Add patches to fix security vulnerability reported in XSA-2004-8.

Bump package revision because of this change.
2005-04-26 12:48:34 +00:00 · 2005-04-26 12:48:34 +00:00 · a62e3406ed
commit a62e3406ed
parent 9c608da385
4 changed files with 47 additions and 3 deletions
--- a/multimedia/xine-lib/Makefile
+++ b/multimedia/xine-lib/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.19 2005/03/30 10:23:45 tron Exp $
+# $NetBSD: Makefile,v 1.20 2005/04/26 12:48:34 tron Exp $

 .include "Makefile.common"

-PKGREVISION=		1
+PKGREVISION=		2

 .if ${MACHINE_ARCH} == "i386"
 DEPENDS+=       	win32-codecs>=011227:../../multimedia/win32-codecs
--- a/multimedia/xine-lib/distinfo
+++ b/multimedia/xine-lib/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2005/04/13 16:54:02 rillig Exp $
+$NetBSD: distinfo,v 1.17 2005/04/26 12:48:35 tron Exp $

 SHA1 (xine-lib-1.0.tar.gz) = dd02fb31c68ae68e2283d02e16bb8e80fcced9fd
 RMD160 (xine-lib-1.0.tar.gz) = ad84871d50d51552ba8913c0744e4a2b2b21f124
@ -11,6 +11,8 @@ SHA1 (patch-ae) = cf7486ed50a782fcfb17ad0985e76a7ae09a2938
 SHA1 (patch-ag) = 7be1e3d83e3757cf955523245be2deb4cea12998
 SHA1 (patch-ah) = 3f9b23c4a7994259056b73209a9e194db759f06d
 SHA1 (patch-ai) = f71e3cb57bf30cbf9653a469c040b6e3f717ba97
+SHA1 (patch-aj) = e9a26ede23d53d83c2799076770e49562a4fc1ea
+SHA1 (patch-ak) = 1dfd2c3d86904ef4869dde4f4309564ac6c9323c
 SHA1 (patch-am) = 10f6433a8549bdce60ace5dcbd51df85eaa7ea16
 SHA1 (patch-ao) = 1247ba7ef23f2b28b2c0a177208c912e2fc259a0
 SHA1 (patch-ap) = aaf63024c1049c1f2175d9974367a6b84ac3028f
--- a/multimedia/xine-lib/patches/patch-aj
+++ b/multimedia/xine-lib/patches/patch-aj
@ -0,0 +1,21 @@
+$NetBSD: patch-aj,v 1.5 2005/04/26 12:48:35 tron Exp $
+
+--- src/input/mms.c	2005/01/18 23:25:34	1.55
+++ src/input/mms.c	2005/04/21 19:02:43	1.56
+@@ -583,9 +583,13 @@
+           lprintf ("stream object, stream id: %d, type: %d, encrypted: %d\n",
+                    stream_id, type, encrypted);
+           
+-          this->stream_types[stream_id] = type;
+-          this->stream_ids[this->num_stream_ids] = stream_id;
+-          this->num_stream_ids++;
+          if (this->num_stream_ids < ASF_MAX_NUM_STREAMS && stream_id < ASF_MAX_NUM_STREAMS) {
+            this->stream_types[stream_id] = type;
+            this->stream_ids[this->num_stream_ids] = stream_id;
+            this->num_stream_ids++;
+          } else {
+            lprintf ("too many streams, skipping\n");
+          }
+       
+         }
+         break;
--- a/multimedia/xine-lib/patches/patch-ak
+++ b/multimedia/xine-lib/patches/patch-ak
@ -0,0 +1,21 @@
+$NetBSD: patch-ak,v 1.3 2005/04/26 12:48:35 tron Exp $
+
+--- src/input/librtsp/rtsp.c	2004/07/25 17:13:54	1.18
+++ src/input/librtsp/rtsp.c	2005/04/16 07:10:51	1.19
+@@ -218,6 +218,7 @@
+   unsigned int answer_seq;
+   char **answer_ptr=s->answers;
+   int code;
+  int ans_count = 0;
+   
+   answer=rtsp_get(s);
+   if (!answer)
+@@ -268,7 +269,7 @@
+     }
+     *answer_ptr=answer;
+     answer_ptr++;
+-  } while (strlen(answer)!=0);
+  } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS));
+   
+   s->cseq++;
+