vlc: 1.1.5 -> 1.1.6
This commit is contained in:
parent
a777579800
commit
fc6dce3e8f
@ -93,9 +93,9 @@ lrwxrwxrwx root/root usr/lib/libvlc.so -> libvlc.so.5.2.0
|
|||||||
lrwxrwxrwx root/root usr/lib/libvlc.so.5 -> libvlc.so.5.2.0
|
lrwxrwxrwx root/root usr/lib/libvlc.so.5 -> libvlc.so.5.2.0
|
||||||
-rwxr-xr-x root/root usr/lib/libvlc.so.5.2.0
|
-rwxr-xr-x root/root usr/lib/libvlc.so.5.2.0
|
||||||
-rwxr-xr-x root/root usr/lib/libvlccore.la
|
-rwxr-xr-x root/root usr/lib/libvlccore.la
|
||||||
lrwxrwxrwx root/root usr/lib/libvlccore.so -> libvlccore.so.4.0.1
|
lrwxrwxrwx root/root usr/lib/libvlccore.so -> libvlccore.so.4.0.2
|
||||||
lrwxrwxrwx root/root usr/lib/libvlccore.so.4 -> libvlccore.so.4.0.1
|
lrwxrwxrwx root/root usr/lib/libvlccore.so.4 -> libvlccore.so.4.0.2
|
||||||
-rwxr-xr-x root/root usr/lib/libvlccore.so.4.0.1
|
-rwxr-xr-x root/root usr/lib/libvlccore.so.4.0.2
|
||||||
drwxr-xr-x root/root usr/lib/pkgconfig/
|
drwxr-xr-x root/root usr/lib/pkgconfig/
|
||||||
-rw-r--r-- root/root usr/lib/pkgconfig/libvlc.pc
|
-rw-r--r-- root/root usr/lib/pkgconfig/libvlc.pc
|
||||||
-rw-r--r-- root/root usr/lib/pkgconfig/vlc-plugin.pc
|
-rw-r--r-- root/root usr/lib/pkgconfig/vlc-plugin.pc
|
||||||
|
@ -1,2 +1 @@
|
|||||||
6a70d4161bad4e2630176999a4a04465 fix-heap-corruption.diff
|
c47f3ebc886f2aff8c95b98c564d1759 vlc-1.1.6.tar.bz2
|
||||||
fdc23693351ed57af9f4c85ea885b536 vlc-1.1.5.tar.bz2
|
|
||||||
|
12
vlc/Pkgfile
12
vlc/Pkgfile
@ -5,19 +5,13 @@
|
|||||||
# Depends on: libmad, ffmpeg, qt4, libdvdnav, alsa-lib, liba52, libgcrypt
|
# Depends on: libmad, ffmpeg, qt4, libdvdnav, alsa-lib, liba52, libgcrypt
|
||||||
|
|
||||||
name=vlc
|
name=vlc
|
||||||
version=1.1.5
|
version=1.1.6
|
||||||
release=2
|
release=1
|
||||||
source=(http://download.videolan.org/pub/videolan/$name/$version/$name-$version.tar.bz2 \
|
source=(http://download.videolan.org/pub/videolan/$name/$version/$name-$version.tar.bz2)
|
||||||
fix-heap-corruption.diff)
|
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $name-$version
|
cd $name-$version
|
||||||
|
|
||||||
# See
|
|
||||||
# http://git.videolan.org/?p=vlc.git;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
|
|
||||||
# for details
|
|
||||||
patch -i $SRC/fix-heap-corruption.diff -p1
|
|
||||||
|
|
||||||
./configure --prefix=/usr \
|
./configure --prefix=/usr \
|
||||||
--disable-nls \
|
--disable-nls \
|
||||||
--disable-fribidi \
|
--disable-fribidi \
|
||||||
|
@ -1,59 +0,0 @@
|
|||||||
From f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dan Rosenberg <drosenberg@vsecurity.com>
|
|
||||||
Date: Fri, 7 Jan 2011 11:06:08 -0500
|
|
||||||
Subject: [PATCH] Fix heap overflows in CDG decoder
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=utf8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
This patch resolves two heap corruption vulnerabilities in the CDG
|
|
||||||
decoder for VLC media player. In both cases, a failure to properly
|
|
||||||
validate indexes into statically-sized arrays on the heap could allow a
|
|
||||||
maliciously crafted CDG video to corrupt the heap in a controlled
|
|
||||||
manner, potentially leading to code execution.
|
|
||||||
|
|
||||||
The patch is against v1.1.5 from vlc git, but this decoder hasn't been
|
|
||||||
touched in awhile, so I'd expect it to cleanly apply to older versions.
|
|
||||||
I've tested it and confirmed it resolves the heap corruption issues and
|
|
||||||
does not break functionality.
|
|
||||||
|
|
||||||
(...)
|
|
||||||
|
|
||||||
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
|
|
||||||
---
|
|
||||||
modules/codec/cdg.c | 12 +++++++++---
|
|
||||||
1 files changed, 9 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/modules/codec/cdg.c b/modules/codec/cdg.c
|
|
||||||
index 31ecd0e..fe7b62d 100644
|
|
||||||
--- a/modules/codec/cdg.c
|
|
||||||
+++ b/modules/codec/cdg.c
|
|
||||||
@@ -254,7 +254,13 @@ static int DecodeTileBlock( decoder_sys_t *p_cdg, const uint8_t *p_data, int doX
|
|
||||||
for( x = 0; x < 6; x++ )
|
|
||||||
{
|
|
||||||
const int idx = ( p_data[4+y] >> (5-x) ) & 0x01;
|
|
||||||
- uint8_t *p = &p_cdg->p_screen[(sy+y)*CDG_SCREEN_PITCH+(sx+x)];
|
|
||||||
+
|
|
||||||
+ int index = (sy+y)*CDG_SCREEN_PITCH+(sx+x);
|
|
||||||
+ if( index >= CDG_SCREEN_PITCH*CDG_SCREEN_HEIGHT )
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ uint8_t *p = &p_cdg->p_screen[index];
|
|
||||||
+
|
|
||||||
if( doXor )
|
|
||||||
*p ^= p_color[idx];
|
|
||||||
else
|
|
||||||
@@ -319,8 +325,8 @@ static int DecodeScroll( decoder_sys_t *p_cdg, const uint8_t *p_data, int b_copy
|
|
||||||
|
|
||||||
if( b_copy )
|
|
||||||
{
|
|
||||||
- dy = ( dy + CDG_SCREEN_HEIGHT ) % CDG_SCREEN_HEIGHT;
|
|
||||||
- dy = ( dy + CDG_SCREEN_WIDTH ) % CDG_SCREEN_WIDTH;
|
|
||||||
+ dy %= CDG_SCREEN_HEIGHT;
|
|
||||||
+ dx %= CDG_SCREEN_WIDTH;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
--
|
|
||||||
1.7.2.3
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user