head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.20
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.18
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.16
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.14
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.12
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.10
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.8
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.6
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.4
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.2
	pkgsrc-2008Q1-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2008.02.01.20.35.10;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2008.01.11.16.05.28;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to 1.1.10
changes:
This release contains a security fix (remotely-expoitable buffer overflow,
CVE-2006-1664). (This is not the first time that that bug has been fixed?)
It also fixes a few more recent bugs, such as the audio output problems
in 1.1.9.

(The fix for CVE-2008-0225 which we had patches for was included
upstream too.)
@
text
@$NetBSD: patch-gc,v 1.1 2008/01/11 16:05:28 drochner Exp $

--- src/input/librtsp/rtsp_session.c.orig	2008-01-01 14:30:08.000000000 +0100
+++ src/input/librtsp/rtsp_session.c
@@@@ -148,6 +148,11 @@@@ connect:
 	
 	  rtsp_session->header_left = 
     rtsp_session->header_len  = rmff_dump_header(h,rtsp_session->header,HEADER_SIZE);
+    if (rtsp_session->header_len < 0) {
+	xprintf (stream->xine, XINE_VERBOSITY_LOG,
+		_("rtsp_session: rtsp server returned overly-large headers, session can not be established.\n"));
+	goto session_abort;
+    }
 
     xine_buffer_copyin(rtsp_session->recv, 0, rtsp_session->header, rtsp_session->header_len);
     rtsp_session->recv_size = rtsp_session->header_len;
@@@@ -157,6 +162,7 @@@@ connect:
   {
     xprintf(stream->xine, XINE_VERBOSITY_LOG,
 	    _("rtsp_session: rtsp server type '%s' not supported yet. sorry.\n"), server);
+session_abort:
     rtsp_close(rtsp_session->s);
     free(server);
     xine_buffer_free(rtsp_session->recv);
@


1.1
log
@update to 1.1.9
changes:
There are improvements to DVB subtitle support and H.264 video, and fixes
for MP3 playback, DVB, ivtv, Flash video streams and some playlist types
(particularly XML ones). One significant fix is that the special "be nice
to the user" '#' handling has been dropped since it seems to have been
causing more problems than it fixes.

pkgsrc note: a fix for CVE-2008-0225 (RTSP buffer overflow) is
already included
@
text
@d1 1
a1 1
$NetBSD$
@