add patch from ffmpeg to fix an integer signedness error in CAVS codec

which can cause crashes or possibly allow code execution (CVE-2011-3362) bump PKGREV
2011-11-02 16:35:14 +00:00 · 2011-11-02 16:35:14 +00:00 · 14e6b5853c
commit 14e6b5853c
parent c6c0dd259b
4 changed files with 22 additions and 4 deletions
--- a/multimedia/gmplayer/distinfo
+++ b/multimedia/gmplayer/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.75 2011/10/24 13:34:45 obache Exp $
+$NetBSD: distinfo,v 1.76 2011/11/02 16:35:15 drochner Exp $

 SHA1 (mplayer/AlienMind-1.2.tar.bz2) = 34370da1e003e4accceae194a63483aa6eebc4dc
 RMD160 (mplayer/AlienMind-1.2.tar.bz2) = f3fda7d44a59f98097162f76d0a0d58840974998
@ -72,6 +72,7 @@ SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2
 SHA1 (patch-ah) = dcfc26ec1422581a03ab200cb95926f6fd896d5b
 SHA1 (patch-an) = 3e72fb86abe7ab572f12a4fef002edb623ab6fae
 SHA1 (patch-ar) = df7e7cdc6fb8187bbcf0b285afc14d275a51e17a
+SHA1 (patch-as) = e353a1437101f661e012ce37004d8920913725cd
 SHA1 (patch-libao2_ao_sun.c) = 14eedc06f70dd949da1fb84078877e7cf259eff1
 SHA1 (patch-stream_dvb_tune.c) = b663830ff64ab31488684b1a324da50ab52d68cc
 SHA1 (patch-stream_dvbin.h) = 56f6e71fcdf6bf3afccbdbc8682834c806114677
--- a/multimedia/mplayer-share/distinfo
+++ b/multimedia/mplayer-share/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.73 2011/10/24 13:06:05 jmcneill Exp $
+$NetBSD: distinfo,v 1.74 2011/11/02 16:35:14 drochner Exp $

 SHA1 (mplayer/mplayer-20100913.tar.bz2) = 6fd3acb29fa8455636bcd86f9f333da4763daa6d
 RMD160 (mplayer/mplayer-20100913.tar.bz2) = 79085d4ebdb824fc34f7bc128070ef11e874897d
@ -12,6 +12,7 @@ SHA1 (patch-ag) = bef25568c913dcb8535afa51976ce7c94a6af5a2
 SHA1 (patch-ah) = dcfc26ec1422581a03ab200cb95926f6fd896d5b
 SHA1 (patch-an) = 3e72fb86abe7ab572f12a4fef002edb623ab6fae
 SHA1 (patch-ar) = df7e7cdc6fb8187bbcf0b285afc14d275a51e17a
+SHA1 (patch-as) = e353a1437101f661e012ce37004d8920913725cd
 SHA1 (patch-libao2_ao_sun.c) = 14eedc06f70dd949da1fb84078877e7cf259eff1
 SHA1 (patch-stream_dvb_tune.c) = b663830ff64ab31488684b1a324da50ab52d68cc
 SHA1 (patch-stream_dvbin.h) = 56f6e71fcdf6bf3afccbdbc8682834c806114677
--- a/multimedia/mplayer-share/patches/patch-as
+++ b/multimedia/mplayer-share/patches/patch-as
@ -0,0 +1,16 @@
+$NetBSD: patch-as,v 1.1 2011/11/02 16:35:15 drochner Exp $
+
+CVE-2011-3362
+
+--- libavcodec/cavsdec.c.orig	2010-08-03 20:59:00.000000000 +0000
+++ libavcodec/cavsdec.c
+@@ -115,7 +115,8 @@ static inline int get_ue_code(GetBitCont
+ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
+                                  const struct dec_2dvlc *r, int esc_golomb_order,
+                                  int qp, uint8_t *dst, int stride) {
+-    int i, level_code, esc_code, level, run, mask;
+    int i, esc_code, level, mask;
+    unsigned int level_code, run;
+     DCTELEM level_buf[65];
+     uint8_t run_buf[65];
+     DCTELEM *block = h->block;
--- a/multimedia/mplayer/Makefile
+++ b/multimedia/mplayer/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2011/10/24 13:06:05 jmcneill Exp $
+# $NetBSD: Makefile,v 1.82 2011/11/02 16:35:15 drochner Exp $

 PKGNAME=	mplayer-${MPLAYER_VERSION}
-PKGREVISION=	9
+PKGREVISION=	10

 COMMENT=	Fast, cross-platform movie player