r1164 - in /unstable/vlc/debian: changelog patches/400_CERT-2008-004.patch patches/401_vlc_trac_1552.patch patches/402_mp4a-resampling.patch patches/series

xtophe-guest at users.alioth.debian.org xtophe-guest at users.alioth.debian.org
Fri Apr 25 23:36:54 UTC 2008 

Author: xtophe-guest
Date: Fri Apr 25 23:36:54 2008
New Revision: 1164

URL: http://svn.debian.org/wsvn/pkg-multimedia/?sc=1&rev=1164
Log:
Add some security fix and bugfix from upstream git

Added:
    unstable/vlc/debian/patches/400_CERT-2008-004.patch
    unstable/vlc/debian/patches/401_vlc_trac_1552.patch
    unstable/vlc/debian/patches/402_mp4a-resampling.patch
Modified:
    unstable/vlc/debian/changelog
    unstable/vlc/debian/patches/series

Modified: unstable/vlc/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/changelog?rev=1164&op=diff
==============================================================================
--- unstable/vlc/debian/changelog (original)
+++ unstable/vlc/debian/changelog Fri Apr 25 23:36:54 2008
@@ -6,9 +6,14 @@
     - Remove 400-CVE-2008-1489.diff and 401-CVE-2008-0073.diff integrated
       upstream
     
-  * 
-
- -- Christophe Mutricy <xtophe at videolan.org>  Sat, 26 Apr 2008 00:14:53 +0100
+  * Patches taken from upstream git
+    - 400_oCERT-2008-004.patch: Fix insufficient boundary checking in speex
+      code (oCERT-2008-004, CVE-2008-1686)
+    - 401_vlc_trac_1552.patch: fix a bug introduced in 0.8.6f in the sap
+      parser
+    - 402_mp4a-resampling.patch: Fix mp4a resampiling
+
+ -- Christophe Mutricy <xtophe at videolan.org>  Sat, 26 Apr 2008 00:19:16 +0100
 
 vlc (0.8.6.e-2) unstable; urgency=high
 

Added: unstable/vlc/debian/patches/400_CERT-2008-004.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/400_CERT-2008-004.patch?rev=1164&op=file
==============================================================================
--- unstable/vlc/debian/patches/400_CERT-2008-004.patch (added)
+++ unstable/vlc/debian/patches/400_CERT-2008-004.patch Fri Apr 25 23:36:54 2008
@@ -1,0 +1,20 @@
+commit c1c81073e661f7d80197711ab11753e1e170b44c
+Author: Pavlov Konstantin <thresh at videolan.org>
+Date:   Thu Apr 17 22:47:13 2008 +0400
+
+    Fix for [oCERT-2008-004] multiple speex implementations insufficient boundary checks. Patch by Eren Türkay
+    (cherry picked from commit 8060b3457e20e6223b70927693f8da8f547b8fef)
+
+diff --git a/modules/codec/speex.c b/modules/codec/speex.c
+index 480bbc0..0ca290f 100644
+--- a/modules/codec/speex.c
++++ b/modules/codec/speex.c
+@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder_t *p_dec, ogg_packet *p_oggpacket )
+         msg_Err( p_dec, "cannot read Speex header" );
+         return VLC_EGENERIC;
+     }
+-    if( p_header->mode >= SPEEX_NB_MODES )
++    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
+     {
+         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
+                  "this version of libspeex.", p_header->mode );

Added: unstable/vlc/debian/patches/401_vlc_trac_1552.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/401_vlc_trac_1552.patch?rev=1164&op=file
==============================================================================
--- unstable/vlc/debian/patches/401_vlc_trac_1552.patch (added)
+++ unstable/vlc/debian/patches/401_vlc_trac_1552.patch Fri Apr 25 23:36:54 2008
@@ -1,0 +1,27 @@
+commit 5e015eeedede726d17ab542c3f3a20296c5d411b
+Author: Christophe Mutricy <xtophe at videolan.org>
+Date:   Wed Apr 16 23:42:15 2008 +0100
+
+    Correctly parse the media type (Fix #1552)
+
+diff --git a/modules/services_discovery/sap.c b/modules/services_discovery/sap.c
+index 797099e..3d664de 100644
+--- a/modules/services_discovery/sap.c
++++ b/modules/services_discovery/sap.c
+@@ -2,7 +2,7 @@
+  * sap.c :  SAP interface module
+  *****************************************************************************
+  * Copyright (C) 2004-2005 the VideoLAN team
+- * $Id$
++ * $Id: 797099ef1b4316d247401fb5e40a2edebe0e9f48 $
+  *
+  * Authors: Clément Stenac <zorglub at videolan.org>
+  *
+@@ -1045,6 +1045,7 @@ static int ParseConnection( vlc_object_t *p_obj, sdp_t *p_sdp )
+             if( !strcmp( psz_parse, "RTP/AVP" ) )
+             {
+                 psz_proto = "rtp";
++                psz_parse = psz_eof + 1;
+                 p_sdp->i_media_type = atoi( psz_parse );
+             }
+             else

Added: unstable/vlc/debian/patches/402_mp4a-resampling.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/402_mp4a-resampling.patch?rev=1164&op=file
==============================================================================
--- unstable/vlc/debian/patches/402_mp4a-resampling.patch (added)
+++ unstable/vlc/debian/patches/402_mp4a-resampling.patch Fri Apr 25 23:36:54 2008
@@ -1,0 +1,30 @@
+commit 1fbde99ac89673cbfb864d68fe390e96ef40335f
+Author: Rafaël Carré <funman at videolan.org>
+Date:   Tue Apr 8 16:00:22 2008 +0200
+
+    When specifying --sout-transcode-samplerate and --sout-transcode-channel, set the OUTPUT format instead of the INPUT
+    
+    Fix resampling when using mp4a (faac is the only option atm)
+
+diff --git a/modules/codec/ffmpeg/encoder.c b/modules/codec/ffmpeg/encoder.c
+index 6c047e3..5bac74a 100644
+--- a/modules/codec/ffmpeg/encoder.c
++++ b/modules/codec/ffmpeg/encoder.c
+@@ -539,8 +539,15 @@ int E_(OpenEncoder)( vlc_object_t *p_this )
+             p_enc->fmt_in.audio.i_channels = 2;
+ 
+         p_enc->fmt_in.i_codec  = AOUT_FMT_S16_NE;
+-        p_context->sample_rate = p_enc->fmt_in.audio.i_rate;
+-        p_context->channels    = p_enc->fmt_in.audio.i_channels;
++        p_context->sample_rate = p_enc->fmt_out.audio.i_rate;
++        p_context->channels    = p_enc->fmt_out.audio.i_channels;
++
++        if ( p_enc->fmt_out.i_codec == VLC_FOURCC('m','p','4','a') )
++        {
++            /* XXX: FAAC does resample only when setting the INPUT samplerate
++             * to the desired value (-R option of the faac frontend) */
++            p_enc->fmt_in.audio.i_rate = p_context->sample_rate;
++        }
+     }
+ 
+     /* Misc parameters */

Modified: unstable/vlc/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/series?rev=1164&op=diff
==============================================================================
--- unstable/vlc/debian/patches/series (original)
+++ unstable/vlc/debian/patches/series Fri Apr 25 23:36:54 2008
@@ -7,3 +7,6 @@
 105_min_mkv.patch
 200_osdmenu_paths.diff
 300_manpage_syntax.diff
+400_CERT-2008-004.patch
+401_vlc_trac_1552.patch
+402_mp4a-resampling.patch

More information about the pkg-multimedia-commits mailing list