- Heap overflow in Quicktime atom parsing. (CVE-2008-5234 vector 1)
- Multiple buffer overflows. (CVE-2008-5236)
- Multiple integer overflows. (CVE-2008-5237)
- Unchecked read function results. (CVE-2008-5239)
- Unchecked malloc using untrusted values. (CVE-2008-5240 vectors 3 & 4)
- Buffer indexing using an untrusted value. (CVE-2008-5243)
- Clean up the Makefile
- Enable the Xv motion compensation support
- Remove the JACK sound support
- Remove the now unnecessary multi-packaging
- Remove an unnecessary patch for the Sun sound code
- Comment out some files in the PLIST that do not pertain to OpenBSD
- Add WavPack support
from Brad (taking MAINTAINER).
This release contains a security fix (buffer overflow in the NSF demuxer,
CVE-2008-1878). There are also a few bug fixes, and a new JACK output
plugin.
ok jakemsr@
This release contains a security fix (unchecked array index,
CVE-2008-1686). There are also a few bug fixes, and open-source
support for RealAudio "cook". For front-end package maintainers,
there's a tool to help maintain MIME type lists, and for developers
who need raw frame data, you can now get that with the "raw" video
output plugin.
from brad@
* Security fixes:
- Integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM
demuxers, allowing remote attackers to trigger heap overflows and
possibly execute arbitrary code. (CVE-2008-1482)
* Added a few more memory allocation checks to the above demuxers.
* WAV file playback fix: don't assume that the first chunk is "fmt ".
* Don't try to play partial 24-bit AIFF frames (decoder would lose data).
* Fixed AIFF comment chunk handling and sample rate reading.
* LPCM fixes: input over-reading, conversion of 24-bit samples.
from brad@
- use some CONFIGURE_ENV instead of patching
- rearrange/update CONFIGURE_ARGS
- many patches no longer relevant
- add CD audio support
input, tetsing and prodding from brad@
