- Heap overflow in Quicktime atom parsing. (CVE-2008-5234 vector 1)
- Multiple buffer overflows. (CVE-2008-5236)
- Multiple integer overflows. (CVE-2008-5237)
- Unchecked read function results. (CVE-2008-5239)
- Unchecked malloc using untrusted values. (CVE-2008-5240 vectors 3 & 4)
- Buffer indexing using an untrusted value. (CVE-2008-5243)
- Clean up the Makefile
- Enable the Xv motion compensation support
- Remove the JACK sound support
- Remove the now unnecessary multi-packaging
- Remove an unnecessary patch for the Sun sound code
- Comment out some files in the PLIST that do not pertain to OpenBSD
- Add WavPack support
from Brad (taking MAINTAINER).
- close the handle when things go bad in ao_sndio_open
- remove 24 bit support, since it's not really useful right now
- use appbufsz instead of bufsz
- close the handle in ao_sndio_close
- various other cleanups
mostly from Brad
assembly code to compile thus allowing dynamic SIMD instruction detection
and the use of MMX Extended and 3DNow (as well as SSE/SSE2 if and when
such code is added).
ok jakemsr@
This release contains some security fixes, notably a DoS via
corrupted Ogg files (CVS-2008-3231), some related fixes, and
fixes for a few possible buffer overflows.
ok jakemsr@
This release contains a security fix (buffer overflow in the NSF demuxer,
CVE-2008-1878). There are also a few bug fixes, and a new JACK output
plugin.
ok jakemsr@
This release contains a security fix (unchecked array index,
CVE-2008-1686). There are also a few bug fixes, and open-source
support for RealAudio "cook". For front-end package maintainers,
there's a tool to help maintain MIME type lists, and for developers
who need raw frame data, you can now get that with the "raw" video
output plugin.
from brad@
* Security fixes:
- Integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM
demuxers, allowing remote attackers to trigger heap overflows and
possibly execute arbitrary code. (CVE-2008-1482)
* Added a few more memory allocation checks to the above demuxers.
* WAV file playback fix: don't assume that the first chunk is "fmt ".
* Don't try to play partial 24-bit AIFF frames (decoder would lose data).
* Fixed AIFF comment chunk handling and sample rate reading.
* LPCM fixes: input over-reading, conversion of 24-bit samples.
from brad@
to be an assembly problem in the tomsmocomp filter, but strangely
this was building before, and the code did not change.
so, only build/install the tvtime plugin on i386, until the problem
is resolved.
security - fix stack overflow in FLAC tag parser
-fix RealPlayer codec detection bug
- improve id3v2 tag parser
from brad@
while here, fix a couple "missing sentinel" issues
SECURITY- fixx buffer overflow which allows a remote attacker to
execute arbitrary code or crash the client program via a crafted ASF
header
from brad, thanks
now toggles the output.master.mute mixer control.
- let configure get SDL build info from pkg-config instead of
using sdl-config in the port Makefile - from brad@
- bump pkgname
in the audio write buffer. noticibly more efficient.
- allow the audio write buffer to be flushed.
- if initializing the audio device with a sample rate of 44.1kHz
fails, try initializing with a sample rate of 48kHz. some audio
drivers only support 48kHz. from Alexey Suslikov
<alexey.suslikov@gmail.com>
- bump PKGNAME
(goes with Makefile commit ... frickin cvs ...)
in the audio write buffer. noticibly more efficient.
- allow the audio write buffer to be flushed.
- if initializing the audio device with a sample rate of 44.1kHz
fails, try initializing with a sample rate of 48kHz. some audio
drivers only support 48kHz. from Alexey Suslikov
<alexey.suslikov@gmail.com>
- bump PKGNAME