head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.4 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.2 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q2:1.4.0.18 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.16 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.14 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.12 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.10 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.8 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.6 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.4 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.2 pkgsrc-2010Q2-base:1.4 pkgsrc-2009Q4:1.3.0.16 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.14 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.12 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.10 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.8 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.6 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.4 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.2 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.2.0.4 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.2 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.1.0.22 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.20 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.18 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.16 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.14 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.12 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.10 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.8 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.6 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.4 pkgsrc-2004Q3-base:1.1 pkgsrc-2004Q2:1.1.0.2 pkgsrc-2004Q2-base:1.1; locks; strict; comment @# @; 1.5 date 2012.08.04.13.47.10; author drochner; state dead; branches; next 1.4; 1.4 date 2010.05.07.17.46.25; author drochner; state Exp; branches; next 1.3; 1.3 date 2007.07.15.19.41.28; author xtraeme; state dead; branches; next 1.2; 1.2 date 2007.02.17.22.48.16; author salo; state Exp; branches; next 1.1; 1.1 date 2004.05.12.16.42.49; author drochner; state Exp; branches 1.1.22.1; next ; 1.1.22.1 date 2007.03.05.12.11.42; author ghen; state Exp; branches; next ; desc @@ 1.5 log @update to 0.99.7 changes: better M3U playlist handling, various UI fixes (including a deadlock fix and a crash fix), use of XScreenSaver, and two overflow bug fixes @ text @$NetBSD: patch-ai,v 1.4 2010/05/07 17:46:25 drochner Exp $ --- src/xitk/stdctl.c.orig 2010-03-11 09:36:27.000000000 +0000 +++ src/xitk/stdctl.c @@@@ -170,7 +170,7 @@@@ void stdctl_start(void) { int err; stdctl.fd = STDIN_FILENO; - stdctl.fbk = gGui->stdout; + stdctl.fbk = STDOUT_FILENO; if((err = pthread_create(&(stdctl.thread), NULL, xine_stdctl_loop, NULL)) != 0) { fprintf(stderr, _("%s(): can't create new thread (%s)\n"), __XINE_FUNCTION__, strerror(err)); @ 1.4 log @update to 0.99.6 changes: many bugfixes @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update to 0.99.5: After long time, a new xine-ui version is now available. There are fixes for security issues with playlists (upgrade recommended!), fixes for crashes, memleaks and bugs. Functional enhancements and features are added, appearance of non-skinned windows is harmonized (with more space for text), translations are updated. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.2 2007/02/17 22:48:16 salo Exp $ d3 8 a10 58 --- src/xitk/xine-remote.c.orig 2005-07-16 21:05:32.000000000 +0200 +++ src/xitk/xine-remote.c 2007-02-17 22:24:26.000000000 +0100 @@@@ -30,6 +30,7 @@@@ #endif /* required for strncasecmp() */ #define _BSD_SOURCE 1 +#define _NETBSD_SOURCE /* required to enable POSIX variant of getpwuid_r on solaris */ #define _POSIX_PTHREAD_SEMANTICS 1 @@@@ -58,7 +59,7 @@@@ #include #include #include -#include +#include #include #include #include @@@@ -66,8 +67,8 @@@@ #include #include -#include -#include +#include +#include #include "common.h" @@@@ -638,7 +639,7 @@@@ static int write_to_console(session_t *s va_end(args); pthread_mutex_lock(&session->console_mutex); - err = write_to_console_unlocked(session, buf); + err = write_to_console_unlocked(session, "%s", buf); pthread_mutex_unlock(&session->console_mutex); return err; @@@@ -998,7 +999,7 @@@@ static void *select_thread(void *data) { write_to_console_unlocked_nocr(session, "\b \b"); pos--; } - write_to_console_unlocked(session, obuffer); + write_to_console_unlocked(session, "%s", obuffer); rl_crlf(); rl_forced_update_display(); @@@@ -1082,7 +1083,7 @@@@ static void client_handle_command(sessio *pp = '\0'; - if((sock_write(session->socket, buf)) == -1) { + if((sock_write(session->socket, "%s", buf)) == -1) { session->running = 0; } } @@@@ -1094,7 +1095,7 @@@@ static void client_handle_command(sessio d12 2 a13 88 /* Perhaps a ';' separated commands, so send anyway to server */ if(found == 0) { - sock_write(session->socket, (char *)command); + sock_write(session->socket, "%s", (char *)command); } if((!strncasecmp(cmd, "exit", strlen(cmd))) || (!strncasecmp(cmd, "halt", strlen(cmd)))) { @@@@ -1714,7 +1715,7 @@@@ static void do_commands(commands_t *cmd, i++; } sprintf(buf, "%s.\n", buf); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } static void do_help(commands_t *cmd, client_info_t *client_info) { @@@@ -1760,7 +1761,7 @@@@ static void do_help(commands_t *cmd, cli } sprintf(buf, "%s\n", buf); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else { int i; @@@@ -2096,7 +2097,7 @@@@ static void do_get(commands_t *cmd, clie sprintf(buf, "%s%s", buf, "*UNKNOWN*"); sprintf(buf, "%s%c", buf, '\n'); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "speed")) { char buf[64]; @@@@ -2116,7 +2117,7 @@@@ static void do_get(commands_t *cmd, clie sprintf(buf, "%s%s", buf, "*UNKNOWN*"); sprintf(buf, "%s%c", buf, '\n'); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "position")) { char buf[64]; @@@@ -2128,7 +2129,7 @@@@ static void do_get(commands_t *cmd, clie &pos_time, &length_time); snprintf(buf, sizeof(buf), "%s: %d\n", "Current position", pos_time); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "length")) { char buf[64]; @@@@ -2140,7 +2141,7 @@@@ static void do_get(commands_t *cmd, clie &pos_time, &length_time); snprintf(buf, sizeof(buf), "%s: %d\n", "Current length", length_time); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "loop")) { char buf[64]; @@@@ -2169,7 +2170,7 @@@@ static void do_get(commands_t *cmd, clie } sprintf(buf, "%s.\n", buf); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } } else if(nargs >= 2) { @@@@ -2552,7 +2553,7 @@@@ static void do_halt(commands_t *cmd, cli static void network_messenger(void *data, char *message) { int socket = (int) data; - sock_write(socket, message); + sock_write(socket, "%s", message); } static void do_snap(commands_t *cmd, client_info_t *client_info) { @@@@ -2577,7 +2578,7 @@@@ static void say_hello(client_info_t *cli else { snprintf(buf, sizeof(buf), "%s %s %s\n", PACKAGE, VERSION, "remote server. Nice to meet you."); } - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } @ 1.2 log @Security fixes for CVE-2007-0254 (and more): "A vulnerability has been reported in xine-ui, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the "errors_create_window()" function in errors.c. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted playlist file." Patch from SUSE. Bump PKGREVISION. XXX: The sources are a real mess. My condolences to everyone using it. And good luck, you'll need it!.. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @update to xine-ui-0.99.1 changes: This release is a major update on xine-ui. It comes with a big cleanup of the user interface, including an improved context menu, and lots of details of the included "xitk" toolkit. Additionally, this release fixes some security issues (referenced in XSA-2004-2). Therefore, we recommend you to upgrade as soon as possible, especially if you are using xine to play URLs/MRLs you obtained from also fix some pthread_mutex abuse, and use GNU readline for xine-remote @ text @d3 2 a4 2 --- src/xitk/xine-remote.c.orig 2004-05-11 23:39:22.000000000 +0200 +++ src/xitk/xine-remote.c 2004-05-11 23:45:24.000000000 +0200 d33 117 @ 1.1.22.1 log @Pullup ticket 2026 - requested by salo security update for xine-ui - pkgsrc/multimedia/xine-ui/Makefile 1.30, 1.34 via patch - pkgsrc/multimedia/xine-ui/distinfo 1.12, 1.14 via patch - pkgsrc/multimedia/xine-ui/patches/patch-ai 1.2 - pkgsrc/multimedia/xine-ui/patches/patch-aq 1.2 - pkgsrc/multimedia/xine-ui/patches/patch-ar 1.2 - pkgsrc/multimedia/xine-ui/patches/patch-as 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-au 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-av 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-aw 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-ax 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-ay 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-az 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-ba 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-bb 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-bc 1.1 Module Name: pkgsrc Committed By: drochner Date: Tue Jan 9 14:52:41 UTC 2007 Modified Files: pkgsrc/multimedia/xine-ui: Makefile distinfo pkgsrc/multimedia/xine-ui/patches: patch-ar Added Files: pkgsrc/multimedia/xine-ui/patches: patch-as Log Message: fix PR pkg/35375: xine-ui freezes konsole sessions from Sergey Svishchev, patch from xine CVS --- Module Name: pkgsrc Committed By: salo Date: Sat Feb 17 22:48:18 UTC 2007 Modified Files: pkgsrc/multimedia/xine-ui: Makefile distinfo pkgsrc/multimedia/xine-ui/patches: patch-ai patch-aq Added Files: pkgsrc/multimedia/xine-ui/patches: patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc Log Message: Security fixes for CVE-2007-0254 (and more): "A vulnerability has been reported in xine-ui, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the "errors_create_window()" function in errors.c. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted playlist file." Patch from SUSE. Bump PKGREVISION. XXX: The sources are a real mess. My condolences to everyone using it. And good luck, you'll need it!.. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.2 2007/02/17 22:48:16 salo Exp $ d3 2 a4 2 --- src/xitk/xine-remote.c.orig 2005-07-16 21:05:32.000000000 +0200 +++ src/xitk/xine-remote.c 2007-02-17 22:24:26.000000000 +0100 a32 117 @@@@ -638,7 +639,7 @@@@ static int write_to_console(session_t *s va_end(args); pthread_mutex_lock(&session->console_mutex); - err = write_to_console_unlocked(session, buf); + err = write_to_console_unlocked(session, "%s", buf); pthread_mutex_unlock(&session->console_mutex); return err; @@@@ -998,7 +999,7 @@@@ static void *select_thread(void *data) { write_to_console_unlocked_nocr(session, "\b \b"); pos--; } - write_to_console_unlocked(session, obuffer); + write_to_console_unlocked(session, "%s", obuffer); rl_crlf(); rl_forced_update_display(); @@@@ -1082,7 +1083,7 @@@@ static void client_handle_command(sessio *pp = '\0'; - if((sock_write(session->socket, buf)) == -1) { + if((sock_write(session->socket, "%s", buf)) == -1) { session->running = 0; } } @@@@ -1094,7 +1095,7 @@@@ static void client_handle_command(sessio /* Perhaps a ';' separated commands, so send anyway to server */ if(found == 0) { - sock_write(session->socket, (char *)command); + sock_write(session->socket, "%s", (char *)command); } if((!strncasecmp(cmd, "exit", strlen(cmd))) || (!strncasecmp(cmd, "halt", strlen(cmd)))) { @@@@ -1714,7 +1715,7 @@@@ static void do_commands(commands_t *cmd, i++; } sprintf(buf, "%s.\n", buf); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } static void do_help(commands_t *cmd, client_info_t *client_info) { @@@@ -1760,7 +1761,7 @@@@ static void do_help(commands_t *cmd, cli } sprintf(buf, "%s\n", buf); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else { int i; @@@@ -2096,7 +2097,7 @@@@ static void do_get(commands_t *cmd, clie sprintf(buf, "%s%s", buf, "*UNKNOWN*"); sprintf(buf, "%s%c", buf, '\n'); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "speed")) { char buf[64]; @@@@ -2116,7 +2117,7 @@@@ static void do_get(commands_t *cmd, clie sprintf(buf, "%s%s", buf, "*UNKNOWN*"); sprintf(buf, "%s%c", buf, '\n'); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "position")) { char buf[64]; @@@@ -2128,7 +2129,7 @@@@ static void do_get(commands_t *cmd, clie &pos_time, &length_time); snprintf(buf, sizeof(buf), "%s: %d\n", "Current position", pos_time); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "length")) { char buf[64]; @@@@ -2140,7 +2141,7 @@@@ static void do_get(commands_t *cmd, clie &pos_time, &length_time); snprintf(buf, sizeof(buf), "%s: %d\n", "Current length", length_time); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } else if(is_arg_contain(client_info, 1, "loop")) { char buf[64]; @@@@ -2169,7 +2170,7 @@@@ static void do_get(commands_t *cmd, clie } sprintf(buf, "%s.\n", buf); - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } } else if(nargs >= 2) { @@@@ -2552,7 +2553,7 @@@@ static void do_halt(commands_t *cmd, cli static void network_messenger(void *data, char *message) { int socket = (int) data; - sock_write(socket, message); + sock_write(socket, "%s", message); } static void do_snap(commands_t *cmd, client_info_t *client_info) { @@@@ -2577,7 +2578,7 @@@@ static void say_hello(client_info_t *cli else { snprintf(buf, sizeof(buf), "%s %s %s\n", PACKAGE, VERSION, "remote server. Nice to meet you."); } - sock_write(client_info->socket, buf); + sock_write(client_info->socket, "%s", buf); } @