head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.10 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.8 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.6 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.4 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.2 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.3.0.16 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.14 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.12 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.10 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.8 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.6 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.4 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.2 pkgsrc-2008Q1:1.2.0.4 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.2 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.1.0.2 pkgsrc-2007Q3-base:1.1; locks; strict; comment @# @; 1.4 date 2009.10.18.22.22.10; author ahoka; state dead; branches; next 1.3; 1.3 date 2008.05.11.03.46.24; author tonnerre; state Exp; branches; next 1.2; 1.2 date 2007.12.21.11.31.20; author tron; state dead; branches 1.2.4.1; next 1.1; 1.1 date 2007.09.13.19.16.01; author drochner; state Exp; branches; next ; 1.2.4.1 date 2008.05.27.09.29.41; author spz; state Exp; branches; next ; desc @@ 1.4 log @Upgrade to the SVN snapshot as of 2009-10-17. The builtin libavcodec now uses yasm to assemble hand written h264 code. The older x264 we currently have in pkgsrc is not supported by mplayer, so I had to do some hand tweaking to make it work. It may contain bugs because of this, so report any fallouts with h264. @ text @$NetBSD: patch-al,v 1.3 2008/05/11 03:46:24 tonnerre Exp $ --- stream/realrtsp/sdpplin.c.orig 2007-10-07 21:49:25.000000000 +0200 +++ stream/realrtsp/sdpplin.c @@@@ -330,7 +330,8 @@@@ sdpplin_t *sdpplin_parse(char *data) { if(filter(data,"a=StreamCount:integer;",&buf)) { desc->stream_count=(unsigned int)atoi(buf); - desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count); + desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*)); + if (!desc->stream) desc->stream_count = 0; handled=1; data=nl(data); } @ 1.3 log @Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow in the RealRTSP SDP code which can be exploited to execute arbitrary code remotely. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update "mplayer", "mplayer-share", "mencoder" and "gmplayer" packages to version 1.0rc2 (as 1.0rc10). Changes since version 1.0rc1 (known as 1.0rc9 in "pkgsrc"): - A lot of new audio and video decoders and other improvements - A large number of bug fixes - Updated documentation - Support for Mac OS X Intel Approved by Thomas Klausner (because it fixes the Darwin-i386 build). @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.1 2007/09/13 19:16:01 drochner Exp $ d3 12 a14 24 --- libmpdemux/aviheader.c.orig 2007-09-13 20:25:34.000000000 +0200 +++ libmpdemux/aviheader.c @@@@ -227,16 +227,16 @@@@ while(1){ print_avisuperindex_chunk(s,MSGL_V); - if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){ - mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n"); - s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry; - } - // Check and fix this useless crap if(s->wLongsPerEntry != sizeof (avisuperindex_entry)/4) { mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk size: %u\n",s->wLongsPerEntry); s->wLongsPerEntry = sizeof(avisuperindex_entry)/4; } + if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){ + mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n"); + s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry; + } + s->aIndex = calloc(s->nEntriesInUse, sizeof (avisuperindex_entry)); s->stdidx = calloc(s->nEntriesInUse, sizeof (avistdindex_chunk)); @ 1.2.4.1 log @Pullup ticket 2371 - requested by tonnerre security fix for mplayer and gmplayer Revisions pulled up: - pkgsrc/multimedia/mplayer-share/distinfo 1.50 - pkgsrc/multimedia/mplayer-share/patches/patch-al 1.3 - pkgsrc/multimedia/mplayer/Makefile 1.59 - pkgsrc/multimedia/gmplayer/Makefile 1.70 - pkgsrc/multimedia/gmplayer/distinfo 1.56 Module Name: pkgsrc Committed By: tonnerre Date: Sun May 11 03:46:24 UTC 2008 Modified Files: pkgsrc/multimedia/mplayer: Makefile pkgsrc/multimedia/mplayer-share: distinfo Added Files: pkgsrc/multimedia/mplayer-share/patches: patch-al Log Message: Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow in the RealRTSP SDP code which can be exploited to execute arbitrary code remotely. To generate a diff of this commit: cvs rdiff -r1.58 -r1.59 pkgsrc/multimedia/mplayer/Makefile cvs rdiff -r1.49 -r1.50 pkgsrc/multimedia/mplayer-share/distinfo cvs rdiff -r0 -r1.3 pkgsrc/multimedia/mplayer-share/patches/patch-al Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --- Module Name: pkgsrc Committed By: tonnerre Date: Mon May 19 20:55:51 UTC 2008 Modified Files: pkgsrc/multimedia/gmplayer: Makefile distinfo Log Message: Add patches for CVE-2008-1558 for gmplayer To generate a diff of this commit: cvs rdiff -r1.69 -r1.70 pkgsrc/multimedia/gmplayer/Makefile cvs rdiff -r1.55 -r1.56 pkgsrc/multimedia/gmplayer/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.3 2008/05/11 03:46:24 tonnerre Exp $ d3 24 a26 12 --- stream/realrtsp/sdpplin.c.orig 2007-10-07 21:49:25.000000000 +0200 +++ stream/realrtsp/sdpplin.c @@@@ -330,7 +330,8 @@@@ sdpplin_t *sdpplin_parse(char *data) { if(filter(data,"a=StreamCount:integer;",&buf)) { desc->stream_count=(unsigned int)atoi(buf); - desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count); + desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*)); + if (!desc->stream) desc->stream_count = 0; handled=1; data=nl(data); } @ 1.1 log @apply a security fix from upstream CVS: Check wLongsPerEntry before using it. This fixes a potential crash for some values of it. As a side effect it works around broken callocs with an integer overflow vulnerability, but using MPlayer on such systems should never be assumed to be safe! This should fix SA26806 (http://secunia.com/advisories/26806/). bump PKGREVISIONs @ text @d1 1 a1 1 $NetBSD$ @