Date: Sun, 21 Dec 2008 08:54:41 GMT From: Thomas Zander <riggs@rrr.de> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/129810: [Maintainer-update] multimedia/mplayer & multimedia/mencoder Message-ID: <200812210854.mBL8sf6F098126@www.freebsd.org> Resent-Message-ID: <200812210900.mBL9039F046743@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129810 >Category: ports >Synopsis: [Maintainer-update] multimedia/mplayer & multimedia/mencoder >Confidential: no >Severity: critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Dec 21 09:00:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Thomas Zander >Release: 7.1-PRERELEASE >Organization: >Environment: >Description: This update fixes a vulnerability in mplayer's demuxer and a build problem that has been reported: - Introduce files/patch-CVE-2008-5616 - Use additional configure arguments that fix a build problem in ports/128085 (this pr can be closed then) - I hope a small change of configure arguments also fixes ports/128074 but this needs to be confirmed as I am not able to reproduce the mentioned problem >How-To-Repeat: >Fix: The attached patch file contains a diff for both multimedia/mplayer and multimedia/mencoder. Patch attached with submission follows: diff -ruN /usr/ports/multimedia/mplayer/Makefile mplayer/Makefile --- /usr/ports/multimedia/mplayer/Makefile 2008-10-13 10:08:43.000000000 +0800 +++ mplayer/Makefile 2008-12-21 06:56:41.000000000 +0900 @@ -7,7 +7,7 @@ PORTNAME= mplayer PORTVERSION= ${MPLAYER_PORT_VERSION} -PORTREVISION= 8 +PORTREVISION= 9 COMMENT= High performance media player supporting many formats @@ -77,6 +77,7 @@ .include <bsd.port.pre.mk> CONFIGURE_ARGS+= --disable-ssse3 \ + --disable-directfb \ --disable-faac \ --disable-twolame \ --disable-mencoder diff -ruN /usr/ports/multimedia/mplayer/Makefile.shared mplayer/Makefile.shared --- /usr/ports/multimedia/mplayer/Makefile.shared 2008-08-28 09:53:19.000000000 +0800 +++ mplayer/Makefile.shared 2008-12-21 08:38:38.000000000 +0900 @@ -36,7 +36,7 @@ --disable-tv-v4l1 \ --disable-tv-v4l2 \ --disable-dvdnav \ - --disable-dvdread + --enable-dvdread-internal WANT_GNOME= yes WANT_SDL= yes diff -ruN /usr/ports/multimedia/mplayer/files/patch-CVE-2008-5616 mplayer/files/patch-CVE-2008-5616 --- /usr/ports/multimedia/mplayer/files/patch-CVE-2008-5616 1970-01-01 08:00:00.000000000 +0800 +++ mplayer/files/patch-CVE-2008-5616 2008-12-21 06:55:18.000000000 +0900 @@ -0,0 +1,55 @@ +--- libmpdemux/demux_vqf.c.orig 2007-10-07 20:49:33.000000000 +0100 ++++ libmpdemux/demux_vqf.c 2008-12-15 14:29:58.000000000 +0000 +@@ -50,11 +50,14 @@ + unsigned chunk_size; + hi->size=chunk_size=stream_read_dword(s); /* include itself */ + stream_read(s,chunk_id,4); ++ if (chunk_size < 8) return NULL; ++ chunk_size -= 8; + if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M')) + { +- char buf[chunk_size-8]; ++ char buf[BUFSIZ]; + unsigned i,subchunk_size; +- if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL; ++ if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL; ++ if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL; + i=0; + subchunk_size=be2me_32(*((uint32_t *)&buf[0])); + hi->channelMode=be2me_32(*((uint32_t *)&buf[4])); +@@ -83,13 +86,15 @@ + sh_audio->samplesize = 4; + w->wBitsPerSample = 8*sh_audio->samplesize; + w->cbSize = 0; ++ if (subchunk_size > chunk_size - 4) continue; + i+=subchunk_size+4; +- while(i<chunk_size-8) ++ while(i + 8 < chunk_size) + { + unsigned slen,sid; +- char sdata[chunk_size]; ++ char sdata[BUFSIZ]; + sid=*((uint32_t *)&buf[i]); i+=4; + slen=be2me_32(*((uint32_t *)&buf[i])); i+=4; ++ if (slen > sizeof(sdata) - 1 || slen > chunk_size - i) break; + if(sid==mmioFOURCC('D','S','I','Z')) + { + hi->Dsiz=be2me_32(*((uint32_t *)&buf[i])); +@@ -141,7 +146,7 @@ + if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A')) + { + demuxer->movi_start=stream_tell(s); +- demuxer->movi_end=demuxer->movi_start+chunk_size-8; ++ demuxer->movi_end=demuxer->movi_start+chunk_size; + mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end); + /* Done! play it */ + break; +@@ -149,7 +154,7 @@ + else + { + mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size); +- stream_skip(s,chunk_size-8); /*unknown chunk type */ ++ stream_skip(s,chunk_size); /*unknown chunk type */ + } + } + diff -ruN /usr/ports/multimedia/mencoder/Makefile mencoder/Makefile --- /usr/ports/multimedia/mencoder/Makefile 2008-08-28 09:53:19.000000000 +0800 +++ mencoder/Makefile 2008-12-21 06:57:38.000000000 +0900 @@ -6,7 +6,7 @@ PORTNAME= mencoder PORTVERSION= ${MPLAYER_PORT_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 COMMENT= Convenient video file and movie encoder RESTRICTED= Port has restricted dependencies @@ -78,6 +78,7 @@ --disable-svga \ --disable-aa \ --disable-joystick \ + --disable-directfb \ --disable-ssse3 .include "${.CURDIR}/../mplayer/Makefile.options" >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812210854.mBL8sf6F098126>