(stack-based buffer overflow in the str_read_packet function in
libavformat/psxstr.c)
-add (a modified version of) the ffmpeg 4xm patch which fixes
possible memory corruption
bump PKGREVISION
to version 1.0rc2 (as 1.0rc10).
Changes since version 1.0rc1 (known as 1.0rc9 in "pkgsrc"):
- A lot of new audio and video decoders and other improvements
- A large number of bug fixes
- Updated documentation
- Support for Mac OS X Intel
Approved by Thomas Klausner (because it fixes the Darwin-i386 build).
Check wLongsPerEntry before using it.
This fixes a potential crash for some values of it.
As a side effect it works around broken callocs with an integer
overflow vulnerability, but using MPlayer on such systems should
never be assumed to be safe!
This should fix SA26806 (http://secunia.com/advisories/26806/).
bump PKGREVISIONs
sync mplayer and gmplayer buildlink includes. Add the following:
- to gmplayer to match mplayer: libXinerama libXv
- to gmplayer only: libdvdnav
- to both: libXvMC libXxf86dga libXxf86vm
is upstream 1.0rc1, but we already used rc for the previous versions).
With valuable help from drochner, thanks!
ChangeLog:
MPlayer 1.0rc1: "Codename intentionally left blank"
DOCS:
* German documentation translation finished
* Russian documentation translation synced and almost finished
Drivers:
* IVTV hardware MPEG audio/video decoder output
* ALSA audio output: AC3 passthrough now works even when the device name of the digital output port has been set by the user
* bicubic OpenGL scaling works with ATI cards
* md5sum switched to the libavutil MD5 implementation
* support for libcaca 1.0 via compatibility layer
Decoders:
* liba52 updated to 0.7.4 (slightly faster)
* SSE optimizations for mp3lib
* removed support for obsolete and non-free divx4 libraries
Demuxers:
* audio stream switching in MPEG-TS/PS, Matroska and streams supported by libavformat
* audio stream switching between streams with different codecs
* libavformat demuxer now honors -alang
* chapter seeking in Matroska files
* fixed seeking to absolute and percent position for libavformat demuxer
* NUT demuxer using libnut
* Matroska SimpleBlock support
Inputs:
* split of stream layer from libmpdemux to new stream library
* PVR input for hardware MPEG encoder based cards, such as Hauppauge WinTV PVR-150/250/350/500 AKA IVTV but also pvrusb2 and cx88 (requires Linux >= 2.6.18 kernel, featuring native V4L2 MPEG API)
* native RTSP input (handles MPEG-TS over RTP) for generic RTSP servers
* support for seeking to chapters in dvd:// and dvdnav:// streams
* radio support (radio://)
FFmpeg/libavcodec:
* VC-1/WMV3/WMV9 video decoder
* Vorbis decoding speedup, now default Vorbis decoder
* VMware Video decoder
* On2 VP50 and VP62 decoder
* lossless audio decoders: WavPack, TTA, Shorten
* CAVS decoder
* GXF muxer/demuxer
* MXF demuxer
* much improved FLAC encoder
* more H.264 decoding speed improvements, plus support for -lavdopts fast
* Theora decoder fixes
* preliminary Vorbis encoder
* MTV demuxer
GUI:
* Windows version added
* drag-and-drop ignored last file
* save and load cache setting correctly
* working audio stream selection for Ogg and Matroska files
* executable names like gmplayer_old etc. will now start GUI as well
* -gui/-nogui options
* xinerama fixes, now behaves similar to MPlayer without GUI
Filters:
* MMX-optimizations for -vf yadif
* MMX-optimizations for -vf zrmjpeg
MEncoder:
* support of x264 encoding via libavcodec
* rewrite -x264encopts option parser to use the 264 option parser; likely breaks 3rd party tools as the syntax of some options has changed
* removed support for obsolete and non-free divx4 libraries
Ports:
* partial Intel Mac support, --disable-win32 --disable-mp3lib is needed
* OpenGL can now create windows > screen size under Windows
* allow filenames starting with \\ for remote paths on Windows
Others:
* SSA/ASS subtitle renderer
* -endpos option for MPlayer
* -correct-pts option
* UTF-8 used for OSD and subtitles, some bitmap fonts will no longer work correctly and -subcp must be set for all non-UTF-8 subtitles
* more audio-truncation fixes
* libavutil mandatory for MPlayer compilation
* more intuitive -edlout behaviour
* -nortc is now default since -rtc has disadvantages with recent kernels
too many changes to list here, see the ChangeLog
most visible: security patches and DragonFly support were intrgrated
upstream, new gmplayer look&feel (like it or not...)
which we had a patch for
-add another patch from the Mplayer site which fixes CVE-2006-0579
(ASF demuxer overflows)
bump PKGREVISIONS of mplayer, mencoder and gmplayer
aalib-x11 and aview-x11.
SDL dependencies change, so bump PKGREVISION (and BUILDLINK_RECOMMENDED)
for affected packages.
Addresses PR 32046 by Leonard Schmidt.
"A vulnerability in FFmpeg libavcodec can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially to compromise a user's
system."
http://secunia.com/advisories/17892/
Fix from ffmpeg CVS repository, libavcodec/utils.c rev. 1.162:
"default_get_buffer() cleanup
fixes probably exploitable heap overflow
heap overflow found by (Simon Kilvington)"
This means that the MPLAYER_ENABLE_RUNTIME_CPU_DETECTION,
MPLAYER_DISABLE_DRIVERS and MPLAYER_USE_MEDIALIB become deprecated
(although still recognized).
Visible changes in the resulting binary packages should be minimum by
default (everything that was enabled before still is, and the same
dependencies are kept). A notable addition, though, is the support for
user-defined menus, closing PR pkg/29784.
Also note that (almost) all dependencies have now a corresponding option
to disable them in case you want to get a minimalist mplayer package.
'make show-options' is your friend ;)
With thanks to wiz@ and dillo@ for their comments and help.
