rpms/mplayer/F-17 mplayer-asx-parser.patch, NONE, 1.1 mplayer.spec, 1.55, 1.56
Julian Sikorski
belegdol at rpmfusion.org
Wed May 8 13:35:24 CEST 2013
Author: belegdol
Update of /cvs/free/rpms/mplayer/F-17
In directory old02.ovh.rpmfusion.lan:/tmp/cvs-serv21563
Modified Files:
mplayer.spec
Added Files:
mplayer-asx-parser.patch
Log Message:
* Sun Feb 03 2013 Julian Sikorski <belegdol at fedoraproject.org> - 1.0-0.144.20120205svn
- Fixed multi-line subtitles when using libass (RPM Fusion bug #2615)
mplayer-asx-parser.patch:
DOCS/man/en/mplayer.1 | 16 ++++++++++++++++
asxparser.c | 8 +++++---
cfg-mplayer.h | 2 ++
mplayer.c | 10 ++++++++--
4 files changed, 31 insertions(+), 5 deletions(-)
--- NEW FILE mplayer-asx-parser.patch ---
diff -up mplayer-export-2012-02-05/asxparser.c.asx-parser mplayer-export-2012-02-05/asxparser.c
--- mplayer-export-2012-02-05/asxparser.c.asx-parser 2012-02-29 16:56:43.000000000 +0100
+++ mplayer-export-2012-02-05/asxparser.c 2013-05-08 13:29:24.191996967 +0200
@@ -388,7 +388,7 @@ asx_get_element(ASX_Parser_t* parser,cha
static void
asx_parse_param(ASX_Parser_t* parser, char** attribs, play_tree_t* pt) {
- char *name,*val;
+ char *name = NULL,*val = NULL;
name = asx_get_attrib("NAME",attribs);
if(!name) {
@@ -402,9 +402,11 @@ asx_parse_param(ASX_Parser_t* parser, ch
mp_msg(MSGT_PLAYTREE,MSGL_WARN,"=%s\n",val);
else
mp_msg(MSGT_PLAYTREE,MSGL_WARN,"\n");
- return;
+ goto err_out;
}
- play_tree_set_param(pt,name,val);
+ mp_msg(MSGT_PLAYTREE, MSGL_ERR, "Support for specifying parameters in playlists has been disabled.\n");
+// play_tree_set_param(pt,name,val);
+err_out:
free(name);
free(val);
}
diff -up mplayer-export-2012-02-05/cfg-mplayer.h.asx-parser mplayer-export-2012-02-05/cfg-mplayer.h
--- mplayer-export-2012-02-05/cfg-mplayer.h.asx-parser 2012-02-29 16:56:43.000000000 +0100
+++ mplayer-export-2012-02-05/cfg-mplayer.h 2013-05-08 13:29:24.198997019 +0200
@@ -306,6 +306,8 @@ const m_option_t mplayer_opts[]={
{"noloop", &mpctx_s.loop_times, CONF_TYPE_FLAG, 0, 0, -1, NULL},
{"loop", &mpctx_s.loop_times, CONF_TYPE_INT, CONF_RANGE, -1, 10000, NULL},
+ {"allow-dangerous-playlist-parsing", &allow_playlist_parsing, CONF_TYPE_FLAG, 0, 0, 1, NULL},
+ {"noallow-dangerous-playlist-parsing", &allow_playlist_parsing, CONF_TYPE_FLAG, 0, 1, 0, NULL},
{"playlist", NULL, CONF_TYPE_STRING, CONF_NOCFG, 0, 0, NULL},
{"shuffle", NULL, CONF_TYPE_FLAG, CONF_NOCFG, 0, 0, NULL},
{"noshuffle", NULL, CONF_TYPE_FLAG, CONF_NOCFG, 0, 0, NULL},
diff -up mplayer-export-2012-02-05/DOCS/man/en/mplayer.1.asx-parser mplayer-export-2012-02-05/DOCS/man/en/mplayer.1
--- mplayer-export-2012-02-05/DOCS/man/en/mplayer.1.asx-parser 2012-02-29 16:56:41.000000000 +0100
+++ mplayer-export-2012-02-05/DOCS/man/en/mplayer.1 2013-05-08 13:29:24.196997004 +0200
@@ -1257,6 +1257,15 @@ Expand TEXT only if the property NAME is
Play files according to a playlist file (ASX, Winamp, SMIL, or
one-file-per-line format).
.br
+.I WARNING:
+The way MPlayer parses and uses playlist files is not safe against
+maliciously constructed files.
+Such files may trigger harmful actions.
+This has been the case for all MPlayer versions, but unfortunately this
+fact was not well documented earlier, and some people have even misguidedly
+recommended use of -playlist with untrusted sources.
+Do NOT use -playlist with random internet sources or files you don't trust!
+.br
.I NOTE:
This option is considered an entry so options found after it will apply
only to the elements of this playlist.
@@ -1264,6 +1273,13 @@ only to the elements of this playlist.
FIXME: This needs to be clarified and documented thoroughly.
.
.TP
+.B \-allow-dangerous-playlist-parsing
+This enables parsing any file as a playlist if e.g. a server advertises
+a file as playlist.
+Only enable if you know all servers involved are trustworthy.
+MPlayer's playlist code is not designed to handle malicious playlist files.
+.
+.TP
.B \-rtc\-device <device>
Use the specified device for RTC timing.
.
diff -up mplayer-export-2012-02-05/mplayer.c.asx-parser mplayer-export-2012-02-05/mplayer.c
--- mplayer-export-2012-02-05/mplayer.c.asx-parser 2012-02-29 16:56:43.000000000 +0100
+++ mplayer-export-2012-02-05/mplayer.c 2013-05-08 13:31:57.366140202 +0200
@@ -328,6 +328,8 @@ static char *prog_path;
static int crash_debug;
#endif
+static int allow_playlist_parsing;
+
/* This header requires all the global variable declarations. */
#include "cfg-mplayer.h"
@@ -3206,8 +3208,12 @@ play_next_file:
current_module = "handle_playlist";
mp_msg(MSGT_CPLAYER, MSGL_V, "Parsing playlist %s...\n",
filename_recode(filename));
- entry = parse_playtree(mpctx->stream, 0);
- mpctx->eof = playtree_add_playlist(entry);
+ if (allow_playlist_parsing) {
+ entry = parse_playtree(mpctx->stream, 0);
+ mpctx->eof = playtree_add_playlist(entry);
+ } else {
+ mp_msg(MSGT_CPLAYER, MSGL_ERR, "Playlist parsing disabled for security reasons. Ignoring file.\n");
+ }
goto goto_next_file;
}
mpctx->stream->start_pos += seek_to_byte;
Index: mplayer.spec
===================================================================
RCS file: /cvs/free/rpms/mplayer/F-17/mplayer.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- mplayer.spec 3 Feb 2013 17:02:31 -0000 1.55
+++ mplayer.spec 8 May 2013 11:35:21 -0000 1.56
@@ -37,6 +37,7 @@
Patch18: %{name}-ffmpeg.patch
#fix multi-line subtitles when using libass
Patch20: %{name}-libass-multiline.patch
+Patch21: %{name}-asx-parser.patch
BuildRequires: SDL-devel
BuildRequires: a52dec-devel
@@ -236,6 +237,7 @@
%patch14 -p1 -b .nodvdcss
%patch18 -p1 -b .ffmpeg
%patch20 -p0 -b .multiline
+%patch21 -p1 -b .asx-parser
mkdir GUI
cp -a `ls -1|grep -v GUI` GUI/
More information about the rpmfusion-commits
mailing list