From nobody@FreeBSD.org  Tue Feb  1 20:39:20 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 49F171065697
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Feb 2011 20:39:20 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 385B58FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Feb 2011 20:39:20 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p11KdJfI049605
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 1 Feb 2011 20:39:19 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p11KdJWf049604;
	Tue, 1 Feb 2011 20:39:19 GMT
	(envelope-from nobody)
Message-Id: <201102012039.p11KdJWf049604@red.freebsd.org>
Date: Tue, 1 Feb 2011 20:39:19 GMT
From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] multimedia/vlc: fix execution of arbitrary code [feature safe]
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         154451
>Category:       ports
>Synopsis:       [PATCH] multimedia/vlc: fix execution of arbitrary code [feature safe]
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    jsa
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 01 20:40:09 UTC 2011
>Closed-Date:    Wed Feb 02 20:38:41 UTC 2011
>Last-Modified:  Wed Feb  2 20:40:09 UTC 2011
>Originator:     Ruslan Mahmatkhanov
>Release:        8.2-PRERELEASE
>Organization:
>Environment:
8.2-PRERELEASE i386
>Description:
- advisory: http://www.videolan.org/security/sa1102.html
- patch is from there: http://git.videolan.org/?p=vlc.git;a=commit;h=59491dcedffbf97612d2c572943b56ee4289dd07
- bump PORTREVISION, because matroska is enabled by default
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruNa vlc.orig/Makefile vlc/Makefile
--- vlc.orig/Makefile	2011-01-30 03:04:10.000000000 +0300
+++ vlc/Makefile	2011-02-01 23:33:07.000000000 +0300
@@ -8,6 +8,7 @@
 PORTNAME=	vlc
 DISTVERSION=	1.1.6
 PORTEPOCH=	3
+PORTREVISION=	1
 CATEGORIES=	multimedia audio ipv6 net www
 MASTER_SITES=	http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION}/ \
 		http://ftp.snt.utwente.nl/pub/software/videolan/${PORTNAME}/${DISTVERSION}/ \
diff -ruNa vlc.orig/files/patch-modules-demux-mkv_mkv.hpp vlc/files/patch-modules-demux-mkv_mkv.hpp
--- vlc.orig/files/patch-modules-demux-mkv_mkv.hpp	1970-01-01 03:00:00.000000000 +0300
+++ vlc/files/patch-modules-demux-mkv_mkv.hpp	2011-02-01 23:30:00.000000000 +0300
@@ -0,0 +1,13 @@
+diff --git a/modules/demux/mkv/mkv.hpp b/modules/demux/mkv/mkv.hpp
+index f0e87c6..664cafa 100644
+--- a/modules/demux/mkv/mkv.hpp
++++ b/modules/demux/mkv/mkv.hpp
+@@ -115,7 +115,7 @@ extern "C" {
+ 
+ #define MKVD_TIMECODESCALE 1000000
+ 
+-#define MKV_IS_ID( el, C ) ( EbmlId( (*el) ) == C::ClassInfos.GlobalId )
++#define MKV_IS_ID( el, C ) ( el != NULL && typeid( *el ) == typeid( C ) )
+ 
+ 
+ using namespace LIBMATROSKA_NAMESPACE;


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->jsa 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Feb 1 20:40:14 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154451 

From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/154451
Date: Tue, 01 Feb 2011 23:56:33 +0300

 This is a multi-part message in MIME format.
 --------------070604000409090700020906
 Content-Type: text/plain; charset=UTF-8; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Sorry. The right one.
 
 -- 
 Regards,
 Ruslan
 
 --------------070604000409090700020906
 Content-Type: text/plain;
  name="vlc-1.1.6_1.diff.txt"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment;
  filename="vlc-1.1.6_1.diff.txt"
 
 ZGlmZiAtcnVOYSB2bGMub3JpZy9NYWtlZmlsZSB2bGMvTWFrZWZpbGUKLS0tIHZsYy5vcmln
 L01ha2VmaWxlCTIwMTEtMDEtMzAgMDM6MDQ6MTAuMDAwMDAwMDAwICswMzAwCisrKyB2bGMv
 TWFrZWZpbGUJMjAxMS0wMi0wMSAyMzo1NDoxMy4wMDAwMDAwMDAgKzAzMDAKQEAgLTgsNiAr
 OCw3IEBACiBQT1JUTkFNRT0JdmxjCiBESVNUVkVSU0lPTj0JMS4xLjYKIFBPUlRFUE9DSD0J
 MworUE9SVFJFVklTSU9OPQkxCiBDQVRFR09SSUVTPQltdWx0aW1lZGlhIGF1ZGlvIGlwdjYg
 bmV0IHd3dwogTUFTVEVSX1NJVEVTPQlodHRwOi8vZG93bmxvYWQudmlkZW9sYW4ub3JnL3B1
 Yi92aWRlb2xhbi8ke1BPUlROQU1FfS8ke0RJU1RWRVJTSU9OfS8gXAogCQlodHRwOi8vZnRw
 LnNudC51dHdlbnRlLm5sL3B1Yi9zb2Z0d2FyZS92aWRlb2xhbi8ke1BPUlROQU1FfS8ke0RJ
 U1RWRVJTSU9OfS8gXApkaWZmIC1ydU5hIHZsYy5vcmlnL2ZpbGVzL3BhdGNoLW1vZHVsZXMt
 ZGVtdXgtbWt2X21rdi5ocHAgdmxjL2ZpbGVzL3BhdGNoLW1vZHVsZXMtZGVtdXgtbWt2X21r
 di5ocHAKLS0tIHZsYy5vcmlnL2ZpbGVzL3BhdGNoLW1vZHVsZXMtZGVtdXgtbWt2X21rdi5o
 cHAJMTk3MC0wMS0wMSAwMzowMDowMC4wMDAwMDAwMDAgKzAzMDAKKysrIHZsYy9maWxlcy9w
 YXRjaC1tb2R1bGVzLWRlbXV4LW1rdl9ta3YuaHBwCTIwMTEtMDItMDEgMjM6NTI6NTIuMDAw
 MDAwMDAwICswMzAwCkBAIC0wLDAgKzEsMTEgQEAKKy0tLSAuL21vZHVsZXMvZGVtdXgvbWt2
 L21rdi5ocHAKKysrKyAuL21vZHVsZXMvZGVtdXgvbWt2L21rdi5ocHAKK0BAIC0xMTUsNyAr
 MTE1LDcgQEAgZXh0ZXJuICJDIiB7CisgCisgI2RlZmluZSBNS1ZEX1RJTUVDT0RFU0NBTEUg
 MTAwMDAwMAorIAorLSNkZWZpbmUgTUtWX0lTX0lEKCBlbCwgQyApICggRWJtbElkKCAoKmVs
 KSApID09IEM6OkNsYXNzSW5mb3MuR2xvYmFsSWQgKQorKyNkZWZpbmUgTUtWX0lTX0lEKCBl
 bCwgQyApICggZWwgIT0gTlVMTCAmJiB0eXBlaWQoICplbCApID09IHR5cGVpZCggQyApICkK
 KyAKKyAKKyB1c2luZyBuYW1lc3BhY2UgTElCTUFUUk9TS0FfTkFNRVNQQUNFOwo=
 --------------070604000409090700020906--

From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/154451
Date: Wed, 02 Feb 2011 23:27:49 +0300

 Please close.
 vlc 1.1.7 that commited recently, already patched against this.
 
 -- 
 Regards,
 Ruslan
State-Changed-From-To: open->closed 
State-Changed-By: jsa 
State-Changed-When: Wed Feb 2 20:38:40 UTC 2011 
State-Changed-Why:  
Fix superseded by 1.1.7 release. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154451 

From: "Joseph S. Atkinson" <jsa@FreeBSD.org>
To: bug-followup@FreeBSD.org, cvs-src@yandex.ru
Cc:  
Subject: Re: ports/154451: [PATCH] multimedia/vlc: fix execution of arbitrary
 code [feature safe]
Date: Wed, 02 Feb 2011 15:37:19 -0500

 By the time I was able to address this, 1.1.7 had already been released. It has 
 already been committed to ports (thanks kwm@ for letting me get some sleep!).
 
 Thanks for the prompt notification and fix.
>Unformatted:
