SECURITY UPDATE to 0.92
fixes a remotely exploitable buffer overflow in ASX headers that could be used to make mplayer run arbitrary code from maintainer Bjoern Sandell
This commit is contained in:
sturm
parent
8ef231ac58
commit
d0e57c8908
@ -1,13 +1,13 @@
|
||||
# $OpenBSD: Makefile,v 1.58 2003/06/18 14:03:36 avsm Exp $
|
||||
# $OpenBSD: Makefile,v 1.59 2003/09/25 20:59:01 sturm Exp $
|
||||
|
||||
# May not be hard to add more.
|
||||
ONLY_FOR_ARCHS= i386 macppc
|
||||
|
||||
COMMENT= "Movie player supporting MPEG, DivX, AVI, ASF, MOV & more"
|
||||
|
||||
DISTNAME= MPlayer-0.90
|
||||
DISTNAME= MPlayer-0.92
|
||||
DIST_SUBDIR= mplayer
|
||||
PKGNAME= ${DISTNAME:L}p1
|
||||
PKGNAME= ${DISTNAME:L}
|
||||
CATEGORIES= x11
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
|
||||
@ -140,11 +140,11 @@ ONLY_FOR_ARCHS=i386
|
||||
RUN_DEPENDS+= :win32-codecs-*:graphics/win32-codecs
|
||||
BUILD_DEPENDS+= :win32-codecs-*:graphics/win32-codecs
|
||||
CONFIGURE_ARGS+=--with-win32libdir=${LOCALBASE}/lib/win32 \
|
||||
--enable-qtx-codecs \
|
||||
--enable-qtx \
|
||||
--with-reallibdir=${LOCALBASE}/lib/win32
|
||||
.else
|
||||
CONFIGURE_ARGS+=--disable-win32 \
|
||||
--disable-qtx-codecs \
|
||||
--disable-qtx \
|
||||
--disable-real
|
||||
.endif
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
MD5 (mplayer/MPlayer-0.90.tar.bz2) = 9a9f294bbaab2071ecbc327f4e870be8
|
||||
MD5 (mplayer/MPlayer-0.92.tar.bz2) = c4e003fc6c6f82c1cae96a95eb9b2d28
|
||||
MD5 (mplayer/default-1.7.tar.bz2) = 7e1d16c2f8a32469f4354cb043eecc5d
|
||||
RMD160 (mplayer/MPlayer-0.90.tar.bz2) = 958aff9be7ccdd18fb4e505c26c762c382e3d064
|
||||
RMD160 (mplayer/MPlayer-0.92.tar.bz2) = 9af2b8b480f0b51119886b65b56c72cce222f7d1
|
||||
RMD160 (mplayer/default-1.7.tar.bz2) = 5f78ff9db296d8fd53ef6603ec8a227eeb602dd1
|
||||
SHA1 (mplayer/MPlayer-0.90.tar.bz2) = 01be27d68a250be814af5f090e8a217c1f4838a8
|
||||
SHA1 (mplayer/MPlayer-0.92.tar.bz2) = 32496dbc6b7dfa2b2ce2c5d73eaf31109644d513
|
||||
SHA1 (mplayer/default-1.7.tar.bz2) = 6912c3e58b4c76fad97fdb72945b27815069f7e3
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-configure,v 1.21 2003/04/21 15:29:16 brad Exp $
|
||||
--- configure.orig Sat Mar 22 11:29:16 2003
|
||||
+++ configure Mon Apr 14 20:13:45 2003
|
||||
@@ -3518,7 +3518,7 @@ echores "$_sgiaudio"
|
||||
$OpenBSD: patch-configure,v 1.22 2003/09/25 20:59:01 sturm Exp $
|
||||
--- configure.orig 2003-08-09 16:12:30.000000000 +0200
|
||||
+++ configure 2003-08-24 10:47:19.000000000 +0200
|
||||
@@ -3524,7 +3524,7 @@ echores "$_sgiaudio"
|
||||
|
||||
|
||||
echocheck "VCD support"
|
||||
@ -10,7 +10,7 @@ $OpenBSD: patch-configure,v 1.21 2003/04/21 15:29:16 brad Exp $
|
||||
_inputmodules="vcd $_inputmodules"
|
||||
_def_vcd='#define HAVE_VCD 1'
|
||||
echores "ok"
|
||||
@@ -4168,7 +4168,7 @@ fi
|
||||
@@ -4173,7 +4173,7 @@ fi
|
||||
|
||||
|
||||
echocheck "iconv"
|
||||
@ -19,13 +19,13 @@ $OpenBSD: patch-configure,v 1.21 2003/04/21 15:29:16 brad Exp $
|
||||
_iconv_tmp='#include <iconv.h>'
|
||||
|
||||
cat > $TMPC << EOF
|
||||
@@ -5400,6 +5400,9 @@ $_def_vcd
|
||||
#define DEFAULT_DVD_DEVICE "D:"
|
||||
@@ -5406,6 +5406,9 @@ $_def_vcd
|
||||
#elif defined(SYS_DARWIN)
|
||||
#define DEFAULT_CDROM_DEVICE "/dev/rdiskN"
|
||||
+#define DEFAULT_DVD_DEVICE DEFAULT_CDROM_DEVICE
|
||||
#define DEFAULT_DVD_DEVICE DEFAULT_CDROM_DEVICE
|
||||
+#elif defined(__OpenBSD__)
|
||||
+#define DEFAULT_CDROM_DEVICE "/dev/rcd0a"
|
||||
#define DEFAULT_DVD_DEVICE DEFAULT_CDROM_DEVICE
|
||||
+#define DEFAULT_DVD_DEVICE DEFAULT_CDROM_DEVICE
|
||||
#else
|
||||
#define DEFAULT_CDROM_DEVICE "/dev/cdrom"
|
||||
#define DEFAULT_DVD_DEVICE "/dev/dvd"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
$OpenBSD: patch-libavcodec_common_h,v 1.1 2003/04/17 22:16:18 wilfried Exp $
|
||||
--- libavcodec/common.h.orig Thu Apr 17 23:49:10 2003
|
||||
+++ libavcodec/common.h Fri Apr 18 00:00:45 2003
|
||||
$OpenBSD: patch-libavcodec_common_h,v 1.2 2003/09/25 20:59:01 sturm Exp $
|
||||
--- libavcodec/common.h.orig 2003-01-28 15:37:44.000000000 +0100
|
||||
+++ libavcodec/common.h 2003-08-24 10:47:19.000000000 +0200
|
||||
@@ -158,7 +158,7 @@ typedef signed long long INT64;
|
||||
# include "bswap.h"
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-libdha_Makefile,v 1.10 2003/01/03 23:06:36 brad Exp $
|
||||
--- libdha/Makefile.orig Sat Dec 21 12:49:52 2002
|
||||
+++ libdha/Makefile Sat Dec 28 21:23:01 2002
|
||||
@@ -38,15 +38,13 @@ endif
|
||||
$OpenBSD: patch-libdha_Makefile,v 1.11 2003/09/25 20:59:01 sturm Exp $
|
||||
--- libdha/Makefile.orig 2003-06-02 00:30:36.000000000 +0200
|
||||
+++ libdha/Makefile 2003-08-24 10:47:19.000000000 +0200
|
||||
@@ -40,15 +40,13 @@ endif
|
||||
# .PHONY: all clean
|
||||
|
||||
.c.o: pci_names.c
|
||||
@ -19,7 +19,7 @@ $OpenBSD: patch-libdha_Makefile,v 1.10 2003/01/03 23:06:36 brad Exp $
|
||||
|
||||
pci_names.c:
|
||||
$(AWK) -f pci_db2c.awk oth/pci.db
|
||||
@@ -69,8 +67,6 @@ depend: pci_names.c
|
||||
@@ -71,8 +69,6 @@ depend: pci_names.c
|
||||
install:
|
||||
mkdir -p $(prefix)/lib
|
||||
install -m 755 -s -p $(LIBNAME) $(prefix)/lib/$(LIBNAME)
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-libmpcodecs_ad_realaud_c,v 1.1 2003/05/18 11:49:55 espie Exp $
|
||||
--- libmpcodecs/ad_realaud.c.orig Sun May 18 13:28:25 2003
|
||||
+++ libmpcodecs/ad_realaud.c Sun May 18 13:28:38 2003
|
||||
@@ -32,7 +32,7 @@ void __builtin_delete(void* ize) {
|
||||
free(ize);
|
||||
}
|
||||
|
||||
-#if defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
|
||||
void *__ctype_b=NULL;
|
||||
#endif
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-libmpcodecs_vd_realvid_c,v 1.1 2003/05/18 11:49:55 espie Exp $
|
||||
--- libmpcodecs/vd_realvid.c.orig Sun May 18 13:28:54 2003
|
||||
+++ libmpcodecs/vd_realvid.c Sun May 18 13:29:07 2003
|
||||
@@ -76,7 +76,7 @@ void __pure_virtual(void) {
|
||||
// exit(1);
|
||||
}
|
||||
|
||||
-#if defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
|
||||
void ___brk_addr(void) {exit(0);}
|
||||
char **__environ={NULL};
|
||||
#undef stderr
|
||||
@ -1,21 +0,0 @@
|
||||
$OpenBSD: patch-libmpdemux_asf_mmst_streaming_c,v 1.1 2003/06/18 14:03:36 avsm Exp $
|
||||
--- libmpdemux/asf_mmst_streaming.c.orig Wed Oct 30 14:10:36 2002
|
||||
+++ libmpdemux/asf_mmst_streaming.c Wed Jun 18 14:56:30 2003
|
||||
@@ -424,7 +424,7 @@ asf_mmst_streaming_seek( int fd, off_t p
|
||||
int asf_mmst_streaming_start(stream_t *stream)
|
||||
{
|
||||
char str[1024];
|
||||
- char data[1024];
|
||||
+ char data[BUF_SIZE];
|
||||
uint8_t asf_header[8192];
|
||||
int asf_header_len;
|
||||
int len, i, packet_length;
|
||||
@@ -455,7 +455,7 @@ int asf_mmst_streaming_start(stream_t *s
|
||||
* cmd 1 0x01
|
||||
* */
|
||||
|
||||
- sprintf (str, "\034\003NSPlayer/7.0.0.1956; {33715801-BAB3-9D85-24E9-03B90328270A}; Host: %s", url1->hostname);
|
||||
+ snprintf (str, 1023, "\034\003NSPlayer/7.0.0.1956; {33715801-BAB3-9D85-24E9-03B90328270A}; Host: %s", url1->hostname);
|
||||
string_utf16 (data, str, strlen(str)+2);
|
||||
// send_command(s, commandno ....)
|
||||
send_command (s, 1, 0, 0x0004000b, strlen(str) * 2+8, data);
|
||||
@ -1,4 +1,4 @@
|
||||
@comment $OpenBSD: PLIST,v 1.7 2003/03/30 12:27:58 miod Exp $
|
||||
@comment $OpenBSD: PLIST,v 1.8 2003/09/25 20:59:01 sturm Exp $
|
||||
@exec echo "This package may need further setup. Run pkg_info mplayer to find out more,"
|
||||
@exec echo "and be sure to read the package description carefully."
|
||||
bin/mencoder
|
||||
@ -13,7 +13,6 @@ lib/mplayer/vidix/rage128_vid.so
|
||||
%%SHARED%%
|
||||
man/man1/mencoder.1
|
||||
man/man1/mplayer.1
|
||||
share/mplayer/codecs.conf
|
||||
share/mplayer/input.conf
|
||||
share/mplayer/menu.conf
|
||||
share/doc/mplayer/bugreports.html
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user