diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-09-21 11:36:00 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-09-21 11:36:00 +0200 |
commit | 79d8c05b7c382123dd04bd4dfb7ed7472d87c5d7 (patch) | |
tree | 67990bc2484ee5f88cd27d38941c5620714b73d4 /main | |
parent | 5cf21c2970ede23199084dd6a552640c4fe708f6 (diff) | |
download | aports-79d8c05b7c382123dd04bd4dfb7ed7472d87c5d7.tar.bz2 aports-79d8c05b7c382123dd04bd4dfb7ed7472d87c5d7.tar.xz |
main/vlc: security fix for CVE-2015-5949
Diffstat (limited to 'main')
-rw-r--r-- | main/vlc/APKBUILD | 6 | ||||
-rw-r--r-- | main/vlc/CVE-2015-5949.patch | 29 |
2 files changed, 34 insertions, 1 deletions
diff --git a/main/vlc/APKBUILD b/main/vlc/APKBUILD index 743b71c346..602f727841 100644 --- a/main/vlc/APKBUILD +++ b/main/vlc/APKBUILD @@ -5,7 +5,7 @@ pkgname=vlc pkgver=2.2.1 _pkgver=${pkgver/_/-} _ver=${_pkgver%[a-z]} -pkgrel=3 +pkgrel=4 pkgdesc="A multi-platform MPEG, VCD/DVD, and DivX player" triggers="vlc-libs.trigger=/usr/lib/vlc/plugins" pkgusers="vlc" @@ -106,6 +106,7 @@ makedepends=" source="http://download.videolan.org/pub/videolan/$pkgname/${_ver}/$pkgname-$_pkgver.tar.xz fix-waitpid-usage.patch omxil-rpi-codecs.patch + CVE-2015-5949.patch vlc-libs.trigger" _builddir="$srcdir"/$pkgname-$_ver @@ -336,12 +337,15 @@ plugins_visualization() { _mv_plugins visualization; } md5sums="42273945758b521c408fabc7fd6d9946 vlc-2.2.1.tar.xz b28925fdf3d1b0bd13e3af89668995a4 fix-waitpid-usage.patch b90177830fe33b93849915752eb957ce omxil-rpi-codecs.patch +4eb8f39eaa92c36cc0f2d31d8c9b0b67 CVE-2015-5949.patch dd899a9926ad84db9446d92890a5aa3e vlc-libs.trigger" sha256sums="543d9d7e378ec0fa1ee2e7f7f5acf8c456c7d0ecc32037171523197ef3cf1fcb vlc-2.2.1.tar.xz 4f017a932d4177ba838ebd7bb0e36d8606103e62519805adff81e5edbda41026 fix-waitpid-usage.patch 27e8f960ca091216b491980a6ffd4e35b28f2091677231ba1d317fc81b6ee039 omxil-rpi-codecs.patch +28983875cbce251a5680064910ae512eb42f967b7745c0d975fd1f3891092922 CVE-2015-5949.patch 1c93af2feb217a06f6adc3cd51def8f00eea431f9d26ace7b90c377f7e85fc7a vlc-libs.trigger" sha512sums="91cd33ac61ebe376c24b3cc0d1dc52d7765fdccbd17e75abbbbf38f52b400e0269dc48f34ed558bff7ec1dd52c4f27098012709a3eb9fe7e8aad1069516de5de vlc-2.2.1.tar.xz 680cfa3eed5501ba6f06c51eae508204f4c77d2bdd07eead1a3da3939b433abfe84025d133e7a1c7a869e4ffac374bd5eba2bd3dd242ec4645e1d1c6122d0ffb fix-waitpid-usage.patch e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89 omxil-rpi-codecs.patch +8c63a51989bbe9b7ccd9f67867607bd8d244b73aab92883a9cc4bfcdc193578c3b7743123a3f067043caed5aadcf1ae883884a7112976efed8ee94c5d02590a1 CVE-2015-5949.patch b67b6e21e9d4027aef1006e6057f9ba8e65ce3895b08f7b911b1675cff9bc423f64ee2c187c584860e9e5d4635a30408a7781add9694d9bba753eac37f357406 vlc-libs.trigger" diff --git a/main/vlc/CVE-2015-5949.patch b/main/vlc/CVE-2015-5949.patch new file mode 100644 index 0000000000..751482c8ab --- /dev/null +++ b/main/vlc/CVE-2015-5949.patch @@ -0,0 +1,29 @@ +From ce91452460a75d7424b165c4dc8db98114c3cbd9 Mon Sep 17 00:00:00 2001 +From: Francois Cartegnie <fcartegnie@free.fr> +Date: Mon, 3 Aug 2015 15:17:32 +0200 +Subject: [PATCH 1/1] demux: mp4: correctly match release function + +Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org> +--- + modules/demux/mp4/libmp4.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c +index 331262b..f220e51 100644 +--- a/modules/demux/mp4/libmp4.c ++++ b/modules/demux/mp4/libmp4.c +@@ -3643,6 +3643,11 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box ) + { + for( i_index = 0; ; i_index++ ) + { ++ if ( MP4_Box_Function[i_index].i_parent && ++ p_box->p_father && ++ p_box->p_father->i_type != MP4_Box_Function[i_index].i_parent ) ++ continue; ++ + if( ( MP4_Box_Function[i_index].i_type == p_box->i_type )|| + ( MP4_Box_Function[i_index].i_type == 0 ) ) + { +-- +1.7.10.4 + |