- vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947)
- h263dec: Disallow width/height changing with frame threads (CVE-2011-3937)
- adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852)
- h264: Add check for invalid chroma_format_idc (CVE-2012-0851)
- dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951)
- rtpdec_asf: Fix integer underflow that could allow remote code execution (CVE-2011-4031)
- aacsbr: prevent out of bounds memcpy() (CVE-2012-0850)
- kmvc: Check palsize (CVE-2011-3952)
Further bugfixes in the following codecs: ea, png, qdm2, tqi, motionpixels
From Brad, ok jasper@.
- Stop using --disable-optimization to have the port obey the CFLAGS
but instead modify the configure script appropriately
- Move most of the DESCR into the pkg-readme
- Remove unnecessary CPPFLAGS that was being added to CONFIGURE_ENV
now only considers Requires not Requires.private unless linking
statically so the missing deps cause problems. From Nigel Taylor
and on ports@ for a week, much testing by Nigel. I updated the
diff following faac removal. Fixes multimedia/transcode build.
ok jasper@ espie@
thumbnails creation on amd64 (thumbnails had purple and green bars
all over them).
From upstream git commit 93c28a55fd84280d97c3c0dd7b0d546043242c34
OK Brad (MAINTAINER)
- Enable WebM encoding.
- Stop stripping the shared libraries which explains why I was
seeing no symbol table with the shared libraries.
- Build all of FFmpeg with -fomit-frame-pointer on i386 instead of
hacking the various Makefile's and having to add more files as
further updates are made. Use default CFLAGS (-O2) on i386 now too
instead of overriding with -O.
- Remove the UINT64_C hack.
- Update HOMEPAGE to use the ffmpeg.org domain.
- Various other cleaning up and fixes for the port.
From Brad, ok dcoppa@
- add various other missing WANTLIB (and LIB_DEPENDS in some cases)
- while there move PKGNAME=..pX to REVISION, and move some ports
to new-style LIB_DEPENDS
original diff from Brad, extensive checking by me (clean build of everything
related to liboil).
update needed for newer x264 and for gcc4. this causes yet more
fallout as some libav* functions other ports were using have been
fully deprecated. commits coming rsn ...
mostly from new MAINTAINER
files in the .mov container, useful to prepare some files for network
streaming. Same effect as a more complex diff sent by Valery Masiutsin
some time ago. Sync WANTLIB while there.
From Brad.
FFmpeg contains a type conversion vulnerability while parsing malformed 4X
movie files. The vulnerability may be exploited by a (remote) attacker to
execute arbitrary code in the context of FFmpeg or an application using
the FFmpeg library.
