From 44240ec1a14a3d01fe97ef4093a8a808bbf96844 Mon Sep 17 00:00:00 2001 From: tonnerre Date: Sun, 20 Apr 2008 15:31:02 +0000 Subject: Update vlc to version 0.8.6f, also applying some smaller patches: - Wrong boundary check in Speex decoder (CVE-2008-1686). - Compilability of CDDA code with modern libcdio versions. Vendor updates in 0.8.6f - Security vulnerabilities in the Subtitle demuxer, Real RTSP demuxer, MP4 demuxer and Cinepak codec: CVE-2007-6681, CVE-2008-0073, CVE-2008-1489, CVE-2008-1769). - Crashes in H264 packetizer. - Close MMS access on network timeout. - Some problems with AAC decoder & packetizer. Vendor updates in 0.8.6e: - Security vulnerabilities in the Web interface, Subtitle demuxer, Real RTSP demuxer, SDL_image library and MP4 demuxer (CVE-2007-6681, CVE-2007-6682, CVE-2006-4484, CVE-2008-0225, CVE-2008-0295, CVE-2008-0296, CORE-2008-0130). - Resume playback for viewing content over FTP. - Fixed XShm detection with remote X11. - DTS to S/PDIF converter fixes. - Waiting for SPS/PPS problem in H.264 packetizer. - Improved compatibility for creating H.264 video files playable on iPhones. Approved-by: joerg --- multimedia/vlc/Makefile | 6 ++--- multimedia/vlc/distinfo | 13 +++++------ multimedia/vlc/patches/patch-ac | 49 ++++++++++------------------------------- multimedia/vlc/patches/patch-ad | 42 ++++++++++++++++++++--------------- multimedia/vlc/patches/patch-ae | 20 ----------------- 5 files changed, 44 insertions(+), 86 deletions(-) delete mode 100644 multimedia/vlc/patches/patch-ae (limited to 'multimedia') diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index f202280c62c..b2386f90c8c 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.51 2008/04/12 22:43:08 jlam Exp $ +# $NetBSD: Makefile,v 1.52 2008/04/20 15:31:02 tonnerre Exp $ # DISTNAME= vlc-${VLC_VER} +VLC_VER= 0.8.6f CATEGORIES= multimedia MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/ EXTRACT_SUFX= .tar.bz2 -PKGREVISION= 3 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.videolan.org/ @@ -19,8 +19,6 @@ PTHREAD_OPTS+= require USE_LANGUAGES= c c++ USE_DIRS+= xdg-1.4 -VLC_VER= 0.8.6d - .include "../../mk/bsd.prefs.mk" .include "options.mk" diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo index 8da4ca06eb7..6e3332e5204 100644 --- a/multimedia/vlc/distinfo +++ b/multimedia/vlc/distinfo @@ -1,10 +1,9 @@ -$NetBSD: distinfo,v 1.15 2008/03/26 02:32:17 tnn Exp $ +$NetBSD: distinfo,v 1.16 2008/04/20 15:31:02 tonnerre Exp $ -SHA1 (vlc-0.8.6d.tar.bz2) = 63afd15cc782795c8d8f3de5edc614389465c577 -RMD160 (vlc-0.8.6d.tar.bz2) = 16c1998dbc30ad96bebdd8792d135b5f7899166e -Size (vlc-0.8.6d.tar.bz2) = 11170003 bytes +SHA1 (vlc-0.8.6f.tar.bz2) = 9684bb7504636d3e3143734698c2bbac250f4a03 +RMD160 (vlc-0.8.6f.tar.bz2) = c52d0cb7e8ba36f9d0959b9d6e1e8b1b36b71b04 +Size (vlc-0.8.6f.tar.bz2) = 11433698 bytes SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671 -SHA1 (patch-ac) = 54526feb8f88cd1f61e40abd62ed5f68ce6b934b -SHA1 (patch-ad) = dd92aeabc8d21ebf4113558b9d63f7737add2d91 -SHA1 (patch-ae) = 6282c601bb7c1f6c5b55f57a02e965216bd38cd3 +SHA1 (patch-ac) = 69f90b13aa4c398a00c12279c8bd8af922e9e8aa +SHA1 (patch-ad) = 29660533b468e6871fa8104e081f9321cfb30aa5 diff --git a/multimedia/vlc/patches/patch-ac b/multimedia/vlc/patches/patch-ac index a66bf64bf94..89113bf6d6f 100644 --- a/multimedia/vlc/patches/patch-ac +++ b/multimedia/vlc/patches/patch-ac @@ -1,40 +1,15 @@ -$NetBSD: patch-ac,v 1.3 2008/02/20 13:11:00 xtraeme Exp $ +$NetBSD: patch-ac,v 1.4 2008/04/20 15:31:03 tonnerre Exp $ ---- include/vlc_threads_funcs.h.orig 2007-11-26 14:08:12.000000000 +0100 -+++ include/vlc_threads_funcs.h -@@ -111,7 +111,7 @@ static inline int __vlc_mutex_lock( cons - i_result = pthread_mutex_lock( &p_mutex->mutex ); - if ( i_result ) - { -- i_thread = (int)pthread_self(); -+ i_thread = (intptr_t)pthread_self(); - psz_error = strerror(i_result); - } - -@@ -184,7 +184,7 @@ static inline int __vlc_mutex_unlock( co - i_result = pthread_mutex_unlock( &p_mutex->mutex ); - if ( i_result ) - { -- i_thread = (int)pthread_self(); -+ i_thread = (intptr_t)pthread_self(); - psz_error = strerror(i_result); - } - -@@ -322,7 +322,7 @@ static inline int __vlc_cond_signal( con - i_result = pthread_cond_signal( &p_condvar->cond ); - if ( i_result ) - { -- i_thread = (int)pthread_self(); -+ i_thread = (intptr_t)pthread_self(); - psz_error = strerror(i_result); +Fix wrong boundary check in Speex decoder (CVE-2008-1686). + +--- modules/codec/speex.c.orig 2008-03-23 22:41:48.000000000 +0000 ++++ modules/codec/speex.c +@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder + msg_Err( p_dec, "cannot read Speex header" ); + return VLC_EGENERIC; } - -@@ -512,7 +512,7 @@ static inline int __vlc_cond_wait( const - - if ( i_result ) +- if( p_header->mode >= SPEEX_NB_MODES ) ++ if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 ) { -- i_thread = (int)pthread_self(); -+ i_thread = (intptr_t)pthread_self(); - psz_error = strerror(i_result); - } - + msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in " + "this version of libspeex.", p_header->mode ); diff --git a/multimedia/vlc/patches/patch-ad b/multimedia/vlc/patches/patch-ad index 7baf9f89a27..1daaa291eb2 100644 --- a/multimedia/vlc/patches/patch-ad +++ b/multimedia/vlc/patches/patch-ad @@ -1,18 +1,24 @@ -$NetBSD: patch-ad,v 1.5 2008/02/28 16:18:53 kefren Exp $ -Index: modules/demux/mp4/mp4.c -=================================================================== ---- modules/demux/mp4/mp4.c (revision 24943) -+++ modules/demux/mp4/mp4.c (revision 24944) -@@ -1151,6 +1151,12 @@ - for( i_chunk = p_stsc->data.p_stsc->i_first_chunk[i_index] - 1; - i_chunk < i_last; i_chunk++ ) - { -+ if( i_chunk >= p_demux_track->i_chunk_count ) -+ { -+ msg_Warn( p_demux, "corrupted chunk table" ); -+ return VLC_EGENERIC; -+ } -+ - p_demux_track->chunk[i_chunk].i_sample_description_index = - p_stsc->data.p_stsc->i_sample_description_index[i_index]; - p_demux_track->chunk[i_chunk].i_sample_count = +$NetBSD: patch-ad,v 1.6 2008/04/20 15:31:03 tonnerre Exp $ + +Fix compilability of CDDA code with modern libcdio versions. + +--- modules/access/cdda/cdda.h.orig 2008-03-23 22:41:48.000000000 +0000 ++++ modules/access/cdda/cdda.h +@@ -75,7 +75,7 @@ typedef enum { + paranoia_none = 0, /* Note: We make use of 0 as being the same as false */ + paranoia_overlap = 1, + paranoia_full = 2 +-} paranoia_mode_t; ++} vlc_paranoia_mode_t; + + + /***************************************************************************** +@@ -107,7 +107,7 @@ typedef struct cdda_data_s + + #if LIBCDIO_VERSION_NUM >= 72 + /* Paranoia support */ +- paranoia_mode_t e_paranoia; /* Use cd paranoia for reads? */ ++ vlc_paranoia_mode_t e_paranoia; /* Use cd paranoia for reads? */ + cdrom_drive_t *paranoia_cd; /* Place to store drive + handle given by paranoia. */ + cdrom_paranoia_t *paranoia; diff --git a/multimedia/vlc/patches/patch-ae b/multimedia/vlc/patches/patch-ae deleted file mode 100644 index b5e4b6d513c..00000000000 --- a/multimedia/vlc/patches/patch-ae +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-ae,v 1.3 2008/03/26 02:32:17 tnn Exp $ - ---- modules/demux/mp4/libmp4.c.orig 2007-11-26 14:08:01.000000000 +0100 -+++ modules/demux/mp4/libmp4.c -@@ -1959,10 +1959,14 @@ static int MP4_ReadBox_rdrf( stream_t *p - MP4_GETVERSIONFLAGS( p_box->data.p_rdrf ); - MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type ); - MP4_GET4BYTES( i_len ); -+ i_len++; -+ - if( i_len > 0 ) - { - uint32_t i; -- p_box->data.p_rdrf->psz_ref = malloc( i_len + 1); -+ p_box->data.p_rdrf->psz_ref = malloc( i_len ); -+ i_len--; -+ - for( i = 0; i < i_len; i++ ) - { - MP4_GET1BYTE( p_box->data.p_rdrf->psz_ref[i] ); -- cgit v1.2.3