t *p_this )
     if( i_cache )
         pp_cache = p_this->p_libvlc->p_module_bank->pp_loaded_cache =
                    malloc( i_cache * sizeof(void *) );
@ -17,7 +17,7 @@ $OpenBSD: patch-src_misc_modules_c,v 1.6 2007/04/08 17:34:20 ajacoutot Exp $
 
 #define LOAD_IMMEDIATE(a) \
     if( fread( &a, sizeof(char), sizeof(a), file ) != sizeof(a) ) goto error
-@@ -1723,7 +1725,7 @@ static void CacheLoad( vlc_object_t *p_this )
+@@ -1725,7 +1727,7 @@ static void CacheLoad( vlc_object_t *p_this )
       } else a = 0; \
     } while(0)
 
@ -26,7 +26,7 @@ $OpenBSD: patch-src_misc_modules_c,v 1.6 2007/04/08 17:34:20 ajacoutot Exp $
     for( i = 0; i < i_cache; i++ )
     {
         uint16_t i_size;
-@@ -1799,6 +1801,7 @@ static void CacheLoad( vlc_object_t *p_this )
+@@ -1801,6 +1803,7 @@ static void CacheLoad( vlc_object_t *p_this )
     p_this->p_libvlc->p_module_bank->i_loaded_cache = 0;
 
     fclose( file );
--- a/x11/vlc/pkg/PLIST-main
+++ b/x11/vlc/pkg/PLIST-main
@ -1,11 +1,11 @@
-@comment $OpenBSD: PLIST-main,v 1.4 2008/05/16 05:54:09 bernd Exp $
+@comment $OpenBSD: PLIST-main,v 1.5 2008/06/09 22:55:43 sthen Exp $
@pkgpath x11/vlc
 %%altivec%%
 %%win32%%
 %%x86opt%%
-bin/vlc
+@bin bin/vlc
 bin/vlc-config
-bin/wxvlc
+@bin bin/wxvlc
 include/vlc/
 include/vlc/aout.h
 include/vlc/decoder.h
@ -282,6 +282,7 @@ share/locale/ru/LC_MESSAGES/vlc.mo
 share/locale/sk/LC_MESSAGES/vlc.mo
 share/locale/sl/LC_MESSAGES/vlc.mo
 share/locale/sq/LC_MESSAGES/vlc.mo
+share/locale/sr/LC_MESSAGES/vlc.mo
 share/locale/sv/LC_MESSAGES/vlc.mo
 share/locale/th/LC_MESSAGES/vlc.mo
 share/locale/tr/LC_MESSAGES/vlc.mo