svn commit: r359688 - in head/multimedia: mencoder mplayer mplayer/files

Sat Jun 28 12:13:04 UTC 2014

Author: riggs
Date: Sat Jun 28 12:13:03 2014
New Revision: 359688
URL: http://svnweb.freebsd.org/changeset/ports/359688
QAT: https://qat.redports.org/buildarchive/r359688/

Log:
  - Fix integer overflow in mencoder (bundled ffmpeg CVE-2014-4610)
  - Fix integer overflow in mplayer (bundled ffmpeg CVE-2014-4610)
  - Bump PORTREVISION in both ports
  
  Approved by:	mentors (implicit)
  MFH:	2014Q2
  Security:	17dfd984-feba-11e3-b938-5404a68ad561
  		9ab3a22c-feb8-11e3-b938-5404a68ad561

Added:
  head/multimedia/mplayer/files/patch-CVE-2014-4610   (contents, props changed)
Modified:
  head/multimedia/mencoder/Makefile
  head/multimedia/mplayer/Makefile

Modified: head/multimedia/mencoder/Makefile
==============================================================================

--- head/multimedia/mencoder/Makefile	Sat Jun 28 12:09:08 2014	(r359687)
+++ head/multimedia/mencoder/Makefile	Sat Jun 28 12:13:03 2014	(r359688)
@@ -3,6 +3,7 @@
 
 PORTNAME=	mencoder
 PORTVERSION=	${MPLAYER_PORT_VERSION}
+PORTREVISION=	1
 
 COMMENT=	Convenient video file and movie encoder
 

Modified: head/multimedia/mplayer/Makefile
==============================================================================
--- head/multimedia/mplayer/Makefile	Sat Jun 28 12:09:08 2014	(r359687)
+++ head/multimedia/mplayer/Makefile	Sat Jun 28 12:13:03 2014	(r359688)
@@ -3,7 +3,7 @@
 
 PORTNAME=	mplayer
 PORTVERSION=	${MPLAYER_PORT_VERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 
 COMMENT=	High performance media player supporting many formats
 

Added: head/multimedia/mplayer/files/patch-CVE-2014-4610
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/multimedia/mplayer/files/patch-CVE-2014-4610	Sat Jun 28 12:13:03 2014	(r359688)
@@ -0,0 +1,48 @@
+--- ffmpeg/libavutil/lzo.c.orig	2013-05-25 19:20:04.000000000 +0200
++++ ffmpeg/libavutil/lzo.c	2014-06-28 12:23:13.517164344 +0200
+@@ -65,8 +65,13 @@
+ {
+     int cnt = x & mask;
+     if (!cnt) {
+-        while (!(x = get_byte(c)))
++        while (!(x = get_byte(c))) {
++            if (cnt >= INT_MAX - 1000) {
++                c->error |= AV_LZO_ERROR;
++                break;
++            }
+             cnt += 255;
++        }
+         cnt += mask + x;
+     }
+     return cnt;
+@@ -80,6 +85,10 @@
+ {
+     register const uint8_t *src = c->in;
+     register uint8_t *dst       = c->out;
++    if (cnt < 0) {
++        c->error |= AV_LZO_ERROR;
++        return;
++    }
+     if (cnt > c->in_end - src) {
+         cnt       = FFMAX(c->in_end - src, 0);
+         c->error |= AV_LZO_INPUT_DEPLETED;
+@@ -103,7 +112,7 @@
+ /**
+  * @brief Copies previously decoded bytes to current position.
+  * @param back how many bytes back we start, must be > 0
+- * @param cnt number of bytes to copy, must be >= 0
++ * @param cnt number of bytes to copy, must be > 0
+  *
+  * cnt > back is valid, this will copy the bytes we just copied,
+  * thus creating a repeating pattern with a period length of back.
+@@ -111,6 +120,10 @@
+ static inline void copy_backptr(LZOContext *c, int back, int cnt)
+ {
+     register uint8_t *dst       = c->out;
++    if (cnt <= 0) {
++        c->error |= AV_LZO_ERROR;
++        return;
++    }
+     if (dst - c->out_start < back) {
+         c->error |= AV_LZO_INVALID_BACKPTR;
+         return;
