security updates

author: Ned Ludd <solar@gentoo.org> 2003-09-27 22:50:31 +0000
committer: Ned Ludd <solar@gentoo.org> 2003-09-27 22:50:31 +0000
commit: bde9562c55388e0622aae6adfdb628e57d9b55c7 (patch)
tree: ee9c0d9a712e84d9d2f6ac461ee7ec0815deee86 /media-video
parent: fix screenshot in 1.3.20, cleanup, mark 1.2.5 x86 (diff)
download: historical-bde9562c55388e0622aae6adfdb628e57d9b55c7.tar.gz
historical-bde9562c55388e0622aae6adfdb628e57d9b55c7.tar.bz2
historical-bde9562c55388e0622aae6adfdb628e57d9b55c7.zip
5 files changed, 469 insertions, 5 deletions
diff --git a/media-video/mplayer/ChangeLog b/media-video/mplayer/ChangeLog
index 946f5e52efce..4bbb2d48492d 100644
--- a/media-video/mplayer/ChangeLog
+++ b/media-video/mplayer/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-video/mplayer
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/mplayer/ChangeLog,v 1.81 2003/09/27 22:31:49 mholzer Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/mplayer/ChangeLog,v 1.82 2003/09/27 22:50:27 solar Exp $
+
+*mplayer-1.0_pre1-r1 (27 Sep 2003)
+
+  27 Sep 2003; <solar@gentoo.org> mplayer-1.0_pre1-r1.ebuild,
+  files/vuln01-fix.diff:
+  security fix for devel branch
 
 *mplayer-0.92 (28 Sep 2003)
 
diff --git a/media-video/mplayer/Manifest b/media-video/mplayer/Manifest
index f0a6aad3038c..a7ee7abaf180 100644
--- a/media-video/mplayer/Manifest
+++ b/media-video/mplayer/Manifest
@@ -1,15 +1,18 @@
-MD5 72a11125be27f23a78869282fbca237b ChangeLog 14772
-MD5 c206e5e87ef928368a8dbc4a6f4c6f8e mplayer-0.92.ebuild 11239
+MD5 b22e0d0ca8f80d3f21604f10bf3bc8cd ChangeLog 14926
 MD5 b536633616dd0e40e4027cd1abf51d41 mplayer-0.91.ebuild 11269
+MD5 c206e5e87ef928368a8dbc4a6f4c6f8e mplayer-0.92.ebuild 11239
 MD5 11e5afb5f7ec6f0fa02de8fa00d43020 mplayer-1.0_pre1.ebuild 10845
+MD5 353924216dad2d12435111f363cff283 mplayer-1.0_pre1-r1.ebuild 10933
+MD5 fef9f0571da54ae3df2e804100bd2632 files/vuln01-fix.diff 1231
 MD5 6c2dab3392aab51766253b416ad2a10c files/default-skin.diff 396
+MD5 d2a3635d5b682767397834e55a08ec33 files/digest-mplayer-0.91 355
 MD5 0dfbe04e5dcbb70606ce707ffca6f871 files/digest-mplayer-0.92 355
+MD5 89440216f99b2e09265d46fead5363fb files/digest-mplayer-1.0_pre1 358
 MD5 260489267a0ccf01fe300bce0ec1430d files/mencoder-segfault.patch 520
-MD5 d2a3635d5b682767397834e55a08ec33 files/digest-mplayer-0.91 355
 MD5 a71fc9832d953424652af1125fb7ea64 files/mplayer-0.90-coreutils-fixup.patch 1857
 MD5 8f18911adcd661e70ad0cd84a94d49ac files/mplayer-0.90-divx.patch 25064
 MD5 26a52f084f4d177580ed9ea0187f54e7 files/mplayer-0.90-ppc-benh-2.patch 2049
 MD5 9e064190a914d26b0392a266753161ed files/mplayer-0.90-ppc-benh.patch 2029
 MD5 059e03d1d2c965b04a5e53ed850de64a files/mplayer-0.90_rc4-gtk2.patch 6183
 MD5 c2d65649f15837c5a326557ded4e47c5 files/mplayer.desktop 119
-MD5 89440216f99b2e09265d46fead5363fb files/digest-mplayer-1.0_pre1 358
+MD5 e28e0d37402da0cd2cd1965fe7e71eb5 files/digest-mplayer-1.0_pre1-r1 358
diff --git a/media-video/mplayer/files/digest-mplayer-1.0_pre1-r1 b/media-video/mplayer/files/digest-mplayer-1.0_pre1-r1
new file mode 100644
index 000000000000..ee8a7e27914a
--- /dev/null
+++ b/media-video/mplayer/files/digest-mplayer-1.0_pre1-r1
@@ -0,0 +1,5 @@
+MD5 657ff738f19a8a42739b76b46585a783 MPlayer-1.0pre1.tar.bz2 4190784
+MD5 6c3f032ddf401ca522900291de03fee5 font-arial-iso-8859-1.tar.bz2 234810
+MD5 0f9a5d53f836e2d2d2bde207dc641044 font-arial-iso-8859-2.tar.bz2 222677
+MD5 3f1b9eb2ba639bf42c61f7b9189f6524 svgalib_helper-1.9.17-mplayer.tar.bz2 7234
+MD5 ee26d46d5c52c5e3ac15164e78300b44 Blue-1.0.tar.bz2 219130
diff --git a/media-video/mplayer/files/vuln01-fix.diff b/media-video/mplayer/files/vuln01-fix.diff
new file mode 100644
index 000000000000..407bc804165f
--- /dev/null
+++ b/media-video/mplayer/files/vuln01-fix.diff
@@ -0,0 +1,37 @@
+Update of /cvsroot/mplayer/main/libmpdemux
+In directory mail:/var/tmp.root/cvs-serv19707/libmpdemux
+
+Modified Files:
+	asf_streaming.c 
+Log Message:
+simple fix for buffer overflow (remotely exploitable). feel free to
+commit a better fix if you don't like it.
+
+
+Index: asf_streaming.c
+===================================================================
+RCS file: /cvsroot/mplayer/main/libmpdemux/asf_streaming.c,v
+retrieving revision 1.40
+retrieving revision 1.41
+diff -u -r1.40 -r1.41
+--- asf_streaming.c	15 Aug 2003 19:13:23 -0000	1.40
++++ asf_streaming.c	25 Sep 2003 00:36:04 -0000	1.41
+@@ -502,11 +502,11 @@
+ 			return NULL;
+ 		}
+ 		http_set_uri( http_hdr, server_url->url );
+-		sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port );
++		sprintf( str, "Host: %.220s:%d", server_url->hostname, server_url->port );
+ 		url_free( server_url );
+ 	} else {
+ 		http_set_uri( http_hdr, url->file );
+-		sprintf( str, "Host: %s:%d", url->hostname, url->port );
++		sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
+ 	}
+ 	
+ 	http_set_field( http_hdr, str );
+
+_______________________________________________
+Mplayer-cvslog mailing list
+Mplayer-cvslog@mplayerhq.hu
+http://mplayerhq.hu/mailman/listinfo/mplayer-cvslog
diff --git a/media-video/mplayer/mplayer-1.0_pre1-r1.ebuild b/media-video/mplayer/mplayer-1.0_pre1-r1.ebuild
new file mode 100644
index 000000000000..a8c6c2d76b77
--- /dev/null
+++ b/media-video/mplayer/mplayer-1.0_pre1-r1.ebuild
@@ -0,0 +1,413 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-video/mplayer/mplayer-1.0_pre1-r1.ebuild,v 1.1 2003/09/27 22:50:27 solar Exp $
+
+IUSE="dga oss xmms jpeg 3dfx sse matrox sdl X svga ggi oggvorbis 3dnow aalib gnome xv opengl truetype dvd gtk gif esd fbcon encode alsa directfb arts dvb gtk2 samba"
+
+inherit eutils
+
+# NOTE to myself:  Test this thing with and without dvd/gtk+ support,
+#                  as it seems the mplayer guys dont really care to
+#                  make it work without dvd support.
+
+# Handle PREversions as well
+MY_PV="${PV/_/}"
+S="${WORKDIR}/${PN}-${MY_PV}"
+SRC_URI="http://mplayerhq.hu/MPlayer/releases/MPlayer-${MY_PV}.tar.bz2
+	http://mplayerhq.hu/MPlayer/releases/fonts/font-arial-iso-8859-1.tar.bz2
+	http://mplayerhq.hu/MPlayer/releases/fonts/font-arial-iso-8859-2.tar.bz2
+	svga? ( http://mplayerhq.hu/~alex/svgalib_helper-1.9.17-mplayer.tar.bz2 )
+	gtk? ( http://mplayerhq.hu/MPlayer/Skin/Blue-1.0.tar.bz2 )"
+# Only install Skin if GUI should be build (gtk as USE flag)
+DESCRIPTION="Media Player for Linux"
+HOMEPAGE="http://www.mplayerhq.hu/"
+
+# 'encode' in USE for MEncoder.
+RDEPEND="ppc? ( >=media-libs/xvid-0.9.0 )
+	x86? ( >=media-libs/xvid-0.9.0
+	       >=media-libs/divx4linux-20030428
+	       >=media-libs/win32codecs-0.60 )
+	gtk? ( !gtk2 ( =x11-libs/gtk+-1.2*
+	               =dev-libs/glib-1.2* )
+	       media-libs/libpng
+	       >=x11-base/xfree-4.2.1-r2 )
+	gtk2? ( >=x11-libs/gtk+-2.0.6
+	        >=dev-libs/glib-2.0.6 )
+	jpeg? ( media-libs/jpeg )
+	gif? ( media-libs/giflib
+	       media-libs/libungif )
+	truetype? ( >=media-libs/freetype-2.1 )
+	esd? ( media-sound/esound )
+	ggi? ( media-libs/libggi )
+	sdl? ( media-libs/libsdl )
+	alsa? ( media-libs/alsa-lib )
+	arts? ( kde-base/arts )
+	nas? ( media-libs/nas )
+	svga? ( media-libs/svgalib )
+	encode? ( media-sound/lame
+	          >=media-libs/libdv-0.9.5 )
+	xmms? ( media-sound/xmms )
+	opengl? ( virtual/opengl )
+	directfb? ( dev-libs/DirectFB )
+	oggvorbis? ( media-libs/libvorbis )
+	nls? ( sys-devel/gettext )
+	media-sound/cdparanoia
+	mpeg? ( media-libs/faad2 )
+	samba? ( >=net-fs/samba-2.2.8a )
+	>=sys-apps/portage-2.0.36"
+#	dvd? ( media-libs/libdvdnav )
+# Hardcode paranoia support for now, as there is no
+# related USE flag.
+
+DEPEND="${RDEPEND}
+	x86? ( dev-lang/nasm )
+	app-arch/unzip"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~x86 ~ppc ~sparc"
+
+
+src_unpack() {
+
+	unpack MPlayer-${MY_PV}.tar.bz2 \
+		font-arial-iso-8859-1.tar.bz2 font-arial-iso-8859-2.tar.bz2
+
+	use svga && unpack svgalib_helper-1.9.17-mplayer.tar.bz2
+
+	use gtk && unpack Blue-1.0.tar.bz2
+
+	# Use gtk-2.x
+	cd ${S}; epatch ${FILESDIR}/${PN}-0.90_rc4-gtk2.patch
+
+	# Fix head/tail call for new coreutils
+	cd ${S}; epatch ${FILESDIR}/${PN}-0.90-coreutils-fixup.patch
+
+	# Fix mencoder segfaulting with bad arguments
+	cd ${S}; epatch ${FILESDIR}/mencoder-segfault.patch
+
+	# Fix mplayer to detect detect/use altivec on benh kernels,
+	# bug #18511.
+	use ppc && \
+		(cd ${S}; epatch ${FILESDIR}/${PN}-0.90-ppc-benh-2.patch)
+
+	if [ "`use svga`" ]
+	then
+		echo
+		einfo "Enabling vidix non-root mode."
+		einfo "(You need a proper svgalib_helper.o module for your kernel"
+		einfo " to actually use this)"
+		echo
+
+		mv ${WORKDIR}/svgalib_helper ${S}/libdha
+		cd ${S}/libdha
+		sed -i -e "s/^#CFLAGS/CFLAGS/" Makefile
+	fi
+
+	# security fix Bug #29640
+	cd ${S}/libmpdemux && epatch ${FILESDIR}/vuln01-fix.diff
+}
+
+src_compile() {
+
+	use matrox && check_KV
+
+	local myconf=
+
+	use 3dnow \
+		|| myconf="${myconf} --disable-3dnow --disable-3dnowex"
+
+	use sse \
+		|| myconf="${myconf} --disable-sse --disable-sse2"
+
+	# Only disable MMX if 3DNOW or SSE is not in USE
+	use mmx || use 3dnow || use sse \
+		|| myconf="${myconf} --disable-mmx --disable-mmx2"
+
+	# Only disable X if gtk is not in USE
+	use X || use gtk \
+		|| myconf="${myconf} --disable-gui --disable-x11 --disable-xv \
+		                     --disable-xmga --disable-png"
+
+	use jpeg \
+		|| myconf="${myconf} --disable-jpeg"
+
+	use gif \
+		|| myconf="${myconf} --disable-gif"
+
+	( use matrox && use X ) \
+		&& myconf="${myconf} --enable-xmga" \
+		|| myconf="${myconf} --disable-xmga"
+
+	use gtk \
+		&& myconf="${myconf} --enable-gui --enable-x11 \
+		                     --enable-xv --enable-vm --enable-png"
+
+	( use gtk && use gtk2 ) \
+		&& myconf="${myconf} --enable-gtk2"
+
+	use truetype \
+		&& myconf="${myconf} --enable-freetype" \
+		|| myconf="${myconf} --disable-freetype"
+
+	use oss \
+		|| myconf="${myconf} --disable-ossaudio"
+
+	use opengl \
+		|| myconf="${myconf} --disable-gl"
+
+	use sdl \
+		|| myconf="${myconf} --disable-sdl"
+
+	use ggi \
+		|| myconf="${myconf} --disable-ggi"
+
+	use svga \
+		|| myconf="${myconf} --disable-svga"
+
+	use directfb \
+		|| myconf="${myconf} --disable-directfb"
+
+	use fbcon \
+		|| myconf="${myconf} --disable-fbdev"
+
+	use esd \
+		|| myconf="${myconf} --disable-esd"
+
+	use alsa \
+		|| myconf="${myconf} --disable-alsa"
+
+	use arts \
+		|| myconf="${myconf} --disable-arts"
+
+	use nas \
+		|| myconf="${myconf} --disable-nas"
+
+	use oggvorbis \
+		|| myconf="${myconf} --disable-vorbis"
+
+	use encode \
+		&& myconf="${myconf} --enable-mencoder --enable-tv" \
+		|| myconf="${myconf} --disable-mencoder"
+
+	use dvd \
+		&& myconf="${myconf} --enable-mpdvdkit" \
+		|| myconf="${myconf} --disable-mpdvdkit --disable-dvdread \
+		                     --disable-css"
+	# Disable dvdnav support as its not considered to be
+	# functional anyhow, and will be removed.
+
+	use xmms \
+		&& myconf="${myconf} --enable-xmms"
+
+	use mpeg \
+		&& myconf="${myconf} --enable-faad" \
+		|| myconf="${myconf} --disable-faad"
+
+	use matrox \
+		&& myconf="${myconf} --enable-mga" \
+		|| myconf="${myconf} --disable-mga"
+
+	use 3dfx \
+		&& myconf="${myconf} --enable-tdfxfb"
+	# --enable-3dfx is broken according to the MPlayer guys.
+
+	use dvb \
+		&& myconf="${myconf} --enable-dvb" \
+		|| myconf="${myconf} --disable-dvb"
+
+	use nls \
+		&& myconf="${myconf} --enable-i18n" \
+		|| myconf="${myconf} --disable-i18n"
+
+	use samba \
+		&& myconf="${myconf} --enable-smb" \
+		|| myconf="${myconf} --disable-smb"
+
+	if [ -d /opt/RealPlayer9/Real/Codecs ]
+	then
+		einfo "Setting REALLIBDIR to /opt/RealPlayer9/Real/Codecs..."
+		REALLIBDIR="/opt/RealPlayer9/Real/Codecs"
+	elif [ -d /opt/RealPlayer8/Codecs ]
+	then
+		einfo "Setting REALLIBDIR to /opt/RealPlayer8/Codecs..."
+		REALLIBDIR="/opt/RealPlayer8/Codecs"
+	else
+		REALLIBDIR="/usr/lib/real"
+	fi
+
+	if has_version media-plugins/live
+	then
+		einfo "Enabling LIVE.COM Streaming Media..."
+		myconf="${myconf} --enable-live"
+	fi
+
+
+	# For lirc support as the auto-detect doesn't seem to work
+	if [ -f /usr/include/lirc/lirc_client.h ]
+	then
+		einfo "Enabling lirc support..."
+		myconf="${myconf} --enable-lirc"
+	else
+		myconf="${myconf} --disable-lirc"
+	fi
+
+	if [ -e /dev/.devfsd ]
+	then
+		myconf="${myconf} --enable-linux-devfs"
+	fi
+
+	if has_version 'sys-devel/hardened-gcc' && [ "${CC}" = "gcc" ]
+	then
+		CC="${CC} -yet_exec"
+	fi
+
+	# Crashes on start when compiled with most optimizations.
+	# The code have CPU detection code now, with CPU specific
+	# optimizations, so extra should not be needed and is not
+	# recommended by the authors
+	unset CFLAGS CXXFLAGS
+	./configure --prefix=/usr \
+		--datadir=/usr/share/mplayer \
+		--confdir=/usr/share/mplayer \
+		--disable-runtime-cpudetection \
+		--enable-largefiles \
+		--enable-menu \
+		--enable-real \
+		--with-reallibdir=${REALLIBDIR} \
+		--with-x11incdir=/usr/X11R6/include \
+		${myconf} || die
+	# Breaks with gcc-2.95.3, bug #14479:
+	#  --enable-shared-pp \
+	# Enable untested and currently unused code:
+	#  --enable-dynamic-plugins \
+
+	# emake borks on fast boxes - Azarah (07 Aug 2002)
+	einfo "Make"
+	make all || die "Failed to build MPlayer!"
+	einfo "Make completed"
+
+	# We build the shared libpostproc.so here so that our
+	# mplayer binary is not linked to it, ensuring that we
+	# do not run into issues ... (bug #14479)
+	cd ${S}/libavcodec/libpostproc
+	make SHARED_PP="yes" || die "Failed to build libpostproc.so!"
+
+	if [ -n "`use matrox`" ]
+	then
+		cd ${S}/drivers
+		make all || die "Failed to build matrox driver!"
+	fi
+}
+
+src_install() {
+
+	einfo "Make install"
+	make prefix=${D}/usr \
+	     BINDIR=${D}/usr/bin \
+		 LIBDIR=${D}/usr/lib \
+	     CONFDIR=${D}/usr/share/mplayer \
+	     DATADIR=${D}/usr/share/mplayer \
+	     MANDIR=${D}/usr/share/man \
+	     install || die "Failed to install MPlayer!"
+	einfo "Make install completed"
+
+	# Install our libpostproc.so ...
+	cd ${S}/libavcodec/libpostproc
+	make prefix=${D}/usr \
+	     SHARED_PP="yes" \
+	     install || die "Failed to install libpostproc.so!"
+	cd ${S}
+
+	dodoc AUTHORS ChangeLog README
+	# Install the documentation; DOCS is all mixed up not just html
+	cp -r ${S}/DOCS ${D}/usr/share/doc/${PF}/ || die
+
+	# Copy misc tools to documentation path, as they're not installed
+	# directly
+	cp -r ${S}/TOOLS ${D}/usr/share/doc/${PF} || die
+
+	# Install the default Skin and Gnome menu entry
+	if [ -n "`use gtk`" ]
+	then
+		dodir /usr/share/mplayer/Skin
+		cp -r ${WORKDIR}/Blue ${D}/usr/share/mplayer/Skin/default || die
+
+		# Fix the symlink
+		rm -rf ${D}/usr/bin/gmplayer
+		dosym mplayer /usr/bin/gmplayer
+	fi
+
+	if [ -n "`use gnome`" ]
+	then
+		insinto /usr/share/pixmaps
+		newins ${S}/Gui/mplayer/pixmaps/logo.xpm mplayer.xpm
+		insinto /usr/share/gnome/apps/Multimedia
+		doins ${FILESDIR}/mplayer.desktop
+	fi
+
+	dodir /usr/share/mplayer/fonts
+	cp -a ${WORKDIR}/font-arial* ${D}/usr/share/mplayer/fonts
+	# Fix the font symlink ...
+	rm -rf ${D}/usr/share/mplayer/font
+	dosym fonts/font-arial-14-iso-8859-1 /usr/share/mplayer/font
+
+	insinto /etc
+	newins ${S}/etc/example.conf mplayer.conf
+	dosed -e 's/include =/#include =/' /etc/mplayer.conf
+	dosed -e 's/fs=yes/fs=no/' /etc/mplayer.conf
+	dosym ../../../etc/mplayer.conf /usr/share/mplayer/mplayer.conf
+
+	insinto /usr/share/mplayer
+	doins ${S}/etc/codecs.conf
+	doins ${S}/etc/input.conf
+	doins ${S}/etc/menu.conf
+
+	if [ -n "`use matrox`" ]
+	then
+		check_KV
+		insinto /lib/modules/${KV}/kernel/drivers/char
+		doins ${S}/drivers/mga_vid.o
+	fi
+}
+
+pkg_preinst() {
+
+	if [ -d "${ROOT}/usr/share/mplayer/Skin/default" ]
+	then
+		rm -rf ${ROOT}/usr/share/mplayer/Skin/default
+	fi
+}
+
+pkg_postinst() {
+
+	if [ -n "`use ppc`" ]
+	then
+		echo
+		einfo "When you see only GREEN salad on your G4 while playing"
+		einfo "a DivX, you should recompile _without_ altivec enabled."
+		einfo "Furher information: http://bugs.gentoo.org/show_bug.cgi?id=18511"
+		echo
+		einfo "If everything functions fine with watching DivX and"
+		einfo "altivec enabled, please drop a comment on the mentioned bug!"
+	fi
+
+	depmod -a &>/dev/null || :
+}
+
+pkg_postrm() {
+
+	# Cleanup stale symlinks
+	if [ -L ${ROOT}/usr/share/mplayer/font -a \
+	     ! -e ${ROOT}/usr/share/mplayer/font ]
+	then
+		rm -f ${ROOT}/usr/share/mplayer/font
+	fi
+
+	if [ -L ${ROOT}/usr/share/mplayer/subfont.ttf -a \
+	     ! -e ${ROOT}/usr/share/mplayer/subfont.ttf ]
+	then
+		rm -f ${ROOT}/usr/share/mplayer/subfont.ttf
+	fi
+}
+
author	Ned Ludd <solar@gentoo.org>	2003-09-27 22:50:31 +0000
committer	Ned Ludd <solar@gentoo.org>	2003-09-27 22:50:31 +0000
commit	bde9562c55388e0622aae6adfdb628e57d9b55c7 (patch)
tree	ee9c0d9a712e84d9d2f6ac461ee7ec0815deee86 /media-video
parent	fix screenshot in 1.3.20, cleanup, mark 1.2.5 x86 (diff)
download	historical-bde9562c55388e0622aae6adfdb628e57d9b55c7.tar.gz historical-bde9562c55388e0622aae6adfdb628e57d9b55c7.tar.bz2 historical-bde9562c55388e0622aae6adfdb628e57d9b55c7.zip