From owner-svn-ports-all@FreeBSD.ORG Tue Aug 20 15:36:44 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 67800929; Tue, 20 Aug 2013 15:36:44 +0000 (UTC) (envelope-from kwm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 45BB7281A; Tue, 20 Aug 2013 15:36:44 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r7KFaiKg080549; Tue, 20 Aug 2013 15:36:44 GMT (envelope-from kwm@svn.freebsd.org) Received: (from kwm@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r7KFah2W080546; Tue, 20 Aug 2013 15:36:43 GMT (envelope-from kwm@svn.freebsd.org) Message-Id: <201308201536.r7KFah2W080546@svn.freebsd.org> From: Koop Mast Date: Tue, 20 Aug 2013 15:36:43 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r325059 - in head: multimedia/gstreamer-ffmpeg security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Aug 2013 15:36:44 -0000 Author: kwm Date: Tue Aug 20 15:36:43 2013 New Revision: 325059 URL: http://svnweb.freebsd.org/changeset/ports/325059 Log: Fix multiple security issues in the bundled libav version by replacing it with a newer version. Reported by: Jan Beich Modified: head/multimedia/gstreamer-ffmpeg/Makefile head/multimedia/gstreamer-ffmpeg/distinfo head/security/vuxml/vuln.xml Modified: head/multimedia/gstreamer-ffmpeg/Makefile ============================================================================== --- head/multimedia/gstreamer-ffmpeg/Makefile Tue Aug 20 15:22:10 2013 (r325058) +++ head/multimedia/gstreamer-ffmpeg/Makefile Tue Aug 20 15:36:43 2013 (r325059) @@ -1,17 +1,16 @@ -# New ports collection makefile for: gstreamer ffmpeg -# Date created: Thu Feb 26 20:10:39 CET 2004 -# Whom: Koop Mast -# +# Created by: Koop Mast # $FreeBSD$ # $MCom: ports/multimedia/gstreamer-ffmpeg/Makefile,v 1.14 2006/07/20 13:40:27 ahze Exp $ -# PORTNAME= gstreamer PORTVERSION= 0.10.13 +PORTREVISION= 1 CATEGORIES= multimedia -MASTER_SITES= http://gstreamer.freedesktop.org/src/gst-ffmpeg/ +MASTER_SITES= http://gstreamer.freedesktop.org/src/gst-ffmpeg/:ffmpeg \ + http://libav.org/releases/:libav PKGNAMESUFFIX= -ffmpeg -DISTNAME= gst-ffmpeg-${PORTVERSION} +DISTFILES= gst-ffmpeg-${PORTVERSION}.tar.bz2:ffmpeg \ + libav-${LIBAV_VERSION}.tar.xz:libav MAINTAINER= multimedia@FreeBSD.org COMMENT= GStreamer plug-in for manipulating MPEG video streams @@ -19,10 +18,11 @@ COMMENT= GStreamer plug-in for manipulat LICENSE= GPLv2 BUILD_DEPENDS= yasm:${PORTSDIR}/devel/yasm -LIB_DEPENDS= orc-0.4.0:${PORTSDIR}/devel/orc +LIB_DEPENDS= liborc-0.4.so:${PORTSDIR}/devel/orc -USE_BZIP2= yes -USE_GMAKE= yes +LIBAV_VERSION= 0.7.7 +WRKSRC= ${WRKDIR}/gst-ffmpeg-${PORTVERSION} +USES= gmake pkgconfig USE_LDCONFIG= yes USE_GSTREAMER= yes GNU_CONFIGURE= yes @@ -67,4 +67,10 @@ MAKE_ENV= COMPILER_PATH=${LOCALBASE}/bin .endif +post-patch: + @${MV} ${WRKSRC}/gst-libs/ext/libav ${WRKSRC}/gst-libs/ext/libav.old + @${MV} ${WRKDIR}/libav-${LIBAV_VERSION} ${WRKSRC}/gst-libs/ext/libav + @${CP} ${WRKSRC}/gst-libs/ext/libav.old/config.* \ + ${WRKSRC}/gst-libs/ext/libav/ + .include Modified: head/multimedia/gstreamer-ffmpeg/distinfo ============================================================================== --- head/multimedia/gstreamer-ffmpeg/distinfo Tue Aug 20 15:22:10 2013 (r325058) +++ head/multimedia/gstreamer-ffmpeg/distinfo Tue Aug 20 15:36:43 2013 (r325059) @@ -1,2 +1,4 @@ SHA256 (gst-ffmpeg-0.10.13.tar.bz2) = 76fca05b08e00134e3cb92fa347507f42cbd48ddb08ed3343a912def187fbb62 SIZE (gst-ffmpeg-0.10.13.tar.bz2) = 4784059 +SHA256 (libav-0.7.7.tar.xz) = 2d7b70c2bdaf8fea2e7d51838ce04e6c616cf90486134c247642fbdeafb21599 +SIZE (libav-0.7.7.tar.xz) = 3584936 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 20 15:22:10 2013 (r325058) +++ head/security/vuxml/vuln.xml Tue Aug 20 15:36:43 2013 (r325059) @@ -51,6 +51,73 @@ Note: Please add new entries to the beg --> + + gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav + + + gstreamer-ffmpeg + 0.10.13_1 + + + + +
+

Bundled version of libav in gstreamer-ffmpeg contains a number of + vulnerabilities.

+
+ + + + CVE-2011-3892 + CVE-2011-3893 + CVE-2011-3895 + CVE-2011-3929 + CVE-2011-3936 + CVE-2011-3937 + CVE-2011-3940 + CVE-2011-3945 + CVE-2011-3947 + CVE-2011-3951 + CVE-2011-3952 + CVE-2011-4031 + CVE-2011-4351 + CVE-2011-4352 + CVE-2011-4353 + CVE-2011-4364 + CVE-2011-4579 + CVE-2012-0848 + CVE-2012-0850 + CVE-2012-0851 + CVE-2012-0852 + CVE-2012-0853 + CVE-2012-0858 + CVE-2012-0947 + CVE-2012-2772 + CVE-2012-2775 + CVE-2012-2777 + CVE-2012-2779 + CVE-2012-2783 + CVE-2012-2784 + CVE-2012-2786 + CVE-2012-2787 + CVE-2012-2788 + CVE-2012-2790 + CVE-2012-2791 + CVE-2012-2793 + CVE-2012-2794 + CVE-2012-2798 + CVE-2012-2800 + CVE-2012-2801 + CVE-2012-2803 + CVE-2012-5144 + http://libav.org/releases/libav-0.7.7.changelog + + + 2013-08-20 + 2013-08-20 + + + GnuPG and Libgcrypt -- side-channel attack vulnerability