Date: Sat, 28 Jun 2014 12:13:03 +0000 (UTC) From: Thomas Zander <riggs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r359688 - in head/multimedia: mencoder mplayer mplayer/files Message-ID: <201406281213.s5SCD3tX031838@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: riggs Date: Sat Jun 28 12:13:03 2014 New Revision: 359688 URL: http://svnweb.freebsd.org/changeset/ports/359688 QAT: https://qat.redports.org/buildarchive/r359688/ Log: - Fix integer overflow in mencoder (bundled ffmpeg CVE-2014-4610) - Fix integer overflow in mplayer (bundled ffmpeg CVE-2014-4610) - Bump PORTREVISION in both ports Approved by: mentors (implicit) MFH: 2014Q2 Security: 17dfd984-feba-11e3-b938-5404a68ad561 9ab3a22c-feb8-11e3-b938-5404a68ad561 Added: head/multimedia/mplayer/files/patch-CVE-2014-4610 (contents, props changed) Modified: head/multimedia/mencoder/Makefile head/multimedia/mplayer/Makefile Modified: head/multimedia/mencoder/Makefile ============================================================================== --- head/multimedia/mencoder/Makefile Sat Jun 28 12:09:08 2014 (r359687) +++ head/multimedia/mencoder/Makefile Sat Jun 28 12:13:03 2014 (r359688) @@ -3,6 +3,7 @@ PORTNAME= mencoder PORTVERSION= ${MPLAYER_PORT_VERSION} +PORTREVISION= 1 COMMENT= Convenient video file and movie encoder Modified: head/multimedia/mplayer/Makefile ============================================================================== --- head/multimedia/mplayer/Makefile Sat Jun 28 12:09:08 2014 (r359687) +++ head/multimedia/mplayer/Makefile Sat Jun 28 12:13:03 2014 (r359688) @@ -3,7 +3,7 @@ PORTNAME= mplayer PORTVERSION= ${MPLAYER_PORT_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 COMMENT= High performance media player supporting many formats Added: head/multimedia/mplayer/files/patch-CVE-2014-4610 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/multimedia/mplayer/files/patch-CVE-2014-4610 Sat Jun 28 12:13:03 2014 (r359688) @@ -0,0 +1,48 @@ +--- ffmpeg/libavutil/lzo.c.orig 2013-05-25 19:20:04.000000000 +0200 ++++ ffmpeg/libavutil/lzo.c 2014-06-28 12:23:13.517164344 +0200 +@@ -65,8 +65,13 @@ + { + int cnt = x & mask; + if (!cnt) { +- while (!(x = get_byte(c))) ++ while (!(x = get_byte(c))) { ++ if (cnt >= INT_MAX - 1000) { ++ c->error |= AV_LZO_ERROR; ++ break; ++ } + cnt += 255; ++ } + cnt += mask + x; + } + return cnt; +@@ -80,6 +85,10 @@ + { + register const uint8_t *src = c->in; + register uint8_t *dst = c->out; ++ if (cnt < 0) { ++ c->error |= AV_LZO_ERROR; ++ return; ++ } + if (cnt > c->in_end - src) { + cnt = FFMAX(c->in_end - src, 0); + c->error |= AV_LZO_INPUT_DEPLETED; +@@ -103,7 +112,7 @@ + /** + * @brief Copies previously decoded bytes to current position. + * @param back how many bytes back we start, must be > 0 +- * @param cnt number of bytes to copy, must be >= 0 ++ * @param cnt number of bytes to copy, must be > 0 + * + * cnt > back is valid, this will copy the bytes we just copied, + * thus creating a repeating pattern with a period length of back. +@@ -111,6 +120,10 @@ + static inline void copy_backptr(LZOContext *c, int back, int cnt) + { + register uint8_t *dst = c->out; ++ if (cnt <= 0) { ++ c->error |= AV_LZO_ERROR; ++ return; ++ } + if (dst - c->out_start < back) { + c->error |= AV_LZO_INVALID_BACKPTR; + return;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406281213.s5SCD3tX031838>