Bug 200507
| Summary: | [security] multimedia/avidemux26 - Multiple vulnerabilities | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Sevan Janiyan <venture37> | ||||
| Component: | Individual Port(s) | Assignee: | Thomas Zander <riggs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | nox, ports-secteam, riggs | ||||
| Priority: | --- | Keywords: | needs-patch, security | ||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(multimedia) |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Sevan Janiyan
2015-05-29 00:10:05 UTC
The linked advisory mentions updates to 2.6.6 while our avidemux26 ports are at 2.6.8 - so this is most likely not relevant to them. Hmm correction: 2.6.8 is from 2014 while the CVEs are from up to 2015... And I see 2.6.9 is out so we should probably update to that. I tried updating to 2.6.9 yesterday but got stuck at strange cmake errors, if someone wants to pick up from there... Patch: https://people.freebsd.org/~nox/tmp/avidemux-2.6.9-incomplete-001.patch (some plists probably still need fixing too) (partial) poudriere testport log including the cmake errors: https://people.freebsd.org/~nox/tmp/avidemux26-plugins-testport-001.log.txt CMakeError.log and CMakeOutput.log out of the jail: https://people.freebsd.org/~nox/tmp/avidemux26-plugins-CMakeError.log.txt https://people.freebsd.org/~nox/tmp/avidemux26-plugins-CMakeOutput.log.txt This was attempting to build multimedia/avideumux26-plugins, it is needed and depends on the other avidemux26 ports. Thanx! :) Juergen (In reply to Juergen Lock from comment #3) On it... Created attachment 157344 [details]
Update to 2.6.9
Merge of nox's patch with my own modifications.
svn diff relative to ${PORTSDIR}/multimedia
(In reply to Thomas Zander from comment #5) Build tested with poudriere in various OPTIONS permutations on 10-stable/amd64 and 9.3/i386. Using the resulting binary for actual editing jobs not yet tested :-) A commit references this bug: Author: riggs Date: Mon Jun 1 18:58:38 UTC 2015 New revision: 388254 URL: https://svnweb.freebsd.org/changeset/ports/388254 Log: Update to upstream version 2.6.9 While on it: Pet portlint PR: 200507 Reported by: venture37@geeklan.co.uk Changes: head/multimedia/avidemux26/Makefile head/multimedia/avidemux26/Makefile.common head/multimedia/avidemux26/distinfo head/multimedia/avidemux26/files/patch-avidemux__core_ADM__core_src_ADM__memsupport.cpp head/multimedia/avidemux26/files/patch-avidemux__core_ffmpeg__package_patches_config.mak.diff head/multimedia/avidemux26/files/patch-avidemux__plugins_CMakeLists.txt head/multimedia/avidemux26/files/patch-avidemux_core-ffmpeg_package-patches-Makefile.patch head/multimedia/avidemux26/files/patch-avidemux_core-ffmpeg_package-patches-configure.patch head/multimedia/avidemux26/files/patch-avidemux_core-ffmpeg_package-patches-libavcodec-Makefile.patch head/multimedia/avidemux26/files/patch-avidemux_core_ADM_core_src_ADM_memsupport.cpp head/multimedia/avidemux26/files/patch-cmake_admCheckMiscLibs.cmake head/multimedia/avidemux26/files/patch-config.mak.diff head/multimedia/avidemux26/files/patch-libexecinfo head/multimedia/avidemux26/files/patch-po__CMakeLists.txt head/multimedia/avidemux26/pkg-plist head/multimedia/avidemux26-cli/Makefile head/multimedia/avidemux26-plugins/Makefile head/multimedia/avidemux26-plugins/pkg-plist head/multimedia/avidemux26-qt4/Makefile head/multimedia/avidemux26-qt4/pkg-plist Actually, from reading the security advisory it does look like pre-2.6.8 versions were vulnerable as nox pointed out. I'll update vuxml accordingly. A commit references this bug: Author: riggs Date: Mon Jun 1 19:37:58 UTC 2015 New revision: 388266 URL: https://svnweb.freebsd.org/changeset/ports/388266 Log: Add entry for vulnerable versions of avidemux2 and avidemux26 PR: 200507 Submitted by: venture37@geeklan.co.uk Changes: head/security/vuxml/vuln.xml |
