"A vulnerability in FFmpeg libavcodec can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially to compromise a user's
system."
http://secunia.com/advisories/17892/
Fix from ffmpeg CVS repository, libavcodec/utils.c rev. 1.162:
"default_get_buffer() cleanup
fixes probably exploitable heap overflow
heap overflow found by (Simon Kilvington)"
some relevant changes:
-RTSP/MMST security patches now in main distribution
-documentation improvements
-x86_64 support fixes
-integrated Tremor decoder for Ogg/Vorbis
-expose support for 422P and 444P raw formats
-dropped support of old FAAD2 versions (<= 1.1)
-support for 32 bit float and extended WAV files
-support for multichannel WAV files
-ALAC (QuickTime lossless audio) support via lavc
-vqf demuxer
-support for Real multirate files
-more user-friendly info about audio and subtitle tracks in Ogg files
-streaming improvements
-ffmpeg updates
-MEncoder usability improvements
-many fixes and cleanups
Changes since version 1.0pre5:
- buffer overflow in mp3lib fixed
- heap overflow in Real rtsp streaming code fixed
- stack overflow in mmst streaming code fixed
- unnecessary bmp demuxer removed because of buffer overflows
- heap overflow in pnm streaming code fixed
This fixes the vulnerabilities reported by iDEFENSE recently.
Also create a link "default" pointing to the "Blue" skin so that "gmplayer"
will work again if no skin is selected. Bump package revision because
of that.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Remove one skin that disappeared, and update one skin name.
Also, all skin distfiles have changed, so set DIST_SUBDIR to a new
value and update the checksums.
Addresses PR 27071.
DOCS
* small additions, corrections, updates all over the place
* audio output driver section added to the man page
* several bug fixes and improvements in the MEncoder documentation
* DVD ripping guide extended and improved
* AUTHORS file massively extended
* German man page partially updated
* Hungarian XML documentation translation started
Ports
* encrypted DVD playback on Windows fixed (again)
* Cygwin and MinGW now accept the same -dvd-device syntax
* LIVE.COM now works under MinGW
* foundations for MinGW crosscompilation
* disabled SSE on MinGW as it caused crashes
* AC3 passthrough for ao_win32
* improved vo_quartz (YUV, multiple screens support)
* vo_quartz made default on Mac OS X
* ao_macosx fixed and made default again on Mac OS X
* RealVideo binary codecs support on Mac OS X (still buggy)
* bigendian fixes in vf.c, vo_tga
* OpenBSD portability fixes
* OpenBSD/VAX support
* AMD64 support
Drivers
* support for more Radeons (9800 XT among them) in VIDIX
* Radeon related bug fixes in VIDIX
* vo_gl2 now supports GUI, fix for flickering borders in fullscreen
* support 24 and 32 bit PCM files, bigendian fixes
* ao_sdl now converts unsupported formats instead of quitting
* ENCA support
* merged ao_alsa9 and ao_alsa1x drivers into ao_alsa
* NeoMagic TV-out support through VESA
* JACK audio output driver
* vo_sdl fixes (wrong flags and screensaver disabling)
* vo_directx fixes
Decoders
* MSZH/ZLIB, FLI, QTRLE, RoQ video and RoQ audio support moved to FFmpeg
* FFmpeg Cinepak and CYUV decoders preferred
* audio format 0xff support (is AAC)
* "raw" audio in MOV supported
* Indeo audio (iac25) support via binary codec
* upgrade libfaad2 to the FAAD 2.0 release
* MPEG2 chroma422/444 support
* Winnov WINX and WNV1 support via binary codec
Demuxers
* Ogg subtitle handling and other bug fixes
* Matroska improvements
* support seeking in Real files without -idx
* support seeking in Real files without index with -forceidx
Streaming
* ASF, MMST streaming fixes
* URL escaping fixed
* NSA (Nullsoft audio) streaming support
* embedded RAM playlist support
* multibyte URL support
* rtp:// now supported even with LIVE.COM compiled in
* miscellaneous bug fixes
Filters
* vf_softskip: frame skipping filter for MEncoder
* vf_harddup: frame duplication filter for MEncoder
* vf_pullup minor fixes and improvements
* AltiVec-optimized YUV to RGB converter
* vf_spp memory corruption fix on reallocation
FFmpeg/libavcodec
* MPEG2 encoding with 8, 9, 10, 11 bit intra DC precision
* DC clipping fix, intra_dc_precision > 0 support
* Cinepak fixes and palette support
* support skipping of MB rows during decoding
* Vorbis in NUT fixed
* NUT updated to latest specification
* segfault and artifact fixes in SVQ3 decoder
* motion estimation code: overflow and chroma fixes
* change qscale -> lambda for the motion estimation
* noise preserving sum of squares comparison function in ME code
* fixed memory overwrite in truemotion decoder
* clip input motion vectors, better error tolerance on bad vectors
* FLAC decoder cleanup (partial demuxer/decoder separation)
* memalign hack for SSE/SSE2 on that alternative OS :)
* lots of AltiVec optimizations
* qscale + qprd fix
* QTrle4 support
* H.261 decoder
* coefficient saturation fix in H.263
* H.263 MCBPC fix
* per line lowpass filter in MMX and faster C lowpass filter
* SVQ1 encoder
* as usual, lots of bug fixes and optimizations
Others
* fullscreen fixes for many window managers
* fix crash on original Pentiums and older
* dvd://start-end support
* netstream (mpst://) support fixed
* support comments in plaintext playlists
* loader/ dependency removed
* keepaspect option extended to all video output drivers
* WMA to Ogg conversion and simple subtitle editing script added to TOOLS
* support for more lame options
* new set of GUI icons
* memory conserving implementation of GUI potmeters
* X11 code reindented
* further gcc 3.4 support fixes
* mixer API written for changing volume through libaf
* -rtc-device option for specifying the RTC device
* desktop/menu icon added
* miscellaneous bug fixes and cleanups
* multi-threaded encoding with lavc
* fixed a bug with Real files introduced in pre4
* -use-stdin renamed to -noconsolecontrols
distinfo file and that both the gmplayer and mplayer-share distinfo
files must be maintained.
(out of 25 files between them, only 3 were actually shared.. oops)
MPlayer 1.0pre4: "YAML Counter"
Security:
* HTTP parser remote heap overflow vulnerability fixed
[already fixed in package previously]
* Real RTSP remote buffer overflow vulnerability fixed
* buffer overflow in the Matroska demuxer
* potentially exploitable buffer overflow in CDDB TOC code
DOCS:
* new Copyright file covers files from other projects and their licenses
* new DOCS/tech/translations.txt explains how to properly translate MPlayer
* new Japanese console message translation
* Polish translation finished
* Italian man page translation
* DVD ripping guide
* telecine/interlacing guide
* video out driver section added to the man page
* XML build system rewritten - now supports building individual languages
* miscellaneous updates all over the place
Ports:
* better PA-RISC detection
* support for VAX (tested on VAXstation 4000/VLC) -- really, believe me!
* optimizing for specific MIPS CPUs under IRIX
* AMD64 detection under BSDs
* fbdev driver updated for Linux 2.6
* support for ELF only OpenBSD
* optimizing for PPC 970 (aka G5)
* SDL support fixed on MinGW
* VIDIX working under Windows XP/2000 (native dhahelper)
* builds out of the box under GNU Hurd
* SSE optimizations enabled under MinGW
* SSE support under OpenBSD
* AltiVec support under NetBSD
* GCC 3.4 support (due to changed behaviour in ASM code snippets)
Demuxers:
* Matroska containing RealVideo works better
* fixed random segfaults in VIVO
* endianess fixes in CDDA
* UYVY support in tvi/v4l2
* tvi/bsdbt848 now working under FreeBSD 5.2-CURRENT
* tvi/bsdbt848 audio part working under NetBSD
* LIVE.COM demuxer updated to conform with latest libraries
* new, independent, C implementation of the Matroska demuxer
* fix for rare Real files
* more robust Real demuxer (can resync after errors)
* support for AAC inside Real
* MPEG Aspect code 4 fixed
* support for selecting subtitle streams with -slang inside Ogg
* wrapper demuxer for FFMpeg's libavformat (Nut is playable this way)
* much improved seeking in Ogg
* Nullsoft streaming video (NSV) demuxer
* AVI OpenDML read and write support
Streaming:
* smil playlist parser
* support for URL redirection
* support for seeking in HTTP streams
* updated LIVE.COM streaming code
* fallback to live.com RTSP after Real RTSP
* suggests -playlist if normal streaming fails
* many improvements and bug fixes in the streaming code
Decoders:
* compilation failure without zlib in vd/lcl fixed
* removed obsoleted decoders (which were moved to libavcodec), affected: vd/8bps, vd/msrle, vd/msvideo1, vd/rpza, vd/smc
* workaround for buggy codecs in ad/acm (support for Sharp G.726)
* fixed chroma-swapping in Hauppauge Macroblock decoder
* AltiVec optimized resampler in liba52
* support for VP5 and VP6 DLL decoders
* support for Alparysoft lossless video codec (through DLLs)
* support for Lead MCMW wavelet video codec (through DLLs)
* HE-AAC working through libfaad
* removed libmpflac in favor of FFmpeg's FLAC implementation
* liba52 dynamic range compression support
Filters:
* vf_bmovl bugfixes
* vf_filmdint now handles 15fps NTSC input
* huge updates and speedup on vf_pullup
* big updates to vf_ilpack (proper interpolation and MMX optimizations)
* vf_zrmjpeg: fast MJPEG encoder using libavcodec for Zoran
* interlaced scaling support in vf_scale
* vf_kerndeint: adaptive deinterlacer
* vf_rgbtest: rgb test pattern generator for developers
* vf_qp: qp change filter
* vf_noformat: the same as vf_format but with reversed meaning
* AltiVec optimized SWScaler
* vf_phase: phase shift fields
* vf_divtc: duplicate frame removal from deinterlaced telecined video
Drivers:
* ao/esd behaves better over network now
* support for Radeon 9200/9600/9600 Pro/9700 in VIDIX
* -mixer support for alsa9
* fixed OSS audio grabber module with hardware not supporting 44khz
* native ALSA 1.x support (not through 0.9 emulation)
* better multibuffer support in VIDIX nVidia driver
* pan & scan support in VIDIX nVidia driver
* support for more cards in VIDIX nVidia driver
* vo_libcaca: color ASCII art output driver
* vo_quartz: native MacOS X/Quartz video output
* support for VIDIX when ATI FireGLX drivers are used
FFmpeg/libavcodec:
* H.263 AIC and MQ encoding support
* fixed low delay decoding
* fixed H.263+ encoding without UMV
* lots of CBR improvements
* MB type and QP visualization
* lots of code cleanup
* intra & inter dequantization split -> speedup
* fixed stereo IMA ADPCM encoding
* VBV delay setting support (MPEG2 CBR)
* improved RV20 decoder (most known errors eliminated)
* interlaced DCT
* interlaced motion estimation
* interlaced MPEG2 encoding
* 4MV encoding fixes
* initial interlaced MPEG4 encoding
* improved visual quality in SVQ3 decoder
* fixed never-before-tested embedded string decoder in SVQ1
* optimized quantization (including the trellis way)
* Sierra VMD video decoder
* MMX and SSE2 optimized H263 denoiser
* better SVCD compliance (encoder side)
* MMX and MMX2 optimized interlaced DCT decision
* various cleanup, memleak and segfault fixes
* optimized (2x faster) the MPEG layer 3 decoder
* grayscale coded MJPEG decoding support
* avimszh and avizlib decoders
* "packed" XviD decoding
* fixed some bugs in RV20 B-frames decoding
* closed GOP encoding
* SSE2 optimized FDCT
* support for quantizer noise shaping
* support for EA ADPCM and SMJPEG IMA ADPCM
* QT RLE decoder
* OBMC fixes
* FLAC decoder
* better support for DivX5
* MMX and SSE2 optimized VP3/Theora decoding
* support for Theora alpha3
* many H.264 improvements
* more robust MJPEG startcode search mechanism
* better WMV8 decoding
* native Sparc VIS optimizations
* native G.726 codec
Others:
* -codecs-file option for specifying alternative codecs.conf file
* fixed some minor bugs in the GUI
* prevent sig11 when $HOME is not set
* fix some command line handling corruptions
* Swedish and Polish yes/no options in config files
* support binding F11 and F12 keys
* TOOLS/divx2svcd updated
* stricter thread code in Win32 loader (works under NetBSD)
* PJS subtitle support (was: dunnowhat)
* TOOLS/avifix: simple tool to fix chunk sizes in AVI files
* proper extraheader handling when libavcodec is used in MEncoder
* AVI OpenDML read and write support
* AVI VPRP (video property) read and write support
* fixed long standing lame quality option off-by-one bug in MEncoder
* MPL2 subtitle support
* less verbosity in Win32 loader and other places