aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-09-21 11:36:00 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2015-09-21 11:36:00 +0200
commit79d8c05b7c382123dd04bd4dfb7ed7472d87c5d7 (patch)
tree67990bc2484ee5f88cd27d38941c5620714b73d4
parent5cf21c2970ede23199084dd6a552640c4fe708f6 (diff)
downloadaports-79d8c05b7c382123dd04bd4dfb7ed7472d87c5d7.tar.bz2
aports-79d8c05b7c382123dd04bd4dfb7ed7472d87c5d7.tar.xz
main/vlc: security fix for CVE-2015-5949
-rw-r--r--main/vlc/APKBUILD6
-rw-r--r--main/vlc/CVE-2015-5949.patch29
2 files changed, 34 insertions, 1 deletions
diff --git a/main/vlc/APKBUILD b/main/vlc/APKBUILD
index 743b71c346..602f727841 100644
--- a/main/vlc/APKBUILD
+++ b/main/vlc/APKBUILD
@@ -5,7 +5,7 @@ pkgname=vlc
pkgver=2.2.1
_pkgver=${pkgver/_/-}
_ver=${_pkgver%[a-z]}
-pkgrel=3
+pkgrel=4
pkgdesc="A multi-platform MPEG, VCD/DVD, and DivX player"
triggers="vlc-libs.trigger=/usr/lib/vlc/plugins"
pkgusers="vlc"
@@ -106,6 +106,7 @@ makedepends="
source="http://download.videolan.org/pub/videolan/$pkgname/${_ver}/$pkgname-$_pkgver.tar.xz
fix-waitpid-usage.patch
omxil-rpi-codecs.patch
+ CVE-2015-5949.patch
vlc-libs.trigger"
_builddir="$srcdir"/$pkgname-$_ver
@@ -336,12 +337,15 @@ plugins_visualization() { _mv_plugins visualization; }
md5sums="42273945758b521c408fabc7fd6d9946 vlc-2.2.1.tar.xz
b28925fdf3d1b0bd13e3af89668995a4 fix-waitpid-usage.patch
b90177830fe33b93849915752eb957ce omxil-rpi-codecs.patch
+4eb8f39eaa92c36cc0f2d31d8c9b0b67 CVE-2015-5949.patch
dd899a9926ad84db9446d92890a5aa3e vlc-libs.trigger"
sha256sums="543d9d7e378ec0fa1ee2e7f7f5acf8c456c7d0ecc32037171523197ef3cf1fcb vlc-2.2.1.tar.xz
4f017a932d4177ba838ebd7bb0e36d8606103e62519805adff81e5edbda41026 fix-waitpid-usage.patch
27e8f960ca091216b491980a6ffd4e35b28f2091677231ba1d317fc81b6ee039 omxil-rpi-codecs.patch
+28983875cbce251a5680064910ae512eb42f967b7745c0d975fd1f3891092922 CVE-2015-5949.patch
1c93af2feb217a06f6adc3cd51def8f00eea431f9d26ace7b90c377f7e85fc7a vlc-libs.trigger"
sha512sums="91cd33ac61ebe376c24b3cc0d1dc52d7765fdccbd17e75abbbbf38f52b400e0269dc48f34ed558bff7ec1dd52c4f27098012709a3eb9fe7e8aad1069516de5de vlc-2.2.1.tar.xz
680cfa3eed5501ba6f06c51eae508204f4c77d2bdd07eead1a3da3939b433abfe84025d133e7a1c7a869e4ffac374bd5eba2bd3dd242ec4645e1d1c6122d0ffb fix-waitpid-usage.patch
e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89 omxil-rpi-codecs.patch
+8c63a51989bbe9b7ccd9f67867607bd8d244b73aab92883a9cc4bfcdc193578c3b7743123a3f067043caed5aadcf1ae883884a7112976efed8ee94c5d02590a1 CVE-2015-5949.patch
b67b6e21e9d4027aef1006e6057f9ba8e65ce3895b08f7b911b1675cff9bc423f64ee2c187c584860e9e5d4635a30408a7781add9694d9bba753eac37f357406 vlc-libs.trigger"
diff --git a/main/vlc/CVE-2015-5949.patch b/main/vlc/CVE-2015-5949.patch
new file mode 100644
index 0000000000..751482c8ab
--- /dev/null
+++ b/main/vlc/CVE-2015-5949.patch
@@ -0,0 +1,29 @@
+From ce91452460a75d7424b165c4dc8db98114c3cbd9 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcartegnie@free.fr>
+Date: Mon, 3 Aug 2015 15:17:32 +0200
+Subject: [PATCH 1/1] demux: mp4: correctly match release function
+
+Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
+---
+ modules/demux/mp4/libmp4.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
+index 331262b..f220e51 100644
+--- a/modules/demux/mp4/libmp4.c
++++ b/modules/demux/mp4/libmp4.c
+@@ -3643,6 +3643,11 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box )
+ {
+ for( i_index = 0; ; i_index++ )
+ {
++ if ( MP4_Box_Function[i_index].i_parent &&
++ p_box->p_father &&
++ p_box->p_father->i_type != MP4_Box_Function[i_index].i_parent )
++ continue;
++
+ if( ( MP4_Box_Function[i_index].i_type == p_box->i_type )||
+ ( MP4_Box_Function[i_index].i_type == 0 ) )
+ {
+--
+1.7.10.4
+