Date: Tue, 20 Aug 2013 15:36:43 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r325059 - in head: multimedia/gstreamer-ffmpeg security/vuxml Message-ID: <201308201536.r7KFah2W080546@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Tue Aug 20 15:36:43 2013 New Revision: 325059 URL: http://svnweb.freebsd.org/changeset/ports/325059 Log: Fix multiple security issues in the bundled libav version by replacing it with a newer version. Reported by: Jan Beich <jbeich@tormail.org> Modified: head/multimedia/gstreamer-ffmpeg/Makefile head/multimedia/gstreamer-ffmpeg/distinfo head/security/vuxml/vuln.xml Modified: head/multimedia/gstreamer-ffmpeg/Makefile ============================================================================== --- head/multimedia/gstreamer-ffmpeg/Makefile Tue Aug 20 15:22:10 2013 (r325058) +++ head/multimedia/gstreamer-ffmpeg/Makefile Tue Aug 20 15:36:43 2013 (r325059) @@ -1,17 +1,16 @@ -# New ports collection makefile for: gstreamer ffmpeg -# Date created: Thu Feb 26 20:10:39 CET 2004 -# Whom: Koop Mast <kwm@rainbow-runner.nl> -# +# Created by: Koop Mast <kwm@rainbow-runner.nl> # $FreeBSD$ # $MCom: ports/multimedia/gstreamer-ffmpeg/Makefile,v 1.14 2006/07/20 13:40:27 ahze Exp $ -# PORTNAME= gstreamer PORTVERSION= 0.10.13 +PORTREVISION= 1 CATEGORIES= multimedia -MASTER_SITES= http://gstreamer.freedesktop.org/src/gst-ffmpeg/ +MASTER_SITES= http://gstreamer.freedesktop.org/src/gst-ffmpeg/:ffmpeg \ + http://libav.org/releases/:libav PKGNAMESUFFIX= -ffmpeg -DISTNAME= gst-ffmpeg-${PORTVERSION} +DISTFILES= gst-ffmpeg-${PORTVERSION}.tar.bz2:ffmpeg \ + libav-${LIBAV_VERSION}.tar.xz:libav MAINTAINER= multimedia@FreeBSD.org COMMENT= GStreamer plug-in for manipulating MPEG video streams @@ -19,10 +18,11 @@ COMMENT= GStreamer plug-in for manipulat LICENSE= GPLv2 BUILD_DEPENDS= yasm:${PORTSDIR}/devel/yasm -LIB_DEPENDS= orc-0.4.0:${PORTSDIR}/devel/orc +LIB_DEPENDS= liborc-0.4.so:${PORTSDIR}/devel/orc -USE_BZIP2= yes -USE_GMAKE= yes +LIBAV_VERSION= 0.7.7 +WRKSRC= ${WRKDIR}/gst-ffmpeg-${PORTVERSION} +USES= gmake pkgconfig USE_LDCONFIG= yes USE_GSTREAMER= yes GNU_CONFIGURE= yes @@ -67,4 +67,10 @@ MAKE_ENV= COMPILER_PATH=${LOCALBASE}/bin .endif +post-patch: + @${MV} ${WRKSRC}/gst-libs/ext/libav ${WRKSRC}/gst-libs/ext/libav.old + @${MV} ${WRKDIR}/libav-${LIBAV_VERSION} ${WRKSRC}/gst-libs/ext/libav + @${CP} ${WRKSRC}/gst-libs/ext/libav.old/config.* \ + ${WRKSRC}/gst-libs/ext/libav/ + .include <bsd.port.post.mk> Modified: head/multimedia/gstreamer-ffmpeg/distinfo ============================================================================== --- head/multimedia/gstreamer-ffmpeg/distinfo Tue Aug 20 15:22:10 2013 (r325058) +++ head/multimedia/gstreamer-ffmpeg/distinfo Tue Aug 20 15:36:43 2013 (r325059) @@ -1,2 +1,4 @@ SHA256 (gst-ffmpeg-0.10.13.tar.bz2) = 76fca05b08e00134e3cb92fa347507f42cbd48ddb08ed3343a912def187fbb62 SIZE (gst-ffmpeg-0.10.13.tar.bz2) = 4784059 +SHA256 (libav-0.7.7.tar.xz) = 2d7b70c2bdaf8fea2e7d51838ce04e6c616cf90486134c247642fbdeafb21599 +SIZE (libav-0.7.7.tar.xz) = 3584936 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 20 15:22:10 2013 (r325058) +++ head/security/vuxml/vuln.xml Tue Aug 20 15:36:43 2013 (r325059) @@ -51,6 +51,73 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="4d087b35-0990-11e3-a9f4-bcaec565249c"> + <topic>gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav</topic> + <affects> + <package> + <name>gstreamer-ffmpeg</name> + <range><lt>0.10.13_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <blockquote cite="http://libav.org/releases/libav-0.7.7.changelog">; + <p>Bundled version of libav in gstreamer-ffmpeg contains a number of + vulnerabilities.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-3892</cvename> + <cvename>CVE-2011-3893</cvename> + <cvename>CVE-2011-3895</cvename> + <cvename>CVE-2011-3929</cvename> + <cvename>CVE-2011-3936</cvename> + <cvename>CVE-2011-3937</cvename> + <cvename>CVE-2011-3940</cvename> + <cvename>CVE-2011-3945</cvename> + <cvename>CVE-2011-3947</cvename> + <cvename>CVE-2011-3951</cvename> + <cvename>CVE-2011-3952</cvename> + <cvename>CVE-2011-4031</cvename> + <cvename>CVE-2011-4351</cvename> + <cvename>CVE-2011-4352</cvename> + <cvename>CVE-2011-4353</cvename> + <cvename>CVE-2011-4364</cvename> + <cvename>CVE-2011-4579</cvename> + <cvename>CVE-2012-0848</cvename> + <cvename>CVE-2012-0850</cvename> + <cvename>CVE-2012-0851</cvename> + <cvename>CVE-2012-0852</cvename> + <cvename>CVE-2012-0853</cvename> + <cvename>CVE-2012-0858</cvename> + <cvename>CVE-2012-0947</cvename> + <cvename>CVE-2012-2772</cvename> + <cvename>CVE-2012-2775</cvename> + <cvename>CVE-2012-2777</cvename> + <cvename>CVE-2012-2779</cvename> + <cvename>CVE-2012-2783</cvename> + <cvename>CVE-2012-2784</cvename> + <cvename>CVE-2012-2786</cvename> + <cvename>CVE-2012-2787</cvename> + <cvename>CVE-2012-2788</cvename> + <cvename>CVE-2012-2790</cvename> + <cvename>CVE-2012-2791</cvename> + <cvename>CVE-2012-2793</cvename> + <cvename>CVE-2012-2794</cvename> + <cvename>CVE-2012-2798</cvename> + <cvename>CVE-2012-2800</cvename> + <cvename>CVE-2012-2801</cvename> + <cvename>CVE-2012-2803</cvename> + <cvename>CVE-2012-5144</cvename> + <url>http://libav.org/releases/libav-0.7.7.changelog</url>; + </references> + <dates> + <discovery>2013-08-20</discovery> + <entry>2013-08-20</entry> + </dates> + </vuln> + <vuln vid="689c2bf7-0701-11e3-9a25-002590860428"> <topic>GnuPG and Libgcrypt -- side-channel attack vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308201536.r7KFah2W080546>