Add patches to fix security vulnerability reported in XSA-2004-8.

Bump package revision because of this change.
This commit is contained in:
tron 2005-04-26 12:48:34 +00:00
parent 9c608da385
commit a62e3406ed
4 changed files with 47 additions and 3 deletions

View file

@ -1,8 +1,8 @@
# $NetBSD: Makefile,v 1.19 2005/03/30 10:23:45 tron Exp $
# $NetBSD: Makefile,v 1.20 2005/04/26 12:48:34 tron Exp $
.include "Makefile.common"
PKGREVISION= 1
PKGREVISION= 2
.if ${MACHINE_ARCH} == "i386"
DEPENDS+= win32-codecs>=011227:../../multimedia/win32-codecs

View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.16 2005/04/13 16:54:02 rillig Exp $
$NetBSD: distinfo,v 1.17 2005/04/26 12:48:35 tron Exp $
SHA1 (xine-lib-1.0.tar.gz) = dd02fb31c68ae68e2283d02e16bb8e80fcced9fd
RMD160 (xine-lib-1.0.tar.gz) = ad84871d50d51552ba8913c0744e4a2b2b21f124
@ -11,6 +11,8 @@ SHA1 (patch-ae) = cf7486ed50a782fcfb17ad0985e76a7ae09a2938
SHA1 (patch-ag) = 7be1e3d83e3757cf955523245be2deb4cea12998
SHA1 (patch-ah) = 3f9b23c4a7994259056b73209a9e194db759f06d
SHA1 (patch-ai) = f71e3cb57bf30cbf9653a469c040b6e3f717ba97
SHA1 (patch-aj) = e9a26ede23d53d83c2799076770e49562a4fc1ea
SHA1 (patch-ak) = 1dfd2c3d86904ef4869dde4f4309564ac6c9323c
SHA1 (patch-am) = 10f6433a8549bdce60ace5dcbd51df85eaa7ea16
SHA1 (patch-ao) = 1247ba7ef23f2b28b2c0a177208c912e2fc259a0
SHA1 (patch-ap) = aaf63024c1049c1f2175d9974367a6b84ac3028f

View file

@ -0,0 +1,21 @@
$NetBSD: patch-aj,v 1.5 2005/04/26 12:48:35 tron Exp $
--- src/input/mms.c 2005/01/18 23:25:34 1.55
+++ src/input/mms.c 2005/04/21 19:02:43 1.56
@@ -583,9 +583,13 @@
lprintf ("stream object, stream id: %d, type: %d, encrypted: %d\n",
stream_id, type, encrypted);
- this->stream_types[stream_id] = type;
- this->stream_ids[this->num_stream_ids] = stream_id;
- this->num_stream_ids++;
+ if (this->num_stream_ids < ASF_MAX_NUM_STREAMS && stream_id < ASF_MAX_NUM_STREAMS) {
+ this->stream_types[stream_id] = type;
+ this->stream_ids[this->num_stream_ids] = stream_id;
+ this->num_stream_ids++;
+ } else {
+ lprintf ("too many streams, skipping\n");
+ }
}
break;

View file

@ -0,0 +1,21 @@
$NetBSD: patch-ak,v 1.3 2005/04/26 12:48:35 tron Exp $
--- src/input/librtsp/rtsp.c 2004/07/25 17:13:54 1.18
+++ src/input/librtsp/rtsp.c 2005/04/16 07:10:51 1.19
@@ -218,6 +218,7 @@
unsigned int answer_seq;
char **answer_ptr=s->answers;
int code;
+ int ans_count = 0;
answer=rtsp_get(s);
if (!answer)
@@ -268,7 +269,7 @@
}
*answer_ptr=answer;
answer_ptr++;
- } while (strlen(answer)!=0);
+ } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS));
s->cseq++;