pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q4]: pkgsrc/multimedia/xine-ui Pullup ticket 2026 - reques...
details: https://anonhg.NetBSD.org/pkgsrc/rev/34003290be07
branches: pkgsrc-2006Q4
changeset: 523043:34003290be07
user: ghen <ghen%pkgsrc.org@localhost>
date: Mon Mar 05 12:11:41 2007 +0000
description:
Pullup ticket 2026 - requested by salo
security update for xine-ui
- pkgsrc/multimedia/xine-ui/Makefile 1.30, 1.34 via patch
- pkgsrc/multimedia/xine-ui/distinfo 1.12, 1.14 via patch
- pkgsrc/multimedia/xine-ui/patches/patch-ai 1.2
- pkgsrc/multimedia/xine-ui/patches/patch-aq 1.2
- pkgsrc/multimedia/xine-ui/patches/patch-ar 1.2
- pkgsrc/multimedia/xine-ui/patches/patch-as 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-au 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-av 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-aw 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-ax 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-ay 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-az 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-ba 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-bb 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-bc 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Jan 9 14:52:41 UTC 2007
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
pkgsrc/multimedia/xine-ui/patches: patch-ar
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-as
Log Message:
fix PR pkg/35375: xine-ui freezes konsole sessions from
Sergey Svishchev, patch from xine CVS
---
Module Name: pkgsrc
Committed By: salo
Date: Sat Feb 17 22:48:18 UTC 2007
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
pkgsrc/multimedia/xine-ui/patches: patch-ai patch-aq
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-au patch-av patch-aw patch-ax
patch-ay patch-az patch-ba patch-bb patch-bc
Log Message:
Security fixes for CVE-2007-0254 (and more):
"A vulnerability has been reported in xine-ui, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format string error within the
"errors_create_window()" function in errors.c. This may be exploited to
execute arbitrary code by e.g. tricking a user into opening a specially
crafted playlist file."
Patch from SUSE.
Bump PKGREVISION.
XXX: The sources are a real mess. My condolences to everyone using it.
And good luck, you'll need it!..
diffstat:
multimedia/xine-ui/Makefile | 4 +-
multimedia/xine-ui/distinfo | 18 ++++-
multimedia/xine-ui/patches/patch-ai | 123 +++++++++++++++++++++++++++++++++++-
multimedia/xine-ui/patches/patch-aq | 15 +++-
multimedia/xine-ui/patches/patch-ar | 27 +++++++-
multimedia/xine-ui/patches/patch-as | 24 +++++++
multimedia/xine-ui/patches/patch-au | 20 +++++
multimedia/xine-ui/patches/patch-av | 22 ++++++
multimedia/xine-ui/patches/patch-aw | 40 +++++++++++
multimedia/xine-ui/patches/patch-ax | 13 +++
multimedia/xine-ui/patches/patch-ay | 13 +++
multimedia/xine-ui/patches/patch-az | 22 ++++++
multimedia/xine-ui/patches/patch-ba | 17 ++++
multimedia/xine-ui/patches/patch-bb | 31 +++++++++
multimedia/xine-ui/patches/patch-bc | 14 ++++
15 files changed, 388 insertions(+), 15 deletions(-)
diffs (truncated from 501 to 300 lines):
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/Makefile
--- a/multimedia/xine-ui/Makefile Mon Mar 05 04:32:20 2007 +0000
+++ b/multimedia/xine-ui/Makefile Mon Mar 05 12:11:41 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2006/12/15 20:32:59 joerg Exp $
+# $NetBSD: Makefile,v 1.28.2.1 2007/03/05 12:11:41 ghen Exp $
#
DISTNAME= xine-ui-0.99.4
-PKGREVISION= 4
+PKGREVISION= 8
CATEGORIES= multimedia
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xine/}
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/distinfo
--- a/multimedia/xine-ui/distinfo Mon Mar 05 04:32:20 2007 +0000
+++ b/multimedia/xine-ui/distinfo Mon Mar 05 12:11:41 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2006/04/21 11:11:26 drochner Exp $
+$NetBSD: distinfo,v 1.11.6.1 2007/03/05 12:11:42 ghen Exp $
SHA1 (xine-ui-0.99.4.tar.gz) = b982e5697f183559c216f9243b9410d61b9c58aa
RMD160 (xine-ui-0.99.4.tar.gz) = eeead5c6e566ade5505c8fcb924272c74eb4f49a
@@ -7,10 +7,20 @@
SHA1 (patch-ae) = 1d5887168efd340f047dfdb9e135ce12c18e2d5f
SHA1 (patch-ag) = dddbea5257a5b21e3a7ba21207661f4a47a9fa7e
SHA1 (patch-ah) = 9d61282de803459e4b9c49814796dcc97658849d
-SHA1 (patch-ai) = 78228fa174cb0d455a9debec18125d9ee13d34dd
+SHA1 (patch-ai) = 68bd0bdb39ecacd993335707a8843fd696067633
SHA1 (patch-al) = d00f3ad348450e209d55ba69c1c053fce7d359b3
SHA1 (patch-am) = 57567b2c1f86ef575ff4abcbfaa5f06e3178a056
SHA1 (patch-ao) = 09e83615b88dffbdfeb0b0bad07dcdc60024ba67
SHA1 (patch-ap) = f4f360e5fc8008882f07c649b7ea29ef163c6731
-SHA1 (patch-aq) = 212d5c561422e5866cdc05cd39c609b1274aa8b6
-SHA1 (patch-ar) = a64614bc76e73a7d0600daee0a72affe2dc6de15
+SHA1 (patch-aq) = 393f889a397c60a9cb1940f197e92efd12cb13bb
+SHA1 (patch-ar) = 50c45ce7c272385100bc562b8d1d668c3d860df7
+SHA1 (patch-as) = 96f680bcab84c7a832f0ea4ae2b6a5b687f79244
+SHA1 (patch-au) = 1ab308585b3c806931fc0dd60dd82794a46cc4a9
+SHA1 (patch-av) = 0d36d3f7603752e5bfe98215ced4a878d4ec2058
+SHA1 (patch-aw) = 2cbb4e5a17faa79fb8d6607e52a9fa9d965ac884
+SHA1 (patch-ax) = 5388a8cb6fa73bbc001e7b1ad2ed4d25dc2425a8
+SHA1 (patch-ay) = f7252e705e017957238c3be37fbe52aea698785b
+SHA1 (patch-az) = 696c9a25ac25ba7940d976399519caadc4932c4b
+SHA1 (patch-ba) = 02493f55c8c1330a1eae6c109b51a4f5cdbe12d1
+SHA1 (patch-bb) = ebbfcc327d3918b152205a7907fc7c4252b7e1c2
+SHA1 (patch-bc) = 584d14552fd0acaaf32e64a4fa8c2886b4b16b84
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/patches/patch-ai
--- a/multimedia/xine-ui/patches/patch-ai Mon Mar 05 04:32:20 2007 +0000
+++ b/multimedia/xine-ui/patches/patch-ai Mon Mar 05 12:11:41 2007 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ai,v 1.1 2004/05/12 16:42:49 drochner Exp $
+$NetBSD: patch-ai,v 1.1.22.1 2007/03/05 12:11:42 ghen Exp $
---- src/xitk/xine-remote.c.orig 2004-05-11 23:39:22.000000000 +0200
-+++ src/xitk/xine-remote.c 2004-05-11 23:45:24.000000000 +0200
+--- src/xitk/xine-remote.c.orig 2005-07-16 21:05:32.000000000 +0200
++++ src/xitk/xine-remote.c 2007-02-17 22:24:26.000000000 +0100
@@ -30,6 +30,7 @@
#endif
/* required for strncasecmp() */
@@ -30,3 +30,120 @@
#include "common.h"
+@@ -638,7 +639,7 @@ static int write_to_console(session_t *s
+ va_end(args);
+
+ pthread_mutex_lock(&session->console_mutex);
+- err = write_to_console_unlocked(session, buf);
++ err = write_to_console_unlocked(session, "%s", buf);
+ pthread_mutex_unlock(&session->console_mutex);
+
+ return err;
+@@ -998,7 +999,7 @@ static void *select_thread(void *data) {
+ write_to_console_unlocked_nocr(session, "\b \b");
+ pos--;
+ }
+- write_to_console_unlocked(session, obuffer);
++ write_to_console_unlocked(session, "%s", obuffer);
+
+ rl_crlf();
+ rl_forced_update_display();
+@@ -1082,7 +1083,7 @@ static void client_handle_command(sessio
+
+ *pp = '\0';
+
+- if((sock_write(session->socket, buf)) == -1) {
++ if((sock_write(session->socket, "%s", buf)) == -1) {
+ session->running = 0;
+ }
+ }
+@@ -1094,7 +1095,7 @@ static void client_handle_command(sessio
+
+ /* Perhaps a ';' separated commands, so send anyway to server */
+ if(found == 0) {
+- sock_write(session->socket, (char *)command);
++ sock_write(session->socket, "%s", (char *)command);
+ }
+
+ if((!strncasecmp(cmd, "exit", strlen(cmd))) || (!strncasecmp(cmd, "halt", strlen(cmd)))) {
+@@ -1714,7 +1715,7 @@ static void do_commands(commands_t *cmd,
+ i++;
+ }
+ sprintf(buf, "%s.\n", buf);
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+
+ static void do_help(commands_t *cmd, client_info_t *client_info) {
+@@ -1760,7 +1761,7 @@ static void do_help(commands_t *cmd, cli
+ }
+
+ sprintf(buf, "%s\n", buf);
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+ else {
+ int i;
+@@ -2096,7 +2097,7 @@ static void do_get(commands_t *cmd, clie
+ sprintf(buf, "%s%s", buf, "*UNKNOWN*");
+
+ sprintf(buf, "%s%c", buf, '\n');
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+ else if(is_arg_contain(client_info, 1, "speed")) {
+ char buf[64];
+@@ -2116,7 +2117,7 @@ static void do_get(commands_t *cmd, clie
+ sprintf(buf, "%s%s", buf, "*UNKNOWN*");
+
+ sprintf(buf, "%s%c", buf, '\n');
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+ else if(is_arg_contain(client_info, 1, "position")) {
+ char buf[64];
+@@ -2128,7 +2129,7 @@ static void do_get(commands_t *cmd, clie
+ &pos_time,
+ &length_time);
+ snprintf(buf, sizeof(buf), "%s: %d\n", "Current position", pos_time);
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+ else if(is_arg_contain(client_info, 1, "length")) {
+ char buf[64];
+@@ -2140,7 +2141,7 @@ static void do_get(commands_t *cmd, clie
+ &pos_time,
+ &length_time);
+ snprintf(buf, sizeof(buf), "%s: %d\n", "Current length", length_time);
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+ else if(is_arg_contain(client_info, 1, "loop")) {
+ char buf[64];
+@@ -2169,7 +2170,7 @@ static void do_get(commands_t *cmd, clie
+ }
+
+ sprintf(buf, "%s.\n", buf);
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+ }
+ }
+ else if(nargs >= 2) {
+@@ -2552,7 +2553,7 @@ static void do_halt(commands_t *cmd, cli
+ static void network_messenger(void *data, char *message) {
+ int socket = (int) data;
+
+- sock_write(socket, message);
++ sock_write(socket, "%s", message);
+ }
+
+ static void do_snap(commands_t *cmd, client_info_t *client_info) {
+@@ -2577,7 +2578,7 @@ static void say_hello(client_info_t *cli
+ else {
+ snprintf(buf, sizeof(buf), "%s %s %s\n", PACKAGE, VERSION, "remote server. Nice to meet you.");
+ }
+- sock_write(client_info->socket, buf);
++ sock_write(client_info->socket, "%s", buf);
+
+ }
+
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/patches/patch-aq
--- a/multimedia/xine-ui/patches/patch-aq Mon Mar 05 04:32:20 2007 +0000
+++ b/multimedia/xine-ui/patches/patch-aq Mon Mar 05 12:11:41 2007 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-aq,v 1.1 2006/04/21 11:11:26 drochner Exp $
+$NetBSD: patch-aq,v 1.1.8.1 2007/03/05 12:11:42 ghen Exp $
---- src/xitk/main.c.orig 2006-04-20 11:59:48.000000000 +0200
-+++ src/xitk/main.c
+--- src/xitk/main.c.orig 2007-02-17 22:10:56.000000000 +0100
++++ src/xitk/main.c 2007-02-17 22:10:38.000000000 +0100
@@ -456,7 +456,7 @@ static void print_formatted(char *title,
int len;
char *blanks = " ";
@@ -29,3 +29,12 @@
printf(".\n\n");
}
+@@ -1249,7 +1249,7 @@ static void event_listener(void *user_da
+ snprintf(buffer, sizeof(buffer), "%s [%d%%]\n", pevent->description, pevent->percent);
+ gGui->mrl_overrided = 3;
+ panel_set_title(buffer);
+- osd_display_info(buffer);
++ osd_display_info("%s", buffer);
+ }
+ break;
+
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/patches/patch-ar
--- a/multimedia/xine-ui/patches/patch-ar Mon Mar 05 04:32:20 2007 +0000
+++ b/multimedia/xine-ui/patches/patch-ar Mon Mar 05 12:11:41 2007 +0000
@@ -1,8 +1,29 @@
-$NetBSD: patch-ar,v 1.1 2006/04/21 11:11:26 drochner Exp $
+$NetBSD: patch-ar,v 1.1.8.1 2007/03/05 12:11:42 ghen Exp $
---- src/xitk/xine-toolkit/xitk.c.orig 2006-04-21 12:52:41.000000000 +0200
+--- src/xitk/xine-toolkit/xitk.c.orig 2005-05-21 00:02:05.000000000 +0200
+++ src/xitk/xine-toolkit/xitk.c
-@@ -1877,7 +1877,7 @@ void xitk_init(Display *display, XColor
+@@ -147,7 +147,7 @@ typedef struct {
+
+ struct timeval keypress;
+
+- KeyCode ignore_keys[3];
++ KeyCode ignore_keys[2];
+
+ pthread_t *tips_thread;
+ unsigned long tips_timeout;
+@@ -1805,9 +1805,8 @@ void xitk_init(Display *display, XColor
+ xitk_x_error = 0;
+ gXitk->x_error_handler = NULL;
+ gXitk->modalw = None;
+- gXitk->ignore_keys[0] = XKeysymToKeycode(display, XK_Scroll_Lock);
+- gXitk->ignore_keys[1] = XKeysymToKeycode(display, XK_Num_Lock);
+- gXitk->ignore_keys[2] = XKeysymToKeycode(display, XK_Caps_Lock);
++ gXitk->ignore_keys[0] = XKeysymToKeycode(display, XK_Shift_L);
++ gXitk->ignore_keys[1] = XKeysymToKeycode(display, XK_Control_L);
+ gXitk->tips_timeout = TIPS_TIMEOUT;
+ XGetInputFocus(display, &(gXitk->parent.window), &(gXitk->parent.focus));
+
+@@ -1877,7 +1876,7 @@ void xitk_init(Display *display, XColor
sprintf(buffer, "%s%s", buffer, " ]-");
if(verbosity)
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-ui/patches/patch-as Mon Mar 05 12:11:41 2007 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-as,v 1.1.2.2 2007/03/05 12:11:42 ghen Exp $
+
+--- src/xitk/videowin.c.orig 2007-01-08 18:39:40.000000000 +0100
++++ src/xitk/videowin.c
+@@ -1449,8 +1449,8 @@ void video_window_init (window_attribute
+ gVw->desktopHeight = DisplayHeight(gGui->video_display, gGui->video_screen);
+
+ #ifdef HAVE_XTESTEXTENSION
+- gVw->fake_keys[0] = XKeysymToKeycode(gGui->video_display, XK_Scroll_Lock);
+- gVw->fake_keys[1] = XKeysymToKeycode(gGui->video_display, XK_Num_Lock);
++ gVw->fake_keys[0] = XKeysymToKeycode(gGui->video_display, XK_Shift_L);
++ gVw->fake_keys[1] = XKeysymToKeycode(gGui->video_display, XK_Control_L);
+ gVw->fake_key_cur = 0;
+ #endif
+
+@@ -2151,8 +2151,6 @@ void video_window_reset_ssaver(void) {
+ XLockDisplay(gGui->video_display);
+ XTestFakeKeyEvent(gGui->video_display, gVw->fake_keys[gVw->fake_key_cur], True, CurrentTime);
+ XTestFakeKeyEvent(gGui->video_display, gVw->fake_keys[gVw->fake_key_cur], False, CurrentTime);
+- XTestFakeKeyEvent(gGui->video_display, gVw->fake_keys[gVw->fake_key_cur], True, CurrentTime);
+- XTestFakeKeyEvent(gGui->video_display, gVw->fake_keys[gVw->fake_key_cur], False, CurrentTime);
+ XSync(gGui->video_display, False);
+ XUnlockDisplay(gGui->video_display);
+ }
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/patches/patch-au
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-ui/patches/patch-au Mon Mar 05 12:11:41 2007 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-au,v 1.1.2.2 2007/03/05 12:11:42 ghen Exp $
+
+--- src/fb/osd.c.orig 2003-12-01 18:23:27.000000000 +0100
++++ src/fb/osd.c 2007-02-17 21:56:02.000000000 +0100
+@@ -589,7 +589,7 @@ void osd_display_spu_lang(void) {
+ }
+
+ sprintf(buffer, "Subtitles: %s", lang);
+- osd_display_info(buffer);
++ osd_display_info("%s", buffer);
+ }
+
+ void osd_display_audio_lang(void) {
+@@ -618,5 +618,5 @@ void osd_display_audio_lang(void) {
+ }
+
+ sprintf(buffer, "Audio Channel: %s", lang);
+- osd_display_info(buffer);
++ osd_display_info("%s", buffer);
+ }
diff -r cfb5cc27aca7 -r 34003290be07 multimedia/xine-ui/patches/patch-av
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-ui/patches/patch-av Mon Mar 05 12:11:41 2007 +0000
Home |
Main Index |
Thread Index |
Old Index