head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.18 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.16 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.14 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.12 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.10 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.8 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.6 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.4 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.2 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.3.0.10 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.8 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.6 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.4 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.2 pkgsrc-2007Q1-base:1.3; locks; strict; comment @# @; 1.4 date 2008.04.10.11.48.58; author drochner; state dead; branches; next 1.3; 1.3 date 2007.02.07.20.04.00; author drochner; state Exp; branches; next 1.2; 1.2 date 2007.01.10.17.18.37; author drochner; state dead; branches; next 1.1; 1.1 date 2007.01.09.14.46.31; author drochner; state Exp; branches; next ; desc @@ 1.4 log @update to 1.1.11.1 changes: * Security fixes: - Array Indexing Vulnerability in sdpplin_parse(). (CVE-2008-0073) - integer overflow, possibly leading to buffer overflow, CVE-2008-1482 * Reworked the plugin directory naming so that external plugins don't have to be rebuilt for every release * Made the version parsing much more reliable; it wasn't properly coping with four-part version numbers * Fixed an off-by-one in the FLAC security fix patch. This breakage was causing failure to play some files * Support 16-bit big-endian DTS audio * Improved frame snapshot API. (ABI extension.) * Re-add support for # (stream parameter separator) in raw filenames * Fixed long delay when closing stream on dual core systems pkgsrc note: CVE-2008-0073 was already fixed by patch @ text @$NetBSD: patch-ee,v 1.3 2007/02/07 20:04:00 drochner Exp $ --- src/xine-engine/xine.c.orig 2007-02-07 19:58:49.000000000 +0100 +++ src/xine-engine/xine.c @@@@ -1544,6 +1544,9 @@@@ void xine_init (xine_t *this) { /* probe for optimized memcpy or config setting */ xine_probe_fast_memcpy (this); + /* plugin loading might call log functions */ + pthread_mutex_init(&this->log_lock, NULL); + /* * plugins */ @@@@ -1622,7 +1625,6 @@@@ void xine_init (xine_t *this) { * locks */ pthread_mutex_init (&this->streams_lock, NULL); - pthread_mutex_init (&this->log_lock, NULL); /* * start metronom clock @ 1.3 log @update to 1.1.4 changes: This release contains improvements and important bugfixes. Some issues that have really "bugged" us for quite some time (like NTSC DVDs audio sync, broken since 1.1.2, and H.264 crashes) are finally fixed. Some of the new features include True Audio and WavPack support. bugfixes, cleanup etc pkgsrc notes: -new True Audio / WavPack support is not enabled yet -cleanup of bl3.mk: no need to propagate internals -removed dependency on libflac -- there is support to play flac files internally -removed build of plugins for more exotic video outputs (SDL, ImageMagick, GL, aalib), this might be built in extra pkgs (like esound and arts already do) @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @remove a part of the previous patch because the underlying problem was already fixed in the xine release (too bad that xine and mplayer are going to diverge here) @ text @d1 1 a1 1 $NetBSD: patch-ee,v 1.1 2007/01/09 14:46:31 drochner Exp $ d3 5 a7 10 --- src/input/libreal/real.c.orig 2006-11-29 20:43:01.000000000 +0100 +++ src/input/libreal/real.c @@@@ -472,7 +472,7 @@@@ rmff_header_t *real_parse_sdp(char *data int j=0; int n; char b[64]; - int rulematches[16]; + int rulematches[MAX_RULEMATCHES]; lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth); d9 14 @ 1.1 log @in local copy of libdvdnav: -avoid file descriptor leak -advance buffer pointer correctly on short reads from an unnamed contributor add limit check to real parser (CVE-2006-6172) from mplayer svn bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @