head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.24 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.22 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.20 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.18 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.16 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.14 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.12 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.10 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.8 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.6 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.4 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.2 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.2.0.4 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.2 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.1.0.8 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.6 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.4 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.2; locks; strict; comment @# @; 1.3 date 2007.07.15.19.41.29; author xtraeme; state dead; branches; next 1.2; 1.2 date 2007.02.17.22.48.16; author salo; state Exp; branches; next 1.1; 1.1 date 2006.04.21.11.11.26; author drochner; state Exp; branches 1.1.2.1 1.1.8.1; next ; 1.1.2.1 date 2006.04.21.11.11.26; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.04.26.14.58.40; author salo; state Exp; branches; next ; 1.1.8.1 date 2007.03.05.12.11.42; author ghen; state Exp; branches; next ; desc @@ 1.3 log @Update to 0.99.5: After long time, a new xine-ui version is now available. There are fixes for security issues with playlists (upgrade recommended!), fixes for crashes, memleaks and bugs. Functional enhancements and features are added, appearance of non-skinned windows is harmonized (with more space for text), translations are updated. @ text @$NetBSD: patch-aq,v 1.2 2007/02/17 22:48:16 salo Exp $ --- src/xitk/main.c.orig 2007-02-17 22:10:56.000000000 +0100 +++ src/xitk/main.c 2007-02-17 22:10:38.000000000 +0100 @@@@ -456,7 +456,7 @@@@ static void print_formatted(char *title, int len; char *blanks = " "; - printf(title); + printf("%s", title); sprintf(buffer, "%s", blanks); plugin = *plugins++; @@@@ -469,7 +469,7 @@@@ static void print_formatted(char *title, sprintf(buffer, "%s%s%s", buffer, (strlen(buffer) == strlen(blanks)) ? "" : ", ", plugin); } else { - printf(buffer); + printf("%s", buffer); printf(",\n"); snprintf(buffer, sizeof(buffer), "%s%s", blanks, plugin); } @@@@ -478,7 +478,7 @@@@ static void print_formatted(char *title, } if(strlen(buffer)) - printf(buffer); + printf("%s", buffer); printf(".\n\n"); } @@@@ -1249,7 +1249,7 @@@@ static void event_listener(void *user_da snprintf(buffer, sizeof(buffer), "%s [%d%%]\n", pevent->description, pevent->percent); gGui->mrl_overrided = 3; panel_set_title(buffer); - osd_display_info(buffer); + osd_display_info("%s", buffer); } break; @ 1.2 log @Security fixes for CVE-2007-0254 (and more): "A vulnerability has been reported in xine-ui, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the "errors_create_window()" function in errors.c. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted playlist file." Patch from SUSE. Bump PKGREVISION. XXX: The sources are a real mess. My condolences to everyone using it. And good luck, you'll need it!.. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @fix some format string vulnerabilities, see http://www.open-security.org/advisories/16 @ text @d3 2 a4 2 --- src/xitk/main.c.orig 2006-04-20 11:59:48.000000000 +0200 +++ src/xitk/main.c d32 9 @ 1.1.2.1 log @file patch-aq was added on branch pkgsrc-2006Q1 on 2006-04-21 11:11:26 +0000 @ text @d1 31 @ 1.1.2.2 log @Pullup ticket 1460 - requested by drochner security fix for xine-ui Patch provided by the submitter. Module Name: pkgsrc Committed By: drochner Date: Fri Apr 21 11:11:26 UTC 2006 Modified Files: pkgsrc/multimedia/xine-ui: Makefile distinfo Added Files: pkgsrc/multimedia/xine-ui/patches: patch-aq patch-ar Log Message: fix some format string vulnerabilities, see http://www.open-security.org/advisories/16 @ text @a0 31 $NetBSD: patch-aq,v 1.1.2.1 2006/04/26 14:58:40 salo Exp $ --- src/xitk/main.c.orig 2004-07-02 23:41:03.000000000 +0200 +++ src/xitk/main.c @@@@ -451,7 +451,7 @@@@ static void print_formatted(char *title, int len; char *blanks = " "; - printf(title); + printf("%s", title); sprintf(buffer, "%s", blanks); plugin = *plugins++; @@@@ -464,7 +464,7 @@@@ static void print_formatted(char *title, sprintf(buffer, "%s%s%s", buffer, (strlen(buffer) == strlen(blanks)) ? "" : ", ", plugin); } else { - printf(buffer); + printf("%s", buffer); printf(",\n"); snprintf(buffer, sizeof(buffer), "%s%s", blanks, plugin); } @@@@ -473,7 +473,7 @@@@ static void print_formatted(char *title, } if(strlen(buffer)) - printf(buffer); + printf("%s", buffer); printf(".\n\n"); } @ 1.1.8.1 log @Pullup ticket 2026 - requested by salo security update for xine-ui - pkgsrc/multimedia/xine-ui/Makefile 1.30, 1.34 via patch - pkgsrc/multimedia/xine-ui/distinfo 1.12, 1.14 via patch - pkgsrc/multimedia/xine-ui/patches/patch-ai 1.2 - pkgsrc/multimedia/xine-ui/patches/patch-aq 1.2 - pkgsrc/multimedia/xine-ui/patches/patch-ar 1.2 - pkgsrc/multimedia/xine-ui/patches/patch-as 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-au 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-av 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-aw 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-ax 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-ay 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-az 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-ba 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-bb 1.1 - pkgsrc/multimedia/xine-ui/patches/patch-bc 1.1 Module Name: pkgsrc Committed By: drochner Date: Tue Jan 9 14:52:41 UTC 2007 Modified Files: pkgsrc/multimedia/xine-ui: Makefile distinfo pkgsrc/multimedia/xine-ui/patches: patch-ar Added Files: pkgsrc/multimedia/xine-ui/patches: patch-as Log Message: fix PR pkg/35375: xine-ui freezes konsole sessions from Sergey Svishchev, patch from xine CVS --- Module Name: pkgsrc Committed By: salo Date: Sat Feb 17 22:48:18 UTC 2007 Modified Files: pkgsrc/multimedia/xine-ui: Makefile distinfo pkgsrc/multimedia/xine-ui/patches: patch-ai patch-aq Added Files: pkgsrc/multimedia/xine-ui/patches: patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc Log Message: Security fixes for CVE-2007-0254 (and more): "A vulnerability has been reported in xine-ui, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the "errors_create_window()" function in errors.c. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted playlist file." Patch from SUSE. Bump PKGREVISION. XXX: The sources are a real mess. My condolences to everyone using it. And good luck, you'll need it!.. @ text @d1 1 a1 1 $NetBSD: patch-aq,v 1.2 2007/02/17 22:48:16 salo Exp $ d3 2 a4 2 --- src/xitk/main.c.orig 2007-02-17 22:10:56.000000000 +0100 +++ src/xitk/main.c 2007-02-17 22:10:38.000000000 +0100 a31 9 @@@@ -1249,7 +1249,7 @@@@ static void event_listener(void *user_da snprintf(buffer, sizeof(buffer), "%s [%d%%]\n", pevent->description, pevent->percent); gGui->mrl_overrided = 3; panel_set_title(buffer); - osd_display_info(buffer); + osd_display_info("%s", buffer); } break; @