From 861090a2f72a4bc33ac07b0ed0d27b08cae6dd76 Mon Sep 17 00:00:00 2001 From: sthen Date: Thu, 29 Jan 2009 17:28:13 +0000 Subject: [PATCH] - SECURITY; fix http://www.trapkit.de/advisories/TKADV2009-004.txt for the internal ffmpeg. From Brad. - sync WANTLIB (gio) --- x11/mplayer/Makefile | 10 +++++----- x11/mplayer/patches/patch-libavformat_4xm_c | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 x11/mplayer/patches/patch-libavformat_4xm_c diff --git a/x11/mplayer/Makefile b/x11/mplayer/Makefile index 2b9d3f1ac24..f0d6e5b73e6 100644 --- a/x11/mplayer/Makefile +++ b/x11/mplayer/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.143 2009/01/16 02:39:53 jakemsr Exp $ +# $OpenBSD: Makefile,v 1.144 2009/01/29 17:28:13 sthen Exp $ # May not be hard to add more. ONLY_FOR_ARCHS= amd64 i386 powerpc sparc64 arm @@ -9,7 +9,7 @@ V= 1.0rc2 N= mplayer DISTNAME= MPlayer-${V} DIST_SUBDIR= ${N} -PKGNAME= ${N}-${V}p17 +PKGNAME= ${N}-${V}p18 CATEGORIES= x11 multimedia EXTRACT_SUFX= .tar.bz2 @@ -134,9 +134,9 @@ USE_X11= Yes LIB_DEPENDS+= gdk-x11-2.0,gdk_pixbuf-2.0,gtk-x11-2.0::x11/gtk+2 WANTLIB+= GL X11 Xau Xcomposite Xcursor Xdamage Xdmcp Xext \ Xfixes Xi Xinerama Xrandr Xrender Xv Xxf86dga Xxf86vm \ - atk-1.0 cairo expat fontconfig freetype glib-2.0 glitz \ - gmodule-2.0 gobject-2.0 pango-1.0 pangocairo-1.0 \ - pangoft2-1.0 pixman-1 + atk-1.0 cairo expat fontconfig freetype gio-2.0 \ + glib-2.0 glitz gmodule-2.0 gobject-2.0 pango-1.0 \ + pangocairo-1.0 pangoft2-1.0 pixman-1 MODULES= devel/gettext .endif diff --git a/x11/mplayer/patches/patch-libavformat_4xm_c b/x11/mplayer/patches/patch-libavformat_4xm_c new file mode 100644 index 00000000000..a2b59e9caf8 --- /dev/null +++ b/x11/mplayer/patches/patch-libavformat_4xm_c @@ -0,0 +1,18 @@ +$OpenBSD: patch-libavformat_4xm_c,v 1.1 2009/01/29 17:28:13 sthen Exp $ +--- libavformat/4xm.c.orig Thu Jan 29 11:19:43 2009 ++++ libavformat/4xm.c Thu Jan 29 11:20:45 2009 +@@ -163,10 +163,12 @@ static int fourxm_read_header(AVFormatContext *s, + return AVERROR_INVALIDDATA; + } + current_track = AV_RL32(&header[i + 8]); ++ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){ ++ av_log(s, AV_LOG_ERROR, "current_track too large\n"); ++ return -1; ++ } + if (current_track + 1 > fourxm->track_count) { + fourxm->track_count = current_track + 1; +- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)) +- return -1; + fourxm->tracks = av_realloc(fourxm->tracks, + fourxm->track_count * sizeof(AudioTrack)); + if (!fourxm->tracks) {