diff options
| author | Michael Johnson <ahze@FreeBSD.org> | 2007-02-24 15:34:35 +0000 |
|---|---|---|
| committer | Michael Johnson <ahze@FreeBSD.org> | 2007-02-24 15:34:35 +0000 |
| commit | d8ae4ac899b87841ba0c323a5ec19a6423f3a4e3 (patch) | |
| tree | de1ce978e305a64d60edbd7289aa10499ef7b437 /multimedia/vlc | |
| parent | - Does not need compat5x any more [1] (diff) | |
Patch a C-style format string vulnerability in the CDDA and VCDX plugins.
Security: http://www.videolan.org/sa0701.html
Obtained from: videolan project
Notes
Notes:
svn path=/head/; revision=185808
Diffstat (limited to 'multimedia/vlc')
| -rw-r--r-- | multimedia/vlc/Makefile | 2 | ||||
| -rw-r--r-- | multimedia/vlc/files/patch-vlc-0.8.6-MOAB-02-01-2007 | 68 |
2 files changed, 69 insertions, 1 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index 8d8c8723fbc2..b499ae4b8fe8 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -10,7 +10,7 @@ PORTNAME= vlc DISTVERSION= 0.8.5 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= multimedia audio ipv6 net www MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${PORTVERSION}/ \ http://ftp.snt.utwente.nl/pub/software/videolan/vlc/${PORTVERSION}/ \ diff --git a/multimedia/vlc/files/patch-vlc-0.8.6-MOAB-02-01-2007 b/multimedia/vlc/files/patch-vlc-0.8.6-MOAB-02-01-2007 new file mode 100644 index 000000000000..5e41d1ed3c51 --- /dev/null +++ b/multimedia/vlc/files/patch-vlc-0.8.6-MOAB-02-01-2007 @@ -0,0 +1,68 @@ +diff -ru vlc-0.8.6.orig/modules/access/cdda/access.c vlc-0.8.6/modules/access/cdda/access.c +--- modules/access/cdda/access.c 2007-01-03 10:01:09.000000000 +0100 ++++ modules/access/cdda/access.c 2007-01-03 10:02:45.000000000 +0100 +@@ -89,17 +89,17 @@ + case CDIO_LOG_DEBUG: + case CDIO_LOG_INFO: + if (p_cdda->i_debug & INPUT_DBG_CDIO) +- msg_Dbg( p_cdda_input, message); ++ msg_Dbg( p_cdda_input, "%s", message); + break; + case CDIO_LOG_WARN: +- msg_Warn( p_cdda_input, message); ++ msg_Warn( p_cdda_input, "%s", message); + break; + case CDIO_LOG_ERROR: + case CDIO_LOG_ASSERT: +- msg_Err( p_cdda_input, message); ++ msg_Err( p_cdda_input, "%s", message); + break; + default: +- msg_Warn( p_cdda_input, message, ++ msg_Warn( p_cdda_input, "%s\n%s %d", message, + "the above message had unknown cdio log level", + level); + } +diff -ru vlc-0.8.6.orig/modules/access/vcdx/access.c vlc-0.8.6/modules/access/vcdx/access.c +--- modules/access/vcdx/access.c 2007-01-03 10:01:10.000000000 +0100 ++++ modules/access/vcdx/access.c 2007-01-03 10:01:52.000000000 +0100 +@@ -92,17 +92,17 @@ + case CDIO_LOG_DEBUG: + case CDIO_LOG_INFO: + if (p_vcdplayer->i_debug & INPUT_DBG_CDIO) +- msg_Dbg( p_vcd_access, message); ++ msg_Dbg( p_vcd_access, "%s", message); + break; + case CDIO_LOG_WARN: +- msg_Warn( p_vcd_access, message); ++ msg_Warn( p_vcd_access, "%s", message); + break; + case CDIO_LOG_ERROR: + case CDIO_LOG_ASSERT: +- msg_Err( p_vcd_access, message); ++ msg_Err( p_vcd_access, "%s", message); + break; + default: +- msg_Warn( p_vcd_access, message, ++ msg_Warn( p_vcd_access, "%s\n%s %d", message, + _("The above message had unknown log level"), + level); + } +@@ -118,14 +118,14 @@ + case VCD_LOG_DEBUG: + case VCD_LOG_INFO: + if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO) +- msg_Dbg( p_vcd_access, message); ++ msg_Dbg( p_vcd_access, "%s", message); + break; + case VCD_LOG_WARN: +- msg_Warn( p_vcd_access, message); ++ msg_Warn( p_vcd_access, "%s", message); + break; + case VCD_LOG_ERROR: + case VCD_LOG_ASSERT: +- msg_Err( p_vcd_access, message); ++ msg_Err( p_vcd_access, "%s", message); + break; + default: + msg_Warn( p_vcd_access, "%s\n%s %d", message, |