- Merge in a whole bunch of various fixes from upstream and add
comments for the existing fixes which didn't have a comment in
the patch.
From Brad; OK sthen@
- Proper place for log mutex initialization. Fixed a leak.
- Using binary mode when checking configfile. New configfile would not be
written only when switching binaries for different platforms.
Also sync WANTLIB.
- add various other missing WANTLIB (and LIB_DEPENDS in some cases)
- while there move PKGNAME=..pX to REVISION, and move some ports
to new-style LIB_DEPENDS
original diff from Brad, extensive checking by me (clean build of everything
related to liboil).
- Heap overflow in Quicktime atom parsing. (CVE-2008-5234 vector 1)
- Multiple buffer overflows. (CVE-2008-5236)
- Multiple integer overflows. (CVE-2008-5237)
- Unchecked read function results. (CVE-2008-5239)
- Unchecked malloc using untrusted values. (CVE-2008-5240 vectors 3 & 4)
- Buffer indexing using an untrusted value. (CVE-2008-5243)
- Clean up the Makefile
- Enable the Xv motion compensation support
- Remove the JACK sound support
- Remove the now unnecessary multi-packaging
- Remove an unnecessary patch for the Sun sound code
- Comment out some files in the PLIST that do not pertain to OpenBSD
- Add WavPack support
from Brad (taking MAINTAINER).
- close the handle when things go bad in ao_sndio_open
- remove 24 bit support, since it's not really useful right now
- use appbufsz instead of bufsz
- close the handle in ao_sndio_close
- various other cleanups
mostly from Brad
assembly code to compile thus allowing dynamic SIMD instruction detection
and the use of MMX Extended and 3DNow (as well as SSE/SSE2 if and when
such code is added).
ok jakemsr@
This release contains some security fixes, notably a DoS via
corrupted Ogg files (CVS-2008-3231), some related fixes, and
fixes for a few possible buffer overflows.
ok jakemsr@
This release contains a security fix (buffer overflow in the NSF demuxer,
CVE-2008-1878). There are also a few bug fixes, and a new JACK output
plugin.
ok jakemsr@
This release contains a security fix (unchecked array index,
CVE-2008-1686). There are also a few bug fixes, and open-source
support for RealAudio "cook". For front-end package maintainers,
there's a tool to help maintain MIME type lists, and for developers
who need raw frame data, you can now get that with the "raw" video
output plugin.
from brad@
* Security fixes:
- Integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM
demuxers, allowing remote attackers to trigger heap overflows and
possibly execute arbitrary code. (CVE-2008-1482)
* Added a few more memory allocation checks to the above demuxers.
* WAV file playback fix: don't assume that the first chunk is "fmt ".
* Don't try to play partial 24-bit AIFF frames (decoder would lose data).
* Fixed AIFF comment chunk handling and sample rate reading.
* LPCM fixes: input over-reading, conversion of 24-bit samples.
from brad@
to be an assembly problem in the tomsmocomp filter, but strangely
this was building before, and the code did not change.
so, only build/install the tvtime plugin on i386, until the problem
is resolved.
security - fix stack overflow in FLAC tag parser
-fix RealPlayer codec detection bug
- improve id3v2 tag parser
from brad@
while here, fix a couple "missing sentinel" issues
