rpms/mplayer/F-9 mplayer-CVE-2008-3827.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 mplayer-config.patch, 1.1, 1.2 mplayer-manlinks.patch, 1.1, 1.2 mplayer.spec, 1.1, 1.2 sources, 1.2, 1.3 mplayer-dvdread.patch, 1.1, NONE

Sunday, 12 October 2008

Author: rathann

Update of /cvs/free/rpms/mplayer/F-9
In directory se02.es.rpmfusion.net:/tmp/cvs-serv20975/F-9

Modified Files:
	.cvsignore mplayer-config.patch mplayer-manlinks.patch 
	mplayer.spec sources 
Added Files:
	mplayer-CVE-2008-3827.patch 
Removed Files:
	mplayer-dvdread.patch 
Log Message:
- security fix for CVE-2008-3827
- sync with devel for F-9


mplayer-CVE-2008-3827.patch:

--- NEW FILE mplayer-CVE-2008-3827.patch ---
Index: libmpdemux/demux_real.c
===================================================================
--- libmpdemux/demux_real.c	(revision 27674)
+++ libmpdemux/demux_real.c	(revision 27675)
@@ -947,6 +947,7 @@
 			    // last fragment!
 			    if(dp_hdr->len!=vpkg_length-vpkg_offset)
 				mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d  frag.len=%d  total.len=%d 
\n",dp->len,vpkg_offset,vpkg_length-vpkg_offset);
+			    if (vpkg_offset > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) vpkg_offset =
dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
             		    stream_read(demuxer->stream, dp_data+dp_hdr->len, vpkg_offset);
 			    if((dp_data[dp_hdr->len]&0x20) &&
(sh_video->format==0x30335652)) --dp_hdr->chunks; else
 			    dp_hdr->len+=vpkg_offset;
@@ -970,6 +971,7 @@
 			// non-last fragment:
 			if(dp_hdr->len!=vpkg_offset)
 			    mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d  offset=%d  frag.len=%d 
total.len=%d  \n",dp->len,vpkg_offset,len,vpkg_length);
+			if (len > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) len = dp->len -
sizeof(dp_hdr_t) - dp_hdr->len;
             		stream_read(demuxer->stream, dp_data+dp_hdr->len, len);
 			if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652))
--dp_hdr->chunks; else
 			dp_hdr->len+=len;
@@ -992,6 +994,7 @@
 		extra[0]=1; extra[1]=0; // offset of the first chunk
 		if(0x00==(vpkg_header&0xc0)){
 		    // first fragment:
+		    if (len > dp->len - sizeof(dp_hdr_t)) len = dp->len - sizeof(dp_hdr_t);
 		    dp_hdr->len=len;
 		    stream_read(demuxer->stream, dp_data, len);
 		    ds->asf_packet=dp;


Index: .cvsignore
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-9/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- .cvsignore	19 Aug 2008 00:08:33 -0000	1.2
+++ .cvsignore	12 Oct 2008 20:52:05 -0000	1.3
@@ -1,2 +1,2 @@
+mplayer-export-2008-09-03.tar.bz2
 Blue-1.7.tar.bz2
-mplayer-export-2008-08-18.tar.bz2

mplayer-config.patch:

Index: mplayer-config.patch
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-9/mplayer-config.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mplayer-config.patch	19 Aug 2008 00:08:33 -0000	1.1
+++ mplayer-config.patch	12 Oct 2008 20:52:06 -0000	1.2
@@ -1,23 +1,56 @@
---- etc/example.conf~	2006-06-11 21:35:46.000000000 +0300
-+++ etc/example.conf	2006-08-10 01:18:25.000000000 +0300
-@@ -3,3 +3,3 @@
+diff -up mplayer-export-2008-08-18/etc/example.conf.orig
mplayer-export-2008-08-18/etc/example.conf
+--- mplayer-export-2008-08-18/etc/example.conf.orig	2008-02-08 19:33:39.000000000 +0100
++++ mplayer-export-2008-08-18/etc/example.conf	2008-08-19 13:47:15.000000000 +0200
+@@ -1,7 +1,7 @@
+ #
+ # MPlayer configuration file
  #
 -# Configuration files are read system-wide from /usr/local/etc/mplayer.conf
 +# Configuration files are read system-wide from /etc/mplayer/mplayer.conf
  # and per user from ~/.mplayer/config, where per-user settings override
-@@ -93,3 +93,3 @@
+ # system-wide settings, all of which are overrriden by the command line.
+ #
+@@ -71,7 +71,7 @@
+ ##################
+ 
+ # Specify default audio driver (see -ao help for a list).
+-#ao=oss
++ao = pulse,alsa,
+ 
+ # Use SDL audio driver with the esd subdriver by default.
+ #ao = sdl:esd
+@@ -95,7 +95,7 @@
+ #framedrop = yes
+ 
  # Specify your preferred skin here (skins are searched for in
 -# /usr/local/share/mplayer/skins/<name> and ~/.mplayer/skins/<name>).
 +# /usr/share/mplayer/skins/<name> and ~/.mplayer/skins/<name>).
  #skin = Abyss
-@@ -120,4 +120,9 @@
  
-+# A plugged in joystick can interfere with keyboard shortcuts
-+joystick = no
-+
+ # Resample the font alphamap.
+@@ -105,6 +105,15 @@
+ # 10    bold black outline
+ #ffactor = 0.75
+ 
 +# FriBidi can do "funny" things to some ISO-8859-* subtitles
 +flip-hebrew = no
++
++# Use fontconfig for font selection
++fontconfig = yes
++
++# Default font for unstyled subtitles
++font = "Sans"
++
+ # cache settings
+ #
+ # Use 8MB input cache by default.
+@@ -122,6 +131,9 @@
+ # DVD: Play English audio tracks if available.
+ #alang = en
  
- # You can also include other configuration files.
--#include = /path/to/the/file/you/want/to/include
-+#include = /home/me/.mplayer/something
++# A plugged in joystick can interfere with keyboard shortcuts
++joystick = no
++
+ ###################
+ # DVDNAV Settings #
+ ###################

mplayer-manlinks.patch:

Index: mplayer-manlinks.patch
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-9/mplayer-manlinks.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mplayer-manlinks.patch	19 Aug 2008 00:08:33 -0000	1.1
+++ mplayer-manlinks.patch	12 Oct 2008 20:52:06 -0000	1.2
@@ -1,16 +1,16 @@
-diff -up mplayer-export-2008-06-04/Makefile.manlinks mplayer-export-2008-06-04/Makefile
---- mplayer-export-2008-06-04/Makefile.manlinks	2008-05-30 22:10:36.000000000 +0200
-+++ mplayer-export-2008-06-04/Makefile	2008-06-04 23:13:37.000000000 +0200
-@@ -805,7 +805,7 @@ install-mplayer-man-en:
- 	$(INSTALL) -c -m 644 DOCS/man/en/mplayer.1 $(MANDIR)/man1/
+diff -up mplayer-export-2008-08-18/Makefile.manlinks mplayer-export-2008-08-18/Makefile
+--- mplayer-export-2008-08-18/Makefile.manlinks	2008-08-14 22:42:54.000000000 +0200
++++ mplayer-export-2008-08-18/Makefile	2008-08-19 13:50:17.000000000 +0200
+@@ -830,7 +830,7 @@ install-mencoder-man: $(foreach lang,$(M
+ install-mplayer-man:  $(foreach lang,$(MAN_LANGS),install-mplayer-man-$(lang))
  
  install-mencoder-man-en: install-mplayer-man-en
 -	cd $(MANDIR)/man1 && ln -sf mplayer.1 mencoder.1
 +	echo ".so mplayer.1" > $(MANDIR)/man1/mencoder.1
  
- define MPLAYER_MAN_RULE
- install-mplayer-man-$(lang):
-@@ -815,7 +815,7 @@ endef
+ install-mplayer-man-en:
+ 	$(INSTALL) -d $(MANDIR)/man1
+@@ -838,7 +838,7 @@ install-mplayer-man-en:
  
  define MENCODER_MAN_RULE
  install-mencoder-man-$(lang): install-mplayer-man-$(lang)
@@ -18,4 +18,4 @@
 +	echo ".so mplayer.1" > $(MANDIR)/$(lang)/man1/mencoder.1
  endef
  
- $(foreach lang,$(MAN_LANG),$(eval $(MPLAYER_MAN_RULE)))
+ define MPLAYER_MAN_RULE


Index: mplayer.spec
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-9/mplayer.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mplayer.spec	19 Aug 2008 00:08:33 -0000	1.1
+++ mplayer.spec	12 Oct 2008 20:52:06 -0000	1.2
@@ -1,30 +1,31 @@
 %define         codecdir %{_libdir}/codecs
-%define         pre 20080818svn
+%define         pre 20080903svn
 %define         svn 1
-%define         svnbuild 2008-08-18
-%define         svnrev 27470
+%define         svnbuild 2008-09-03
 %define         faad2min 1:2.6.1
 
 Name:           mplayer
 Version:        1.0
-Release:        0.96.%{pre}%{?dist}
+Release:        0.97.%{pre}%{?dist}
 Summary:        Movie player playing most video formats and DVDs
 
 Group:          Applications/Multimedia
 License:        GPLv2+
 URL:            http://www.mplayerhq.hu/
 %if %{svn}
-Source0:        http://rpm.greysector.net/livna/mplayer-export-%{svnbuild}.tar.bz2
+# run ./mplayer-snapshot.sh to get this
+Source0:        mplayer-export-%{svnbuild}.tar.bz2
 %else
 Source0:       
http://www.mplayerhq.hu/MPlayer/releases/MPlayer-%{version}%{pre}.tar.bz2
 %endif
 Source1:        http://www.mplayerhq.hu/MPlayer/skins/Blue-1.7.tar.bz2
+Source10:       mplayer-snapshot.sh
 Patch2:         %{name}-config.patch
 Patch5:         %{name}-x86_32-compile.patch
 Patch8:         %{name}-manlinks.patch
 Patch10:        %{name}-qcelp.patch
-Patch11:        %{name}-dvdread.patch
 Patch12:        %{name}-man-zh_CN.patch
+Patch13:        %{name}-CVE-2008-3827.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  SDL-devel
@@ -54,9 +55,10 @@
 BuildRequires:  libcaca-devel
 BuildRequires:  libdca-devel
 BuildRequires:  libdv-devel
-BuildRequires:  libdvdnav-devel >= 4.1.2
+BuildRequires:  libdvdnav-devel >= 4.1.3-1
 BuildRequires:  libjpeg-devel
 BuildRequires:  libmpcdec-devel
+BuildRequires:  libsmbclient-devel
 BuildRequires:  libtheora-devel
 BuildRequires:  libvorbis-devel
 BuildRequires:  lirc-devel
@@ -65,7 +67,7 @@
 BuildRequires:  pulseaudio-lib-devel
 BuildRequires:  speex-devel >= 1.1
 BuildRequires:  twolame-devel
-BuildRequires:  x264-devel
+BuildRequires:  x264-devel >= 0.0.0-0.14.20080613
 BuildRequires:  xvidcore-devel >= 0.9.2
 %{?_with_arts:BuildRequires: arts-devel}
 %{?_with_amr:BuildRequires: amrnb-devel amrwb-devel}
@@ -75,7 +77,6 @@
 %{?_with_libmad:BuildRequires:  libmad-devel}
 %{?_with_nemesi:BuildRequires:  libnemesi-devel >= 0.6.3}
 %{?_with_openal:BuildRequires: openal-devel}
-%{?_with_samba:BuildRequires: libsmbclient-devel}
 %{?_with_svgalib:BuildRequires: svgalib-devel}
 %{?_with_xmms:BuildRequires: xmms-devel}
 %if %{svn}
@@ -97,7 +98,6 @@
 OpenGL, SVGAlib, fbdev, AAlib, DirectFB etc. There are also nice
 antialiased shaded subtitles and OSD.
 Non-default rpmbuild options:
---with samba:   Enable Samba (smb://) support
 --with xmms:    Enable XMMS input plugin support
 --with amr:     Enable AMR support
 --with libmad:  Enable libmad support
@@ -141,12 +141,12 @@
 %else
 %setup -q -n MPlayer-%{version}%{pre}
 %endif
-%patch2 -p0
+%patch2 -p1 -b .config
 %patch5 -p1 -b .compile
 %patch8 -p1 -b .manlinks
 %patch10 -p1 -b .qclp
-%patch11 -p1 -b .dvdread
 %patch12 -p1 -b .man-zh_CN
+%patch13 -p0 -b .cve
 
 doconv() {
     iconv -f $1 -t $2 -o DOCS/man/$3/mplayer.1.utf8 DOCS/man/$3/mplayer.1 && \
@@ -158,13 +158,8 @@
 
 mv DOCS/man/zh DOCS/man/zh_CN
 
-sed -i -e 's/\(SVN-r[0-9]* \)/\1rpm.livna.org /' -e
's/UNKNOWN/%{svnrev}/' version.sh
-
-# remove internal libdvdread copy to avoid clashes
-rm -r dvdread
-
 %build
-export CFLAGS="$RPM_OPT_FLAGS -ffast-math"
+export CFLAGS="$RPM_OPT_FLAGS -ffast-math --std=gnu99"
 %ifarch ppc
 export CFLAGS="$CFLAGS -maltivec -mabi=altivec"
 %endif
@@ -189,7 +184,6 @@
     --enable-lirc \
     --enable-joystick \
     %{!?_with_nemesi:--disable-nemesi} \
-    %{!?_with_samba:--disable-smb} \
     --disable-dvdread-internal \
     --disable-libdvdcss-internal \
     --enable-menu \
@@ -217,9 +211,7 @@
     %{?_with_xmms:--with-xmmslibdir=%{_libdir}} \
     --with-xvmclib=XvMCW
 
-# parallel make fails in vidix
-#%{__make} %{?_smp_mflags}
-%{__make}
+%{__make} %{?_smp_mflags}
 
 mv -f mplayer gmplayer
 %{__make} distclean
@@ -244,7 +236,6 @@
     --enable-lirc \
     --enable-joystick \
     %{!?_with_nemesi:--disable-nemesi} \
-    %{!?_with_samba:--disable-smb} \
     --disable-dvdread-internal \
     --disable-libdvdcss-internal \
     --enable-menu \
@@ -272,9 +263,7 @@
     %{?_with_xmms:--with-xmmslibdir=%{_libdir}} \
     --with-xvmclib=XvMCW
 
-# parallel make fails in vidix
-#%{__make} %{?_smp_mflags}
-%{__make}
+%{__make} %{?_smp_mflags}
 
 %if %{svn}
 # build HTML documentation from XML files 
@@ -301,10 +290,6 @@
 # Default config files
 install -Dpm 644 etc/example.conf \
     $RPM_BUILD_ROOT%{_sysconfdir}/mplayer/mplayer.conf
-# use Nimbus Sans L font for OSD (via fontconfig)
-echo "fontconfig=yes"
>>$RPM_BUILD_ROOT%{_sysconfdir}/mplayer/mplayer.conf
-echo "font=\"Sans\""
>>$RPM_BUILD_ROOT%{_sysconfdir}/mplayer/mplayer.conf
-echo "ao=pulse,alsa,"
>>$RPM_BUILD_ROOT%{_sysconfdir}/mplayer/mplayer.conf
 
 install -pm 644 etc/{input,menu}.conf $RPM_BUILD_ROOT%{_sysconfdir}/mplayer/
 
@@ -403,6 +388,20 @@
 
 
 %changelog
+* Sun Oct 12 2008 Dominik Mierzejewski <rpm at greysector.net> -
1.0-0.97.20080903svn
+- backport the fix for CVE-2008-3827
+- updated to 20080903 SVN snapshot
+- added snapshot creation script
+- dropped version sed-patching (happens in the snapshot script now)
+- enabled samba support by default
+- moved config settings to config patch
+- rebased patches against current snapshot
+- dropped obsolete patches
+- installed aconvert.sh to bindir
+- fixed zh_CN manpage installation
+- BR latest x264
+- re-enable parallel make
+
 * Mon Aug 18 2008 Dominik Mierzejewski <rpm at greysector.net> -
1.0-0.96.20080818svn
 - updated to latest SVN snapshot
 - dropped obsolete patches


Index: sources
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-9/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources	19 Aug 2008 00:08:33 -0000	1.2
+++ sources	12 Oct 2008 20:52:06 -0000	1.3
@@ -1,2 +1,2 @@
+65263306ab6ea771758a9dbeabeb2773  mplayer-export-2008-09-03.tar.bz2
 e4e2020d11b681aac898103b3ba723c4  Blue-1.7.tar.bz2
-f09caa71435c9c8818c2f681722042a7  mplayer-export-2008-08-18.tar.bz2


--- mplayer-dvdread.patch DELETED ---


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

rpms/mplayer/F-9 mplayer-CVE-2008-3827.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 mplayer-config.patch, 1.1, 1.2 mplayer-manlinks.patch, 1.1, 1.2 mplayer.spec, 1.1, 1.2 sources, 1.2, 1.3 mplayer-dvdread.patch, 1.1, NONE