DragonFly builds with two plugins that NetBSD suppresses, but these
plugins were not on PLIST although the definition of suitable PLIST
variables suggest this was intended originally. The plugins have
been conditionally added to the PLIST to properly support DragonFly.
Changes from 10.3.183.7
Critical vulnerabilities have been identified in Adobe Flash Player
11.0.1.152 and earlier versions for Windows, Macintosh, Linux and
Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions
for Android. These vulnerabilities could cause a crash and potentially
allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier
versions for Windows, Macintosh, Linux and Solaris update to Adobe
Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153
and earlier versions for Android should update to Adobe Flash Player
11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows,
Macintosh, and Android should update to Adobe AIR 3.1.0.4880.
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2445).
This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-2450).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2451).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2452).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2453).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2454).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2455).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456).
This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2011-2457).
This update resolves a vulnerability that could lead to a cross-domain policy bypass (Internet Explorer-only) (CVE-2011-2458).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2459).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2460).
... now after reading the above, just how happy are people running this code
from their browsers?
Changes from 11.0.1.152
Critical vulnerabilities have been identified in Adobe Flash Player
11.0.1.152 and earlier versions for Windows, Macintosh, Linux and
Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions
for Android. These vulnerabilities could cause a crash and potentially
allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier
versions for Windows, Macintosh, Linux and Solaris update to Adobe
Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153
and earlier versions for Android should update to Adobe Flash Player
11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows,
Macintosh, and Android should update to Adobe AIR 3.1.0.4880.
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2445).
This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-2450).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2451).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2452).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2453).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2454).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2455).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456).
This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2011-2457).
This update resolves a vulnerability that could lead to a cross-domain policy bypass (Internet Explorer-only) (CVE-2011-2458).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2459).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2460).
... now after reading the above, just how happy are people running this code
from their browsers?
This is based on Ryo ONODERA's wip package with some pkglint and MESSAGE
shuffling from me (any issues seen are likely to be due to that rather
than the original package).
Netscape compatible plugin for Adobe Flash player. This package
contains a plugin that enables web browsers to render the Flash
format.
The nspluginwrapper option (enabled by default on non Linux platforms)
permits the use of the the Linux x86 flash player in Firefox browsers
on other x86 systems and x86_64 systems.
For NetBSD this package requires emul.linux.kern.osrelease = 2.6.18
or later, which means it will not work on NetBSD 5.x or older
systems.
Changelog:
2011-08-15 v0.9.7-p1 "Cayuga" patch 1
This is an incremental bugfix release against Cayuga. All users of that
release are strongly encouraged to upgrade.
- Fix potential OOB reads (cdae03a)
An unbounded out of bounds read was discovered when the
decoder was requested to perform error concealment (new in
Cayuga) given a frame with corrupt partition sizes.
A bounded out of bounds read was discovered affecting all
versions of libvpx. Given an multipartition input frame that
is truncated between the mode/mv partition and the first
residiual paritition (in the block of partition offsets), up
to 3 extra bytes could have been read from the source buffer.
The code will not take any action regardless of the contents
of these undefined bytes, as the truncated buffer is detected
immediately following the read based on the calculated
starting position of the coefficient partition.
- Fix potential error concealment crash when the very first frame
is missing or corrupt (a609be5)
- Fix significant artifacts in error concealment (a4c2211, 99d870a)
- Revert 1-pass CBR rate control changes (e961317)
Further testing showed this change produced undesirable visual
artifacts, rolling back for now.
features of libxineposix are supported natively and ar refuses create an
empty library, and it shouldn't do any harm otherwise. Fixes build on
OpenIndiana 151.
changes: many fixes and improvements
pkgsrc note: This version hasn't been tested in practice yet. The
previous one had a problem with mkvmerge going into an endless loop.
We still have mkvtoolnix-old (2.9.8) as a known working one for
that reason.
changes: cleanup and minor fixes
pkgsrc note: according to the ChangeLog, this version is not binary
compatible to older versions -> ABI_DEPENDS bumped
and FreeBSD with the "lwres" library. This allows us to remove the
problematic dependence on the "bind97" package. Fix suggested by
OBATA Akio on the "tech-pkg" mailing list.
Approved by Thomas Klausner.
