This fixes a number of security problems:
CVE-2008-5234 vector 1, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239,
CVE-2008-5240 vectors 3 & 4, CVE-2008-5243
other changes:
-Support H.264 and AAC streams within FLV
-tagging improvements
-Add position-based seeking independent from seekpoints
-misc fixes
This release contains some security fixes, notably a DoS via corrupted
Ogg files (CVE-2008-3231), some related fixes, and fixes for a few
possible buffer overflows.
The other changes include recognition of AMR audio and Snow video.
changes:
- For extra safety against possible Integer overflows like the ones found
in CVE-2008-1482, backport more calloc usage from 1.2 branch
-Added MIME types and .mpp for musepack
-Fixed display of some MJPEG streams
-Deprecate xine_xmalloc() function, see src/xine-utils/utils.c for more
information about the reason
-Provide a useful implementation of xine_register_log_cb()
-New version of the JACK output plugin
pkgsrc note: the fix for CVE-2008-1878 was integrated upstream
changes:
-security fix (unchecked array index, CVE-2008-1686)
-a few bug fixes (including the 1.1.11.1 regressions)
-new version of the pulseaudio output plugin
-open-source upport for RealAudio "cook"
changes:
* Security fixes:
- Array Indexing Vulnerability in sdpplin_parse(). (CVE-2008-0073)
- integer overflow, possibly leading to buffer overflow, CVE-2008-1482
* Reworked the plugin directory naming so that external plugins don't have
to be rebuilt for every release
* Made the version parsing much more reliable; it wasn't properly coping
with four-part version numbers
* Fixed an off-by-one in the FLAC security fix patch. This breakage was
causing failure to play some files
* Support 16-bit big-endian DTS audio
* Improved frame snapshot API. (ABI extension.)
* Re-add support for # (stream parameter separator) in raw filenames
* Fixed long delay when closing stream on dual core systems
pkgsrc note: CVE-2008-0073 was already fixed by patch
This release contains a security fix (array index vulnerability which
may lead to a stack buffer overflow, CVE-2008-0486). There are also
two minor bug fixes.
changes:
This release contains a security fix (remotely-expoitable buffer overflow,
CVE-2006-1664). (This is not the first time that that bug has been fixed?)
It also fixes a few more recent bugs, such as the audio output problems
in 1.1.9.
(The fix for CVE-2008-0225 which we had patches for was included
upstream too.)
changes:
There are improvements to DVB subtitle support and H.264 video, and fixes
for MP3 playback, DVB, ivtv, Flash video streams and some playlist types
(particularly XML ones). One significant fix is that the special "be nice
to the user" '#' handling has been dropped since it seems to have been
causing more problems than it fixes.
pkgsrc note: a fix for CVE-2008-0225 (RTSP buffer overflow) is
already included
This has improved DVB subtitles support, implements simple subtitle scaling
and bold & italics for text subtitles, and allows control of XxMC bob
deinterlacing. It also has fixes for an audio resampling problem (which
manifested as regular clicking), a problem which would cause the goom
plugin to stop working, and URL escape handling (use of %) in DVD and
Video CD MRLs. Some memory leaks are also fixed, and there are some
build fixes for Solaris users.
changes:
-bugfixes, among others for VCD playback
-adds support for libdca (formerly libdts)
-handle disappearing audio devices (possibly ALSA specific)
changes:
This release contains improvements and important bugfixes.
Some issues that have really "bugged" us for quite some
time (like NTSC DVDs audio sync, broken since 1.1.2, and
H.264 crashes) are finally fixed.
Some of the new features include True Audio and WavPack
support.
bugfixes, cleanup etc
pkgsrc notes:
-new True Audio / WavPack support is not enabled yet
-cleanup of bl3.mk: no need to propagate internals
-removed dependency on libflac -- there is support to play flac files
internally
-removed build of plugins for more exotic video outputs (SDL, ImageMagick,
GL, aalib), this might be built in extra pkgs (like esound and arts
already do)
-avoid file descriptor leak
-advance buffer pointer correctly on short reads
from an unnamed contributor
add limit check to real parser (CVE-2006-6172)
from mplayer svn
bump PKGREVISION
* Security fixes:
- Heap overflow in libmms (related to CVE-2006-2200)
- Buffer overrun in Real Media input plugin. [bug #1603458]
Thanks to Roland Kay for reporting and JW for the patch.
* Update build system to support x86 Darwin setups, and merge patches to
support Darwin OS better.
* Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is
the requried version.
* When the compiler supports it, enable hidden visibility for all the
plugins to export only the plugin info entry (and eventual needed
special functions), to replace the min-symtab option that wasn't working.
* Add "m4b" to the list of supported file extensions for the Qt demuxer, to
allow playing (unprotected) audiobooks in AAC format.
* Remove --disable-fpic hack, prefer using --without-pic instead.
* Add new output plugin: PulseAudio (based on PolypAudio plugin), that uses
0.9 API (PulseAudio is PolypAudio renamed).
* Remove PolypAudio plugin, latest version supported 0.7 API that is no more
supported by upstream, and it's replaced by PulseAudio.
* Allow 0 for DVD title/chapter (navigation or full title).
* New experimental JACK audio driver.
* Fix switch from alsa/dmix 2.0 to 5.1 [bug #1226595]
* Don't use proxy for localhost connection. [bug #1553633]
* Use mmap() to open local files if available.
* Use pkg-config to look for external FFmpeg.
* Allow FFmpeg to play MP3s in case MAD is not present.
* Reduce the dead time when trying to connect to dead hosts, by falling back
to non-blocking sockets on the last address found for an host, and allowing
users to provide a connection timeout. [bug #1550844]
* Return the correct error message to frontends when a file is inaccessible or
the network connection is broken. [bug #1550763]
* Support libcaca 0.99, thanks to cjacker huang.
* Fix crash on video-only WMV streams. [bug #1564598]
* Report audio stream on Shorten files (required for Amarok to play them).
* Optionally use fontconfig to look up fonts to use for OSD. [bug #1551042]
* Prefer FreeType2 rendered fonts to bitmap fonts.
* Stone age platforms update
* Enabled TrueSpeech codec
* New X11 visual type: xine-lib may now use frontend's mutex/lock mechanism
instead of XLockDisplay/XUnlockDisplay.
* Allow playing of OggFlac files. [bug #1590690]
* Allow playing FLAC files with an ID3 tag at the start.
* Fix some crashes caused by MP3 files (and possibly others) being
misdetected as AAC.
all the time at least on DragonFly. Move some inline functions around
so that they exist before they are used, avoiding compilation errors
on DragonFly where -fno-unit-at-a-time is disable by default.
xine-lib (1.1.2)
* Security fixes:
- CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs).
- CVE-2006-2802: possible buffer overflow in the HTTP plugin.
- possible buffer overflow via bad indexes in specially-crafted AVI files
* Update gettext support to 0.14.5, disable internal gettext, fix locales
handling, use the correct domain for strings.
* Italian translation update
* Czech translation update
* Disable the XXMC plugin if Xv support isn't there
* Also look for Xv support in /usr/lib for X.org's new location
* Fix using xine-lib on systems with SELinux enabled
* Build right with libiconv in /usr/local as default on FreeBSD
* Fix a potential crash with fixed-size lacing in the Matroska demuxer
* Patch from SuSE to fix alsa after hardware suspend
* Fix the ./configure --enable-static-xv parameter
* Really fix the speed changing race that was mentioned in 1.1.1
* Send events for tvtime filmmode changes
* Add an image decoder based on gdk-pixbuf
* Add browseable capability to smb input plugin
* Enable AMD64 mmx/sse support in some plugins (tvtime, libmpeg2, goom...)
* Fix xxmc subpictures (broken since 1.1.1)
* FFmpeg update (version 51.1.0)
* Fix detection of locale containing a modifier (like "@euro")
* New volume normalization post plugin
* New image noise post plugin (useful for mitigating some compression artifacts)
* Support for Vorbis-style comments in FLAC files
* Coverity fixes
* Add ATSC support to the DVB plugin
* Make various structures and arrays constant.
* Fix up health check to find libX11 and libXv shared objects even if
devel packages aren't installed (where appropriate). (Ubuntu 47357)
* Fix install problems in case configure was generated by autoconf >= 2.59c.
* Fixed some win32 codec freezes when configured w32-path doesn't exist
* Add support for RealPlayer 10 codecs (from SUSE)
xine-lib (1.1.1)
* Improve sound quality when using alsa 1.0.9 or above.
When playing a 44.1khz stream on a 48khz only capable sound card.
It bypasses alsa-lib resampler and uses xine's
* Windows ports bug fixes and improvements
* Set up the framebuffer palette (fb video out).
* build fixes and improvements, added --with-pthread-prefix and
--with-zlib-prefix options
* new DirectFB video output plugin with many improvements (output to overlay
or TV, deinterlacing, image controls, zoom, OSD, double/triple buffering,
vsync, flicker filtering, field parity control)
* overlay cropping fixes for small streams or when using cropping support
* experimental frame allocation optimization reduces cpu usage of the
deinterlacer plugin by up 25%
* implement time seeking on DVD plugin
* move CFLAGS optimizations to a separated file (added --disable-optimizations)
* use the same codec path as MPlayer (/usr[/local]/lib/codecs)
* FFmpeg sync (new QDM2 decoder)
* imported Duck TrueMotion 2 decoder from FFmpeg
* sync libfaad2 to latest GPL compatible version; fixes AAC decoding on x86_64 arch
* support gapless playback while switching streams (requires UI cooperation)
* fix speed changing race causing deadlock with v4l plugin
* cddb improvements/fixes (DTITLE/DYEAR parsing, timeout increase and
multiline entries support) [#1205274]
xine-lib (1.1.0)
* new quality deinterlacer from dscaler: GreedyH (Greedy High Motion)
* new quality deinterlacer from dscaler: TomsMoComp (Tom's Motion Compensated)
* added help for most deinterlace methods
* ffmpeg update
* use ImageMagick to convert and display different type of images (png, jpg...)
* improve ASX playlist parsing
* add an extended MRL reference event (MRL title, start time, play time):
needed for the ASX parser; deprecates plain MRL reference events.
* goom updated to 2k4-0
xine-lib (1.0.4)
* tiny doc update
* build fixes and cross build improvements
* fixed an align problem in Win32 DirectX video output plugin
* fixed linking of X11 plugins for some platforms
changes:
* fixed playback of single-session Real RTSP streams, such as
rtsp://stream.samurai.fm/broadcast/live_hi.rm
* fixed xxmc / xvmc mocomp / IDCT rendering errors caused by the big update.
* support --enable-fpic with recent versions of gcc
* clip goom fps value to >= 1 [bug #1193783]
* fixed xvmc plugin segfault when it tried software blending on nonexistant xv image
* cleaned up libmpeg2 behaviour on xxmc plugin abrupt software fallback
* use -fno-inline-functions with gcc < 3.4.0 (bug known to be in 3.3.5)
* fix xxmc plugin wanting to change vld xvmc context when stream changes from
non-interlaced to interlaced [bug #1194350]
* speed up xx44 alphablending of large transparent areas
* stop libmpeg2 XvMC IDCT / MOCOMP attempting software motion compensation
[bug #1194754]
* improve xxmc cpu-usage for IDCT / MOCOMP acceleration through better locking
[bug #1195282]
* gcc4 build patches [bug #1175002]
* don't assume that file is in /usr/bin (build fix) [bug #1195539]
* plugin loader fixes - could cause xine to lock up hard on startup [bug #1196819]
* Fix xxmc bob deinterlacing for field-coded interlaced streams
* Fix LE_64/BE_64 macros on non-x86 plataforms. may fixes issues with some
demuxers like avi, asf and ogg.
* sputext improvements/workarounds
* add a new error message when a file we tried to play is an empty
(zero-sized) file
* be more POSIX-compliant (head, tail) (build fix)
* fixed deadlock when libxine was called from the event listener thread and
tried to flush all pending events.
* Added xine(5), documenting MRL syntax.
* allow playing just a single title/chapter from dvd (useful for extracting audio -
check media.dvd.play_single_chapter)
* new stream infos allows frontends to query current title/chapter/angle on dvds
* new upmix_mono audio post plugin to convert mono to stereo
* added --with-external-a52dec and --with-external-libmad switches
* fix a locking bug which affects configuration callback functions
Add patch-ak and patch-an to support -enable-fpic with recent
versions of gcc. From xine cvs.
Bump PKGREVISION just in case these patch-ak and patch-an change
functionality.
Tested builds and running on FreeBSD 5.4-STABLE with gcc 3.4.2 and
FreeBSD 5.3, and Linux 2.6.9 with gcc 3.3.5. And tested build
and install on NetBSD 1.6.2_STABLE.
Okayed by jmmv a couple weeks ago.
changes:
-Big XvMC quality / correctness / cpu-usage fix
-added support for WMA Voice codec
-support for Windows Media Audio Lossless
-bugfixes
-security fixes (were already patched in pkgsrc)
also add a patch to correct the path for win32 codecs, needed if
xine-lib in embedded into other applications (as totem)
X11 from pkgsrc.
For some reason, X11 is not found by the configure script in such systems
(which is the correct behavior, as USE_X11 is undefined). This results in
a configuration failure because the script defines the HAVE_XV conditional
in an incorrect place (inside a shell conditional).
Problem reported by Owen Becker <owen at safeasmilk.net> in tech-pkg@.
