[security] mplayer: patched for ASF demuxer heap overflow (see http://www.mplayerhq.hu/design7/news.html or CAN-2006-0579), thanks maro; win32codecs separated, see http://crux.nu/cgi-bin/trac.cgi/changeset/845; added gcc4 patch

mplayer/.footprint

@@ -28,74 +28,6 @@ lrwxrwxrwx	root/root	usr/man/man1/mencoder.1.gz -> mplayer.1.gz
 -rw-r--r--	root/root	usr/man/man1/mplayer.1.gz
 drwxr-xr-x	root/root	usr/share/
 drwxr-xr-x	root/root	usr/share/mplayer/
-drwxr-xr-x	root/root	usr/share/mplayer/codecs/
--rw-r--r--	root/root	usr/share/mplayer/codecs/AvidQTAVUICodec.qtx
--rw-r--r--	root/root	usr/share/mplayer/codecs/BeHereiVideo.qtx
--rw-r--r--	root/root	usr/share/mplayer/codecs/CLRVIDDC.DLL
--rw-r--r--	root/root	usr/share/mplayer/codecs/CtWbJpg.DLL
--rw-r--r--	root/root	usr/share/mplayer/codecs/DECVW_32.DLL
--rw-r--r--	root/root	usr/share/mplayer/codecs/LCMW2.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/LCODCCMW2E.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/QuickTime.qts
--rw-r--r--	root/root	usr/share/mplayer/codecs/QuickTimeEssentials.qtx
--rw-r--r--	root/root	usr/share/mplayer/codecs/QuickTimeInternetExtras.qtx
--rw-r--r--	root/root	usr/share/mplayer/codecs/VDODEC32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/ViVD2.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/acelpdec.ax
--rw-r--r--	root/root	usr/share/mplayer/codecs/alf2cd.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/aslcodec_dshow.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/atrac3.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/atrc.so.6.0
--rw-r--r--	root/root	usr/share/mplayer/codecs/clrviddd.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/cook.so
--rw-r--r--	root/root	usr/share/mplayer/codecs/drvc.so
--rw-r--r--	root/root	usr/share/mplayer/codecs/dspr.so.6.0
--rw-r--r--	root/root	usr/share/mplayer/codecs/iac25_32.ax
--rw-r--r--	root/root	usr/share/mplayer/codecs/icmw_32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/imc32.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/ir41_32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/ir50_32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/ivvideo.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/jp2avi.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/lhacm.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/lsvxdec.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/m3jp2k32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/mi-sc4.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/msh261.drv
--rw-r--r--	root/root	usr/share/mplayer/codecs/msms001.vwp
--rw-r--r--	root/root	usr/share/mplayer/codecs/msscds32.ax
--rw-r--r--	root/root	usr/share/mplayer/codecs/nsrt2432.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/qpeg32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/qtmlClient.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/rt32dcmp.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/sipr.so.6.0
--rw-r--r--	root/root	usr/share/mplayer/codecs/tm20dec.ax
--rw-r--r--	root/root	usr/share/mplayer/codecs/tokf.so.6.0
--rw-r--r--	root/root	usr/share/mplayer/codecs/tokr.so.6.0
--rw-r--r--	root/root	usr/share/mplayer/codecs/tsd32.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/tssoft32.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/tvqdec.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vdowave.drv
--rw-r--r--	root/root	usr/share/mplayer/codecs/vid_3ivX.xa
--rw-r--r--	root/root	usr/share/mplayer/codecs/vivog723.acm
--rw-r--r--	root/root	usr/share/mplayer/codecs/vmnc.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/voxmsdec.ax
--rw-r--r--	root/root	usr/share/mplayer/codecs/vp4vfw.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vp5vfw.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vp6vfw.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vssh264.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vssh264core.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vssh264dec.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vsslight.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/vsswlt.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wma9dmod.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wmadmod.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wmsdmod.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wmspdmod.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wmv9dmod.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wmvadvd.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wmvdmod.dll
--rw-r--r--	root/root	usr/share/mplayer/codecs/wnvwinx.dll
 drwxr-xr-x	root/root	usr/share/mplayer/font/
 drwxr-xr-x	root/root	usr/share/mplayer/font/font-arial-14-iso-8859-1/
 -rw-r--r--	root/root	usr/share/mplayer/font/font-arial-14-iso-8859-1/font.desc

mplayer/.md5sum

@@ -1,4 +1,5 @@
 aaca4fd327176c1afb463f0f047ef6f4  MPlayer-1.0pre7try2.tar.bz2
-5fe89bb095bdf9b4f9cda5479dbde906  essential-20050412.tar.bz2
+ad36895346d36b51005c9f0d0c78effe  demuxer_h_fix_20060212.diff
 1ecd31d17b51f16332b1fcc7da36b312  font-arial-iso-8859-1.tar.bz2
+3d94fd5886df3b60fe2606c4dee9d1dd  mplayer-1.0_pre7-gcc4.patch
 c64631601912913f3e5dfbecc3b79d44  mplayer.conf

mplayer/Pkgfile

@@ -1,32 +1,36 @@
-# Description: Media player with many codecs
+# Description: Versatile media player and encoder/converter
 # URL: http://www.mplayerhq.hu/
 # Maintainer: Matt Housh, jaeger at morpheus dot net
 # Depends on: x11
 
 # Nice to have: libsdl, libjpeg, libpng, lame, zlib, libogg, libvorbis, \
-# cdparanoia
+# cdparanoia, win32-essential-codecs
 
 # More information can be found at http://www.mplayerhq.hu/DOCS/codecs.html and
 # http://www.mplayerhq.hu/DOCS/HTML/en/index.html
 
 name=mplayer
 version=1.0pre7try2
-release=1
+release=2
 source=(http://mirrors.xmission.com/mplayer/releases/MPlayer-$version.tar.bz2 \
 	http://mirrors.xmission.com/mplayer/releases/fonts/font-arial-iso-8859-1.tar.bz2 \
-	http://mirrors.xmission.com/mplayer/releases/codecs/essential-20050412.tar.bz2 \
-	mplayer.conf)
+	mplayer.conf demuxer_h_fix_20060212.diff mplayer-1.0_pre7-gcc4.patch)
 
 build() {
 	cd MPlayer-$version
 
+	# ASF demuxer security patch (CAN-2006-0579)
+	patch -p0 -i $SRC/demuxer_h_fix_20060212.diff
+
+	# gcc4 patch
+	patch -p1 -i $SRC/mplayer-1.0_pre7-gcc4.patch
+
 	# mplayer decides optimizations at configure time, don't use CRUX's
 	unset CFLAGS
 	./configure --prefix=/usr \
 		--enable-linux-devfs \
 		--disable-divx4linux \
-		--with-win32libdir=/usr/share/mplayer/codecs \
-		--with-reallibdir=/usr/share/mplayer/codecs
+		--with-codecsdir=/usr/lib/win32
 
 	make
 	make DESTDIR=$PKG install
@@ -43,12 +47,6 @@ build() {
 		done)
 	chmod 644 $PKG/usr/share/mplayer/font/font-arial-??-iso-8859-1/*
 
-	# codecs
-	mkdir -p $PKG/usr/share/mplayer/codecs
-	cp $SRC/essential-20050412/* $PKG/usr/share/mplayer/codecs
-	chmod 644 $PKG/usr/share/mplayer/codecs/*
-	rm $PKG/usr/share/mplayer/codecs/README
-
 	# config
 	cp $SRC/mplayer.conf $PKG/usr/etc/mplayer/
 	cp etc/input.conf $PKG/usr/etc/mplayer/

mplayer/demuxer_h_fix_20060212.diff

@@ -0,0 +1,43 @@
+Index: libmpdemux/demuxer.h
+===================================================================
+RCS file: /cvsroot/mplayer/main/libmpdemux/demuxer.h,v
+retrieving revision 1.87
+retrieving revision 1.90
+diff -u -r1.87 -r1.90
+--- libmpdemux/demuxer.h	9 Feb 2006 19:39:51 -0000	1.87
++++ libmpdemux/demuxer.h	12 Feb 2006 17:01:30 -0000	1.90
+@@ -190,17 +190,19 @@
+   dp->flags=0;
+   dp->refcount=1;
+   dp->master=NULL;
+-  dp->buffer=len?(unsigned char*)malloc(len+8):NULL;
+-  if(len) memset(dp->buffer+len,0,8);
++  dp->buffer=NULL;
++  if (len > 0 && (dp->buffer = (unsigned char *)malloc(len + 8)))
++    memset(dp->buffer + len, 0, 8);
++  else
++    dp->len = 0;
+   return dp;
+ }
+ 
+ inline static void resize_demux_packet(demux_packet_t* dp, int len)
+ {
+-  if(len)
++  if(len > 0)
+   {
+      dp->buffer=(unsigned char *)realloc(dp->buffer,len+8);
+-     memset(dp->buffer+len,0,8);
+   }
+   else
+   {
+@@ -208,6 +210,10 @@
+      dp->buffer=NULL;
+   }
+   dp->len=len;
++  if (dp->buffer)
++     memset(dp->buffer + len, 0, 8);
++  else
++     dp->len = 0;
+ }
+ 
+ inline static demux_packet_t* clone_demux_packet(demux_packet_t* pack){

mplayer/mplayer-1.0_pre7-gcc4.patch

@@ -0,0 +1,187 @@
+diff -bBur MPlayer-20050413-orig/configure MPlayer-20050413/configure
+--- MPlayer-20050413-orig/configure	2005-04-06 14:57:08.000000000 +0300
++++ MPlayer-20050413/configure	2005-04-14 16:20:41.000000000 +0300
+@@ -604,7 +604,7 @@
+       cc_version="v. ?.??, bad"
+       cc_verc_fail=yes
+       ;;
+-    2.95.[2-9]|2.95.[2-9][-.]*|3.[0-9]|3.[0-9].[0-9])
++    2.95.[2-9]|2.95.[2-9][-.]*|3.[0-9]|3.[0-9].[0-9]|4.*)
+       _cc_major=`echo $cc_version | cut -d '.' -f 1`
+       _cc_minor=`echo $cc_version | cut -d '.' -f 2`
+       _cc_mini=`echo $cc_version | cut -d '.' -f 3`
+diff -bBur MPlayer-20050413-orig/liba52/imdct.c MPlayer-20050413/liba52/imdct.c
+--- MPlayer-20050413-orig/liba52/imdct.c	2005-03-23 01:27:18.000000000 +0200
++++ MPlayer-20050413/liba52/imdct.c	2005-04-14 16:48:54.000000000 +0300
+@@ -937,7 +937,8 @@
+     /* 4-7. iterations */
+     for (m=3; m < 7; m++) {
+ 	two_m = (1 << m);
+-	two_m_plus_one = two_m<<1;
++	int two_m_plus_four=two_m<<4;
++	complex_t* buf_plus_128=buf+128;
+ 	asm volatile(
+ 		"movl %0, %%esi				\n\t"
+ 		".balign 16				\n\t"
+@@ -963,7 +964,7 @@
+ 		"addl %2, %%esi				\n\t"
+ 		"cmpl %1, %%esi				\n\t"
+ 		" jb 1b					\n\t"
+-		:: "g" (buf), "m" (buf+128), "m" (two_m_plus_one<<3), "r" (two_m<<3),
++		:: "g" (buf), "m" (buf_plus_128), "m" (two_m_plus_four), "r" (two_m<<3),
+ 		   "r" (sseW[m])
+ 		: "%esi", "%edi", "%edx"
+ 	);
+diff -bBur MPlayer-20050413-orig/libavcodec/libpostproc/postprocess_template.c MPlayer-20050413/libavcodec/libpostproc/postprocess_template.c
+--- MPlayer-20050413-orig/libavcodec/libpostproc/postprocess_template.c	2005-02-27 10:56:26.000000000 +0200
++++ MPlayer-20050413/libavcodec/libpostproc/postprocess_template.c	2005-04-14 16:35:07.000000000 +0300
+@@ -2648,6 +2648,8 @@
+ static always_inline void RENAME(do_a_deblock)(uint8_t *src, int step, int stride, PPContext *c){
+ 	int64_t dc_mask, eq_mask;
+ 	int64_t sums[10*8*2];
++	int64_t dc_and_eq_mask;
++
+ 	src+= step*3; // src points to begin of the 8x8 Block
+ //START_TIMER
+ asm volatile(
+@@ -2754,8 +2756,9 @@
+ 		: "r" (src), "r" ((long)step), "m" (c->pQPb), "m"(c->ppMode.flatnessThreshold)
+ 		: "%"REG_a
+ 		);
++	dc_and_eq_mask=dc_mask & eq_mask;
+ 
+-	if(dc_mask & eq_mask){
++	if(dc_and_eq_mask){
+ 		long offset= -8*step;
+ 		int64_t *temp_sums= sums;
+ 
+@@ -2930,7 +2933,7 @@
+ 		" js 1b						\n\t"
+ 
+ 		: "+r"(offset), "+r"(temp_sums)
+-		: "r" ((long)step), "r"(src - offset), "m"(dc_mask & eq_mask)
++		: "r" ((long)step), "r"(src - offset), "m"(dc_and_eq_mask)
+ 		);
+ 	}else
+ 		src+= step; // src points to begin of the 8x8 Block
+diff -bBur MPlayer-20050413-orig/libmpdemux/frequencies.h MPlayer-20050413/libmpdemux/frequencies.h
+--- MPlayer-20050413-orig/libmpdemux/frequencies.h	2001-11-17 00:06:48.000000000 +0200
++++ MPlayer-20050413/libmpdemux/frequencies.h	2005-04-14 16:36:51.000000000 +0300
+@@ -104,7 +104,7 @@
+ /* --------------------------------------------------------------------- */
+ 
+ extern struct CHANLISTS   chanlists[];
+-extern struct STRTAB chanlist_names[];
++/* extern struct STRTAB chanlist_names[]; */
+ 
+ extern int                chantab;
+ extern struct CHANLIST   *chanlist;
+diff -bBur MPlayer-20050413-orig/mmx.h MPlayer-20050413/mmx.h
+--- MPlayer-20050413-orig/mmx.h	2001-10-28 13:47:21.000000000 +0200
++++ MPlayer-20050413/mmx.h	2005-04-14 16:22:54.000000000 +0300
+@@ -353,11 +353,11 @@
+ #define	mmx_m2r(op, mem, reg) \
+ 	__asm__ __volatile__ (#op " %0, %%" #reg \
+ 			      : /* nothing */ \
+-			      : "X" (mem))
++			      : "m" (mem))
+ 
+ #define	mmx_r2m(op, reg, mem) \
+ 	__asm__ __volatile__ (#op " %%" #reg ", %0" \
+-			      : "=X" (mem) \
++			      : "=m" (mem) \
+ 			      : /* nothing */ )
+ 
+ #define	mmx_r2r(op, regs, regd) \
+@@ -367,8 +367,8 @@
+ 	__asm__ __volatile__ ("movq %0, %%mm0\n\t" \
+ 			      #op " %1, %%mm0\n\t" \
+ 			      "movq %%mm0, %0" \
+-			      : "=X" (memd) \
+-			      : "X" (mems))
++			      : "=m" (memd) \
++			      : "m" (mems))
+ 
+ #endif
+ 
+diff -bBur MPlayer-20050413-orig/postproc/swscale_template.c MPlayer-20050413/postproc/swscale_template.c
+--- MPlayer-20050413-orig/postproc/swscale_template.c	2005-02-17 01:47:00.000000000 +0200
++++ MPlayer-20050413/postproc/swscale_template.c	2005-04-14 16:46:12.000000000 +0300
+@@ -2136,6 +2136,7 @@
+ 	else
+ 	{
+ 		long counter= -2*dstW;
++		uint8_t* ptr=src+filterSize;
+ //		filter-= counter*filterSize/2;
+ 		filterPos-= counter/2;
+ 		dst-= counter/2;
+@@ -2177,7 +2178,7 @@
+ 			" jnc 1b			\n\t"
+ 
+ 			: "+r" (counter), "+r" (filter)
+-			: "m" (filterPos), "m" (dst), "m"(src+filterSize),
++			: "m" (filterPos), "m" (dst), "m"(ptr),
+ 			  "m" (src), "r" ((long)filterSize*2)
+ 			: "%"REG_b, "%"REG_a, "%"REG_c
+ 		);
+@@ -2320,6 +2321,8 @@
+ 	{
+ #endif
+ 	//NO MMX just normal asm ...
++	  int xInc_hi=xInc>>16;
++	  int xInc_lo=xInc&0xffff;
+ 	asm volatile(
+ 		"xor %%"REG_a", %%"REG_a"	\n\t" // i
+ 		"xor %%"REG_b", %%"REG_b"	\n\t" // xx
+@@ -2356,7 +2359,7 @@
+ 		" jb 1b				\n\t"
+ 
+ 
+-		:: "r" (src), "m" (dst), "m" (dstWidth), "m" (xInc>>16), "m" (xInc&0xFFFF)
++		:: "r" (src), "m" (dst), "m" (dstWidth), "m" (xInc_hi), "m" (xInc_lo)
+ 		: "%"REG_a, "%"REG_b, "%ecx", "%"REG_D, "%esi"
+ 		);
+ #ifdef HAVE_MMX2
+@@ -2515,6 +2518,8 @@
+ 	else
+ 	{
+ #endif
++	  int xInc_hi=xInc>>16;
++	  int xInc_lo=xInc&0xffff;
+ 	asm volatile(
+ 		"xor %%"REG_a", %%"REG_a"	\n\t" // i
+ 		"xor %%"REG_b", %%"REG_b"		\n\t" // xx
+@@ -2548,7 +2553,7 @@
+ 		"cmp %2, %%"REG_a"		\n\t"
+ 		" jb 1b				\n\t"
+ 
+-		:: "m" (src1), "m" (dst), "m" ((long)dstWidth), "m" ((long)(xInc>>16)), "m" ((xInc&0xFFFF)),
++		:: "m" (src1), "m" (dst), "m" ((long)dstWidth), "m" ((long)(xInc_hi)), "m" ((xInc_lo)),
+ 		"r" (src2)
+ 		: "%"REG_a, "%"REG_b, "%ecx", "%"REG_D, "%esi"
+ 		);
+
+--- MPlayer-1.0pre7/libvo/aclib_template.c	2005-04-25 08:26:11.000000000 +0000
++++ MPlayer-1.0pre7.az/libvo/aclib_template.c	2005-04-25 08:26:17.000000000 +0000
+@@ -249,8 +249,8 @@
+ 		MOVNTQ" %%mm6, 48(%1)\n"
+ 		MOVNTQ" %%mm7, 56(%1)\n"
+ 		:: "r" (from), "r" (to) : "memory");
+-		((const unsigned char *)from)+=64;
+-		((unsigned char *)to)+=64;
++		from=((const unsigned char *)from)+64;
++		to=((unsigned char *)to)+64;
+ 	}
+ 
+ //	printf(" %d %d\n", (int)from&1023, (int)to&1023);
+@@ -338,8 +338,8 @@
+ 		MOVNTQ" %%mm6, 48(%1)\n"
+ 		MOVNTQ" %%mm7, 56(%1)\n"
+ 		:: "r" (from), "r" (to) : "memory");
+-		((const unsigned char *)from)+=64;
+-		((unsigned char *)to)+=64;
++		from=((const unsigned char *)from)+64;
++		to=((unsigned char *)to)+64;
+ 	}
+ 
+ #endif /* Have SSE */