Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=eada4e33c4a5ee88373bfe8f74cd3bf85e889347
commit eada4e33c4a5ee88373bfe8f74cd3bf85e889347 Author: kikadf <[email protected]> Date: Thu Jul 17 08:30:00 2014 +0200 vlc-2.0.8-3arcturus1-x86_64 * Fix CVE-2013-4388 diff --git a/source/xmultimedia/vlc/CVE-2013-4388.patch b/source/xmultimedia/vlc/CVE-2013-4388.patch new file mode 100644 index 0000000..faad8a2 --- /dev/null +++ b/source/xmultimedia/vlc/CVE-2013-4388.patch @@ -0,0 +1,15 @@ +--- vlc-2.0.3.orig/modules/packetizer/mpeg4audio.c ++++ vlc-2.0.3/modules/packetizer/mpeg4audio.c +@@ -892,8 +892,11 @@ static int LOASParse( decoder_t *p_dec, + continue; + + /* FIXME that's slow (and a bit ugly to write in place) */ +- for( i = 0; i < pi_payload[i_program][i_layer]; i++ ) ++ for (int i = 0; i < pi_payload[i_program][i_layer]; i++) { ++ if (i_accumulated >= i_buffer) ++ return 0; + p_buffer[i_accumulated++] = bs_read( &s, 8 ); ++ } + } + } + } diff --git a/source/xmultimedia/vlc/FrugalBuild b/source/xmultimedia/vlc/FrugalBuild index 1384540..6e291e1 100644 --- a/source/xmultimedia/vlc/FrugalBuild +++ b/source/xmultimedia/vlc/FrugalBuild @@ -10,7 +10,7 @@ USE_DEVEL="${USE_DEVEL:-"n"}" pkgname=vlc pkgver=2.0.8 pkgextraver=a -pkgrel=2 +pkgrel=3arcturus1 pkgdesc="The cross-platform media player and streaming server." url="http://www.videolan.org/vlc/"; depends=('e2fsprogs' 'libxpm>=3.5.8-1' 'libxdmcp' 'libshout' 'avahi' \ @@ -116,6 +116,12 @@ subdepends=("${subdepends[@]}" "libpulse>=2.1") subgroups=("${subgroups[@]}" 'xmultimedia-extra') subarchs=("${subarchs[@]}" 'i686 x86_64') + +# FSA fix *** +source=(${source[@]} CVE-2013-4388.patch) +sha1sums=(${sha1sums[@]} '36309c642f9e6783e67a9df34e78997bb7eda25a') +# *********** + build() { export CACA_LIBS="-L/usr/lib -lcaca" _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
