Update vlc to version 0.8.6f, also applying some smaller patches:

 - Wrong boundary check in Speex decoder (CVE-2008-1686).
 - Compilability of CDDA code with modern libcdio versions.

Vendor updates in 0.8.6f
 - Security vulnerabilities in the Subtitle demuxer, Real RTSP demuxer,
   MP4 demuxer and Cinepak codec: CVE-2007-6681, CVE-2008-0073,
   CVE-2008-1489, CVE-2008-1769).
 - Crashes in H264 packetizer.
 - Close MMS access on network timeout.
 - Some problems with AAC decoder & packetizer.

Vendor updates in 0.8.6e:
 - Security vulnerabilities in the Web interface, Subtitle demuxer,
   Real RTSP demuxer, SDL_image library and MP4 demuxer (CVE-2007-6681,
   CVE-2007-6682, CVE-2006-4484, CVE-2008-0225, CVE-2008-0295, CVE-2008-0296,
   CORE-2008-0130).
 - Resume playback for viewing content over FTP.
 - Fixed XShm detection with remote X11.
 - DTS to S/PDIF converter fixes.
 - Waiting for SPS/PPS problem in H.264 packetizer.
 - Improved compatibility for creating H.264 video files playable on iPhones.

Approved-by: joerg

5 files changed, 44 insertions, 86 deletions

diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile
index f202280c62c..b2386f90c8c 100644
--- a/multimedia/vlc/Makefile
+++ b/multimedia/vlc/Makefile
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.51 2008/04/12 22:43:08 jlam Exp $
+# $NetBSD: Makefile,v 1.52 2008/04/20 15:31:02 tonnerre Exp $
 #
 
 DISTNAME=		vlc-${VLC_VER}
+VLC_VER=		0.8.6f
 CATEGORIES=		multimedia
 MASTER_SITES=		http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
 EXTRACT_SUFX=		.tar.bz2
-PKGREVISION=		3
 
 MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www.videolan.org/
@@ -19,8 +19,6 @@ PTHREAD_OPTS+=		require
 USE_LANGUAGES=		c c++
 USE_DIRS+=		xdg-1.4
 
-VLC_VER=		0.8.6d
-
 .include "../../mk/bsd.prefs.mk"
 .include "options.mk"
 
diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo
index 8da4ca06eb7..6e3332e5204 100644
--- a/multimedia/vlc/distinfo
+++ b/multimedia/vlc/distinfo
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.15 2008/03/26 02:32:17 tnn Exp $
+$NetBSD: distinfo,v 1.16 2008/04/20 15:31:02 tonnerre Exp $
 
-SHA1 (vlc-0.8.6d.tar.bz2) = 63afd15cc782795c8d8f3de5edc614389465c577
-RMD160 (vlc-0.8.6d.tar.bz2) = 16c1998dbc30ad96bebdd8792d135b5f7899166e
-Size (vlc-0.8.6d.tar.bz2) = 11170003 bytes
+SHA1 (vlc-0.8.6f.tar.bz2) = 9684bb7504636d3e3143734698c2bbac250f4a03
+RMD160 (vlc-0.8.6f.tar.bz2) = c52d0cb7e8ba36f9d0959b9d6e1e8b1b36b71b04
+Size (vlc-0.8.6f.tar.bz2) = 11433698 bytes
 SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c
 SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671
-SHA1 (patch-ac) = 54526feb8f88cd1f61e40abd62ed5f68ce6b934b
-SHA1 (patch-ad) = dd92aeabc8d21ebf4113558b9d63f7737add2d91
-SHA1 (patch-ae) = 6282c601bb7c1f6c5b55f57a02e965216bd38cd3
+SHA1 (patch-ac) = 69f90b13aa4c398a00c12279c8bd8af922e9e8aa
+SHA1 (patch-ad) = 29660533b468e6871fa8104e081f9321cfb30aa5
diff --git a/multimedia/vlc/patches/patch-ac b/multimedia/vlc/patches/patch-ac
index a66bf64bf94..89113bf6d6f 100644
--- a/multimedia/vlc/patches/patch-ac
+++ b/multimedia/vlc/patches/patch-ac
@@ -1,40 +1,15 @@
-$NetBSD: patch-ac,v 1.3 2008/02/20 13:11:00 xtraeme Exp $
+$NetBSD: patch-ac,v 1.4 2008/04/20 15:31:03 tonnerre Exp $
 
---- include/vlc_threads_funcs.h.orig	2007-11-26 14:08:12.000000000 +0100
-+++ include/vlc_threads_funcs.h
-@@ -111,7 +111,7 @@ static inline int __vlc_mutex_lock( cons
-     i_result = pthread_mutex_lock( &p_mutex->mutex );
-     if ( i_result )
-     {
--        i_thread = (int)pthread_self();
-+        i_thread = (intptr_t)pthread_self();
-         psz_error = strerror(i_result);
-     }
- 
-@@ -184,7 +184,7 @@ static inline int __vlc_mutex_unlock( co
-     i_result = pthread_mutex_unlock( &p_mutex->mutex );
-     if ( i_result )
-     {
--        i_thread = (int)pthread_self();
-+        i_thread = (intptr_t)pthread_self();
-         psz_error = strerror(i_result);
-     }
- 
-@@ -322,7 +322,7 @@ static inline int __vlc_cond_signal( con
-     i_result = pthread_cond_signal( &p_condvar->cond );
-     if ( i_result )
-     {
--        i_thread = (int)pthread_self();
-+        i_thread = (intptr_t)pthread_self();
-         psz_error = strerror(i_result);
+Fix wrong boundary check in Speex decoder (CVE-2008-1686).
+
+--- modules/codec/speex.c.orig	2008-03-23 22:41:48.000000000 +0000
++++ modules/codec/speex.c
+@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder
+         msg_Err( p_dec, "cannot read Speex header" );
+         return VLC_EGENERIC;
      }
- 
-@@ -512,7 +512,7 @@ static inline int __vlc_cond_wait( const
- 
-     if ( i_result )
+-    if( p_header->mode >= SPEEX_NB_MODES )
++    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
      {
--        i_thread = (int)pthread_self();
-+        i_thread = (intptr_t)pthread_self();
-         psz_error = strerror(i_result);
-     }
- 
+         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
+                  "this version of libspeex.", p_header->mode );
diff --git a/multimedia/vlc/patches/patch-ad b/multimedia/vlc/patches/patch-ad
index 7baf9f89a27..1daaa291eb2 100644
--- a/multimedia/vlc/patches/patch-ad
+++ b/multimedia/vlc/patches/patch-ad
@@ -1,18 +1,24 @@
-$NetBSD: patch-ad,v 1.5 2008/02/28 16:18:53 kefren Exp $
-Index: modules/demux/mp4/mp4.c
-===================================================================
---- modules/demux/mp4/mp4.c	(revision 24943)
-+++ modules/demux/mp4/mp4.c	(revision 24944)
-@@ -1151,6 +1151,12 @@
-         for( i_chunk = p_stsc->data.p_stsc->i_first_chunk[i_index] - 1;
-              i_chunk < i_last; i_chunk++ )
-         {
-+            if( i_chunk >= p_demux_track->i_chunk_count )
-+            {
-+                msg_Warn( p_demux, "corrupted chunk table" );
-+                return VLC_EGENERIC;
-+            }
-+
-             p_demux_track->chunk[i_chunk].i_sample_description_index =
-                     p_stsc->data.p_stsc->i_sample_description_index[i_index];
-             p_demux_track->chunk[i_chunk].i_sample_count =
+$NetBSD: patch-ad,v 1.6 2008/04/20 15:31:03 tonnerre Exp $
+
+Fix compilability of CDDA code with modern libcdio versions.
+
+--- modules/access/cdda/cdda.h.orig	2008-03-23 22:41:48.000000000 +0000
++++ modules/access/cdda/cdda.h
+@@ -75,7 +75,7 @@ typedef enum {
+   paranoia_none    = 0, /* Note: We make use of 0 as being the same as false */
+   paranoia_overlap = 1, 
+   paranoia_full    = 2
+-} paranoia_mode_t;
++} vlc_paranoia_mode_t;
+ 
+   
+ /*****************************************************************************
+@@ -107,7 +107,7 @@ typedef struct cdda_data_s
+ 
+ #if LIBCDIO_VERSION_NUM >= 72
+   /* Paranoia support */
+-  paranoia_mode_t e_paranoia;         /* Use cd paranoia for reads? */
++  vlc_paranoia_mode_t e_paranoia;     /* Use cd paranoia for reads? */
+   cdrom_drive_t *paranoia_cd;         /* Place to store drive
+ 					 handle given by paranoia. */
+   cdrom_paranoia_t *paranoia;
diff --git a/multimedia/vlc/patches/patch-ae b/multimedia/vlc/patches/patch-ae
deleted file mode 100644
index b5e4b6d513c..00000000000
--- a/multimedia/vlc/patches/patch-ae
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-ae,v 1.3 2008/03/26 02:32:17 tnn Exp $
-
---- modules/demux/mp4/libmp4.c.orig	2007-11-26 14:08:01.000000000 +0100
-+++ modules/demux/mp4/libmp4.c
-@@ -1959,10 +1959,14 @@ static int MP4_ReadBox_rdrf( stream_t *p
-     MP4_GETVERSIONFLAGS( p_box->data.p_rdrf );
-     MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type );
-     MP4_GET4BYTES( i_len );
-+    i_len++;
-+
-     if( i_len > 0 )
-     {
-         uint32_t i;
--        p_box->data.p_rdrf->psz_ref = malloc( i_len  + 1);
-+        p_box->data.p_rdrf->psz_ref = malloc( i_len );
-+        i_len--;
-+
-         for( i = 0; i < i_len; i++ )
-         {
-             MP4_GET1BYTE( p_box->data.p_rdrf->psz_ref[i] );