[gentoo-commits] repo/gentoo:master commit in: media-video/vlc/, media-video/vlc/files/

Tue, 27 Oct 2015 18:44:00 -0700 

commit:     512cacd39f22b2bfde6725f09d0f08ff37e8bbd6
Author:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 01:40:00 2015 +0000
Commit:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 01:43:01 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=512cacd3

media-video/vlc: revbump -> -2.2.1-r1, sec patch CVE-2015-5949

patch submitted by proxy maintainer via the gentoo bug, also
runtested by Amynka, removed initial vlc-2.2.1.ebuild

Gentoo bug: #558418

Package-Manager: portage-2.2.23

 media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch       | 15 +++++++++++++++
 media-video/vlc/{vlc-2.2.1.ebuild => vlc-2.2.1-r1.ebuild} |  3 +++
 2 files changed, 18 insertions(+)

diff --git a/media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch 
b/media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch
new file mode 100644
index 0000000..83a5258
--- /dev/null
+++ b/media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch
@@ -0,0 +1,15 @@
+https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd
+--- a/modules/demux/mp4/libmp4.c
++++ b/modules/demux/mp4/libmp4.c
+@@ -3643,6 +3643,11 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box )
+     {
+         for( i_index = 0; ; i_index++ )
+         {
++            if ( MP4_Box_Function[i_index].i_parent &&
++                 p_box->p_father &&
++                 p_box->p_father->i_type != 
MP4_Box_Function[i_index].i_parent )
++                continue;
++
+             if( ( MP4_Box_Function[i_index].i_type == p_box->i_type )||
+                 ( MP4_Box_Function[i_index].i_type == 0 ) )
+             {

diff --git a/media-video/vlc/vlc-2.2.1.ebuild 
b/media-video/vlc/vlc-2.2.1-r1.ebuild
similarity index 99%
rename from media-video/vlc/vlc-2.2.1.ebuild
rename to media-video/vlc/vlc-2.2.1-r1.ebuild
index 73ab21a..be3ece4 100644
--- a/media-video/vlc/vlc-2.2.1.ebuild
+++ b/media-video/vlc/vlc-2.2.1-r1.ebuild
@@ -250,6 +250,7 @@ src_prepare() {
        # We are not in a real git checkout due to the absence of a .git 
directory.
        touch src/revision.txt || die
 
+       # PATCHES
        # Fix build system mistake.
        epatch "${FILESDIR}"/${PN}-2.1.0-fix-libtremor-libs.patch
 
@@ -271,6 +272,8 @@ src_prepare() {
        # Add missed header imgproc_c.h, imgproc.hpp, bug #554562
        epatch "${FILESDIR}"/opencv-3.0.0.patch
 
+       epatch "${FILESDIR}"//${P}-CVE-2015-5949.patch
+
        # Don't use --started-from-file when not using dbus.
        if ! use dbus ; then
                sed -i 's/ --started-from-file//' share/vlc.desktop.in || die

Reply via email to