add patch from 1.2.7 to fix recent integer overflow, bump PKGREV

2014-06-27 17:58:09 +00:00 · 2014-06-27 17:58:09 +00:00 · 9f9fdf801a
commit 9f9fdf801a
parent d874aa89ae
3 changed files with 47 additions and 3 deletions
--- a/multimedia/ffmpeg010/Makefile
+++ b/multimedia/ffmpeg010/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.15 2014/04/10 05:39:14 obache Exp $
+# $NetBSD: Makefile,v 1.16 2014/06/27 17:58:09 drochner Exp $

 PKGNAME=	ffmpeg010-20130731.${DISTVERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://ffmpeg.mplayerhq.hu/
 COMMENT=	Decoding, encoding and streaming software
--- a/multimedia/ffmpeg010/distinfo
+++ b/multimedia/ffmpeg010/distinfo
@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.9 2013/08/03 09:22:58 obache Exp $
+$NetBSD: distinfo,v 1.10 2014/06/27 17:58:09 drochner Exp $

 SHA1 (ffmpeg-0.10.8.tar.bz2) = 23b6713b5a403feab4bf57f9363353312ba77995
 RMD160 (ffmpeg-0.10.8.tar.bz2) = 1916b6fab6ec3f32d0f0f54d7964adf6f2852e57
 Size (ffmpeg-0.10.8.tar.bz2) = 5782880 bytes
+SHA1 (patch-CVE-2014-4610) = e70bb36823edae0a00aa557453328e43c850e954
 SHA1 (patch-aa) = b30c822e03bb1766181d7b8b8d4122c196fd1d16
 SHA1 (patch-ac) = 14b39a2663be41395be0faae8270e18e2ba0891f
 SHA1 (patch-ap) = b67db14f412bbca036b5e6573df68b64ac5dabc2
--- a/multimedia/ffmpeg010/patches/patch-CVE-2014-4610
+++ b/multimedia/ffmpeg010/patches/patch-CVE-2014-4610
@ -0,0 +1,43 @@
+$NetBSD: patch-CVE-2014-4610,v 1.1 2014/06/27 17:58:09 drochner Exp $
+
+--- libavutil/lzo.c.orig	2014-06-27 17:34:06.000000000 +0000
+++ libavutil/lzo.c
+@@ -20,6 +20,7 @@
+  */
+ 
+ #include "avutil.h"
+#include "avassert.h"
+ #include "common.h"
+ /// Avoid e.g. MPlayers fast_memcpy, it slows things down here.
+ #undef memcpy
+@@ -62,7 +63,13 @@ static inline int get_byte(LZOContext *c
+ static inline int get_len(LZOContext *c, int x, int mask) {
+     int cnt = x & mask;
+     if (!cnt) {
+-        while (!(x = get_byte(c))) cnt += 255;
+        while (!(x = get_byte(c))) {
+	    if (cnt >= INT_MAX - 1000) {
+		c->error |= AV_LZO_ERROR;
+		break;
+	    }
+	    cnt += 255;
+	}
+         cnt += mask + x;
+     }
+     return cnt;
+@@ -88,6 +95,7 @@ static inline int get_len(LZOContext *c,
+ static inline void copy(LZOContext *c, int cnt) {
+     register const uint8_t *src = c->in;
+     register uint8_t *dst = c->out;
+    av_assert0(cnt >= 0);
+     if (cnt > c->in_end - src) {
+         cnt = FFMAX(c->in_end - src, 0);
+         c->error |= AV_LZO_INPUT_DEPLETED;
+@@ -120,6 +128,7 @@ static inline void memcpy_backptr(uint8_
+  */
+ static inline void copy_backptr(LZOContext *c, int back, int cnt) {
+     register uint8_t *dst = c->out;
+    av_assert0(cnt > 0);
+     if (dst - c->out_start < back) {
+         c->error |= AV_LZO_INVALID_BACKPTR;
+         return;