- Heap overflow in Quicktime atom parsing. (CVE-2008-5234 vector 1)
- Multiple buffer overflows. (CVE-2008-5236)
- Multiple integer overflows. (CVE-2008-5237)
- Unchecked read function results. (CVE-2008-5239)
- Unchecked malloc using untrusted values. (CVE-2008-5240 vectors 3 & 4)
- Buffer indexing using an untrusted value. (CVE-2008-5243)
- Clean up the Makefile
- Enable the Xv motion compensation support
- Remove the JACK sound support
- Remove the now unnecessary multi-packaging
- Remove an unnecessary patch for the Sun sound code
- Comment out some files in the PLIST that do not pertain to OpenBSD
- Add WavPack support
from Brad (taking MAINTAINER).
This release contains a security fix (buffer overflow in the NSF demuxer,
CVE-2008-1878). There are also a few bug fixes, and a new JACK output
plugin.
ok jakemsr@
This release contains a security fix (unchecked array index,
CVE-2008-1686). There are also a few bug fixes, and open-source
support for RealAudio "cook". For front-end package maintainers,
there's a tool to help maintain MIME type lists, and for developers
who need raw frame data, you can now get that with the "raw" video
output plugin.
from brad@
to be an assembly problem in the tomsmocomp filter, but strangely
this was building before, and the code did not change.
so, only build/install the tvtime plugin on i386, until the problem
is resolved.
security - fix stack overflow in FLAC tag parser
-fix RealPlayer codec detection bug
- improve id3v2 tag parser
from brad@
while here, fix a couple "missing sentinel" issues
- use some CONFIGURE_ENV instead of patching
- rearrange/update CONFIGURE_ARGS
- many patches no longer relevant
- add CD audio support
input, tetsing and prodding from brad@
* Security fixes:
- CVE-2006-2802: possible buffer overflow in the HTTP plugin.
- possible buffer overflow via bad indexes in specially-crafted AVI files
* Fix a potential crash with fixed-size lacing in the Matroska demuxer
* Enable AMD64 mmx/sse support in some plugins (tvtime, libmpeg2, goom...)
* Fix xxmc subpictures (broken since 1.1.1)
* Add support for RealPlayer 10 codecs
WANTLIB tweak from bernd@
testing by steven@ and bernd@
xine is a free multimedia player. It plays back CDs, DVDs, and VCDs. It
also decodes multimedia files like AVI, MOV, WMV, and MP3 from local
disk drives, and displays multimedia streamed over the Internet. It
interprets many of the most common multimedia formats available - and
some of the most uncommon formats, too.
prodded by jolan@ and bernd@
