head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.18 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.16 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.14 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.12 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.10 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.8 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.6 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.4 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.2 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.2.0.12 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.10 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.8 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.6 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.4 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.2 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.1.0.16 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.14 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.12 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.10 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.8 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2; locks; strict; comment @# @; 1.3 date 2008.04.10.11.48.58; author drochner; state dead; branches; next 1.2; 1.2 date 2006.12.08.09.24.26; author abs; state Exp; branches; next 1.1; 1.1 date 2004.12.23.03.05.53; author xtraeme; state Exp; branches 1.1.2.1 1.1.16.1; next ; 1.1.2.1 date 2004.12.23.03.05.53; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.02.28.21.11.50; author snj; state Exp; branches; next ; 1.1.16.1 date 2006.12.09.09.13.15; author salo; state Exp; branches; next ; desc @@ 1.3 log @update to 1.1.11.1 changes: * Security fixes: - Array Indexing Vulnerability in sdpplin_parse(). (CVE-2008-0073) - integer overflow, possibly leading to buffer overflow, CVE-2008-1482 * Reworked the plugin directory naming so that external plugins don't have to be rebuilt for every release * Made the version parsing much more reliable; it wasn't properly coping with four-part version numbers * Fixed an off-by-one in the FLAC security fix patch. This breakage was causing failure to play some files * Support 16-bit big-endian DTS audio * Improved frame snapshot API. (ABI extension.) * Re-add support for # (stream parameter separator) in raw filenames * Fixed long delay when closing stream on dual core systems pkgsrc note: CVE-2008-0073 was already fixed by patch @ text @$NetBSD: patch-bd,v 1.2 2006/12/08 09:24:26 abs Exp $ --- src/audio_out/audio_oss_out.c.orig 2006-07-16 17:18:09.000000000 +0100 +++ src/audio_out/audio_oss_out.c @@@@ -419,6 +419,7 @@@@ static int ao_oss_delay(ao_driver_t *thi } this->last_getoptr = info.bytes; break; +#ifndef __NetBSD__ case OSS_SYNC_GETODELAY: if (ioctl (this->audio_fd, SNDCTL_DSP_GETODELAY, &bytes_left)) { perror ("audio_oss_out: DSP_GETODELAY ioctl():"); @@@@ -429,6 +430,7 @@@@ static int ao_oss_delay(ao_driver_t *thi lprintf ("%d bytes left\n", bytes_left); break; +#endif } return bytes_left / this->bytes_per_frame; @@@@ -835,10 +837,13 @@@@ static ao_driver_t *open_plugin (audio_d * check if SNDCTL_DSP_GETODELAY works. if so, using it is preferred. */ +#ifndef __NetBSD__ if (ioctl(audio_fd, SNDCTL_DSP_GETODELAY, &info) != -1) { xprintf(class->xine, XINE_VERBOSITY_DEBUG, "audio_oss_out: using SNDCTL_DSP_GETODELAY\n"); this->sync_method = OSS_SYNC_GETODELAY; - } else if (ioctl(audio_fd, SNDCTL_DSP_GETOPTR, &info) != -1) { + } +#endif + if (ioctl(audio_fd, SNDCTL_DSP_GETOPTR, &info) != -1) { xprintf(class->xine, XINE_VERBOSITY_DEBUG, "audio_oss_out: using SNDCTL_DSP_GETOPTR\n"); this->sync_method = OSS_SYNC_GETOPTR; } else { @ 1.2 log @Update xine-lib to 1.1.3 * Security fixes: - Heap overflow in libmms (related to CVE-2006-2200) - Buffer overrun in Real Media input plugin. [bug #1603458] Thanks to Roland Kay for reporting and JW for the patch. * Update build system to support x86 Darwin setups, and merge patches to support Darwin OS better. * Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is the requried version. * When the compiler supports it, enable hidden visibility for all the plugins to export only the plugin info entry (and eventual needed special functions), to replace the min-symtab option that wasn't working. * Add "m4b" to the list of supported file extensions for the Qt demuxer, to allow playing (unprotected) audiobooks in AAC format. * Remove --disable-fpic hack, prefer using --without-pic instead. * Add new output plugin: PulseAudio (based on PolypAudio plugin), that uses 0.9 API (PulseAudio is PolypAudio renamed). * Remove PolypAudio plugin, latest version supported 0.7 API that is no more supported by upstream, and it's replaced by PulseAudio. * Allow 0 for DVD title/chapter (navigation or full title). * New experimental JACK audio driver. * Fix switch from alsa/dmix 2.0 to 5.1 [bug #1226595] * Don't use proxy for localhost connection. [bug #1553633] * Use mmap() to open local files if available. * Use pkg-config to look for external FFmpeg. * Allow FFmpeg to play MP3s in case MAD is not present. * Reduce the dead time when trying to connect to dead hosts, by falling back to non-blocking sockets on the last address found for an host, and allowing users to provide a connection timeout. [bug #1550844] * Return the correct error message to frontends when a file is inaccessible or the network connection is broken. [bug #1550763] * Support libcaca 0.99, thanks to cjacker huang. * Fix crash on video-only WMV streams. [bug #1564598] * Report audio stream on Shorten files (required for Amarok to play them). * Optionally use fontconfig to look up fonts to use for OSD. [bug #1551042] * Prefer FreeType2 rendered fonts to bitmap fonts. * Stone age platforms update * Enabled TrueSpeech codec * New X11 visual type: xine-lib may now use frontend's mutex/lock mechanism instead of XLockDisplay/XUnlockDisplay. * Allow playing of OggFlac files. [bug #1590690] * Allow playing FLAC files with an ID3 tag at the start. * Fix some crashes caused by MP3 files (and possibly others) being misdetected as AAC. @ text @d1 1 a1 1 $NetBSD: patch-bd,v 1.1 2004/12/23 03:05:53 xtraeme Exp $ @ 1.1 log @Some fixes for this package: * Build the oss audio plugin, fix hardcoded audio device. * When Mesa is used the opengl plugin is not built, check this via USE_BUILTIN.{MesaLib,glu}. * Fix some tests in configure.ac. * Add PLIST.common_end to remove directories, otherwise the dirs are not removed correctly. More changes to come in the future for configure.ac... Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- src/audio_out/audio_oss_out.c.orig 2004-12-23 01:13:26.000000000 +0100 +++ src/audio_out/audio_oss_out.c 2004-12-23 01:15:23.000000000 +0100 @@@@ -419,6 +419,7 @@@@ d13 1 a13 1 @@@@ -429,6 +430,7 @@@@ d21 1 a21 1 @@@@ -833,10 +835,13 @@@@ @ 1.1.2.1 log @file patch-bd was added on branch pkgsrc-2004Q4 on 2004-12-23 03:05:53 +0000 @ text @d1 35 @ 1.1.2.2 log @Pullup ticket 317 - requested by Lubomir Sedlacik security fix for xine-lib Apply a manual patch that fixes the vulnerabilities noted in http://www.xinehq.de/index.php/security/XSA-2004-6 @ text @a0 27 $NetBSD: patch-bd,v 1.1.2.1 2005/02/28 21:11:50 snj Exp $ --- src/input/libreal/real.c 2004/09/08 15:09:30 1.19 +++ src/input/libreal/real.c 2004/12/15 12:53:46 1.20 @@@@ -604,6 +604,8 @@@@ return (n <= 0) ? 0 : n+12; } +//! maximum size of the rtsp description, must be < INT_MAX +#define MAX_DESC_BUF (20 * 1024 * 1024) rmff_header_t *real_setup_and_get_header(rtsp_t *rtsp_session, uint32_t bandwidth) { char *description=NULL; @@@@ -652,6 +654,13 @@@@ else size=atoi(rtsp_search_answers(rtsp_session,"Content-length")); + if (size > MAX_DESC_BUF) { + printf("real: Content-length for description too big (> %uMB)!\n", + MAX_DESC_BUF/(1024*1024) ); + xine_buffer_free(buf); + return NULL; + } + if (!rtsp_search_answers(rtsp_session,"ETag")) lprintf("real: got no ETag!\n"); else @ 1.1.16.1 log @Pullup ticket 1948 - requested by abs security update for xine-lib Revisions pulled up: - pkgsrc/multimedia/xine-lib/Makefile 1.42 - pkgsrc/multimedia/xine-lib/Makefile.common 1.36 - pkgsrc/multimedia/xine-lib/distinfo 1.38 - pkgsrc/multimedia/xine-lib/patches/patch-aa 1.5 - pkgsrc/multimedia/xine-lib/patches/patch-ab 1.4 - pkgsrc/multimedia/xine-lib/patches/patch-ac 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-ae 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-ag 1.14 - pkgsrc/multimedia/xine-lib/patches/patch-ah 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-ai 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-ao 1.11 - pkgsrc/multimedia/xine-lib/patches/patch-ap 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-av 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-az 1.2 - pkgsrc/multimedia/xine-lib/patches/patch-bb removed - pkgsrc/multimedia/xine-lib/patches/patch-bd 1.2 - pkgsrc/multimedia/xine-lib/patches/patch-be 1.7 - pkgsrc/multimedia/xine-lib/patches/patch-bg 1.3 - pkgsrc/multimedia/xine-lib/patches/patch-bh removed - pkgsrc/multimedia/xine-lib/patches/patch-da 1.2 - pkgsrc/multimedia/xine-lib/patches/patch-db 1.2 - pkgsrc/multimedia/xine-lib/patches/patch-dc 1.2 Module Name: pkgsrc Committed By: abs Date: Fri Dec 8 09:24:26 UTC 2006 Modified Files: pkgsrc/multimedia/xine-lib: Makefile Makefile.common distinfo pkgsrc/multimedia/xine-lib/patches: patch-aa patch-ab patch-ac patch-ae patch-ag patch-ah patch-ai patch-ao patch-ap patch-av patch-az patch-bd patch-be patch-bg patch-da patch-db patch-dc Removed Files: pkgsrc/multimedia/xine-lib/patches: patch-bb patch-bh Log Message: Update xine-lib to 1.1.3 * Security fixes: - Heap overflow in libmms (related to CVE-2006-2200) - Buffer overrun in Real Media input plugin. [bug #1603458] Thanks to Roland Kay for reporting and JW for the patch. * Update build system to support x86 Darwin setups, and merge patches to support Darwin OS better. * Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is the requried version. * When the compiler supports it, enable hidden visibility for all the plugins to export only the plugin info entry (and eventual needed special functions), to replace the min-symtab option that wasn't working. * Add "m4b" to the list of supported file extensions for the Qt demuxer, to allow playing (unprotected) audiobooks in AAC format. * Remove --disable-fpic hack, prefer using --without-pic instead. * Add new output plugin: PulseAudio (based on PolypAudio plugin), that uses 0.9 API (PulseAudio is PolypAudio renamed). * Remove PolypAudio plugin, latest version supported 0.7 API that is no more supported by upstream, and it's replaced by PulseAudio. * Allow 0 for DVD title/chapter (navigation or full title). * New experimental JACK audio driver. * Fix switch from alsa/dmix 2.0 to 5.1 [bug #1226595] * Don't use proxy for localhost connection. [bug #1553633] * Use mmap() to open local files if available. * Use pkg-config to look for external FFmpeg. * Allow FFmpeg to play MP3s in case MAD is not present. * Reduce the dead time when trying to connect to dead hosts, by falling back to non-blocking sockets on the last address found for an host, and allowing users to provide a connection timeout. [bug #1550844] * Return the correct error message to frontends when a file is inaccessible or the network connection is broken. [bug #1550763] * Support libcaca 0.99, thanks to cjacker huang. * Fix crash on video-only WMV streams. [bug #1564598] * Report audio stream on Shorten files (required for Amarok to play them). * Optionally use fontconfig to look up fonts to use for OSD. [bug #1551042] * Prefer FreeType2 rendered fonts to bitmap fonts. * Stone age platforms update * Enabled TrueSpeech codec * New X11 visual type: xine-lib may now use frontend's mutex/lock mechanism instead of XLockDisplay/XUnlockDisplay. * Allow playing of OggFlac files. [bug #1590690] * Allow playing FLAC files with an ID3 tag at the start. * Fix some crashes caused by MP3 files (and possibly others) being misdetected as AAC. @ text @d1 1 a1 1 $NetBSD: patch-bd,v 1.2 2006/12/08 09:24:26 abs Exp $ d3 3 a5 3 --- src/audio_out/audio_oss_out.c.orig 2006-07-16 17:18:09.000000000 +0100 +++ src/audio_out/audio_oss_out.c @@@@ -419,6 +419,7 @@@@ static int ao_oss_delay(ao_driver_t *thi d13 1 a13 1 @@@@ -429,6 +430,7 @@@@ static int ao_oss_delay(ao_driver_t *thi d21 1 a21 1 @@@@ -835,10 +837,13 @@@@ static ao_driver_t *open_plugin (audio_d @