svn commit: r325059 - in head: multimedia/gstreamer-ffmpeg security/vuxml
Koop Mast
kwm at FreeBSD.org
Tue Aug 20 15:36:44 UTC 2013
Author: kwm
Date: Tue Aug 20 15:36:43 2013
New Revision: 325059
URL: http://svnweb.freebsd.org/changeset/ports/325059
Log:
Fix multiple security issues in the bundled libav version by replacing it
with a newer version.
Reported by: Jan Beich <jbeich at tormail.org>
Modified:
head/multimedia/gstreamer-ffmpeg/Makefile
head/multimedia/gstreamer-ffmpeg/distinfo
head/security/vuxml/vuln.xml
Modified: head/multimedia/gstreamer-ffmpeg/Makefile
==============================================================================
--- head/multimedia/gstreamer-ffmpeg/Makefile Tue Aug 20 15:22:10 2013 (r325058)
+++ head/multimedia/gstreamer-ffmpeg/Makefile Tue Aug 20 15:36:43 2013 (r325059)
@@ -1,17 +1,16 @@
-# New ports collection makefile for: gstreamer ffmpeg
-# Date created: Thu Feb 26 20:10:39 CET 2004
-# Whom: Koop Mast <kwm at rainbow-runner.nl>
-#
+# Created by: Koop Mast <kwm at rainbow-runner.nl>
# $FreeBSD$
# $MCom: ports/multimedia/gstreamer-ffmpeg/Makefile,v 1.14 2006/07/20 13:40:27 ahze Exp $
-#
PORTNAME= gstreamer
PORTVERSION= 0.10.13
+PORTREVISION= 1
CATEGORIES= multimedia
-MASTER_SITES= http://gstreamer.freedesktop.org/src/gst-ffmpeg/
+MASTER_SITES= http://gstreamer.freedesktop.org/src/gst-ffmpeg/:ffmpeg \
+ http://libav.org/releases/:libav
PKGNAMESUFFIX= -ffmpeg
-DISTNAME= gst-ffmpeg-${PORTVERSION}
+DISTFILES= gst-ffmpeg-${PORTVERSION}.tar.bz2:ffmpeg \
+ libav-${LIBAV_VERSION}.tar.xz:libav
MAINTAINER= multimedia at FreeBSD.org
COMMENT= GStreamer plug-in for manipulating MPEG video streams
@@ -19,10 +18,11 @@ COMMENT= GStreamer plug-in for manipulat
LICENSE= GPLv2
BUILD_DEPENDS= yasm:${PORTSDIR}/devel/yasm
-LIB_DEPENDS= orc-0.4.0:${PORTSDIR}/devel/orc
+LIB_DEPENDS= liborc-0.4.so:${PORTSDIR}/devel/orc
-USE_BZIP2= yes
-USE_GMAKE= yes
+LIBAV_VERSION= 0.7.7
+WRKSRC= ${WRKDIR}/gst-ffmpeg-${PORTVERSION}
+USES= gmake pkgconfig
USE_LDCONFIG= yes
USE_GSTREAMER= yes
GNU_CONFIGURE= yes
@@ -67,4 +67,10 @@ MAKE_ENV= COMPILER_PATH=${LOCALBASE}/bin
.endif
+post-patch:
+ @${MV} ${WRKSRC}/gst-libs/ext/libav ${WRKSRC}/gst-libs/ext/libav.old
+ @${MV} ${WRKDIR}/libav-${LIBAV_VERSION} ${WRKSRC}/gst-libs/ext/libav
+ @${CP} ${WRKSRC}/gst-libs/ext/libav.old/config.* \
+ ${WRKSRC}/gst-libs/ext/libav/
+
.include <bsd.port.post.mk>
Modified: head/multimedia/gstreamer-ffmpeg/distinfo
==============================================================================
--- head/multimedia/gstreamer-ffmpeg/distinfo Tue Aug 20 15:22:10 2013 (r325058)
+++ head/multimedia/gstreamer-ffmpeg/distinfo Tue Aug 20 15:36:43 2013 (r325059)
@@ -1,2 +1,4 @@
SHA256 (gst-ffmpeg-0.10.13.tar.bz2) = 76fca05b08e00134e3cb92fa347507f42cbd48ddb08ed3343a912def187fbb62
SIZE (gst-ffmpeg-0.10.13.tar.bz2) = 4784059
+SHA256 (libav-0.7.7.tar.xz) = 2d7b70c2bdaf8fea2e7d51838ce04e6c616cf90486134c247642fbdeafb21599
+SIZE (libav-0.7.7.tar.xz) = 3584936
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Aug 20 15:22:10 2013 (r325058)
+++ head/security/vuxml/vuln.xml Tue Aug 20 15:36:43 2013 (r325059)
@@ -51,6 +51,73 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4d087b35-0990-11e3-a9f4-bcaec565249c">
+ <topic>gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav</topic>
+ <affects>
+ <package>
+ <name>gstreamer-ffmpeg</name>
+ <range><lt>0.10.13_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="http://libav.org/releases/libav-0.7.7.changelog">
+ <p>Bundled version of libav in gstreamer-ffmpeg contains a number of
+ vulnerabilities.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2011-3892</cvename>
+ <cvename>CVE-2011-3893</cvename>
+ <cvename>CVE-2011-3895</cvename>
+ <cvename>CVE-2011-3929</cvename>
+ <cvename>CVE-2011-3936</cvename>
+ <cvename>CVE-2011-3937</cvename>
+ <cvename>CVE-2011-3940</cvename>
+ <cvename>CVE-2011-3945</cvename>
+ <cvename>CVE-2011-3947</cvename>
+ <cvename>CVE-2011-3951</cvename>
+ <cvename>CVE-2011-3952</cvename>
+ <cvename>CVE-2011-4031</cvename>
+ <cvename>CVE-2011-4351</cvename>
+ <cvename>CVE-2011-4352</cvename>
+ <cvename>CVE-2011-4353</cvename>
+ <cvename>CVE-2011-4364</cvename>
+ <cvename>CVE-2011-4579</cvename>
+ <cvename>CVE-2012-0848</cvename>
+ <cvename>CVE-2012-0850</cvename>
+ <cvename>CVE-2012-0851</cvename>
+ <cvename>CVE-2012-0852</cvename>
+ <cvename>CVE-2012-0853</cvename>
+ <cvename>CVE-2012-0858</cvename>
+ <cvename>CVE-2012-0947</cvename>
+ <cvename>CVE-2012-2772</cvename>
+ <cvename>CVE-2012-2775</cvename>
+ <cvename>CVE-2012-2777</cvename>
+ <cvename>CVE-2012-2779</cvename>
+ <cvename>CVE-2012-2783</cvename>
+ <cvename>CVE-2012-2784</cvename>
+ <cvename>CVE-2012-2786</cvename>
+ <cvename>CVE-2012-2787</cvename>
+ <cvename>CVE-2012-2788</cvename>
+ <cvename>CVE-2012-2790</cvename>
+ <cvename>CVE-2012-2791</cvename>
+ <cvename>CVE-2012-2793</cvename>
+ <cvename>CVE-2012-2794</cvename>
+ <cvename>CVE-2012-2798</cvename>
+ <cvename>CVE-2012-2800</cvename>
+ <cvename>CVE-2012-2801</cvename>
+ <cvename>CVE-2012-2803</cvename>
+ <cvename>CVE-2012-5144</cvename>
+ <url>http://libav.org/releases/libav-0.7.7.changelog</url>
+ </references>
+ <dates>
+ <discovery>2013-08-20</discovery>
+ <entry>2013-08-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="689c2bf7-0701-11e3-9a25-002590860428">
<topic>GnuPG and Libgcrypt -- side-channel attack vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list