Fix for CVE-2007-3316 format-string vulnerability described by

VideoLAN-SA-0702 upstream advisory. Backported from 0.8.6c.
2007-06-22 14:13:16 +00:00 · 2007-06-22 14:13:16 +00:00 · 551597a4ea
commit 551597a4ea
parent 081d84f114
6 changed files with 88 additions and 3 deletions
--- a/multimedia/vlc/Makefile
+++ b/multimedia/vlc/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.44 2007/02/22 19:26:51 wiz Exp $
+# $NetBSD: Makefile,v 1.45 2007/06/22 14:13:16 lkundrak Exp $
 #

 DISTNAME=		vlc-${VLC_VER}
-PKGREVISION=		5
+PKGREVISION=		6
 CATEGORIES=		multimedia
 MASTER_SITES=		http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
 EXTRACT_SUFX=		.tar.bz2
--- a/multimedia/vlc/distinfo
+++ b/multimedia/vlc/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2007/02/22 16:36:10 drochner Exp $
+$NetBSD: distinfo,v 1.11 2007/06/22 14:13:16 lkundrak Exp $

 SHA1 (vlc-0.8.5.tar.bz2) = 2f0a26a336a5211f32c7bcc653dfd0b27f1fb26b
 RMD160 (vlc-0.8.5.tar.bz2) = d24140a5b4bf771754028090e103bb5c171e4fd8
@ -10,3 +10,7 @@ SHA1 (patch-ag) = 44061c0018d97c45d4edfdb2a16192f3c99024f8
 SHA1 (patch-ah) = 5a355a70b7b39c0a33db7cc37e3944f903686d3f
 SHA1 (patch-ai) = 655df187ab529eb30753531dafbf4b68f7a85785
 SHA1 (patch-aj) = ff16b192696f7a8517b2bf343697cb81c6041015
+SHA1 (patch-ak) = 62e4c366c6ad39fdadf3e9484f1ee46a2f5680ab
+SHA1 (patch-al) = d363baa7a1d4150b2b12376652650295e546f0fe
+SHA1 (patch-am) = 7d212c47879c718a7685fe94660c9fa71a02f4c3
+SHA1 (patch-an) = 6388e50ad6b7c4cc6860759d514ca691b996ee45
--- a/multimedia/vlc/patches/patch-ak
+++ b/multimedia/vlc/patches/patch-ak
@ -0,0 +1,27 @@
+$NetBSD: patch-ak,v 1.1 2007/06/22 14:13:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in CDDA module described
+by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.
+
+--- modules/access/cdda.c.orig	2007-06-22 16:00:43.000000000 +0200
+++ modules/access/cdda.c
+@@ -630,7 +630,9 @@ static int GetTracks( access_t *p_access
+                     {
+                         vlc_input_item_AddInfo( &p_item->input,
+                                             _(VLC_META_INFO_CAT),
+-                                            _(VLC_META_TITLE),
+                                            _(VLC_META_TITLE), "%s", 
+                                             cddb_track_get_title( t ) );
+
+                                             cddb_track_get_title( t ) );
+                         if( p_item->input.psz_name )
+                             free( p_item->input.psz_name );
+@@ -641,7 +643,7 @@ static int GetTracks( access_t *p_access
+                     if( psz_result )
+                     {
+                         vlc_input_item_AddInfo( &p_item->input,
+-                                            _(VLC_META_INFO_CAT),
+                                            _(VLC_META_INFO_CAT), "%s",
+                                             _(VLC_META_ARTIST), psz_result );
+                     }
+                 }
--- a/multimedia/vlc/patches/patch-al
+++ b/multimedia/vlc/patches/patch-al
@ -0,0 +1,16 @@
+$NetBSD: patch-al,v 1.1 2007/06/22 14:13:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
+by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.
+
+--- modules/codec/vorbis.c.orig	2007-06-22 16:03:12.000000000 +0200
+++ modules/codec/vorbis.c
+@@ -614,7 +614,7 @@ static void ParseVorbisComments( decoder
+             *psz_value = '\0';
+             psz_value++;
+             input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
+-                           psz_name, psz_value );
+                           psz_name, "%s", psz_value );
+             if( strcasestr( psz_name, "artist" ) )
+             {
+                 vlc_input_item_AddInfo( p_input->input.p_item,
--- a/multimedia/vlc/patches/patch-am
+++ b/multimedia/vlc/patches/patch-am
@ -0,0 +1,16 @@
+$NetBSD: patch-am,v 1.1 2007/06/22 14:13:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Theora module described
+by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.
+
+--- modules/codec/theora.c.orig	2007-06-22 16:04:59.000000000 +0200
+++ modules/codec/theora.c
+@@ -510,7 +510,7 @@ static void ParseTheoraComments( decoder
+             *psz_value = '\0';
+             psz_value++;
+             input_Control( p_input, INPUT_ADD_INFO, _("Theora comment"),
+-                           psz_name, psz_value );
+                           psz_name, "%s", psz_value );
+         }
+         free( psz_comment );
+         i++;
--- a/multimedia/vlc/patches/patch-an
+++ b/multimedia/vlc/patches/patch-an
@ -0,0 +1,22 @@
+$NetBSD: patch-an,v 1.1 2007/06/22 14:13:17 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in SAP module described
+by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.
+
+--- modules/services_discovery/sap.c.orig	2007-06-22 16:06:09.000000000 +0200
+++ modules/services_discovery/sap.c
+@@ -818,12 +818,12 @@ sap_announce_t *CreateAnnounce( services
+     if( psz_value != NULL )
+     {
+         vlc_input_item_AddInfo( &p_item->input, _("Session"),
+-                                _("Tool"), psz_value );
+                                _("Tool"), "%s", psz_value );
+     }
+     if( strcmp( p_sdp->psz_username, "-" ) )
+     {
+         vlc_input_item_AddInfo( &p_item->input, _("Session"),
+-                                _("User"), p_sdp->psz_username );
+                                _("User"), "%s", p_sdp->psz_username );
+     }
+ 
+     psz_value = GetAttribute( p_sap->p_sdp, "x-plgroup" );