rpms/mplayer/F-8 mplayer-CVE-2008-3827.patch, NONE, 1.1 mplayer.spec,
1.3, 1.4
Dominik Mierzejewski
rathann at rpmfusion.org
Sun Oct 12 22:52:35 CEST 2008
- Previous message: rpms/mplayer/devel mplayer-CVE-2008-3827.patch, NONE,
1.1 mplayer.spec, 1.5, 1.6
- Next message: rpms/mplayer/F-9 mplayer-CVE-2008-3827.patch, NONE, 1.1 .cvsignore,
1.2, 1.3 mplayer-config.patch, 1.1, 1.2 mplayer-manlinks.patch,
1.1, 1.2 mplayer.spec, 1.1, 1.2 sources, 1.2,
1.3 mplayer-dvdread.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rathann
Update of /cvs/free/rpms/mplayer/F-8
In directory se02.es.rpmfusion.net:/tmp/cvs-serv20975/F-8
Modified Files:
mplayer.spec
Added Files:
mplayer-CVE-2008-3827.patch
Log Message:
- security fix for CVE-2008-3827
- sync with devel for F-9
mplayer-CVE-2008-3827.patch:
--- NEW FILE mplayer-CVE-2008-3827.patch ---
Index: libmpdemux/demux_real.c
===================================================================
--- libmpdemux/demux_real.c (revision 27674)
+++ libmpdemux/demux_real.c (revision 27675)
@@ -947,6 +947,7 @@
// last fragment!
if(dp_hdr->len!=vpkg_length-vpkg_offset)
mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,vpkg_length-vpkg_offset);
+ if (vpkg_offset > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) vpkg_offset = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
stream_read(demuxer->stream, dp_data+dp_hdr->len, vpkg_offset);
if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else
dp_hdr->len+=vpkg_offset;
@@ -970,6 +971,7 @@
// non-last fragment:
if(dp_hdr->len!=vpkg_offset)
mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d offset=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,len,vpkg_length);
+ if (len > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) len = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
stream_read(demuxer->stream, dp_data+dp_hdr->len, len);
if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else
dp_hdr->len+=len;
@@ -992,6 +994,7 @@
extra[0]=1; extra[1]=0; // offset of the first chunk
if(0x00==(vpkg_header&0xc0)){
// first fragment:
+ if (len > dp->len - sizeof(dp_hdr_t)) len = dp->len - sizeof(dp_hdr_t);
dp_hdr->len=len;
stream_read(demuxer->stream, dp_data, len);
ds->asf_packet=dp;
Index: mplayer.spec
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-8/mplayer.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mplayer.spec 21 Aug 2008 17:29:02 -0000 1.3
+++ mplayer.spec 12 Oct 2008 20:52:05 -0000 1.4
@@ -7,7 +7,7 @@
Name: mplayer
Version: 1.0
-Release: 0.96.%{pre}%{?dist}.2
+Release: 0.97.%{pre}%{?dist}
Summary: Movie player playing most video formats and DVDs
Group: Applications/Multimedia
@@ -25,6 +25,7 @@
Patch10: %{name}-qcelp.patch
Patch11: %{name}-dvdread.patch
Patch12: %{name}-man-zh_CN.patch
+Patch13: %{name}-CVE-2008-3827.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL-devel
@@ -148,6 +149,7 @@
%patch10 -p1 -b .qclp
%patch11 -p1 -b .dvdread
%patch12 -p1 -b .man-zh_CN
+%patch13 -p0 -b .cve
doconv() {
iconv -f $1 -t $2 -o DOCS/man/$3/mplayer.1.utf8 DOCS/man/$3/mplayer.1 && \
@@ -404,6 +406,9 @@
%changelog
+* Sun Oct 12 2008 Dominik Mierzejewski <rpm at greysector.net> - 1.0-0.97.20080818svn
+- backport the fix for CVE-2008-3827
+
* Thu Aug 21 2008 Dominik Mierzejewski <rpm at greysector.net> - 1.0-0.96.20080818svn.2
- work around builder bug (try 2)
- Previous message: rpms/mplayer/devel mplayer-CVE-2008-3827.patch, NONE,
1.1 mplayer.spec, 1.5, 1.6
- Next message: rpms/mplayer/F-9 mplayer-CVE-2008-3827.patch, NONE, 1.1 .cvsignore,
1.2, 1.3 mplayer-config.patch, 1.1, 1.2 mplayer-manlinks.patch,
1.1, 1.2 mplayer.spec, 1.1, 1.2 sources, 1.2,
1.3 mplayer-dvdread.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the rpmfusion-commits
mailing list