Date: Sun, 21 Dec 2008 08:54:41 GMT From: Thomas Zander <riggs@rrr.de> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/129810: [Maintainer-update] multimedia/mplayer & multimedia/mencoder Message-ID: <200812210854.mBL8sf6F098126@www.freebsd.org> Resent-Message-ID: <200812210900.mBL9039F046743@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129810
>Category: ports
>Synopsis: [Maintainer-update] multimedia/mplayer & multimedia/mencoder
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 21 09:00:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Thomas Zander
>Release: 7.1-PRERELEASE
>Organization:
>Environment:
>Description:
This update fixes a vulnerability in mplayer's demuxer and a build problem that has been reported:
- Introduce files/patch-CVE-2008-5616
- Use additional configure arguments that fix a build problem in ports/128085 (this pr can be closed then)
- I hope a small change of configure arguments also fixes ports/128074 but this needs to be confirmed as I am not able to reproduce the mentioned problem
>How-To-Repeat:
>Fix:
The attached patch file contains a diff for both multimedia/mplayer and multimedia/mencoder.
Patch attached with submission follows:
diff -ruN /usr/ports/multimedia/mplayer/Makefile mplayer/Makefile
--- /usr/ports/multimedia/mplayer/Makefile 2008-10-13 10:08:43.000000000 +0800
+++ mplayer/Makefile 2008-12-21 06:56:41.000000000 +0900
@@ -7,7 +7,7 @@
PORTNAME= mplayer
PORTVERSION= ${MPLAYER_PORT_VERSION}
-PORTREVISION= 8
+PORTREVISION= 9
COMMENT= High performance media player supporting many formats
@@ -77,6 +77,7 @@
.include <bsd.port.pre.mk>
CONFIGURE_ARGS+= --disable-ssse3 \
+ --disable-directfb \
--disable-faac \
--disable-twolame \
--disable-mencoder
diff -ruN /usr/ports/multimedia/mplayer/Makefile.shared mplayer/Makefile.shared
--- /usr/ports/multimedia/mplayer/Makefile.shared 2008-08-28 09:53:19.000000000 +0800
+++ mplayer/Makefile.shared 2008-12-21 08:38:38.000000000 +0900
@@ -36,7 +36,7 @@
--disable-tv-v4l1 \
--disable-tv-v4l2 \
--disable-dvdnav \
- --disable-dvdread
+ --enable-dvdread-internal
WANT_GNOME= yes
WANT_SDL= yes
diff -ruN /usr/ports/multimedia/mplayer/files/patch-CVE-2008-5616 mplayer/files/patch-CVE-2008-5616
--- /usr/ports/multimedia/mplayer/files/patch-CVE-2008-5616 1970-01-01 08:00:00.000000000 +0800
+++ mplayer/files/patch-CVE-2008-5616 2008-12-21 06:55:18.000000000 +0900
@@ -0,0 +1,55 @@
+--- libmpdemux/demux_vqf.c.orig 2007-10-07 20:49:33.000000000 +0100
++++ libmpdemux/demux_vqf.c 2008-12-15 14:29:58.000000000 +0000
+@@ -50,11 +50,14 @@
+ unsigned chunk_size;
+ hi->size=chunk_size=stream_read_dword(s); /* include itself */
+ stream_read(s,chunk_id,4);
++ if (chunk_size < 8) return NULL;
++ chunk_size -= 8;
+ if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M'))
+ {
+- char buf[chunk_size-8];
++ char buf[BUFSIZ];
+ unsigned i,subchunk_size;
+- if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL;
++ if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL;
++ if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL;
+ i=0;
+ subchunk_size=be2me_32(*((uint32_t *)&buf[0]));
+ hi->channelMode=be2me_32(*((uint32_t *)&buf[4]));
+@@ -83,13 +86,15 @@
+ sh_audio->samplesize = 4;
+ w->wBitsPerSample = 8*sh_audio->samplesize;
+ w->cbSize = 0;
++ if (subchunk_size > chunk_size - 4) continue;
+ i+=subchunk_size+4;
+- while(i<chunk_size-8)
++ while(i + 8 < chunk_size)
+ {
+ unsigned slen,sid;
+- char sdata[chunk_size];
++ char sdata[BUFSIZ];
+ sid=*((uint32_t *)&buf[i]); i+=4;
+ slen=be2me_32(*((uint32_t *)&buf[i])); i+=4;
++ if (slen > sizeof(sdata) - 1 || slen > chunk_size - i) break;
+ if(sid==mmioFOURCC('D','S','I','Z'))
+ {
+ hi->Dsiz=be2me_32(*((uint32_t *)&buf[i]));
+@@ -141,7 +146,7 @@
+ if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A'))
+ {
+ demuxer->movi_start=stream_tell(s);
+- demuxer->movi_end=demuxer->movi_start+chunk_size-8;
++ demuxer->movi_end=demuxer->movi_start+chunk_size;
+ mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end);
+ /* Done! play it */
+ break;
+@@ -149,7 +154,7 @@
+ else
+ {
+ mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size);
+- stream_skip(s,chunk_size-8); /*unknown chunk type */
++ stream_skip(s,chunk_size); /*unknown chunk type */
+ }
+ }
+
diff -ruN /usr/ports/multimedia/mencoder/Makefile mencoder/Makefile
--- /usr/ports/multimedia/mencoder/Makefile 2008-08-28 09:53:19.000000000 +0800
+++ mencoder/Makefile 2008-12-21 06:57:38.000000000 +0900
@@ -6,7 +6,7 @@
PORTNAME= mencoder
PORTVERSION= ${MPLAYER_PORT_VERSION}
-PORTREVISION= 2
+PORTREVISION= 3
COMMENT= Convenient video file and movie encoder
RESTRICTED= Port has restricted dependencies
@@ -78,6 +78,7 @@
--disable-svga \
--disable-aa \
--disable-joystick \
+ --disable-directfb \
--disable-ssse3
.include "${.CURDIR}/../mplayer/Makefile.options"
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812210854.mBL8sf6F098126>