head 1.8; access; symbols pkgsrc-2013Q2:1.8.0.10 pkgsrc-2013Q2-base:1.8 pkgsrc-2012Q4:1.8.0.8 pkgsrc-2012Q4-base:1.8 pkgsrc-2011Q4:1.8.0.6 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q2:1.8.0.4 pkgsrc-2011Q2-base:1.8 pkgsrc-2009Q4:1.8.0.2 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.7.0.18 pkgsrc-2009Q3-base:1.7 pkgsrc-2009Q2:1.7.0.16 pkgsrc-2009Q2-base:1.7 pkgsrc-2009Q1:1.7.0.14 pkgsrc-2009Q1-base:1.7 pkgsrc-2008Q4:1.7.0.12 pkgsrc-2008Q4-base:1.7 pkgsrc-2008Q3:1.7.0.10 pkgsrc-2008Q3-base:1.7 cube-native-xorg:1.7.0.8 cube-native-xorg-base:1.7 pkgsrc-2008Q2:1.7.0.6 pkgsrc-2008Q2-base:1.7 cwrapper:1.7.0.4 pkgsrc-2008Q1:1.7.0.2 pkgsrc-2008Q1-base:1.7 pkgsrc-2007Q4:1.6.0.2 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.5.0.6 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.4 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.2 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.4.0.14 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.12 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.10 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.8 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.6 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.4 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.2 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.2.0.6 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.4 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.2 pkgsrc-2004Q3-base:1.2; locks; strict; comment @# @; 1.8 date 2009.10.18.22.22.10; author ahoka; state dead; branches; next 1.7; 1.7 date 2008.02.05.17.00.36; author drochner; state Exp; branches; next 1.6; 1.6 date 2007.12.21.11.31.21; author tron; state dead; branches 1.6.2.1; next 1.5; 1.5 date 2007.01.09.14.49.33; author drochner; state Exp; branches; next 1.4; 1.4 date 2005.04.18.17.49.41; author drochner; state dead; branches 1.4.14.1; next 1.3; 1.3 date 2005.04.16.17.43.09; author drochner; state Exp; branches; next 1.2; 1.2 date 2004.07.17.19.06.36; author wiz; state dead; branches 1.2.6.1; next 1.1; 1.1 date 2004.07.02.17.07.21; author drochner; state Exp; branches; next ; 1.6.2.1 date 2008.02.11.12.04.15; author ghen; state Exp; branches; next ; 1.4.14.1 date 2007.01.28.20.37.59; author ghen; state Exp; branches; next ; 1.2.6.1 date 2005.04.21.15.20.40; author salo; state Exp; branches; next ; desc @@ 1.8 log @Upgrade to the SVN snapshot as of 2009-10-17. The builtin libavcodec now uses yasm to assemble hand written h264 code. The older x264 we currently have in pkgsrc is not supported by mplayer, so I had to do some hand tweaking to make it work. It may contain bugs because of this, so report any fallouts with h264. @ text @$NetBSD: patch-ba,v 1.7 2008/02/05 17:00:36 drochner Exp $ --- libmpdemux/demux_audio.c.orig 2007-10-07 21:49:33.000000000 +0200 +++ libmpdemux/demux_audio.c @@@@ -229,6 +229,8 @@@@ get_flac_metadata (demuxer_t* demuxer) ptr += 4; comment = ptr; + if (&comment[length] < comments || &comment[length] >= &comments[blk_len]) + return; c = comment[length]; comment[length] = 0; @ 1.7 log @add some patches from upstream which fix CVE-2008-0485, CVE-2008-0486 and two unnamed buffer overflows, bump PKGREVISION of affected pkgs @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @Update "mplayer", "mplayer-share", "mencoder" and "gmplayer" packages to version 1.0rc2 (as 1.0rc10). Changes since version 1.0rc1 (known as 1.0rc9 in "pkgsrc"): - A lot of new audio and video decoders and other improvements - A large number of bug fixes - Updated documentation - Support for Mac OS X Intel Approved by Thomas Klausner (because it fixes the Darwin-i386 build). @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.5 2007/01/09 14:49:33 drochner Exp $ d3 4 a6 7 --- stream/realrtsp/asmrp.c.orig 2006-10-23 00:32:25.000000000 +0200 +++ stream/realrtsp/asmrp.c @@@@ -40,6 +40,7 @@@@ #include #include #include +#include "asmrp.h" d8 5 a12 13 /* #define LOG @@@@ -645,8 +646,10 @@@@ static int asmrp_eval (asmrp_t *p, int * #ifdef LOG printf ("rule #%d is true\n", rule_num); #endif - matches[num_matches] = rule_num; - num_matches++; + if(num_matches < MAX_RULEMATCHES - 1) + matches[num_matches++] = rule_num; + else + printf("Ignoring matched asm rule %d, too many matched rules.\n", rule_num); } a13 1 rule_num++; @ 1.6.2.1 log @Pullup ticket 2287 - requested by drochner security fixes for mplayer and mencoder - pkgsrc/multimedia/gmplayer/Makefile 1.67 - pkgsrc/multimedia/mencoder/Makefile 1.37 - pkgsrc/multimedia/mplayer/Makefile 1.52 - pkgsrc/multimedia/mplayer-share/distinfo 1.47 - pkgsrc/multimedia/mplayer-share/patches/patch-ba 1.7 - pkgsrc/multimedia/mplayer-share/patches/patch-bb 1.7 - pkgsrc/multimedia/mplayer-share/patches/patch-bc 1.5 - pkgsrc/multimedia/mplayer-share/patches/patch-bd 1.5 Module Name: pkgsrc Committed By: drochner Date: Tue Feb 5 17:00:37 UTC 2008 Modified Files: pkgsrc/multimedia/gmplayer: Makefile pkgsrc/multimedia/mencoder: Makefile pkgsrc/multimedia/mplayer: Makefile pkgsrc/multimedia/mplayer-share: distinfo Added Files: pkgsrc/multimedia/mplayer-share/patches: patch-ba patch-bb patch-bc patch-bd Log Message: add some patches from upstream which fix CVE-2008-0485, CVE-2008-0486 and two unnamed buffer overflows, bump PKGREVISION of affected pkgs @ text @d1 1 a1 1 $NetBSD$ d3 7 a9 4 --- libmpdemux/demux_audio.c.orig 2007-10-07 21:49:33.000000000 +0200 +++ libmpdemux/demux_audio.c @@@@ -229,6 +229,8 @@@@ get_flac_metadata (demuxer_t* demuxer) ptr += 4; d11 13 a23 5 comment = ptr; + if (&comment[length] < comments || &comment[length] >= &comments[blk_len]) + return; c = comment[length]; comment[length] = 0; d25 1 @ 1.5 log @add limit check to real parser (identical to CVE-2006-6172) from mplayer svn bump PKGREVISIONs @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @update to 1.0pre7 some relevant changes: -RTSP/MMST security patches now in main distribution -documentation improvements -x86_64 support fixes -integrated Tremor decoder for Ogg/Vorbis -expose support for 422P and 444P raw formats -dropped support of old FAAD2 versions (<= 1.1) -support for 32 bit float and extended WAV files -support for multichannel WAV files -ALAC (QuickTime lossless audio) support via lavc -vqf demuxer -support for Real multirate files -more user-friendly info about audio and subtitle tracks in Ogg files -streaming improvements -ffmpeg updates -MEncoder usability improvements -many fixes and cleanups @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.3 2005/04/16 17:43:09 drochner Exp $ d3 20 a22 11 --- libmpdemux/realrtsp/rtsp.c.orig 2005-04-16 21:08:44.000000000 +0200 +++ libmpdemux/realrtsp/rtsp.c @@@@ -397,6 +397,7 @@@@ static int rtsp_get_answers(rtsp_t *s) { unsigned int answer_seq; char **answer_ptr=s->answers; int code; + int ans_count = 0; answer=rtsp_get(s); if (!answer) @@@@ -448,7 +449,7 @@@@ static int rtsp_get_answers(rtsp_t *s) { d24 2 a25 7 *answer_ptr=answer; answer_ptr++; - } while (strlen(answer)!=0); + } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS)); s->cseq++; @ 1.4.14.1 log @Pullup ticket 1986 - requested by drochner security fix for mplayer, gmplayer, mencoder (I forgot to commit multimedia/mplayer-share/patches/patch-* the first time) - pkgsrc/multimedia/gmplayer/Makefile 1.58 - pkgsrc/multimedia/gmplayer/distinfo 1.44 - pkgsrc/multimedia/mencoder/Makefile 1.31 - pkgsrc/multimedia/mplayer/Makefile 1.38 - pkgsrc/multimedia/mplayer-share/distinfo 1.36 - pkgsrc/multimedia/mplayer-share/patches/patch-ba 1.5 - pkgsrc/multimedia/mplayer-share/patches/patch-bb 1.5 - pkgsrc/multimedia/mplayer-share/patches/patch-bc 1.3 Module Name: pkgsrc Committed By: drochner Date: Tue Jan 9 14:49:34 UTC 2007 Modified Files: pkgsrc/multimedia/gmplayer: Makefile distinfo pkgsrc/multimedia/mencoder: Makefile pkgsrc/multimedia/mplayer: Makefile pkgsrc/multimedia/mplayer-share: distinfo Added Files: pkgsrc/multimedia/mplayer-share/patches: patch-ba patch-bb patch-bc Log Message: add limit check to real parser (identical to CVE-2006-6172) from mplayer svn bump PKGREVISIONs @ text @d1 1 a1 1 $NetBSD$ d3 11 a13 20 --- stream/realrtsp/asmrp.c.orig 2006-10-23 00:32:25.000000000 +0200 +++ stream/realrtsp/asmrp.c @@@@ -40,6 +40,7 @@@@ #include #include #include +#include "asmrp.h" /* #define LOG @@@@ -645,8 +646,10 @@@@ static int asmrp_eval (asmrp_t *p, int * #ifdef LOG printf ("rule #%d is true\n", rule_num); #endif - matches[num_matches] = rule_num; - num_matches++; + if(num_matches < MAX_RULEMATCHES - 1) + matches[num_matches++] = rule_num; + else + printf("Ignoring matched asm rule %d, too many matched rules.\n", rule_num); d15 7 a21 2 rule_num++; @ 1.3 log @two security patches: Real RTSP heap overflow, MMST heap overflow (both patches published on the mplayer website) bump PKGREVISION of affected pkgs @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 1.0pre5: DOCS * small additions, corrections, updates all over the place * audio output driver section added to the man page * several bug fixes and improvements in the MEncoder documentation * DVD ripping guide extended and improved * AUTHORS file massively extended * German man page partially updated * Hungarian XML documentation translation started Ports * encrypted DVD playback on Windows fixed (again) * Cygwin and MinGW now accept the same -dvd-device syntax * LIVE.COM now works under MinGW * foundations for MinGW crosscompilation * disabled SSE on MinGW as it caused crashes * AC3 passthrough for ao_win32 * improved vo_quartz (YUV, multiple screens support) * vo_quartz made default on Mac OS X * ao_macosx fixed and made default again on Mac OS X * RealVideo binary codecs support on Mac OS X (still buggy) * bigendian fixes in vf.c, vo_tga * OpenBSD portability fixes * OpenBSD/VAX support * AMD64 support Drivers * support for more Radeons (9800 XT among them) in VIDIX * Radeon related bug fixes in VIDIX * vo_gl2 now supports GUI, fix for flickering borders in fullscreen * support 24 and 32 bit PCM files, bigendian fixes * ao_sdl now converts unsupported formats instead of quitting * ENCA support * merged ao_alsa9 and ao_alsa1x drivers into ao_alsa * NeoMagic TV-out support through VESA * JACK audio output driver * vo_sdl fixes (wrong flags and screensaver disabling) * vo_directx fixes Decoders * MSZH/ZLIB, FLI, QTRLE, RoQ video and RoQ audio support moved to FFmpeg * FFmpeg Cinepak and CYUV decoders preferred * audio format 0xff support (is AAC) * "raw" audio in MOV supported * Indeo audio (iac25) support via binary codec * upgrade libfaad2 to the FAAD 2.0 release * MPEG2 chroma422/444 support * Winnov WINX and WNV1 support via binary codec Demuxers * Ogg subtitle handling and other bug fixes * Matroska improvements * support seeking in Real files without -idx * support seeking in Real files without index with -forceidx Streaming * ASF, MMST streaming fixes * URL escaping fixed * NSA (Nullsoft audio) streaming support * embedded RAM playlist support * multibyte URL support * rtp:// now supported even with LIVE.COM compiled in * miscellaneous bug fixes Filters * vf_softskip: frame skipping filter for MEncoder * vf_harddup: frame duplication filter for MEncoder * vf_pullup minor fixes and improvements * AltiVec-optimized YUV to RGB converter * vf_spp memory corruption fix on reallocation FFmpeg/libavcodec * MPEG2 encoding with 8, 9, 10, 11 bit intra DC precision * DC clipping fix, intra_dc_precision > 0 support * Cinepak fixes and palette support * support skipping of MB rows during decoding * Vorbis in NUT fixed * NUT updated to latest specification * segfault and artifact fixes in SVQ3 decoder * motion estimation code: overflow and chroma fixes * change qscale -> lambda for the motion estimation * noise preserving sum of squares comparison function in ME code * fixed memory overwrite in truemotion decoder * clip input motion vectors, better error tolerance on bad vectors * FLAC decoder cleanup (partial demuxer/decoder separation) * memalign hack for SSE/SSE2 on that alternative OS :) * lots of AltiVec optimizations * qscale + qprd fix * QTrle4 support * H.261 decoder * coefficient saturation fix in H.263 * H.263 MCBPC fix * per line lowpass filter in MMX and faster C lowpass filter * SVQ1 encoder * as usual, lots of bug fixes and optimizations Others * fullscreen fixes for many window managers * fix crash on original Pentiums and older * dvd://start-end support * netstream (mpst://) support fixed * support comments in plaintext playlists * loader/ dependency removed * keepaspect option extended to all video output drivers * WMA to Ogg conversion and simple subtitle editing script added to TOOLS * support for more lame options * new set of GUI icons * memory conserving implementation of GUI potmeters * X11 code reindented * further gcc 3.4 support fixes * mixer API written for changing volume through libaf * -rtc-device option for specifying the RTC device * desktop/menu icon added * miscellaneous bug fixes and cleanups * multi-threaded encoding with lavc * fixed a bug with Real files introduced in pre4 * -use-stdin renamed to -noconsolecontrols @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.1 2004/07/02 17:07:21 drochner Exp $ d3 19 a21 17 --- Gui/interface.c.orig 2004-03-25 22:49:47.000000000 +0100 +++ Gui/interface.c @@@@ -54,8 +54,12 @@@@ char * gstrcat( char ** dest,char * src if ( *dest ) { tmp=malloc( strlen( *dest ) + strlen( src ) + 1 ); - strcpy( tmp,*dest ); strcat( tmp,src ); free( *dest ); - } + + if ( tmp ) /* TODO: advanced error handling */ + { + strcpy( tmp,*dest ); strcat( tmp,src ); free( *dest ); + } + } else { tmp=malloc( strlen( src ) + 1 ); strcpy( tmp,src ); } *dest=tmp; @ 1.2.6.1 log @Pullup ticket 451 - requested by Matthias Drochner security fix for mplayer Revisions pulled up: - pkgsrc/multimedia/gmplayer/Makefile 1.30, 1.32 - pkgsrc/multimedia/gmplayer/distinfo 1.24-1.25 - pkgsrc/multimedia/mencoder/Makefile 1.18 - pkgsrc/multimedia/mplayer/Makefile 1.16 - pkgsrc/multimedia/mplayer-share/distinfo 1.18 - pkgsrc/multimedia/mplayer-share/patches/patch-ba 1.3 - pkgsrc/multimedia/mplayer-share/patches/patch-bb 1.3 Module Name: pkgsrc Committed By: abs Date: Sat Apr 9 11:19:32 UTC 2005 Modified Files: pkgsrc/multimedia/gmplayer: Makefile distinfo Log Message: Update gmplayer to 1.0rc6nb2: Change DIST_SUBDIR - skins have been updated on master site again --- Module Name: pkgsrc Committed By: drochner Date: Sat Apr 16 17:43:09 UTC 2005 Modified Files: pkgsrc/multimedia/gmplayer: Makefile distinfo pkgsrc/multimedia/mencoder: Makefile pkgsrc/multimedia/mplayer: Makefile pkgsrc/multimedia/mplayer-share: distinfo Added Files: pkgsrc/multimedia/mplayer-share/patches: patch-ba patch-bb Log Message: two security patches: Real RTSP heap overflow, MMST heap overflow (both patches published on the mplayer website) bump PKGREVISION of affected pkgs @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.3 2005/04/16 17:43:09 drochner Exp $ d3 17 a19 19 --- libmpdemux/realrtsp/rtsp.c.orig 2005-04-16 21:08:44.000000000 +0200 +++ libmpdemux/realrtsp/rtsp.c @@@@ -397,6 +397,7 @@@@ static int rtsp_get_answers(rtsp_t *s) { unsigned int answer_seq; char **answer_ptr=s->answers; int code; + int ans_count = 0; answer=rtsp_get(s); if (!answer) @@@@ -448,7 +449,7 @@@@ static int rtsp_get_answers(rtsp_t *s) { } *answer_ptr=answer; answer_ptr++; - } while (strlen(answer)!=0); + } while ((strlen(answer)!=0) && (++ans_count < MAX_FIELDS)); s->cseq++; @ 1.1 log @apply the patch from the mplayer site to fix buffer overflow vulnerabilities in the GUI @ text @d1 1 a1 1 $NetBSD$ @