head 1.8; access; symbols pkgsrc-2013Q2:1.8.0.10 pkgsrc-2013Q2-base:1.8 pkgsrc-2012Q4:1.8.0.8 pkgsrc-2012Q4-base:1.8 pkgsrc-2011Q4:1.8.0.6 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q2:1.8.0.4 pkgsrc-2011Q2-base:1.8 pkgsrc-2009Q4:1.8.0.2 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q1:1.7.0.2 pkgsrc-2009Q1-base:1.7 pkgsrc-2008Q4:1.6.0.8 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.6 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.4 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.2 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.4.0.4 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.2 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.3.0.4 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.2 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.2.0.6 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.4 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.2 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.1.0.2 pkgsrc-2006Q2-base:1.1; locks; strict; comment @# @; 1.8 date 2009.04.17.16.35.40; author drochner; state dead; branches; next 1.7; 1.7 date 2009.04.05.13.15.01; author drochner; state Exp; branches; next 1.6; 1.6 date 2008.06.21.15.45.16; author drochner; state dead; branches; next 1.5; 1.5 date 2008.04.18.14.01.22; author drochner; state Exp; branches; next 1.4; 1.4 date 2007.11.22.20.20.23; author drochner; state dead; branches; next 1.3; 1.3 date 2007.06.18.21.16.12; author joerg; state Exp; branches; next 1.2; 1.2 date 2006.08.06.10.36.50; author wiz; state dead; branches; next 1.1; 1.1 date 2006.06.26.17.13.36; author wiz; state Exp; branches; next ; desc @@ 1.8 log @update to 1.1.16.3 changes: -security fixes (were already patched in pkgsrc) -misc bugfixes -build fixes @ text @$NetBSD: patch-ay,v 1.7 2009/04/05 13:15:01 drochner Exp $ --- src/demuxers/demux_qt.c.orig 2009-04-05 11:28:05.000000000 +0200 +++ src/demuxers/demux_qt.c @@@@ -1535,7 +1535,8 @@@@ static qt_error parse_trak_atom (qt_trak } else if (current_atom == STTS_ATOM) { /* there should only be one of these atoms */ - if (trak->time_to_sample_table) { + if (trak->time_to_sample_table + || current_atom_size < 12 || current_atom_size >= UINT_MAX) { last_error = QT_HEADER_TROUBLE; goto free_trak; } @@@@ -1545,6 +1546,11 @@@@ static qt_error parse_trak_atom (qt_trak debug_atom_load(" qt stts atom (time-to-sample atom): %d entries\n", trak->time_to_sample_count); + if (trak->time_to_sample_count > (current_atom_size - 12) / 8) { + last_error = QT_HEADER_TROUBLE; + goto free_trak; + } + trak->time_to_sample_table = (time_to_sample_table_t *)calloc( trak->time_to_sample_count+1, sizeof(time_to_sample_table_t)); if (!trak->time_to_sample_table) { @ 1.7 log @add a patch from upstream CVS to fix an integer overflow in the Quicktime demuxer, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @update to 1.1.13 changes: - For extra safety against possible Integer overflows like the ones found in CVE-2008-1482, backport more calloc usage from 1.2 branch -Added MIME types and .mpp for musepack -Fixed display of some MJPEG streams -Deprecate xine_xmalloc() function, see src/xine-utils/utils.c for more information about the reason -Provide a useful implementation of xine_register_log_cb() -New version of the JACK output plugin pkgsrc note: the fix for CVE-2008-1878 was integrated upstream @ text @d1 1 a1 1 $NetBSD: patch-ay,v 1.5 2008/04/18 14:01:22 drochner Exp $ d3 4 a6 3 --- src/demuxers/demux_nsf.c.orig 2008-04-18 15:12:10.000000000 +0200 +++ src/demuxers/demux_nsf.c @@@@ -106,9 +106,9 @@@@ static int open_nsf_file(demux_nsf_t *th d8 10 a17 10 this->total_songs = header[6]; this->current_song = header[7]; - this->title = strdup(&header[0x0E]); - this->artist = strdup(&header[0x2E]); - this->copyright = strdup(&header[0x4E]); + this->title = strndup((char*)&header[0x0E], 0x20); + this->artist = strndup((char*)&header[0x2E], 0x20); + this->copyright = strndup((char*)&header[0x4E], 0x20); this->filesize = this->input->get_length(this->input); d19 8 @ 1.5 log @xine security patch of the day: fix possible buffer overflow in nsf parser (SA29850), patch from upstream CVS, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @update to 1.1.8 This has improved DVB subtitles support, implements simple subtitle scaling and bold & italics for text subtitles, and allows control of XxMC bob deinterlacing. It also has fixes for an audio resampling problem (which manifested as regular clicking), a problem which would cause the goom plugin to stop working, and URL escape handling (use of %) in DVD and Video CD MRLs. Some memory leaks are also fixed, and there are some build fixes for Solaris users. @ text @d1 1 a1 1 $NetBSD: patch-ay,v 1.3 2007/06/18 21:16:12 joerg Exp $ d3 15 a17 11 --- src/libdts/Makefile.in.orig 2007-06-18 19:26:19.000000000 +0000 +++ src/libdts/Makefile.in @@@@ -562,7 +562,7 @@@@ xineplug_LTLIBRARIES = $(dts_module) xineplug_decode_dts_la_SOURCES = xine_dts_decoder.c $(internal_sources) xineplug_decode_dts_la_CFLAGS = $(LIBDTS_CFLAGS) $(VISIBILITY_FLAG) $(fnsa) xineplug_decode_dts_la_LDFLAGS = $(xineplug_ldflags) -@@EXTERNAL_LIBDTS_FALSE@@xineplug_decode_dts_la_LIBADD = $(XINE_LIB) -lm +@@EXTERNAL_LIBDTS_FALSE@@xineplug_decode_dts_la_LIBADD = $(XINE_LIB) -lm $(LIBINTL) @@EXTERNAL_LIBDTS_TRUE@@xineplug_decode_dts_la_LIBADD = $(XINE_LIB) $(LIBDTS_LIBS) -lm noinst_HEADERS = bitstream.h internal-dts.h dts_internal.h tables.h tables_adpcm.h \ tables_fir.h tables_huffman.h tables_quantization.h tables_vq.h @ 1.3 log @Fix linkage with -lintl. In one plugin, disable the -Wl,-z,defs usage as it breaks on DragonFly. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 1.1.2, provided by Kimura Fuyuki in PR 34107. xine-lib (1.1.2) * Security fixes: - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs). - CVE-2006-2802: possible buffer overflow in the HTTP plugin. - possible buffer overflow via bad indexes in specially-crafted AVI files * Update gettext support to 0.14.5, disable internal gettext, fix locales handling, use the correct domain for strings. * Italian translation update * Czech translation update * Disable the XXMC plugin if Xv support isn't there * Also look for Xv support in /usr/lib for X.org's new location * Fix using xine-lib on systems with SELinux enabled * Build right with libiconv in /usr/local as default on FreeBSD * Fix a potential crash with fixed-size lacing in the Matroska demuxer * Patch from SuSE to fix alsa after hardware suspend * Fix the ./configure --enable-static-xv parameter * Really fix the speed changing race that was mentioned in 1.1.1 * Send events for tvtime filmmode changes * Add an image decoder based on gdk-pixbuf * Add browseable capability to smb input plugin * Enable AMD64 mmx/sse support in some plugins (tvtime, libmpeg2, goom...) * Fix xxmc subpictures (broken since 1.1.1) * FFmpeg update (version 51.1.0) * Fix detection of locale containing a modifier (like "@@euro") * New volume normalization post plugin * New image noise post plugin (useful for mitigating some compression artifacts) * Support for Vorbis-style comments in FLAC files * Coverity fixes * Add ATSC support to the DVB plugin * Make various structures and arrays constant. * Fix up health check to find libX11 and libXv shared objects even if devel packages aren't installed (where appropriate). (Ubuntu 47357) * Fix install problems in case configure was generated by autoconf >= 2.59c. * Fixed some win32 codec freezes when configured w32-path doesn't exist * Add support for RealPlayer 10 codecs (from SUSE) xine-lib (1.1.1) * Improve sound quality when using alsa 1.0.9 or above. When playing a 44.1khz stream on a 48khz only capable sound card. It bypasses alsa-lib resampler and uses xine's * Windows ports bug fixes and improvements * Set up the framebuffer palette (fb video out). * build fixes and improvements, added --with-pthread-prefix and --with-zlib-prefix options * new DirectFB video output plugin with many improvements (output to overlay or TV, deinterlacing, image controls, zoom, OSD, double/triple buffering, vsync, flicker filtering, field parity control) * overlay cropping fixes for small streams or when using cropping support * experimental frame allocation optimization reduces cpu usage of the deinterlacer plugin by up 25% * implement time seeking on DVD plugin * move CFLAGS optimizations to a separated file (added --disable-optimizations) * use the same codec path as MPlayer (/usr[/local]/lib/codecs) * FFmpeg sync (new QDM2 decoder) * imported Duck TrueMotion 2 decoder from FFmpeg * sync libfaad2 to latest GPL compatible version; fixes AAC decoding on x86_64 arch * support gapless playback while switching streams (requires UI cooperation) * fix speed changing race causing deadlock with v4l plugin * cddb improvements/fixes (DTITLE/DYEAR parsing, timeout increase and multiline entries support) [#1205274] xine-lib (1.1.0) * new quality deinterlacer from dscaler: GreedyH (Greedy High Motion) * new quality deinterlacer from dscaler: TomsMoComp (Tom's Motion Compensated) * added help for most deinterlace methods * ffmpeg update * use ImageMagick to convert and display different type of images (png, jpg...) * improve ASX playlist parsing * add an extended MRL reference event (MRL title, start time, play time): needed for the ASX parser; deprecates plain MRL reference events. * goom updated to 2k4-0 xine-lib (1.0.4) * tiny doc update * build fixes and cross build improvements * fixed an align problem in Win32 DirectX video output plugin * fixed linking of X11 plugins for some platforms @ text @d1 1 a1 1 $NetBSD: patch-ay,v 1.1 2006/06/26 17:13:36 wiz Exp $ d3 11 a13 17 --- src/libffmpeg/libavcodec/common.h.orig 2005-10-09 14:51:00.000000000 +0000 +++ src/libffmpeg/libavcodec/common.h @@@@ -66,14 +66,6 @@@@ #define AVOPTION_SUB(ptr) { .name = NULL, .help = (const char*)ptr } #define AVOPTION_END() AVOPTION_SUB(NULL) -struct AVOption; -#ifdef HAVE_MMX -extern const struct AVOption avoptions_common[3 + 5]; -#else -extern const struct AVOption avoptions_common[3]; -#endif -extern const struct AVOption avoptions_workaround_bug[11]; - #endif /* HAVE_AV_CONFIG_H */ /* Suppress restrict if it was not defined in config.h. */ @ 1.1 log @Fix build with gcc4 on NetBSD-3.99.21. @ text @d1 1 a1 1 $NetBSD$ @