cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

two security-related fixes from upstream via Brad:

Browse Source 
- Avoid a possible overflow when handling media marks.
- Avoid a possible overflow when handling M3U files.
This commit is contained in:
sthen 2011-04-01 12:32:34 +00:00
parent d30da6871a
commit e5fe84ed3e
3 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
multimedia/xine-ui/Makefile
View File

@ -1,9 +1,9 @@
# $OpenBSD: Makefile,v 1.20 2011/03/26 10:05:24 sthen Exp $ # $OpenBSD: Makefile,v 1.21 2011/04/01 12:32:34 sthen Exp $
COMMENT= multimedia player COMMENT= multimedia player
DISTNAME= xine-ui-0.99.6 DISTNAME= xine-ui-0.99.6
REVISION= 0 REVISION= 1
CATEGORIES= multimedia CATEGORIES= multimedia
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xine/} MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xine/}
EXTRACT_SUFX= .tar.bz2 EXTRACT_SUFX= .tar.bz2
@ -26,7 +26,7 @@ LIB_DEPENDS= multimedia/xine-lib \
graphics/png graphics/png
USE_LIBTOOL= Yes USE_LIBTOOL= Yes
USE_GROFF = Yes USE_GROFF= Yes
CONFIGURE_STYLE= autoconf CONFIGURE_STYLE= autoconf
AUTOCONF_VERSION= 2.65 AUTOCONF_VERSION= 2.65
CONFIGURE_ARGS+=--disable-lirc \ CONFIGURE_ARGS+=--disable-lirc \

27
multimedia/xine-ui/patches/patch-src_xitk_mediamark_c Normal file
View File

@ -0,0 +1,27 @@
$OpenBSD: patch-src_xitk_mediamark_c,v 1.1 2011/04/01 12:32:34 sthen Exp $
Avoid a possible overflow when handling media marks.
--- src/xitk/mediamark.c.orig Fri Dec 18 19:34:22 2009
+++ src/xitk/mediamark.c Thu Mar 31 19:24:33 2011
@@ -796,7 +796,7 @@ static mediamark_t **guess_toxine_playlist(playlist_t
playlist->data = tox_content;
if(playlist_split_data(playlist)) {
- char buffer[23768], path[_PATH_MAX + _NAME_MAX + 2];
+ char buffer[32768], path[_PATH_MAX + _NAME_MAX + 2];
char *p, *pp, *origin;
int start = 0;
int linen = 0;
@@ -976,8 +976,9 @@ static mediamark_t **guess_toxine_playlist(playlist_t
}
if(*pp != '\0') {
- *p = *pp;
- p++;
+ /* buffer full? don't copy */
+ if (p - buffer < sizeof (buffer) - 1)
+ *p++ = *pp;
pp++;
}
}

22
multimedia/xine-ui/patches/patch-src_xitk_xine-toolkit_image_c Normal file
View File

@ -0,0 +1,22 @@
$OpenBSD: patch-src_xitk_xine-toolkit_image_c,v 1.1 2011/04/01 12:32:34 sthen Exp $
Avoid a possible overflow when handling M3U files.
--- src/xitk/xine-toolkit/image.c.orig Fri Dec 18 19:34:22 2009
+++ src/xitk/xine-toolkit/image.c Thu Mar 31 19:24:12 2011
@@ -497,6 +497,7 @@ xitk_image_t *xitk_image_create_image_with_colors_from
lines[numlines++] = bp;
bp += linel;
linel = 1;
+ bp[linel] = 0;
}
else {
char *nextword = (bp + lastws);
@@ -514,6 +515,7 @@ xitk_image_t *xitk_image_create_image_with_colors_from
memmove(bp, nextword, wordlen + 1);
linel = wordlen;
+ lastws = 0;
}
if(wlinew > maxw)