diff options
| author | Rutger Helling <rhelling@mykolab.com> | 2018-02-13 10:09:56 +0100 |
|---|---|---|
| committer | Rutger Helling <rhelling@mykolab.com> | 2018-02-13 10:13:40 +0100 |
| commit | 171c7642b840ce4b4bfb0b97f874014c66ec5ea7 (patch) | |
| tree | 1c6ec10dab8573fe010c4b496c3cbef3968580c9 /gnu/packages/patches/mpv-CVE-2018-6360-2.patch | |
| parent | 4747cca2b4eafd84aa4a2dfb5151f18a1b626ff0 (diff) | |
| download | guix-171c7642b840ce4b4bfb0b97f874014c66ec5ea7.tar.gz | |
gnu: mpv: Update to 0.28.1 [fixes CVE-2018-6360].
* gnu/packages/video.scm (mpv): Update to 0.28.1.
Diffstat (limited to 'gnu/packages/patches/mpv-CVE-2018-6360-2.patch')
| -rw-r--r-- | gnu/packages/patches/mpv-CVE-2018-6360-2.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-2.patch b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch deleted file mode 100644 index b37e33a641..0000000000 --- a/gnu/packages/patches/mpv-CVE-2018-6360-2.patch +++ /dev/null @@ -1,59 +0,0 @@ -Fix CVE-2018-6360: - -https://github.com/mpv-player/mpv/issues/5456 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360 -https://security-tracker.debian.org/tracker/CVE-2018-6360 - -Patch copied from upstream source repository: - -https://github.com/mpv-player/mpv/commit/f8263e82cc74a9ac6530508bec39c7b0dc02568f - -From f8263e82cc74a9ac6530508bec39c7b0dc02568f Mon Sep 17 00:00:00 2001 -From: Ricardo Constantino <wiiaboo@gmail.com> -Date: Fri, 26 Jan 2018 11:26:27 +0000 -Subject: [PATCH] ytdl_hook: move url_is_safe earlier in code - -lua isn't javascript. ---- - player/lua/ytdl_hook.lua | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua -index b480c21625..458c94af38 100644 ---- a/player/lua/ytdl_hook.lua -+++ b/player/lua/ytdl_hook.lua -@@ -84,6 +84,15 @@ local function edl_escape(url) - return "%" .. string.len(url) .. "%" .. url - end - -+local function url_is_safe(url) -+ local proto = type(url) == "string" and url:match("^(.+)://") or nil -+ local safe = proto and safe_protos[proto] -+ if not safe then -+ msg.error(("Ignoring potentially unsafe url: '%s'"):format(url)) -+ end -+ return safe -+end -+ - local function time_to_secs(time_string) - local ret - -@@ -223,15 +232,6 @@ local function proto_is_dash(json) - or json["protocol"] == "http_dash_segments" - end - --local function url_is_safe(url) -- local proto = type(url) == "string" and url:match("^(.+)://") or nil -- local safe = proto and safe_protos[proto] -- if not safe then -- msg.error(("Ignoring potentially unsafe url: '%s'"):format(url)) -- end -- return safe --end -- - local function add_single_video(json) - local streamurl = "" - local max_bitrate = 0 --- -2.16.1 - |