From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Dec 21 09:00:04 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 064EB1065674 for ; Sun, 21 Dec 2008 09:00:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CF19A8FC1D for ; Sun, 21 Dec 2008 09:00:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mBL903Ew046744 for ; Sun, 21 Dec 2008 09:00:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mBL9039F046743; Sun, 21 Dec 2008 09:00:03 GMT (envelope-from gnats) Resent-Date: Sun, 21 Dec 2008 09:00:03 GMT Resent-Message-Id: <200812210900.mBL9039F046743@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas Zander Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 433771065670 for ; Sun, 21 Dec 2008 08:54:43 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 31CAD8FC26 for ; Sun, 21 Dec 2008 08:54:43 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mBL8sgOo098127 for ; Sun, 21 Dec 2008 08:54:42 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id mBL8sf6F098126; Sun, 21 Dec 2008 08:54:41 GMT (envelope-from nobody) Message-Id: <200812210854.mBL8sf6F098126@www.freebsd.org> Date: Sun, 21 Dec 2008 08:54:41 GMT From: Thomas Zander To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/129810: [Maintainer-update] multimedia/mplayer & multimedia/mencoder X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Dec 2008 09:00:04 -0000 >Number: 129810 >Category: ports >Synopsis: [Maintainer-update] multimedia/mplayer & multimedia/mencoder >Confidential: no >Severity: critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Dec 21 09:00:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Thomas Zander >Release: 7.1-PRERELEASE >Organization: >Environment: >Description: This update fixes a vulnerability in mplayer's demuxer and a build problem that has been reported: - Introduce files/patch-CVE-2008-5616 - Use additional configure arguments that fix a build problem in ports/128085 (this pr can be closed then) - I hope a small change of configure arguments also fixes ports/128074 but this needs to be confirmed as I am not able to reproduce the mentioned problem >How-To-Repeat: >Fix: The attached patch file contains a diff for both multimedia/mplayer and multimedia/mencoder. Patch attached with submission follows: diff -ruN /usr/ports/multimedia/mplayer/Makefile mplayer/Makefile --- /usr/ports/multimedia/mplayer/Makefile 2008-10-13 10:08:43.000000000 +0800 +++ mplayer/Makefile 2008-12-21 06:56:41.000000000 +0900 @@ -7,7 +7,7 @@ PORTNAME= mplayer PORTVERSION= ${MPLAYER_PORT_VERSION} -PORTREVISION= 8 +PORTREVISION= 9 COMMENT= High performance media player supporting many formats @@ -77,6 +77,7 @@ .include CONFIGURE_ARGS+= --disable-ssse3 \ + --disable-directfb \ --disable-faac \ --disable-twolame \ --disable-mencoder diff -ruN /usr/ports/multimedia/mplayer/Makefile.shared mplayer/Makefile.shared --- /usr/ports/multimedia/mplayer/Makefile.shared 2008-08-28 09:53:19.000000000 +0800 +++ mplayer/Makefile.shared 2008-12-21 08:38:38.000000000 +0900 @@ -36,7 +36,7 @@ --disable-tv-v4l1 \ --disable-tv-v4l2 \ --disable-dvdnav \ - --disable-dvdread + --enable-dvdread-internal WANT_GNOME= yes WANT_SDL= yes diff -ruN /usr/ports/multimedia/mplayer/files/patch-CVE-2008-5616 mplayer/files/patch-CVE-2008-5616 --- /usr/ports/multimedia/mplayer/files/patch-CVE-2008-5616 1970-01-01 08:00:00.000000000 +0800 +++ mplayer/files/patch-CVE-2008-5616 2008-12-21 06:55:18.000000000 +0900 @@ -0,0 +1,55 @@ +--- libmpdemux/demux_vqf.c.orig 2007-10-07 20:49:33.000000000 +0100 ++++ libmpdemux/demux_vqf.c 2008-12-15 14:29:58.000000000 +0000 +@@ -50,11 +50,14 @@ + unsigned chunk_size; + hi->size=chunk_size=stream_read_dword(s); /* include itself */ + stream_read(s,chunk_id,4); ++ if (chunk_size < 8) return NULL; ++ chunk_size -= 8; + if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M')) + { +- char buf[chunk_size-8]; ++ char buf[BUFSIZ]; + unsigned i,subchunk_size; +- if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL; ++ if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL; ++ if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL; + i=0; + subchunk_size=be2me_32(*((uint32_t *)&buf[0])); + hi->channelMode=be2me_32(*((uint32_t *)&buf[4])); +@@ -83,13 +86,15 @@ + sh_audio->samplesize = 4; + w->wBitsPerSample = 8*sh_audio->samplesize; + w->cbSize = 0; ++ if (subchunk_size > chunk_size - 4) continue; + i+=subchunk_size+4; +- while(i sizeof(sdata) - 1 || slen > chunk_size - i) break; + if(sid==mmioFOURCC('D','S','I','Z')) + { + hi->Dsiz=be2me_32(*((uint32_t *)&buf[i])); +@@ -141,7 +146,7 @@ + if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A')) + { + demuxer->movi_start=stream_tell(s); +- demuxer->movi_end=demuxer->movi_start+chunk_size-8; ++ demuxer->movi_end=demuxer->movi_start+chunk_size; + mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end); + /* Done! play it */ + break; +@@ -149,7 +154,7 @@ + else + { + mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size); +- stream_skip(s,chunk_size-8); /*unknown chunk type */ ++ stream_skip(s,chunk_size); /*unknown chunk type */ + } + } + diff -ruN /usr/ports/multimedia/mencoder/Makefile mencoder/Makefile --- /usr/ports/multimedia/mencoder/Makefile 2008-08-28 09:53:19.000000000 +0800 +++ mencoder/Makefile 2008-12-21 06:57:38.000000000 +0900 @@ -6,7 +6,7 @@ PORTNAME= mencoder PORTVERSION= ${MPLAYER_PORT_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 COMMENT= Convenient video file and movie encoder RESTRICTED= Port has restricted dependencies @@ -78,6 +78,7 @@ --disable-svga \ --disable-aa \ --disable-joystick \ + --disable-directfb \ --disable-ssse3 .include "${.CURDIR}/../mplayer/Makefile.options" >Release-Note: >Audit-Trail: >Unformatted: