head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.6 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.4 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.2 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2; locks; strict; comment @# @; 1.4 date 2011.09.12.17.25.28; author drochner; state dead; branches; next 1.3; 1.3 date 2011.07.18.17.06.43; author drochner; state Exp; branches; next 1.2; 1.2 date 2011.04.02.16.20.38; author taca; state dead; branches 1.2.2.1; next 1.1; 1.1 date 2011.02.14.19.03.19; author drochner; state Exp; branches; next ; 1.2.2.1 date 2011.08.03.21.04.08; author tron; state Exp; branches; next ; desc @@ 1.4 log @update to 1.1.11 changes: -security fixes in real and avi demuxers (were patched in pkgsrc) -minor bugfixes @ text @$NetBSD: patch-av,v 1.3 2011/07/18 17:06:43 drochner Exp $ CVE-2011-2587 --- modules/demux/real.c.orig 2010-12-29 21:38:25.000000000 +0000 +++ modules/demux/real.c @@@@ -841,7 +841,8 @@@@ static void DemuxAudioSipr( demux_t *p_d demux_sys_t *p_sys = p_demux->p_sys; block_t *p_block = tk->p_sipr_packet; - if( p_sys->i_buffer < tk->i_frame_size ) + if( p_sys->i_buffer < tk->i_frame_size + || tk->i_sipr_subpacket_count >= tk->i_subpacket_h ) return; if( !p_block ) @@@@ -851,7 +852,6 @@@@ static void DemuxAudioSipr( demux_t *p_d return; tk->p_sipr_packet = p_block; } - memcpy( p_block->p_buffer + tk->i_sipr_subpacket_count * tk->i_frame_size, p_sys->buffer, tk->i_frame_size ); if (!tk->i_sipr_subpacket_count) @ 1.3 log @add patches from upstream to plug 2 security problems: -heap overflow in the AVI file parser (CVE-2011-2588) -heap overflow in the Real Media file parser (CVE-2011-2587) bump PKGREV @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update vlc package to 1.1.8. pkgsrc change and notes: * Update PLIST to reflect PKG_OPTION setting. * With pulseaudio and sdl PKG_OPTION, I couldn't build the package because of vlc-cache-gen core dump. * x11 PKG_OPTION could be elminated since the package won't build without it. Changes between 1.1.7 and 1.1.8: -------------------------------- Mac OS X Interface: * New UI graphics by Damien Erambert Interfaces: * Oldrc interface is again the default RC interface, on Windows * Luarc, luahttp and luatelnet fixes * Qt and Mac OS X fixes * numerous Skins2 fixes, notably winamp2 skins Encoder: * new libschroedinger-based Dirac codec encoder, faster than the current one Access/Demuxers/Codecs: * Subtitles auto-detection is back for .txt files * vod/rtsp server and rtsp input fixes * mp4 demuxer improvements * ogg, rstp input, video filters minor fixes * taglib's replaygain is fixed for mp3 * vobsub support has an improved auto-detection * fix a crash in malformed ape files Miscellaneous fixes in: * Pulseaudio audio output, notably for usb cards * Stacktraces are now limited in size on Windows * Video resolution is now limited to 8192x8192, for security reasons See CORE-2011-0208 * Configure and build system improvements * DirectShow and BDA build headers have been updated Translations: * Update for Finnish, Galician, Dutch, Chinese, German, Japanese, Lithuanian, Slovak, French, Polish, Estonian, Brazillian Portuguese and Hebrew * New icelandic translation @ text @d1 1 a1 1 $NetBSD: patch-av,v 1.1 2011/02/14 19:03:19 drochner Exp $ d3 1 a3 1 fix build with libmatroska-1.1 d5 20 a24 18 --- modules/demux/mkv/matroska_segment.cpp.orig 2010-09-27 14:38:23.000000000 +0000 +++ modules/demux/mkv/matroska_segment.cpp @@@@ -220,6 +220,7 @@@@ void matroska_segment_c::LoadTags( KaxTa } ep->Up(); } +#if 0 //not valid anymore else if( MKV_IS_ID( el, KaxTagGeneral ) ) { msg_Dbg( &sys.demuxer, "| + General" ); @@@@ -288,6 +289,7 @@@@ void matroska_segment_c::LoadTags( KaxTa { msg_Dbg( &sys.demuxer, "| + Multi Title" ); } +#endif else { msg_Dbg( &sys.demuxer, "| + LoadTag Unknown (%s)", typeid( *el ).name() ); @ 1.2.2.1 log @Pullup ticket #3489 - requested by drochner multimedia/vlc: security patch Revisions pulled up: - multimedia/vlc/Makefile 1.113 - multimedia/vlc/distinfo 1.46 - multimedia/vlc/patches/patch-au 1.7 - multimedia/vlc/patches/patch-av 1.3 --- Module Name: pkgsrc Committed By: drochner Date: Mon Jul 18 17:06:43 UTC 2011 Modified Files: pkgsrc/multimedia/vlc: Makefile distinfo Added Files: pkgsrc/multimedia/vlc/patches: patch-au patch-av Log Message: add patches from upstream to plug 2 security problems: -heap overflow in the AVI file parser (CVE-2011-2588) -heap overflow in the Real Media file parser (CVE-2011-2587) bump PKGREV @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 CVE-2011-2587 d5 18 a22 20 --- modules/demux/real.c.orig 2010-12-29 21:38:25.000000000 +0000 +++ modules/demux/real.c @@@@ -841,7 +841,8 @@@@ static void DemuxAudioSipr( demux_t *p_d demux_sys_t *p_sys = p_demux->p_sys; block_t *p_block = tk->p_sipr_packet; - if( p_sys->i_buffer < tk->i_frame_size ) + if( p_sys->i_buffer < tk->i_frame_size + || tk->i_sipr_subpacket_count >= tk->i_subpacket_h ) return; if( !p_block ) @@@@ -851,7 +852,6 @@@@ static void DemuxAudioSipr( demux_t *p_d return; tk->p_sipr_packet = p_block; } - memcpy( p_block->p_buffer + tk->i_sipr_subpacket_count * tk->i_frame_size, p_sys->buffer, tk->i_frame_size ); if (!tk->i_sipr_subpacket_count) @ 1.1 log @update to 1.1.7 changes: -fix for CVE-2011-0531 (was patched in pkgsrc) -improvements to codecs, demuxers, Audio-CD support, subtitles, visualization and platform integration @ text @d1 1 a1 1 $NetBSD$ @