FreeBSD Bugzilla – Attachment 201877 Details for
Bug 234551
multimedia/mythtv: Update to mythtv 30.0. Fixes build on FreeBSD 12.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Build mythtv version 30.0
mythtv-30.0,1.diff (text/plain), 147.56 KB, created by
fernando.e.vilas
on 2019-02-09 23:34:33 UTC
(
hide
)
Description:
Build mythtv version 30.0
Filename:
MIME Type:
Creator:
fernando.e.vilas
Created:
2019-02-09 23:34:33 UTC
Size:
147.56 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 491303) >+++ Makefile (working copy) >@@ -3,8 +3,8 @@ > > PORTNAME= mythtv > DISTVERSIONPREFIX= v >-DISTVERSION= 29.1 >-PORTREVISION?= 3 >+DISTVERSION= 30.0 >+PORTREVISION?= 0 > PORTEPOCH= 1 > CATEGORIES= multimedia > >@@ -14,21 +14,24 @@ > LICENSE= GPLv2+ > LICENSE_FILE= ${WRKSRC}/COPYING > >-BROKEN= fails to build > ONLY_FOR_ARCHS= amd64 i386 > >-LIB_DEPENDS= libmp3lame.so:audio/lame \ >+LIB_DEPENDS= liblzo2.so:archivers/lzo2 \ >+ libmp3lame.so:audio/lame \ >+ libsamplerate.so:audio/libsamplerate \ > libtag.so:audio/taglib \ > libexiv2.so:graphics/exiv2 \ > libva.so:multimedia/libva \ >+ libbluray.so:multimedia/libbluray \ > libass.so:multimedia/libass \ > libfftw3_threads.so:math/fftw3 \ > libfftw3f.so:math/fftw3-float \ > libfreetype.so:print/freetype2 \ > libxml2.so:textproc/libxml2 >-BUILD_DEPENDS= yasm:devel/yasm >+BUILD_DEPENDS= yasm:devel/yasm \ >+ ${LOCALBASE}/include/linux/input.h:devel/evdev-proto > >-USES= gmake iconv libtool pkgconfig pathfix qmake:no_env qt:5 ssl >+USES= gmake gl iconv libtool pkgconfig pathfix qmake:no_env qt:5 ssl > USE_GITHUB= yes > GH_ACCOUNT= MythTV > USE_GL= gl >@@ -42,8 +45,8 @@ > CONFIGURE_ARGS= --prefix="${PREFIX}" --cc="${CC}" --cxx="${CXX}" \ > --libxml2-path="${LOCALBASE}/include/libxml2" \ > --enable-opengl-video \ >- --disable-audio-alsa --disable-indev=alsa --disable-outdev=alsa \ >- --disable-mythlogserver >+ --disable-audio-alsa --disable-indev=alsa \ >+ --disable-outdev=alsa > CONFIGURE_ENV= QMAKESPEC="${QMAKESPEC}" MOC="${MOC}" \ > QTDIR="${PREFIX}" PKG_CONFIG_PATH="${LOCALBASE}/libdata/pkgconfig" > MAKE_ENV= QTDIR="${PREFIX}" \ >@@ -84,7 +87,8 @@ > programs/scripts/internetcontent/nv_python_libs/*.py \ > programs/scripts/hardwareprofile/*.py \ > programs/scripts/metadata/Television/ttvdb.py \ >- programs/scripts/metadata/Movie/tmdb3.py >+ programs/scripts/metadata/Movie/tmdb3.py \ >+ programs/scripts/metadata/Music/mbutils.py > > CONFIGURE_ARGS+=--dvb-path="${LOCALBASE}/include" \ > --enable-ivtv --enable-v4l2 --enable-xv >@@ -108,6 +112,7 @@ > p5-DBD-mysql>0:databases/p5-DBD-mysql \ > p5-Net-UPnP>=0:multimedia/p5-Net-UPnP \ > p5-IO-Socket-INET6>=2.51:net/p5-IO-Socket-INET6 \ >+ p5-XML-Simple>=0:textproc/p5-XML-Simple \ > p5-HTTP-Request-Params>=0:www/p5-HTTP-Request-Params \ > p5-LWP-UserAgent-Determined>=0:www/p5-LWP-UserAgent-Determined > BINDINGS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}MySQLdb>=1.2.2:databases/py-MySQLdb@${PY_FLAVOR} \ >@@ -121,6 +126,7 @@ > p5-DBD-mysql>0:databases/p5-DBD-mysql \ > p5-Net-UPnP>=0:multimedia/p5-Net-UPnP \ > p5-IO-Socket-INET6>=2.51:net/p5-IO-Socket-INET6 \ >+ p5-XML-Simple>=0:textproc/p5-XML-Simple \ > p5-HTTP-Request-Params>=0:www/p5-HTTP-Request-Params \ > p5-LWP-UserAgent-Determined>=0:www/p5-LWP-UserAgent-Determined > BINDINGS_CONFIGURE_ON= --python=${PYTHON_CMD} >Index: distinfo >=================================================================== >--- distinfo (revision 491303) >+++ distinfo (working copy) >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1539236555 >-SHA256 (MythTV-mythtv-v29.1_GH0.tar.gz) = e40ec8111d39fd059a9ec741b10016683bcc66ee3b33c4cdaab93d60851f5d3e >-SIZE (MythTV-mythtv-v29.1_GH0.tar.gz) = 105616253 >+TIMESTAMP = 1548724555 >+SHA256 (MythTV-mythtv-v30.0_GH0.tar.gz) = 7f7ae9b8927659616f181afc12d7ddc26b0a4b0d13982e2586985f4770640b43 >+SIZE (MythTV-mythtv-v30.0_GH0.tar.gz) = 101169041 >Index: files/extrapatch-programs_programs.pro >=================================================================== >--- files/extrapatch-programs_programs.pro (revision 491303) >+++ files/extrapatch-programs_programs.pro (working copy) >@@ -2,7 +2,7 @@ > > --- programs/programs.pro.orig 2018-01-11 12:39:22 UTC > +++ programs/programs.pro >-@@ -15,12 +15,4 @@ using_frontend { >+@@ -15,13 +15,4 @@ using_frontend { > !mingw:!win32-msvc*: SUBDIRS += mythtranscode/external/replex > } > >@@ -12,6 +12,7 @@ > - > - !win32-msvc*:SUBDIRS += scripts > - !mingw:!win32-msvc*: SUBDIRS += mythfilerecorder >+- !mingw:!win32-msvc*: SUBDIRS += mythexternrecorder > -} > - > using_mythtranscode: SUBDIRS += mythtranscode >Index: files/patch-CVE-2016-10190 >=================================================================== >--- files/patch-CVE-2016-10190 (revision 491303) >+++ files/patch-CVE-2016-10190 (nonexistent) >@@ -1,239 +0,0 @@ >-From 0e0a413725e0221e1a9d0b7595e22bf57e23a09c Mon Sep 17 00:00:00 2001 >-From: "Ronald S. Bultje" <rsbultje@gmail.com> >-Date: Mon, 5 Dec 2016 08:02:33 -0500 >-Subject: [PATCH] http: make length/offset-related variables unsigned. >- >-Fixes #5992, reported and found by Paul Cher <paulcher@icloud.com>. >- >-(cherry picked from commit 2a05c8f813de6f2278827734bf8102291e7484aa) >---- >- libavformat/http.c | 70 +++++++++++++++++++++++++++++------------------------- >- 1 file changed, 38 insertions(+), 32 deletions(-) >- >-diff --git libavformat/http.c libavformat/http.c >-index d48958d8a3c..13f3be42271 100644 >---- external/FFmpeg/libavformat/http.c >-+++ external/FFmpeg/libavformat/http.c >-@@ -62,8 +62,8 @@ typedef struct HTTPContext { >- int line_count; >- int http_code; >- /* Used if "Transfer-Encoding: chunked" otherwise -1. */ >-- int64_t chunksize; >-- int64_t off, end_off, filesize; >-+ uint64_t chunksize; >-+ uint64_t off, end_off, filesize; >- char *location; >- HTTPAuthState auth_state; >- HTTPAuthState proxy_auth_state; >-@@ -95,9 +95,9 @@ typedef struct HTTPContext { >- AVDictionary *cookie_dict; >- int icy; >- /* how much data was read since the last ICY metadata packet */ >-- int icy_data_read; >-+ uint64_t icy_data_read; >- /* after how many bytes of read data a new metadata packet will be found */ >-- int icy_metaint; >-+ uint64_t icy_metaint; >- char *icy_metadata_headers; >- char *icy_metadata_packet; >- AVDictionary *metadata; >-@@ -489,7 +489,7 @@ static int http_open(URLContext *h, const char *uri, int flags, >- else >- h->is_streamed = 1; >- >-- s->filesize = -1; >-+ s->filesize = UINT64_MAX; >- s->location = av_strdup(uri); >- if (!s->location) >- return AVERROR(ENOMEM); >-@@ -616,9 +616,9 @@ static void parse_content_range(URLContext *h, const char *p) >- >- if (!strncmp(p, "bytes ", 6)) { >- p += 6; >-- s->off = strtoll(p, NULL, 10); >-+ s->off = strtoull(p, NULL, 10); >- if ((slash = strchr(p, '/')) && strlen(slash) > 0) >-- s->filesize = strtoll(slash + 1, NULL, 10); >-+ s->filesize = strtoull(slash + 1, NULL, 10); >- } >- if (s->seekable == -1 && (!s->is_akamai || s->filesize != 2147483647)) >- h->is_streamed = 0; /* we _can_ in fact seek */ >-@@ -808,8 +808,9 @@ static int process_line(URLContext *h, char *line, int line_count, >- if ((ret = parse_location(s, p)) < 0) >- return ret; >- *new_location = 1; >-- } else if (!av_strcasecmp(tag, "Content-Length") && s->filesize == -1) { >-- s->filesize = strtoll(p, NULL, 10); >-+ } else if (!av_strcasecmp(tag, "Content-Length") && >-+ s->filesize == UINT64_MAX) { >-+ s->filesize = strtoull(p, NULL, 10); >- } else if (!av_strcasecmp(tag, "Content-Range")) { >- parse_content_range(h, p); >- } else if (!av_strcasecmp(tag, "Accept-Ranges") && >-@@ -818,7 +819,7 @@ static int process_line(URLContext *h, char *line, int line_count, >- h->is_streamed = 0; >- } else if (!av_strcasecmp(tag, "Transfer-Encoding") && >- !av_strncasecmp(p, "chunked", 7)) { >-- s->filesize = -1; >-+ s->filesize = UINT64_MAX; >- s->chunksize = 0; >- } else if (!av_strcasecmp(tag, "WWW-Authenticate")) { >- ff_http_auth_handle_header(&s->auth_state, tag, p); >-@@ -842,7 +843,7 @@ static int process_line(URLContext *h, char *line, int line_count, >- if (parse_cookie(s, p, &s->cookie_dict)) >- av_log(h, AV_LOG_WARNING, "Unable to parse '%s'\n", p); >- } else if (!av_strcasecmp(tag, "Icy-MetaInt")) { >-- s->icy_metaint = strtoll(p, NULL, 10); >-+ s->icy_metaint = strtoull(p, NULL, 10); >- } else if (!av_strncasecmp(tag, "Icy-", 4)) { >- if ((ret = parse_icy(s, tag, p)) < 0) >- return ret; >-@@ -972,7 +973,7 @@ static int http_read_header(URLContext *h, int *new_location) >- char line[MAX_URL_SIZE]; >- int err = 0; >- >-- s->chunksize = -1; >-+ s->chunksize = UINT64_MAX; >- >- for (;;) { >- if ((err = http_get_line(s, line, sizeof(line))) < 0) >-@@ -1006,7 +1007,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path, >- int post, err; >- char headers[HTTP_HEADERS_SIZE] = ""; >- char *authstr = NULL, *proxyauthstr = NULL; >-- int64_t off = s->off; >-+ uint64_t off = s->off; >- int len = 0; >- const char *method; >- int send_expect_100 = 0; >-@@ -1060,7 +1061,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path, >- // server supports seeking by analysing the reply headers. >- if (!has_header(s->headers, "\r\nRange: ") && !post && (s->off > 0 || s->end_off || s->seekable == -1)) { >- len += av_strlcatf(headers + len, sizeof(headers) - len, >-- "Range: bytes=%"PRId64"-", s->off); >-+ "Range: bytes=%"PRIu64"-", s->off); >- if (s->end_off) >- len += av_strlcatf(headers + len, sizeof(headers) - len, >- "%"PRId64, s->end_off - 1); >-@@ -1135,7 +1136,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path, >- s->line_count = 0; >- s->off = 0; >- s->icy_data_read = 0; >-- s->filesize = -1; >-+ s->filesize = UINT64_MAX; >- s->willclose = 0; >- s->end_chunked_post = 0; >- s->end_header = 0; >-@@ -1175,15 +1176,13 @@ static int http_buf_read(URLContext *h, uint8_t *buf, int size) >- memcpy(buf, s->buf_ptr, len); >- s->buf_ptr += len; >- } else { >-- int64_t target_end = s->end_off ? s->end_off : s->filesize; >-- if ((!s->willclose || s->chunksize < 0) && >-- target_end >= 0 && s->off >= target_end) >-+ uint64_t target_end = s->end_off ? s->end_off : s->filesize; >-+ if ((!s->willclose || s->chunksize == UINT64_MAX) && s->off >= target_end) >- return AVERROR_EOF; >- len = ffurl_read(s->hd, buf, size); >-- if (!len && (!s->willclose || s->chunksize < 0) && >-- target_end >= 0 && s->off < target_end) { >-+ if (!len && (!s->willclose || s->chunksize == UINT64_MAX) && s->off < target_end) { >- av_log(h, AV_LOG_ERROR, >-- "Stream ends prematurely at %"PRId64", should be %"PRId64"\n", >-+ "Stream ends prematurely at %"PRIu64", should be %"PRIu64"\n", >- s->off, target_end >- ); >- return AVERROR(EIO); >-@@ -1247,7 +1246,7 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) >- return err; >- } >- >-- if (s->chunksize >= 0) { >-+ if (s->chunksize != UINT64_MAX) { >- if (!s->chunksize) { >- char line[32]; >- >-@@ -1256,13 +1255,19 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) >- return err; >- } while (!*line); /* skip CR LF from last chunk */ >- >-- s->chunksize = strtoll(line, NULL, 16); >-+ s->chunksize = strtoull(line, NULL, 16); >- >-- av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n", >-+ av_log(h, AV_LOG_TRACE, >-+ "Chunked encoding data size: %"PRIu64"'\n", >- s->chunksize); >- >- if (!s->chunksize) >- return 0; >-+ else if (s->chunksize == UINT64_MAX) { >-+ av_log(h, AV_LOG_ERROR, "Invalid chunk size %"PRIu64"\n", >-+ s->chunksize); >-+ return AVERROR(EINVAL); >-+ } >- } >- size = FFMIN(size, s->chunksize); >- } >-@@ -1273,17 +1278,17 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) >- read_ret = http_buf_read(h, buf, size); >- if ( (read_ret < 0 && s->reconnect && (!h->is_streamed || s->reconnect_streamed) && s->filesize > 0 && s->off < s->filesize) >- || (read_ret == 0 && s->reconnect_at_eof && (!h->is_streamed || s->reconnect_streamed))) { >-- int64_t target = h->is_streamed ? 0 : s->off; >-+ uint64_t target = h->is_streamed ? 0 : s->off; >- >- if (s->reconnect_delay > s->reconnect_delay_max) >- return AVERROR(EIO); >- >-- av_log(h, AV_LOG_INFO, "Will reconnect at %"PRId64" error=%s.\n", s->off, av_err2str(read_ret)); >-+ av_log(h, AV_LOG_INFO, "Will reconnect at %"PRIu64" error=%s.\n", s->off, av_err2str(read_ret)); >- av_usleep(1000U*1000*s->reconnect_delay); >- s->reconnect_delay = 1 + 2*s->reconnect_delay; >- seek_ret = http_seek_internal(h, target, SEEK_SET, 1); >- if (seek_ret != target) { >-- av_log(h, AV_LOG_ERROR, "Failed to reconnect at %"PRId64".\n", target); >-+ av_log(h, AV_LOG_ERROR, "Failed to reconnect at %"PRIu64".\n", target); >- return read_ret; >- } >- >-@@ -1338,10 +1343,11 @@ static int store_icy(URLContext *h, int size) >- { >- HTTPContext *s = h->priv_data; >- /* until next metadata packet */ >-- int remaining = s->icy_metaint - s->icy_data_read; >-+ uint64_t remaining; >- >-- if (remaining < 0) >-+ if (s->icy_metaint < s->icy_data_read) >- return AVERROR_INVALIDDATA; >-+ remaining = s->icy_metaint - s->icy_data_read; >- >- if (!remaining) { >- /* The metadata packet is variable sized. It has a 1 byte header >-@@ -1455,7 +1461,7 @@ static int64_t http_seek_internal(URLContext *h, int64_t off, int whence, int fo >- { >- HTTPContext *s = h->priv_data; >- URLContext *old_hd = s->hd; >-- int64_t old_off = s->off; >-+ uint64_t old_off = s->off; >- uint8_t old_buf[BUFFER_SIZE]; >- int old_buf_size, ret; >- AVDictionary *options = NULL; >-@@ -1466,7 +1472,7 @@ static int64_t http_seek_internal(URLContext *h, int64_t off, int whence, int fo >- ((whence == SEEK_CUR && off == 0) || >- (whence == SEEK_SET && off == s->off))) >- return s->off; >-- else if ((s->filesize == -1 && whence == SEEK_END)) >-+ else if ((s->filesize == UINT64_MAX && whence == SEEK_END)) >- return AVERROR(ENOSYS); >- >- if (whence == SEEK_CUR) >-@@ -1621,7 +1627,7 @@ static int http_proxy_open(URLContext *h, const char *uri, int flags) >- s->buf_ptr = s->buffer; >- s->buf_end = s->buffer; >- s->line_count = 0; >-- s->filesize = -1; >-+ s->filesize = UINT64_MAX; >- cur_auth_type = s->proxy_auth_state.auth_type; >- >- /* Note: This uses buffering, potentially reading more than the > >Property changes on: files/patch-CVE-2016-10190 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2016-10192 >=================================================================== >--- files/patch-CVE-2016-10192 (revision 491303) >+++ files/patch-CVE-2016-10192 (nonexistent) >@@ -1,40 +0,0 @@ >-From c12ee64e80af2517005231388fdf4ea78f16bb0e Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Mon, 5 Dec 2016 17:27:45 +0100 >-Subject: [PATCH] ffserver: Check chunk size >- >-Fixes out of array access >- >-Fixes: poc_ffserver.py >-Found-by: Paul Cher <paulcher@icloud.com> >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- ffserver.c | 5 ++++- >- 1 file changed, 4 insertions(+), 1 deletion(-) >- >-diff --git ffserver.c ffserver.c >-index 453d790e6cd..aec808e78cb 100644 >---- external/FFmpeg/ffserver.c.orig >-+++ external/FFmpeg/ffserver.c >-@@ -2702,8 +2702,10 @@ static int http_receive_data(HTTPContext *c) >- } else if (c->buffer_ptr - c->buffer >= 2 && >- !memcmp(c->buffer_ptr - 1, "\r\n", 2)) { >- c->chunk_size = strtol(c->buffer, 0, 16); >-- if (c->chunk_size == 0) // end of stream >-+ if (c->chunk_size <= 0) { // end of stream or invalid chunk size >-+ c->chunk_size = 0; >- goto fail; >-+ } >- c->buffer_ptr = c->buffer; >- break; >- } else if (++loop_run > 10) >-@@ -2725,6 +2727,7 @@ static int http_receive_data(HTTPContext *c) >- /* end of connection : close it */ >- goto fail; >- else { >-+ av_assert0(len <= c->chunk_size); >- c->chunk_size -= len; >- c->buffer_ptr += len; >- c->data_count += len; > >Property changes on: files/patch-CVE-2016-10192 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-05024 >=================================================================== >--- files/patch-CVE-2017-05024 (revision 491303) >+++ files/patch-CVE-2017-05024 (nonexistent) >@@ -1,31 +0,0 @@ >-From ed2572b9c8f885e2a4764d2e34604442a71899a1 Mon Sep 17 00:00:00 2001 >-From: Matt Wolenetz <wolenetz@google.com> >-Date: Wed, 14 Dec 2016 15:26:19 -0800 >-Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid >- >-Core of patch is from paul@paulmehta.com >-Reference https://crbug.com/643951 >- >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-Check value reduced as the code does not support values beyond INT_MAX >-Also the check is moved to a more common place and before integer truncation >- >-(cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/mov.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavformat/mov.c libavformat/mov.c >-index 17d0475aae1..74b58255784 100644 >---- external/FFmpeg/libavformat/mov.c >-+++ external/FFmpeg/libavformat/mov.c >-@@ -4436,7 +4436,7 @@ static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom) >- 0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac >- }; >- >-- if (atom.size < sizeof(uuid) || atom.size == INT64_MAX) >-+ if (atom.size < sizeof(uuid) || atom.size >= FFMIN(INT_MAX, SIZE_MAX)) >- return AVERROR_INVALIDDATA; >- >- ret = avio_read(pb, uuid, sizeof(uuid)); > >Property changes on: files/patch-CVE-2017-05024 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-05025 >=================================================================== >--- files/patch-CVE-2017-05025 (revision 491303) >+++ files/patch-CVE-2017-05025 (nonexistent) >@@ -1,30 +0,0 @@ >-From cf8e004a51b08c6e8ceaeebca85ab84c7ed0b4cf Mon Sep 17 00:00:00 2001 >-From: Matt Wolenetz <wolenetz@google.com> >-Date: Wed, 14 Dec 2016 15:24:42 -0800 >-Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr >- >-Core of patch is from paul@paulmehta.com >-Reference https://crbug.com/643950 >- >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-Check value reduced as the code does not support larger lengths >- >-(cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/mov.c | 2 ++ >- 1 file changed, 2 insertions(+) >- >-diff --git libavformat/mov.c libavformat/mov.c >-index 1e2141808da..17d0475aae1 100644 >---- external/FFmpeg/libavformat/mov.c >-+++ external/FFmpeg/libavformat/mov.c >-@@ -739,6 +739,8 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom) >- >- title_size = atom.size - 24; >- if (title_size > 0) { >-+ if (title_size > FFMIN(INT_MAX, SIZE_MAX-1)) >-+ return AVERROR_INVALIDDATA; >- title_str = av_malloc(title_size + 1); /* Add null terminator */ >- if (!title_str) >- return AVERROR(ENOMEM); > >Property changes on: files/patch-CVE-2017-05025 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-07862 >=================================================================== >--- files/patch-CVE-2017-07862 (revision 491303) >+++ files/patch-CVE-2017-07862 (nonexistent) >@@ -1,28 +0,0 @@ >-From a1a14982ec5b9954637cdc9ce8daf01d211e5c79 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Tue, 7 Feb 2017 15:49:09 +0100 >-Subject: [PATCH] avcodec/pictordec: Fix logic error >- >-Fixes: 559/clusterfuzz-testcase-6424225917173760 >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 8c2ea3030af7b40a3c4275696fb5c76cdb80950a) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/pictordec.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavcodec/pictordec.c libavcodec/pictordec.c >-index ff6eb7f4fc9..0cfc7858326 100644 >---- external/FFmpeg/libavcodec/pictordec.c >-+++ external/FFmpeg/libavcodec/pictordec.c >-@@ -142,7 +142,7 @@ static int decode_frame(AVCodecContext *avctx, >- >- if (av_image_check_size(s->width, s->height, 0, avctx) < 0) >- return -1; >-- if (s->width != avctx->width && s->height != avctx->height) { >-+ if (s->width != avctx->width || s->height != avctx->height) { >- ret = ff_set_dimensions(avctx, s->width, s->height); >- if (ret < 0) >- return ret; > >Property changes on: files/patch-CVE-2017-07862 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-07866 >=================================================================== >--- files/patch-CVE-2017-07866 (revision 491303) >+++ files/patch-CVE-2017-07866 (nonexistent) >@@ -1,37 +0,0 @@ >-From bd6c1d5149fbc4f2a0200ad99e7f56f4fb7d518a Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Mon, 23 Jan 2017 01:25:27 +0100 >-Subject: [PATCH] avcodec/pngdec: Fix off by 1 size in decode_zbuf() >- >-Fixes out of array access >-Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit e371f031b942d73e02c090170975561fabd5c264) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/pngdec.c | 6 +++--- >- 1 file changed, 3 insertions(+), 3 deletions(-) >- >-diff --git libavcodec/pngdec.c libavcodec/pngdec.c >-index 36275ae43f5..7ade0cee661 100644 >---- external/FFmpeg/libavcodec/pngdec.c >-+++ external/FFmpeg/libavcodec/pngdec.c >-@@ -437,13 +437,13 @@ static int decode_zbuf(AVBPrint *bp, const uint8_t *data, >- av_bprint_init(bp, 0, -1); >- >- while (zstream.avail_in > 0) { >-- av_bprint_get_buffer(bp, 1, &buf, &buf_size); >-- if (!buf_size) { >-+ av_bprint_get_buffer(bp, 2, &buf, &buf_size); >-+ if (buf_size < 2) { >- ret = AVERROR(ENOMEM); >- goto fail; >- } >- zstream.next_out = buf; >-- zstream.avail_out = buf_size; >-+ zstream.avail_out = buf_size - 1; >- ret = inflate(&zstream, Z_PARTIAL_FLUSH); >- if (ret != Z_OK && ret != Z_STREAM_END) { >- ret = AVERROR_EXTERNAL; > >Property changes on: files/patch-CVE-2017-07866 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09608a >=================================================================== >--- files/patch-CVE-2017-09608a (revision 491303) >+++ files/patch-CVE-2017-09608a (nonexistent) >@@ -1,116 +0,0 @@ >-From e1940d2458353943e2fab6bdb87d2278077e22a5 Mon Sep 17 00:00:00 2001 >-From: Paul B Mahol <onemda@gmail.com> >-Date: Mon, 20 Mar 2017 22:47:48 +0100 >-Subject: [PATCH] avcodec/dnxhd_parser: take into account compressed frame size >- and skip it >- >-Fixes #6214 and vsynth1-dnxhd-720p-hr-lb. >- >-Signed-off-by: Paul B Mahol <onemda@gmail.com> >---- >- libavcodec/dnxhd_parser.c | 65 +++++++++++++++++++++++++++---- >- tests/ref/vsynth/vsynth1-dnxhd-720p-hr-lb | 4 +- >- 2 files changed, 60 insertions(+), 9 deletions(-) >- >-diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c >-index 033b8ee7e11..4f9bbceeeb5 100644 >---- external/FFmpeg/libavcodec/dnxhd_parser.c >-+++ external/FFmpeg/libavcodec/dnxhd_parser.c >-@@ -31,8 +31,24 @@ typedef struct { >- ParseContext pc; >- int interlaced; >- int cur_field; /* first field is 0, second is 1 */ >-+ int cur_byte; >-+ int remaining; >-+ int w, h; >- } DNXHDParserContext; >- >-+static int dnxhd_get_hr_frame_size(int cid, int w, int h) >-+{ >-+ int result, i = ff_dnxhd_get_cid_table(cid); >-+ >-+ if (i < 0) >-+ return i; >-+ >-+ result = ((h + 15) / 16) * ((w + 15) / 16) * ff_dnxhd_cid_table[i].packet_scale.num / ff_dnxhd_cid_table[i].packet_scale.den; >-+ result = (result + 2048) / 4096 * 4096; >-+ >-+ return FFMAX(result, 8192); >-+} >-+ >- static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- const uint8_t *buf, int buf_size) >- { >-@@ -51,30 +67,65 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- pic_found = 1; >- interlaced = (state&2)>>1; /* byte following the 5-byte header prefix */ >- cur_field = state&1; >-+ dctx->cur_byte = 0; >-+ dctx->remaining = 0; >- break; >- } >- } >- } >- >-- if (pic_found) { >-+ if (pic_found && !dctx->remaining) { >- if (!buf_size) /* EOF considered as end of frame */ >- return 0; >- for (; i < buf_size; i++) { >-+ dctx->cur_byte++; >- state = (state << 8) | buf[i]; >-- if (ff_dnxhd_check_header_prefix(state & 0xffffffffff00LL) != 0) { >-- if (!interlaced || dctx->cur_field) { >-+ >-+ if (dctx->cur_byte == 24) { >-+ dctx->h = (state >> 32) & 0xFFFF; >-+ } else if (dctx->cur_byte == 26) { >-+ dctx->w = (state >> 32) & 0xFFFF; >-+ } else if (dctx->cur_byte == 42) { >-+ int cid = (state >> 32) & 0xFFFFFFFF; >-+ >-+ if (cid <= 0) >-+ continue; >-+ >-+ dctx->remaining = avpriv_dnxhd_get_frame_size(cid); >-+ if (dctx->remaining <= 0) { >-+ dctx->remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); >-+ if (dctx->remaining <= 0) >-+ return dctx->remaining; >-+ } >-+ if (buf_size - i >= dctx->remaining && (!dctx->interlaced || dctx->cur_field)) { >-+ int remaining = dctx->remaining; >-+ >- pc->frame_start_found = 0; >- pc->state64 = -1; >- dctx->interlaced = interlaced; >- dctx->cur_field = 0; >-- return i - 5; >-+ dctx->cur_byte = 0; >-+ dctx->remaining = 0; >-+ return remaining; >- } else { >-- /* continue, to get the second field */ >-- dctx->interlaced = interlaced = (state&2)>>1; >-- dctx->cur_field = cur_field = state&1; >-+ dctx->remaining -= buf_size; >- } >- } >- } >-+ } else if (pic_found) { >-+ if (dctx->remaining > buf_size) { >-+ dctx->remaining -= buf_size; >-+ } else { >-+ int remaining = dctx->remaining; >-+ >-+ pc->frame_start_found = 0; >-+ pc->state64 = -1; >-+ dctx->interlaced = interlaced; >-+ dctx->cur_field = 0; >-+ dctx->cur_byte = 0; >-+ dctx->remaining = 0; >-+ return remaining; >-+ } >- } >- pc->frame_start_found = pic_found; >- pc->state64 = state; > >Property changes on: files/patch-CVE-2017-09608a >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09608b >=================================================================== >--- files/patch-CVE-2017-09608b (revision 491303) >+++ files/patch-CVE-2017-09608b (nonexistent) >@@ -1,82 +0,0 @@ >-From da693f8daa62cb76a2aa05021d6c8d53a1b816b2 Mon Sep 17 00:00:00 2001 >-From: Paul B Mahol <onemda@gmail.com> >-Date: Sun, 23 Apr 2017 11:53:57 +0200 >-Subject: [PATCH] avcodec/dnxhd_parser: fix parsing interlaced video, simplify >- code >- >-There appears to be no need to treat interlaced videos differently, >-also that code is flawed, as for at least one input cur_field would >-be always 0. >- >-Fixes ticket #6344. >- >-Signed-off-by: Paul B Mahol <onemda@gmail.com> >-(cherry picked from commit ac30754a148df58822a272555d1f6f860e42037e) >---- >- libavcodec/dnxhd_parser.c | 14 +------------- >- 1 file changed, 1 insertion(+), 13 deletions(-) >- >-diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c >-index 4f9bbceeeb5..a1f632a620e 100644 >---- external/FFmpeg/libavcodec/dnxhd_parser.c >-+++ external/FFmpeg/libavcodec/dnxhd_parser.c >-@@ -29,8 +29,6 @@ >- >- typedef struct { >- ParseContext pc; >-- int interlaced; >-- int cur_field; /* first field is 0, second is 1 */ >- int cur_byte; >- int remaining; >- int w, h; >-@@ -56,8 +54,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- uint64_t state = pc->state64; >- int pic_found = pc->frame_start_found; >- int i = 0; >-- int interlaced = dctx->interlaced; >-- int cur_field = dctx->cur_field; >- >- if (!pic_found) { >- for (i = 0; i < buf_size; i++) { >-@@ -65,8 +61,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- if (ff_dnxhd_check_header_prefix(state & 0xffffffffff00LL) != 0) { >- i++; >- pic_found = 1; >-- interlaced = (state&2)>>1; /* byte following the 5-byte header prefix */ >-- cur_field = state&1; >- dctx->cur_byte = 0; >- dctx->remaining = 0; >- break; >-@@ -97,13 +91,11 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- if (dctx->remaining <= 0) >- return dctx->remaining; >- } >-- if (buf_size - i >= dctx->remaining && (!dctx->interlaced || dctx->cur_field)) { >-+ if (buf_size - i + 47 >= dctx->remaining) { >- int remaining = dctx->remaining; >- >- pc->frame_start_found = 0; >- pc->state64 = -1; >-- dctx->interlaced = interlaced; >-- dctx->cur_field = 0; >- dctx->cur_byte = 0; >- dctx->remaining = 0; >- return remaining; >-@@ -120,8 +112,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- >- pc->frame_start_found = 0; >- pc->state64 = -1; >-- dctx->interlaced = interlaced; >-- dctx->cur_field = 0; >- dctx->cur_byte = 0; >- dctx->remaining = 0; >- return remaining; >-@@ -129,8 +119,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- } >- pc->frame_start_found = pic_found; >- pc->state64 = state; >-- dctx->interlaced = interlaced; >-- dctx->cur_field = cur_field; >- return END_NOT_FOUND; >- } >- > >Property changes on: files/patch-CVE-2017-09608b >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09608c >=================================================================== >--- files/patch-CVE-2017-09608c (revision 491303) >+++ files/patch-CVE-2017-09608c (nonexistent) >@@ -1,45 +0,0 @@ >-From 0a709e2a10b8288a0cc383547924ecfe285cef89 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Wed, 14 Jun 2017 16:58:20 +0200 >-Subject: [PATCH] avcodec/dnxhd_parser: Do not return invalid value from >- dnxhd_find_frame_end() on error >- >-Fixes: Null pointer dereference >- >-Fixes: CVE-2017-9608 >-Found-by: Yihan Lian >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 611b35627488a8d0763e75c25ee0875c5b7987dd) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/dnxhd_parser.c | 12 +++++++----- >- 1 file changed, 7 insertions(+), 5 deletions(-) >- >-diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c >-index a1f632a620e..f1166be1007 100644 >---- external/FFmpeg/libavcodec/dnxhd_parser.c >-+++ external/FFmpeg/libavcodec/dnxhd_parser.c >-@@ -81,16 +81,18 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, >- dctx->w = (state >> 32) & 0xFFFF; >- } else if (dctx->cur_byte == 42) { >- int cid = (state >> 32) & 0xFFFFFFFF; >-+ int remaining; >- >- if (cid <= 0) >- continue; >- >-- dctx->remaining = avpriv_dnxhd_get_frame_size(cid); >-- if (dctx->remaining <= 0) { >-- dctx->remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); >-- if (dctx->remaining <= 0) >-- return dctx->remaining; >-+ remaining = avpriv_dnxhd_get_frame_size(cid); >-+ if (remaining <= 0) { >-+ remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); >-+ if (remaining <= 0) >-+ continue; >- } >-+ dctx->remaining = remaining; >- if (buf_size - i + 47 >= dctx->remaining) { >- int remaining = dctx->remaining; >- > >Property changes on: files/patch-CVE-2017-09608c >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09991 >=================================================================== >--- files/patch-CVE-2017-09991 (revision 491303) >+++ files/patch-CVE-2017-09991 (nonexistent) >@@ -1,32 +0,0 @@ >-From 85c8c0c826e78d159ea242ce64d7e8feeeeca741 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Sun, 7 May 2017 18:50:49 +0200 >-Subject: [PATCH] avcodec/xwddec: Check bpp more completely >- >-Fixes out of array access >-Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584 >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/xwddec.c | 4 ++-- >- 1 file changed, 2 insertions(+), 2 deletions(-) >- >-diff --git libavcodec/xwddec.c libavcodec/xwddec.c >-index 64cd8418a20..8b0845fc013 100644 >---- external/FFmpeg/libavcodec/xwddec.c >-+++ external/FFmpeg/libavcodec/xwddec.c >-@@ -157,9 +157,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, >- case XWD_GRAY_SCALE: >- if (bpp != 1 && bpp != 8) >- return AVERROR_INVALIDDATA; >-- if (pixdepth == 1) { >-+ if (bpp == 1 && pixdepth == 1) { >- avctx->pix_fmt = AV_PIX_FMT_MONOWHITE; >-- } else if (pixdepth == 8) { >-+ } else if (bpp == 8 && pixdepth == 8) { >- avctx->pix_fmt = AV_PIX_FMT_GRAY8; >- } >- break; > >Property changes on: files/patch-CVE-2017-09991 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09992 >=================================================================== >--- files/patch-CVE-2017-09992 (revision 491303) >+++ files/patch-CVE-2017-09992 (nonexistent) >@@ -1,29 +0,0 @@ >-From 536af4212100dee1577fe2d30814762c58038efc Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Fri, 5 May 2017 20:42:11 +0200 >-Subject: [PATCH] avcodec/dfa: Fix off by 1 error >- >-Fixes out of array access >-Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488 >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/dfa.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavcodec/dfa.c libavcodec/dfa.c >-index f45d019a792..5ddb647c4cb 100644 >---- external/FFmpeg/libavcodec/dfa.c >-+++ external/FFmpeg/libavcodec/dfa.c >-@@ -175,7 +175,7 @@ static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height >- return AVERROR_INVALIDDATA; >- frame += v; >- } else { >-- if (frame_end - frame < width + 3) >-+ if (frame_end - frame < width + 4) >- return AVERROR_INVALIDDATA; >- frame[0] = frame[1] = >- frame[width] = frame[width + 1] = bytestream2_get_byte(gb); > >Property changes on: files/patch-CVE-2017-09992 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09993a >=================================================================== >--- files/patch-CVE-2017-09993a (revision 491303) >+++ files/patch-CVE-2017-09993a (nonexistent) >@@ -1,91 +0,0 @@ >-From 25dac3128b605f2867e3e0f0288b896f84d3a033 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Sat, 3 Jun 2017 21:20:04 +0200 >-Subject: [PATCH] avformat/hls: Check local file extensions >- >-This reduces the attack surface of local file-system >-information leaking. >- >-It prevents the existing exploit leading to an information leak. As >-well as similar hypothetical attacks. >- >-Leaks of information from files and symlinks ending in common multimedia extensions >-are still possible. But files with sensitive information like private keys and passwords >-generally do not use common multimedia filename extensions. >-It does not stop leaks via remote addresses in the LAN. >- >-The existing exploit depends on a specific decoder as well. >-It does appear though that the exploit should be possible with any decoder. >-The problem is that as long as sensitive information gets into the decoder, >-the output of the decoder becomes sensitive as well. >-The only obvious solution is to prevent access to sensitive information. Or to >-disable hls or possibly some of its feature. More complex solutions like >-checking the path to limit access to only subdirectories of the hls path may >-work as an alternative. But such solutions are fragile and tricky to implement >-portably and would not stop every possible attack nor would they work with all >-valid hls files. >- >-Developers have expressed their dislike / objected to disabling hls by default as well >-as disabling hls with local files. There also where objections against restricting >-remote url file extensions. This here is a less robust but also lower >-inconvenience solution. >-It can be applied stand alone or together with other solutions. >-limiting the check to local files was suggested by nevcairiel >- >-This recommits the security fix without the author name joke which was >-originally requested by Nicolas. >- >-Found-by: Emil Lerner and Pavel Cheremushkin >-Reported-by: Thierry Foucu <tfoucu@google.com> >- >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 189ff4219644532bdfa7bab28dfedaee4d6d4021) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/hls.c | 18 +++++++++++++++++- >- 1 file changed, 17 insertions(+), 1 deletion(-) >- >-diff --git libavformat/hls.c libavformat/hls.c >-index 2bf86fadc64..ffefd284f86 100644 >---- external/FFmpeg/libavformat/hls.c >-+++ external/FFmpeg/libavformat/hls.c >-@@ -204,6 +204,7 @@ typedef struct HLSContext { >- char *http_proxy; ///< holds the address of the HTTP proxy server >- AVDictionary *avio_opts; >- int strict_std_compliance; >-+ char *allowed_extensions; >- } HLSContext; >- >- static int read_chomp_line(AVIOContext *s, char *buf, int maxlen) >-@@ -618,8 +619,19 @@ static int open_url(AVFormatContext *s, AVIOContext **pb, const char *url, >- return AVERROR_INVALIDDATA; >- >- // only http(s) & file are allowed >-- if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) >-+ if (av_strstart(proto_name, "file", NULL)) { >-+ if (strcmp(c->allowed_extensions, "ALL") && !av_match_ext(url, c->allowed_extensions)) { >-+ av_log(s, AV_LOG_ERROR, >-+ "Filename extension of \'%s\' is not a common multimedia extension, blocked for security reasons.\n" >-+ "If you wish to override this adjust allowed_extensions, you can set it to \'ALL\' to allow all\n", >-+ url); >-+ return AVERROR_INVALIDDATA; >-+ } >-+ } else if (av_strstart(proto_name, "http", NULL)) { >-+ ; >-+ } else >- return AVERROR_INVALIDDATA; >-+ >- if (!strncmp(proto_name, url, strlen(proto_name)) && url[strlen(proto_name)] == ':') >- ; >- else if (av_strstart(url, "crypto", NULL) && !strncmp(proto_name, url + 7, strlen(proto_name)) && url[7 + strlen(proto_name)] == ':') >-@@ -2127,6 +2139,10 @@ static int hls_probe(AVProbeData *p) >- static const AVOption hls_options[] = { >- {"live_start_index", "segment index to start live streams at (negative values are from the end)", >- OFFSET(live_start_index), AV_OPT_TYPE_INT, {.i64 = -3}, INT_MIN, INT_MAX, FLAGS}, >-+ {"allowed_extensions", "List of file extensions that hls is allowed to access", >-+ OFFSET(allowed_extensions), AV_OPT_TYPE_STRING, >-+ {.str = "3gp,aac,avi,flac,mkv,m3u8,m4a,m4s,m4v,mpg,mov,mp2,mp3,mp4,mpeg,mpegts,ogg,ogv,oga,ts,vob,wav"}, >-+ INT_MIN, INT_MAX, FLAGS}, >- {NULL} >- }; >- > >Property changes on: files/patch-CVE-2017-09993a >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09993b >=================================================================== >--- files/patch-CVE-2017-09993b (revision 491303) >+++ files/patch-CVE-2017-09993b (nonexistent) >@@ -1,31 +0,0 @@ >-From 5415c88e370692a3cf10b998ab230b4a02fc237f Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Tue, 30 May 2017 21:29:20 +0200 >-Subject: [PATCH] avformat/avidec: Limit formats in gab2 to srt and ass/ssa >- >-This prevents part of one exploit leading to an information leak >- >-Found-by: Emil Lerner and Pavel Cheremushkin >-Reported-by: Thierry Foucu <tfoucu@google.com> >- >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit a5d849b149ca67ced2d271dc84db0bc95a548abb) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/avidec.c | 3 +++ >- 1 file changed, 3 insertions(+) >- >-diff --git libavformat/avidec.c libavformat/avidec.c >-index ebd14abb12c..9afac825d43 100644 >---- external/FFmpeg/libavformat/avidec.c >-+++ external/FFmpeg/libavformat/avidec.c >-@@ -1098,6 +1098,9 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt) >- if (!sub_demuxer) >- goto error; >- >-+ if (strcmp(sub_demuxer->name, "srt") && strcmp(sub_demuxer->name, "ass")) >-+ goto error; >-+ >- if (!(ast->sub_ctx = avformat_alloc_context())) >- goto error; >- > >Property changes on: files/patch-CVE-2017-09993b >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09994 >=================================================================== >--- files/patch-CVE-2017-09994 (revision 491303) >+++ files/patch-CVE-2017-09994 (nonexistent) >@@ -1,47 +0,0 @@ >-From 869e8b1d0f549e926ecb246f916c9066f881db4a Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Wed, 10 May 2017 18:37:49 +0200 >-Subject: [PATCH] avcodec/webp: Always set pix_fmt >- >-Fixes: out of array access >-Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632 >-Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760 >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com> >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/vp8.c | 2 ++ >- libavcodec/webp.c | 3 +-- >- 2 files changed, 3 insertions(+), 2 deletions(-) >- >-diff --git libavcodec/vp8.c libavcodec/vp8.c >-index 068223920e4..63e78492848 100644 >---- external/FFmpeg/libavcodec/vp8.c >-+++ external/FFmpeg/libavcodec/vp8.c >-@@ -2548,6 +2548,8 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, >- enum AVDiscard skip_thresh; >- VP8Frame *av_uninit(curframe), *prev_frame; >- >-+ av_assert0(avctx->pix_fmt == AV_PIX_FMT_YUVA420P || avctx->pix_fmt == AV_PIX_FMT_YUV420P); >-+ >- if (is_vp7) >- ret = vp7_decode_frame_header(s, avpkt->data, avpkt->size); >- else >-diff --git libavcodec/webp.c libavcodec/webp.c >-index 7d23cc74356..b2ae5bcbba9 100644 >---- external/FFmpeg/libavcodec/webp.c >-+++ external/FFmpeg/libavcodec/webp.c >-@@ -1327,9 +1327,8 @@ static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p, >- if (!s->initialized) { >- ff_vp8_decode_init(avctx); >- s->initialized = 1; >-- if (s->has_alpha) >-- avctx->pix_fmt = AV_PIX_FMT_YUVA420P; >- } >-+ avctx->pix_fmt = s->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; >- s->lossless = 0; >- >- if (data_size > INT_MAX) { > >Property changes on: files/patch-CVE-2017-09994 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09996a >=================================================================== >--- files/patch-CVE-2017-09996a (revision 491303) >+++ files/patch-CVE-2017-09996a (nonexistent) >@@ -1,29 +0,0 @@ >-From 7a69c1b2abfa96f0578cbd3ff82126b883ba6ef0 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Sat, 6 May 2017 22:24:52 +0200 >-Subject: [PATCH] avcodec/cdxl: Check format parameter >- >-Fixes out of array access >-Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400 >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/cdxl.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavcodec/cdxl.c libavcodec/cdxl.c >-index 7a9b41943d8..5c0ecb279c7 100644 >---- external/FFmpeg/libavcodec/cdxl.c >-+++ external/FFmpeg/libavcodec/cdxl.c >-@@ -277,7 +277,7 @@ static int cdxl_decode_frame(AVCodecContext *avctx, void *data, >- c->padded_bits = aligned_width - c->avctx->width; >- if (c->video_size < aligned_width * avctx->height * (int64_t)c->bpp / 8) >- return AVERROR_INVALIDDATA; >-- if (!encoding && c->palette_size && c->bpp <= 8) { >-+ if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) { >- avctx->pix_fmt = AV_PIX_FMT_PAL8; >- } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) { >- if (c->palette_size != (1 << (c->bpp - 1))) > >Property changes on: files/patch-CVE-2017-09996a >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-09996b >=================================================================== >--- files/patch-CVE-2017-09996b (revision 491303) >+++ files/patch-CVE-2017-09996b (nonexistent) >@@ -1,29 +0,0 @@ >-From 7f3a671ece8fd711e2ebc71a4e08cda591d810a8 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Mon, 8 May 2017 11:46:03 +0200 >-Subject: [PATCH] avcodec/cdxl: Check format for BGR24 >- >-Fixes: out of array access >-Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000 >- >-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/cdxl.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavcodec/cdxl.c libavcodec/cdxl.c >-index 5c0ecb279c7..78f5d50102f 100644 >---- external/FFmpeg/libavcodec/cdxl.c >-+++ external/FFmpeg/libavcodec/cdxl.c >-@@ -279,7 +279,7 @@ static int cdxl_decode_frame(AVCodecContext *avctx, void *data, >- return AVERROR_INVALIDDATA; >- if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) { >- avctx->pix_fmt = AV_PIX_FMT_PAL8; >-- } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) { >-+ } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8) && c->format != CHUNKY) { >- if (c->palette_size != (1 << (c->bpp - 1))) >- return AVERROR_INVALIDDATA; >- avctx->pix_fmt = AV_PIX_FMT_BGR24; > >Property changes on: files/patch-CVE-2017-09996b >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-11399 >=================================================================== >--- files/patch-CVE-2017-11399 (revision 491303) >+++ files/patch-CVE-2017-11399 (nonexistent) >@@ -1,49 +0,0 @@ >-From 5bb861d45b86803ec39295cfc04889d2a7138361 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Sun, 16 Jul 2017 14:57:20 +0200 >-Subject: [PATCH] avcodec/apedec: Fix integer overflow >- >-Fixes: out of array access >-Fixes: PoC.ape and others >- >-Found-by: Bingchang, Liu@VARAS of IIE >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit ba4beaf6149f7241c8bd85fe853318c2f6837ad0) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/apedec.c | 8 +++++--- >- 1 file changed, 5 insertions(+), 3 deletions(-) >- >-diff --git libavcodec/apedec.c libavcodec/apedec.c >-index b99598b4ee7..072e3b42cff 100644 >---- external/FFmpeg/libavcodec/apedec.c >-+++ external/FFmpeg/libavcodec/apedec.c >-@@ -1412,6 +1412,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, >- int32_t *sample24; >- int i, ch, ret; >- int blockstodecode; >-+ uint64_t decoded_buffer_size; >- >- /* this should never be negative, but bad things will happen if it is, so >- check it just to make sure. */ >-@@ -1467,7 +1468,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, >- skip_bits_long(&s->gb, offset); >- } >- >-- if (!nblocks || nblocks > INT_MAX) { >-+ if (!nblocks || nblocks > INT_MAX / 2 / sizeof(*s->decoded_buffer) - 8) { >- av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %"PRIu32".\n", >- nblocks); >- return AVERROR_INVALIDDATA; >-@@ -1493,8 +1494,9 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, >- blockstodecode = s->samples; >- >- /* reallocate decoded sample buffer if needed */ >-- av_fast_malloc(&s->decoded_buffer, &s->decoded_size, >-- 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)); >-+ decoded_buffer_size = 2LL * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer); >-+ av_assert0(decoded_buffer_size <= INT_MAX); >-+ av_fast_malloc(&s->decoded_buffer, &s->decoded_size, decoded_buffer_size); >- if (!s->decoded_buffer) >- return AVERROR(ENOMEM); >- memset(s->decoded_buffer, 0, s->decoded_size); > >Property changes on: files/patch-CVE-2017-11399 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-11665a >=================================================================== >--- files/patch-CVE-2017-11665a (revision 491303) >+++ files/patch-CVE-2017-11665a (nonexistent) >@@ -1,119 +0,0 @@ >-From f2a6f41dd7b962e0dd24fe695b002532a42e2230 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Fri, 28 Jul 2017 13:41:59 +0200 >-Subject: [PATCH] avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2 >- >-Fixes: out of array accesses >-Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV >- >-Found-by: JunDong Xie of Ant-financial Light-Year Security Lab >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 08c073434e25cba8c43aae5ed9554fdd594adfb0) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/rtmppkt.c | 68 ++++++++++++++++++++++++++++++++++++--------------- >- 1 file changed, 48 insertions(+), 20 deletions(-) >- >-diff --git libavformat/rtmppkt.c libavformat/rtmppkt.c >-index cde0da78ce1..2ea88d09c57 100644 >---- external/FFmpeg/libavformat/rtmppkt.c >-+++ external/FFmpeg/libavformat/rtmppkt.c >-@@ -433,50 +433,78 @@ void ff_rtmp_packet_destroy(RTMPPacket *pkt) >- pkt->size = 0; >- } >- >--int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) >-+static int amf_tag_skip(GetByteContext *gb) >- { >-- const uint8_t *base = data; >- AMFDataType type; >- unsigned nb = -1; >- int parse_key = 1; >- >-- if (data >= data_end) >-+ if (bytestream2_get_bytes_left(gb) < 1) >- return -1; >-- switch ((type = *data++)) { >-- case AMF_DATA_TYPE_NUMBER: return 9; >-- case AMF_DATA_TYPE_BOOL: return 2; >-- case AMF_DATA_TYPE_STRING: return 3 + AV_RB16(data); >-- case AMF_DATA_TYPE_LONG_STRING: return 5 + AV_RB32(data); >-- case AMF_DATA_TYPE_NULL: return 1; >-- case AMF_DATA_TYPE_DATE: return 11; >-+ >-+ type = bytestream2_get_byte(gb); >-+ switch (type) { >-+ case AMF_DATA_TYPE_NUMBER: >-+ bytestream2_get_be64(gb); >-+ return 0; >-+ case AMF_DATA_TYPE_BOOL: >-+ bytestream2_get_byte(gb); >-+ return 0; >-+ case AMF_DATA_TYPE_STRING: >-+ bytestream2_skip(gb, bytestream2_get_be16(gb)); >-+ return 0; >-+ case AMF_DATA_TYPE_LONG_STRING: >-+ bytestream2_skip(gb, bytestream2_get_be32(gb)); >-+ return 0; >-+ case AMF_DATA_TYPE_NULL: >-+ return 0; >-+ case AMF_DATA_TYPE_DATE: >-+ bytestream2_skip(gb, 10); >-+ return 0; >- case AMF_DATA_TYPE_ARRAY: >- parse_key = 0; >- case AMF_DATA_TYPE_MIXEDARRAY: >-- nb = bytestream_get_be32(&data); >-+ nb = bytestream2_get_be32(gb); >- case AMF_DATA_TYPE_OBJECT: >- while (nb-- > 0 || type != AMF_DATA_TYPE_ARRAY) { >- int t; >- if (parse_key) { >-- int size = bytestream_get_be16(&data); >-+ int size = bytestream2_get_be16(gb); >- if (!size) { >-- data++; >-+ bytestream2_get_byte(gb); >- break; >- } >-- if (size < 0 || size >= data_end - data) >-+ if (size < 0 || size >= bytestream2_get_bytes_left(gb)) >- return -1; >-- data += size; >-+ bytestream2_skip(gb, size); >- } >-- t = ff_amf_tag_size(data, data_end); >-- if (t < 0 || t >= data_end - data) >-+ t = amf_tag_skip(gb); >-+ if (t < 0 || bytestream2_get_bytes_left(gb) <= 0) >- return -1; >-- data += t; >- } >-- return data - base; >-- case AMF_DATA_TYPE_OBJECT_END: return 1; >-+ return 0; >-+ case AMF_DATA_TYPE_OBJECT_END: return 0; >- default: return -1; >- } >- } >- >-+int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) >-+{ >-+ GetByteContext gb; >-+ int ret; >-+ >-+ if (data >= data_end) >-+ return -1; >-+ >-+ bytestream2_init(&gb, data, data_end - data); >-+ >-+ ret = amf_tag_skip(&gb); >-+ if (ret < 0 || bytestream2_get_bytes_left(&gb) <= 0) >-+ return -1; >-+ av_assert0(bytestream2_tell(&gb) >= 0 && bytestream2_tell(&gb) <= data_end - data); >-+ return bytestream2_tell(&gb); >-+} >-+ >- int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, >- const uint8_t *name, uint8_t *dst, int dst_size) >- { > >Property changes on: files/patch-CVE-2017-11665a >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-11665b >=================================================================== >--- files/patch-CVE-2017-11665b (revision 491303) >+++ files/patch-CVE-2017-11665b (nonexistent) >@@ -1,111 +0,0 @@ >-From b375cc8bb74a33a7b38175023ee337b1c378281f Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Fri, 28 Jul 2017 14:37:26 +0200 >-Subject: [PATCH] avformat/rtmppkt: Convert ff_amf_get_field_value() to >- bytestream2 >- >-Fixes: out of array accesses >- >-Found-by: JunDong Xie of Ant-financial Light-Year Security Lab >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit ffcc82219cef0928bed2d558b19ef6ea35634130) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/rtmppkt.c | 57 +++++++++++++++++++++++++++++++++------------------ >- 1 file changed, 37 insertions(+), 20 deletions(-) >- >-diff --git libavformat/rtmppkt.c libavformat/rtmppkt.c >-index 2ea88d09c57..ca7838868e0 100644 >---- external/FFmpeg/libavformat/rtmppkt.c >-+++ external/FFmpeg/libavformat/rtmppkt.c >-@@ -505,53 +505,70 @@ int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) >- return bytestream2_tell(&gb); >- } >- >--int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, >-+static int amf_get_field_value2(GetByteContext *gb, >- const uint8_t *name, uint8_t *dst, int dst_size) >- { >- int namelen = strlen(name); >- int len; >- >-- while (*data != AMF_DATA_TYPE_OBJECT && data < data_end) { >-- len = ff_amf_tag_size(data, data_end); >-- if (len < 0) >-- len = data_end - data; >-- data += len; >-+ while (bytestream2_peek_byte(gb) != AMF_DATA_TYPE_OBJECT && bytestream2_get_bytes_left(gb) > 0) { >-+ int ret = amf_tag_skip(gb); >-+ if (ret < 0) >-+ return -1; >- } >-- if (data_end - data < 3) >-+ if (bytestream2_get_bytes_left(gb) < 3) >- return -1; >-- data++; >-+ bytestream2_get_byte(gb); >-+ >- for (;;) { >-- int size = bytestream_get_be16(&data); >-+ int size = bytestream2_get_be16(gb); >- if (!size) >- break; >-- if (size < 0 || size >= data_end - data) >-+ if (size < 0 || size >= bytestream2_get_bytes_left(gb)) >- return -1; >-- data += size; >-- if (size == namelen && !memcmp(data-size, name, namelen)) { >-- switch (*data++) { >-+ bytestream2_skip(gb, size); >-+ if (size == namelen && !memcmp(gb->buffer-size, name, namelen)) { >-+ switch (bytestream2_get_byte(gb)) { >- case AMF_DATA_TYPE_NUMBER: >-- snprintf(dst, dst_size, "%g", av_int2double(AV_RB64(data))); >-+ snprintf(dst, dst_size, "%g", av_int2double(bytestream2_get_be64(gb))); >- break; >- case AMF_DATA_TYPE_BOOL: >-- snprintf(dst, dst_size, "%s", *data ? "true" : "false"); >-+ snprintf(dst, dst_size, "%s", bytestream2_get_byte(gb) ? "true" : "false"); >- break; >- case AMF_DATA_TYPE_STRING: >-- len = bytestream_get_be16(&data); >-- av_strlcpy(dst, data, FFMIN(len+1, dst_size)); >-+ len = bytestream2_get_be16(gb); >-+ if (dst_size < 1) >-+ return -1; >-+ if (dst_size < len + 1) >-+ len = dst_size - 1; >-+ bytestream2_get_buffer(gb, dst, len); >-+ dst[len] = 0; >- break; >- default: >- return -1; >- } >- return 0; >- } >-- len = ff_amf_tag_size(data, data_end); >-- if (len < 0 || len >= data_end - data) >-+ len = amf_tag_skip(gb); >-+ if (len < 0 || bytestream2_get_bytes_left(gb) <= 0) >- return -1; >-- data += len; >- } >- return -1; >- } >- >-+int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, >-+ const uint8_t *name, uint8_t *dst, int dst_size) >-+{ >-+ GetByteContext gb; >-+ >-+ if (data >= data_end) >-+ return -1; >-+ >-+ bytestream2_init(&gb, data, data_end - data); >-+ >-+ return amf_get_field_value2(&gb, name, dst, dst_size); >-+} >-+ >- static const char* rtmp_packet_type(int type) >- { >- switch (type) { > >Property changes on: files/patch-CVE-2017-11665b >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-11719 >=================================================================== >--- files/patch-CVE-2017-11719 (revision 491303) >+++ files/patch-CVE-2017-11719 (nonexistent) >@@ -1,41 +0,0 @@ >-From 6a10b962e3053b9fc851fcce23a60ac653abdc8c Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Wed, 26 Jul 2017 03:26:59 +0200 >-Subject: [PATCH] avcodec/dnxhddec: Move mb height check out of non hr branch >- >-Fixes: out of array access >-Fixes: poc.dnxhd >- >-Found-by: Bingchang, Liu@VARAS of IIE >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 296debd213bd6dce7647cedd34eb64e5b94cdc92) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/dnxhddec.c | 8 ++++++-- >- 1 file changed, 6 insertions(+), 2 deletions(-) >- >-diff --git libavcodec/dnxhddec.c libavcodec/dnxhddec.c >-index 4d1b006bb50..66a0de2e627 100644 >---- external/FFmpeg/libavcodec/dnxhddec.c >-+++ external/FFmpeg/libavcodec/dnxhddec.c >-@@ -294,14 +294,18 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame, >- if (ctx->mb_height > 68 && ff_dnxhd_check_header_prefix_hr(header_prefix)) { >- ctx->data_offset = 0x170 + (ctx->mb_height << 2); >- } else { >-- if (ctx->mb_height > 68 || >-- (ctx->mb_height << frame->interlaced_frame) > (ctx->height + 15) >> 4) { >-+ if (ctx->mb_height > 68) { >- av_log(ctx->avctx, AV_LOG_ERROR, >- "mb height too big: %d\n", ctx->mb_height); >- return AVERROR_INVALIDDATA; >- } >- ctx->data_offset = 0x280; >- } >-+ if ((ctx->mb_height << frame->interlaced_frame) > (ctx->height + 15) >> 4) { >-+ av_log(ctx->avctx, AV_LOG_ERROR, >-+ "mb height too big: %d\n", ctx->mb_height); >-+ return AVERROR_INVALIDDATA; >-+ } >- >- if (buf_size < ctx->data_offset) { >- av_log(ctx->avctx, AV_LOG_ERROR, > >Property changes on: files/patch-CVE-2017-11719 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14054 >=================================================================== >--- files/patch-CVE-2017-14054 (revision 491303) >+++ files/patch-CVE-2017-14054 (nonexistent) >@@ -1,33 +0,0 @@ >-From 2bbef8ee271240ce4509b23fd33e35076715a39f Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= >- =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= <tony.sh and wangchu.zhl@alibaba-inc.com> >-Date: Fri, 25 Aug 2017 01:15:28 +0200 >-Subject: [PATCH] avformat/rmdec: Fix DoS due to lack of eof check >- >-Fixes: loop.ivr >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 124eb202e70678539544f6268efc98131f19fa49) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/rmdec.c | 5 ++++- >- 1 file changed, 4 insertions(+), 1 deletion(-) >- >-diff --git libavformat/rmdec.c libavformat/rmdec.c >-index 4d565291af2..7656812eb16 100644 >---- external/FFmpeg/libavformat/rmdec.c >-+++ external/FFmpeg/libavformat/rmdec.c >-@@ -1238,8 +1238,11 @@ static int ivr_read_header(AVFormatContext *s) >- av_log(s, AV_LOG_DEBUG, "%s = '%s'\n", key, val); >- } else if (type == 4) { >- av_log(s, AV_LOG_DEBUG, "%s = '0x", key); >-- for (j = 0; j < len; j++) >-+ for (j = 0; j < len; j++) { >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- av_log(s, AV_LOG_DEBUG, "%X", avio_r8(pb)); >-+ } >- av_log(s, AV_LOG_DEBUG, "'\n"); >- } else if (len == 4 && type == 3 && !strncmp(key, "StreamCount", tlen)) { >- nb_streams = value = avio_rb32(pb); > >Property changes on: files/patch-CVE-2017-14054 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14055 >=================================================================== >--- files/patch-CVE-2017-14055 (revision 491303) >+++ files/patch-CVE-2017-14055 (nonexistent) >@@ -1,28 +0,0 @@ >-From d4fc6b211f19365fbae4b4388ec396b293fda249 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Fri, 25 Aug 2017 01:15:30 +0200 >-Subject: [PATCH] avformat/mvdec: Fix DoS due to lack of eof check >- >-Fixes: loop.mv >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/mvdec.c | 2 ++ >- 1 file changed, 2 insertions(+) >- >-diff --git libavformat/mvdec.c libavformat/mvdec.c >-index 80ef4b1569a..e9e9fab5036 100644 >---- external/FFmpeg/libavformat/mvdec.c >-+++ external/FFmpeg/libavformat/mvdec.c >-@@ -338,6 +338,8 @@ static int mv_read_header(AVFormatContext *avctx) >- uint32_t pos = avio_rb32(pb); >- uint32_t asize = avio_rb32(pb); >- uint32_t vsize = avio_rb32(pb); >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- avio_skip(pb, 8); >- av_add_index_entry(ast, pos, timestamp, asize, 0, AVINDEX_KEYFRAME); >- av_add_index_entry(vst, pos + asize, i, vsize, 0, AVINDEX_KEYFRAME); > >Property changes on: files/patch-CVE-2017-14055 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14056 >=================================================================== >--- files/patch-CVE-2017-14056 (revision 491303) >+++ files/patch-CVE-2017-14056 (nonexistent) >@@ -1,45 +0,0 @@ >-From 5bc9f70441d7e7067cba9188898c9252c72bab35 Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= >- =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= <tony.sh and wangchu.zhl@alibaba-inc.com> >-Date: Fri, 25 Aug 2017 01:15:29 +0200 >-Subject: [PATCH] avformat/rl2: Fix DoS due to lack of eof check >- >-Fixes: loop.rl2 >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/rl2.c | 15 ++++++++++++--- >- 1 file changed, 12 insertions(+), 3 deletions(-) >- >-diff --git libavformat/rl2.c libavformat/rl2.c >-index 0bec8f1d9ab..eb1682dfcb7 100644 >---- external/FFmpeg/libavformat/rl2.c >-+++ external/FFmpeg/libavformat/rl2.c >-@@ -170,12 +170,21 @@ static av_cold int rl2_read_header(AVFormatContext *s) >- } >- >- /** read offset and size tables */ >-- for(i=0; i < frame_count;i++) >-+ for(i=0; i < frame_count;i++) { >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- chunk_size[i] = avio_rl32(pb); >-- for(i=0; i < frame_count;i++) >-+ } >-+ for(i=0; i < frame_count;i++) { >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- chunk_offset[i] = avio_rl32(pb); >-- for(i=0; i < frame_count;i++) >-+ } >-+ for(i=0; i < frame_count;i++) { >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- audio_size[i] = avio_rl32(pb) & 0xFFFF; >-+ } >- >- /** build the sample index */ >- for(i=0;i<frame_count;i++){ > >Property changes on: files/patch-CVE-2017-14056 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14057 >=================================================================== >--- files/patch-CVE-2017-14057 (revision 491303) >+++ files/patch-CVE-2017-14057 (nonexistent) >@@ -1,38 +0,0 @@ >-From f94517934bf0ff2510f472fa2bc4cd362951109c Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= >- =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= <tony.sh and wangchu.zhl@alibaba-inc.com> >-Date: Fri, 25 Aug 2017 12:37:25 +0200 >-Subject: [PATCH] avformat/asfdec: Fix DoS due to lack of eof check >- >-Fixes: loop.asf >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 7f9ec5593e04827249e7aeb466da06a98a0d7329) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/asfdec_f.c | 6 ++++-- >- 1 file changed, 4 insertions(+), 2 deletions(-) >- >-diff --git libavformat/asfdec_f.c libavformat/asfdec_f.c >-index b973eff96e4..2cacafe50d5 100644 >---- external/FFmpeg/libavformat/asfdec_f.c >-+++ external/FFmpeg/libavformat/asfdec_f.c >-@@ -749,13 +749,15 @@ static int asf_read_marker(AVFormatContext *s, int64_t size) >- count = avio_rl32(pb); // markers count >- avio_rl16(pb); // reserved 2 bytes >- name_len = avio_rl16(pb); // name length >-- for (i = 0; i < name_len; i++) >-- avio_r8(pb); // skip the name >-+ avio_skip(pb, name_len); >- >- for (i = 0; i < count; i++) { >- int64_t pres_time; >- int name_len; >- >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >-+ >- avio_rl64(pb); // offset, 8 bytes >- pres_time = avio_rl64(pb); // presentation time >- pres_time -= asf->hdr.preroll * 10000; > >Property changes on: files/patch-CVE-2017-14057 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14058 >=================================================================== >--- files/patch-CVE-2017-14058 (revision 491303) >+++ files/patch-CVE-2017-14058 (nonexistent) >@@ -1,88 +0,0 @@ >-From 2920c7cec0b1958b59e5e7990078bea4428f6912 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Sat, 26 Aug 2017 01:26:58 +0200 >-Subject: [PATCH] avformat/hls: Fix DoS due to infinite loop >- >-Fixes: loop.m3u >- >-The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >- >-Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com> >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 7ec414892ddcad88313848494b6fc5f437c9ca4a) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- doc/demuxers.texi | 18 ++++++++++++++++++ >- libavformat/hls.c | 7 +++++++ >- 2 files changed, 25 insertions(+) >- >-diff --git doc/demuxers.texi doc/demuxers.texi >-index 2934a1cf7f4..d56ad1622a8 100644 >---- external/FFmpeg/doc/demuxers.texi >-+++ external/FFmpeg/doc/demuxers.texi >-@@ -293,6 +293,24 @@ used to end the output video at the length of the shortest input file, >- which in this case is @file{input.mp4} as the GIF in this example loops >- infinitely. >- >-+@section hls >-+ >-+HLS demuxer >-+ >-+It accepts the following options: >-+ >-+@table @option >-+@item live_start_index >-+segment index to start live streams at (negative values are from the end). >-+ >-+@item allowed_extensions >-+',' separated list of file extensions that hls is allowed to access. >-+ >-+@item max_reload >-+Maximum number of times a insufficient list is attempted to be reloaded. >-+Default value is 1000. >-+@end table >-+ >- @section image2 >- >- Image file demuxer. >-diff --git libavformat/hls.c libavformat/hls.c >-index ffefd284f86..87948726da6 100644 >---- external/FFmpeg/libavformat/hls.c >-+++ external/FFmpeg/libavformat/hls.c >-@@ -205,6 +205,7 @@ typedef struct HLSContext { >- AVDictionary *avio_opts; >- int strict_std_compliance; >- char *allowed_extensions; >-+ int max_reload; >- } HLSContext; >- >- static int read_chomp_line(AVIOContext *s, char *buf, int maxlen) >-@@ -1255,6 +1256,7 @@ static int read_data(void *opaque, uint8_t *buf, int buf_size) >- HLSContext *c = v->parent->priv_data; >- int ret, i; >- int just_opened = 0; >-+ int reload_count = 0; >- >- restart: >- if (!v->needed) >-@@ -1286,6 +1288,9 @@ static int read_data(void *opaque, uint8_t *buf, int buf_size) >- reload_interval = default_reload_interval(v); >- >- reload: >-+ reload_count++; >-+ if (reload_count > c->max_reload) >-+ return AVERROR_EOF; >- if (!v->finished && >- av_gettime_relative() - v->last_load_time >= reload_interval) { >- if ((ret = parse_playlist(c, v->url, v, NULL)) < 0) { >-@@ -2143,6 +2148,8 @@ static const AVOption hls_options[] = { >- OFFSET(allowed_extensions), AV_OPT_TYPE_STRING, >- {.str = "3gp,aac,avi,flac,mkv,m3u8,m4a,m4s,m4v,mpg,mov,mp2,mp3,mp4,mpeg,mpegts,ogg,ogv,oga,ts,vob,wav"}, >- INT_MIN, INT_MAX, FLAGS}, >-+ {"max_reload", "Maximum number of times a insufficient list is attempted to be reloaded", >-+ OFFSET(max_reload), AV_OPT_TYPE_INT, {.i64 = 1000}, 0, INT_MAX, FLAGS}, >- {NULL} >- }; >- > >Property changes on: files/patch-CVE-2017-14058 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14059 >=================================================================== >--- files/patch-CVE-2017-14059 (revision 491303) >+++ files/patch-CVE-2017-14059 (nonexistent) >@@ -1,34 +0,0 @@ >-From 98e177c7288574b336d80618f4ec5d1f94243070 Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= >- =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= <tony.sh and wangchu.zhl@alibaba-inc.com> >-Date: Fri, 25 Aug 2017 01:15:27 +0200 >-Subject: [PATCH] avformat/cinedec: Fix DoS due to lack of eof check >- >-Fixes: loop.cine >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 7e80b63ecd259d69d383623e75b318bf2bd491f6) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/cinedec.c | 6 +++++- >- 1 file changed, 5 insertions(+), 1 deletion(-) >- >-diff --git libavformat/cinedec.c libavformat/cinedec.c >-index 32cccf566b4..c615d4fc497 100644 >---- external/FFmpeg/libavformat/cinedec.c >-+++ external/FFmpeg/libavformat/cinedec.c >-@@ -267,8 +267,12 @@ static int cine_read_header(AVFormatContext *avctx) >- >- /* parse image offsets */ >- avio_seek(pb, offImageOffsets, SEEK_SET); >-- for (i = 0; i < st->duration; i++) >-+ for (i = 0; i < st->duration; i++) { >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >-+ >- av_add_index_entry(st, avio_rl64(pb), i, 0, 0, AVINDEX_KEYFRAME); >-+ } >- >- return 0; >- } > >Property changes on: files/patch-CVE-2017-14059 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14169 >=================================================================== >--- files/patch-CVE-2017-14169 (revision 491303) >+++ files/patch-CVE-2017-14169 (nonexistent) >@@ -1,33 +0,0 @@ >-From 816f7337bf3ed3e08afdc28278668d8eb81910cb Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= >- <tony.sh@alibaba-inc.com> >-Date: Tue, 29 Aug 2017 23:59:21 +0200 >-Subject: [PATCH] avformat/mxfdec: Fix Sign error in mxf_read_primer_pack() >-MIME-Version: 1.0 >-Content-Type: text/plain; charset=UTF-8 >-Content-Transfer-Encoding: 8bit >- >-Fixes: 20170829B.mxf >- >-Co-Author: å¼ æ´ªäº®(æå)" <wangchu.zhl@alibaba-inc.com> >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/mxfdec.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavformat/mxfdec.c libavformat/mxfdec.c >-index e2e34b246f7..0e9153847e8 100644 >---- external/FFmpeg/libavformat/mxfdec.c >-+++ external/FFmpeg/libavformat/mxfdec.c >-@@ -500,7 +500,7 @@ static int mxf_read_primer_pack(void *arg, AVIOContext *pb, int tag, int size, U >- avpriv_request_sample(pb, "Primer pack item length %d", item_len); >- return AVERROR_PATCHWELCOME; >- } >-- if (item_num > 65536) { >-+ if (item_num > 65536 || item_num < 0) { >- av_log(mxf->fc, AV_LOG_ERROR, "item_num %d is too large\n", item_num); >- return AVERROR_INVALIDDATA; >- } > >Property changes on: files/patch-CVE-2017-14169 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14170 >=================================================================== >--- files/patch-CVE-2017-14170 (revision 491303) >+++ files/patch-CVE-2017-14170 (nonexistent) >@@ -1,43 +0,0 @@ >-From 9cbac3602610afa0867b03bc1475c5c13441d096 Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= >- <tony.sh@alibaba-inc.com> >-Date: Tue, 29 Aug 2017 23:59:21 +0200 >-Subject: [PATCH] avformat/mxfdec: Fix DoS issues in >- mxf_read_index_entry_array() >-MIME-Version: 1.0 >-Content-Type: text/plain; charset=UTF-8 >-Content-Transfer-Encoding: 8bit >- >-Fixes: 20170829A.mxf >- >-Co-Author: å¼ æ´ªäº®(æå)" <wangchu.zhl@alibaba-inc.com> >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 900f39692ca0337a98a7cf047e4e2611071810c2) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/mxfdec.c | 4 ++++ >- 1 file changed, 4 insertions(+) >- >-diff --git libavformat/mxfdec.c libavformat/mxfdec.c >-index 2ad0c288f89..e2e34b246f7 100644 >---- external/FFmpeg/libavformat/mxfdec.c >-+++ external/FFmpeg/libavformat/mxfdec.c >-@@ -899,6 +899,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg >- segment->nb_index_entries = avio_rb32(pb); >- >- length = avio_rb32(pb); >-+ if(segment->nb_index_entries && length < 11) >-+ return AVERROR_INVALIDDATA; >- >- if (!(segment->temporal_offset_entries=av_calloc(segment->nb_index_entries, sizeof(*segment->temporal_offset_entries))) || >- !(segment->flag_entries = av_calloc(segment->nb_index_entries, sizeof(*segment->flag_entries))) || >-@@ -909,6 +911,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg >- } >- >- for (i = 0; i < segment->nb_index_entries; i++) { >-+ if(avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- segment->temporal_offset_entries[i] = avio_r8(pb); >- avio_r8(pb); /* KeyFrameOffset */ >- segment->flag_entries[i] = avio_r8(pb); > >Property changes on: files/patch-CVE-2017-14170 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14171 >=================================================================== >--- files/patch-CVE-2017-14171 (revision 491303) >+++ files/patch-CVE-2017-14171 (nonexistent) >@@ -1,38 +0,0 @@ >-From a051de092e9c709b69d24d94b66a382909be67d5 Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= >- <tony.sh@alibaba-inc.com> >-Date: Tue, 29 Aug 2017 23:59:21 +0200 >-Subject: [PATCH] avformat/nsvdec: Fix DoS due to lack of eof check in >- nsvs_file_offset loop. >-MIME-Version: 1.0 >-Content-Type: text/plain; charset=UTF-8 >-Content-Transfer-Encoding: 8bit >- >-Fixes: 20170829.nsv >- >-Co-Author: å¼ æ´ªäº®(æå)" <wangchu.zhl@alibaba-inc.com> >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit c24bcb553650b91e9eff15ef6e54ca73de2453b7) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/nsvdec.c | 5 ++++- >- 1 file changed, 4 insertions(+), 1 deletion(-) >- >-diff --git libavformat/nsvdec.c libavformat/nsvdec.c >-index 507fb396a51..16d2fa59e21 100644 >---- external/FFmpeg/libavformat/nsvdec.c >-+++ external/FFmpeg/libavformat/nsvdec.c >-@@ -350,8 +350,11 @@ static int nsv_parse_NSVf_header(AVFormatContext *s) >- if (!nsv->nsvs_file_offset) >- return AVERROR(ENOMEM); >- >-- for(i=0;i<table_entries_used;i++) >-+ for(i=0;i<table_entries_used;i++) { >-+ if (avio_feof(pb)) >-+ return AVERROR_INVALIDDATA; >- nsv->nsvs_file_offset[i] = avio_rl32(pb) + size; >-+ } >- >- if(table_entries > table_entries_used && >- avio_rl32(pb) == MKTAG('T','O','C','2')) { > >Property changes on: files/patch-CVE-2017-14171 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14222 >=================================================================== >--- files/patch-CVE-2017-14222 (revision 491303) >+++ files/patch-CVE-2017-14222 (nonexistent) >@@ -1,34 +0,0 @@ >-From c9527df274ada02a19c2f973b29d1d5b7069d4bf Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Tue, 5 Sep 2017 00:16:29 +0200 >-Subject: [PATCH] avformat/mov: Fix DoS in read_tfra() >- >-Fixes: Missing EOF check in loop >-No testcase >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/mov.c | 7 +++++++ >- 1 file changed, 7 insertions(+) >- >-diff --git libavformat/mov.c libavformat/mov.c >-index 405476fd712..b97aa001a37 100644 >---- external/FFmpeg/libavformat/mov.c >-+++ external/FFmpeg/libavformat/mov.c >-@@ -5394,6 +5394,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f) >- } >- for (i = 0; i < index->item_count; i++) { >- int64_t time, offset; >-+ >-+ if (avio_feof(f)) { >-+ index->item_count = 0; >-+ av_freep(&index->items); >-+ return AVERROR_INVALIDDATA; >-+ } >-+ >- if (version == 1) { >- time = avio_rb64(f); >- offset = avio_rb64(f); > >Property changes on: files/patch-CVE-2017-14222 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14223 >=================================================================== >--- files/patch-CVE-2017-14223 (revision 491303) >+++ files/patch-CVE-2017-14223 (nonexistent) >@@ -1,32 +0,0 @@ >-From 4e4177dde23be77a97887f409f237e17ef53f329 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Tue, 5 Sep 2017 00:16:29 +0200 >-Subject: [PATCH] avformat/asfdec: Fix DoS in asf_build_simple_index() >- >-Fixes: Missing EOF check in loop >-No testcase >- >-Found-by: Xiaohei and Wangchu from Alibaba Security Team >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit afc9c683ed9db01edb357bc8c19edad4282b3a97) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/asfdec_f.c | 5 +++++ >- 1 file changed, 5 insertions(+) >- >-diff --git libavformat/asfdec_f.c libavformat/asfdec_f.c >-index 2cacafe50d5..d9dfbf0fa33 100644 >---- external/FFmpeg/libavformat/asfdec_f.c >-+++ external/FFmpeg/libavformat/asfdec_f.c >-@@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index) >- int64_t pos = s->internal->data_offset + s->packet_size * (int64_t)pktnum; >- int64_t index_pts = FFMAX(av_rescale(itime, i, 10000) - asf->hdr.preroll, 0); >- >-+ if (avio_feof(s->pb)) { >-+ ret = AVERROR_INVALIDDATA; >-+ goto end; >-+ } >-+ >- if (pos != last_pos) { >- av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d pts: %"PRId64"\n", >- pktnum, pktct, index_pts); > >Property changes on: files/patch-CVE-2017-14223 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14225 >=================================================================== >--- files/patch-CVE-2017-14225 (revision 491303) >+++ files/patch-CVE-2017-14225 (nonexistent) >@@ -1,48 +0,0 @@ >-From 726133b6d2cd8f5f43b5af536024d8e02791d8cf Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Tue, 22 Aug 2017 11:02:38 +0200 >-Subject: [PATCH] ffprobe: Fix null pointer dereference with color primaries >- >-Found-by: AD-lab of venustech >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 837cb4325b712ff1aab531bf41668933f61d75d2) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit b2c39fcc3c0749490dc93bca80f56724878b55fe) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- ffprobe.c | 15 +++++++++++---- >- 1 file changed, 11 insertions(+), 4 deletions(-) >- >-diff --git ffprobe.c ffprobe.c >-index 79fe296489d..703304a8c0f 100644 >---- external/FFmpeg/ffprobe.c >-+++ external/FFmpeg/ffprobe.c >-@@ -1789,6 +1789,16 @@ static void print_pkt_side_data(WriterContext *w, >- writer_print_section_footer(w); >- } >- >-+static void print_primaries(WriterContext *w, enum AVColorPrimaries color_primaries) >-+{ >-+ const char *val = av_color_primaries_name(color_primaries); >-+ if (!val || color_primaries == AVCOL_PRI_UNSPECIFIED) { >-+ print_str_opt("color_primaries", "unknown"); >-+ } else { >-+ print_str("color_primaries", val); >-+ } >-+} >-+ >- static void show_packet(WriterContext *w, InputFile *ifile, AVPacket *pkt, int packet_idx) >- { >- char val_str[128]; >-@@ -2258,10 +2268,7 @@ static int show_stream(WriterContext *w, AVFormatContext *fmt_ctx, int stream_id >- else >- print_str_opt("color_transfer", av_color_transfer_name(par->color_trc)); >- >-- if (par->color_primaries != AVCOL_PRI_UNSPECIFIED) >-- print_str("color_primaries", av_color_primaries_name(par->color_primaries)); >-- else >-- print_str_opt("color_primaries", av_color_primaries_name(par->color_primaries)); >-+ print_primaries(w, par->color_primaries); >- >- if (par->chroma_location != AVCHROMA_LOC_UNSPECIFIED) >- print_str("chroma_location", av_chroma_location_name(par->chroma_location)); > >Property changes on: files/patch-CVE-2017-14225 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-14767 >=================================================================== >--- files/patch-CVE-2017-14767 (revision 491303) >+++ files/patch-CVE-2017-14767 (nonexistent) >@@ -1,28 +0,0 @@ >-From 53a6cdf89d694be1f075729f16e0a9e2dcbbcb78 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Wed, 23 Aug 2017 21:30:37 +0200 >-Subject: [PATCH] avformat/rtpdec_h264: Fix heap-buffer-overflow >- >-Fixes: rtp_sdp/poc.sdp >- >-Found-by: Bingchang <l.bing.chang.bc@gmail.com> >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit c42a1388a6d1bfd8001bf6a4241d8ca27e49326d) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavformat/rtpdec_h264.c | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- >-diff --git libavformat/rtpdec_h264.c libavformat/rtpdec_h264.c >-index 8dd56a549e4..6f8148ab6d5 100644 >---- external/FFmpeg/libavformat/rtpdec_h264.c >-+++ external/FFmpeg/libavformat/rtpdec_h264.c >-@@ -166,7 +166,7 @@ static int sdp_parse_fmtp_config_h264(AVFormatContext *s, >- parse_profile_level_id(s, h264_data, value); >- } else if (!strcmp(attr, "sprop-parameter-sets")) { >- int ret; >-- if (value[strlen(value) - 1] == ',') { >-+ if (*value == 0 || value[strlen(value) - 1] == ',') { >- av_log(s, AV_LOG_WARNING, "Missing PPS in sprop-parameter-sets, ignoring\n"); >- return 0; >- } > >Property changes on: files/patch-CVE-2017-14767 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-15186 >=================================================================== >--- files/patch-CVE-2017-15186 (revision 491303) >+++ files/patch-CVE-2017-15186 (nonexistent) >@@ -1,78 +0,0 @@ >-From 0eb0b21c7f4f2b6a3a74d2d252f95b81a4d472c3 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Sat, 30 Sep 2017 00:20:09 +0200 >-Subject: [PATCH] avcodec/x86/lossless_videoencdsp: Fix handling of small >- widths >-MIME-Version: 1.0 >-Content-Type: text/plain; charset=UTF-8 >-Content-Transfer-Encoding: 8bit >- >-Fixes out of array access >-Fixes: crash-huf.avi >- >-Regression since: 6b41b4414934cc930468ccd5db598dd6ef643987 >- >-This could also be fixed by adding checks in the C code that calls the dsp >- >-Found-by: Zhibin Hu and è¿ä¸æ± <lianyihan@360.cn> >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit df62b70de8aaa285168e72fe8f6e740843ca91fa) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/x86/huffyuvencdsp.asm | 13 +++++++------ >- 1 file changed, 7 insertions(+), 6 deletions(-) >- >-diff --git libavcodec/x86/huffyuvencdsp.asm libavcodec/x86/huffyuvencdsp.asm >-index a55a1de65de..7a1ce2e839e 100644 >---- external/FFmpeg/libavcodec/x86/huffyuvencdsp.asm >-+++ external/FFmpeg/libavcodec/x86/huffyuvencdsp.asm >-@@ -42,10 +42,11 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w >- %define i t0q >- %endmacro >- >--; label to jump to if w < regsize >--%macro DIFF_BYTES_LOOP_PREP 1 >-+; labels to jump to if w < regsize and w < 0 >-+%macro DIFF_BYTES_LOOP_PREP 2 >- mov i, wq >- and i, -2 * regsize >-+ js %2 >- jz %1 >- add dstq, i >- add src1q, i >-@@ -87,7 +88,7 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w >- %if mmsize > 16 >- ; fall back to narrower xmm >- %define regsize mmsize / 2 >-- DIFF_BYTES_LOOP_PREP .setup_loop_gpr_aa >-+ DIFF_BYTES_LOOP_PREP .setup_loop_gpr_aa, .end_aa >- .loop2_%1%2: >- DIFF_BYTES_LOOP_CORE %1, %2, xm0, xm1 >- add i, 2 * regsize >-@@ -114,7 +115,7 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w >- INIT_MMX mmx >- DIFF_BYTES_PROLOGUE >- %define regsize mmsize >-- DIFF_BYTES_LOOP_PREP .skip_main_aa >-+ DIFF_BYTES_LOOP_PREP .skip_main_aa, .end_aa >- DIFF_BYTES_BODY a, a >- %undef i >- %endif >-@@ -122,7 +123,7 @@ DIFF_BYTES_PROLOGUE >- INIT_XMM sse2 >- DIFF_BYTES_PROLOGUE >- %define regsize mmsize >-- DIFF_BYTES_LOOP_PREP .skip_main_aa >-+ DIFF_BYTES_LOOP_PREP .skip_main_aa, .end_aa >- test dstq, regsize - 1 >- jnz .loop_uu >- test src1q, regsize - 1 >-@@ -138,7 +139,7 @@ DIFF_BYTES_PROLOGUE >- %define regsize mmsize >- ; Directly using unaligned SSE2 version is marginally faster than >- ; branching based on arguments. >-- DIFF_BYTES_LOOP_PREP .skip_main_uu >-+ DIFF_BYTES_LOOP_PREP .skip_main_uu, .end_uu >- test dstq, regsize - 1 >- jnz .loop_uu >- test src1q, regsize - 1 > >Property changes on: files/patch-CVE-2017-15186 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-16840 >=================================================================== >--- files/patch-CVE-2017-16840 (revision 491303) >+++ files/patch-CVE-2017-16840 (nonexistent) >@@ -1,93 +0,0 @@ >-From 519a54cc195b92fe6ba71fd156e31e944d862d7e Mon Sep 17 00:00:00 2001 >-From: Rostislav Pehlivanov <atomnuker@gmail.com> >-Date: Wed, 8 Nov 2017 23:50:04 +0000 >-Subject: [PATCH] vc2enc_dwt: pad the temporary buffer by the slice size >- >-Since non-Haar wavelets need to look into pixels outside the frame, we >-need to pad the buffer. The old factor of two seemed to be a workaround >-that fact and only padded to the left and bottom. This correctly pads >-by the slice size and as such reduces memory usage and potential >-exploits. >-Reported by Liu Bingchang. >- >-Ideally, there should be no temporary buffer but the encoder is designed >-to deinterleave the coefficients into the classical wavelet structure >-with the lower frequency values in the top left corner. >- >-Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com> >-(cherry picked from commit 3228ac730c11eca49d5680d5550128e397061c85) >---- >- libavcodec/vc2enc.c | 3 ++- >- libavcodec/vc2enc_dwt.c | 12 +++++++++--- >- libavcodec/vc2enc_dwt.h | 4 +++- >- 3 files changed, 14 insertions(+), 5 deletions(-) >- >-diff --git libavcodec/vc2enc.c libavcodec/vc2enc.c >-index eda390163ff..745c6e974d5 100644 >---- external/FFmpeg/libavcodec/vc2enc.c >-+++ external/FFmpeg/libavcodec/vc2enc.c >-@@ -1190,7 +1190,8 @@ static av_cold int vc2_encode_init(AVCodecContext *avctx) >- /* DWT init */ >- if (ff_vc2enc_init_transforms(&s->transform_args[i].t, >- s->plane[i].coef_stride, >-- s->plane[i].dwt_height)) >-+ s->plane[i].dwt_height, >-+ s->slice_width, s->slice_height)) >- goto alloc_fail; >- } >- >-diff --git libavcodec/vc2enc_dwt.c libavcodec/vc2enc_dwt.c >-index c60b003a313..d22af8a3138 100644 >---- external/FFmpeg/libavcodec/vc2enc_dwt.c >-+++ external/FFmpeg/libavcodec/vc2enc_dwt.c >-@@ -255,21 +255,27 @@ static void vc2_subband_dwt_haar_shift(VC2TransformContext *t, dwtcoef *data, >- dwt_haar(t, data, stride, width, height, 1); >- } >- >--av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_width, int p_height) >-+av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_stride, >-+ int p_height, int slice_w, int slice_h) >- { >- s->vc2_subband_dwt[VC2_TRANSFORM_9_7] = vc2_subband_dwt_97; >- s->vc2_subband_dwt[VC2_TRANSFORM_5_3] = vc2_subband_dwt_53; >- s->vc2_subband_dwt[VC2_TRANSFORM_HAAR] = vc2_subband_dwt_haar; >- s->vc2_subband_dwt[VC2_TRANSFORM_HAAR_S] = vc2_subband_dwt_haar_shift; >- >-- s->buffer = av_malloc(2*p_width*p_height*sizeof(dwtcoef)); >-+ /* Pad by the slice size, only matters for non-Haar wavelets */ >-+ s->buffer = av_calloc((p_stride + slice_w)*(p_height + slice_h), sizeof(dwtcoef)); >- if (!s->buffer) >- return 1; >- >-+ s->padding = (slice_h >> 1)*p_stride + (slice_w >> 1); >-+ s->buffer += s->padding; >-+ >- return 0; >- } >- >- av_cold void ff_vc2enc_free_transforms(VC2TransformContext *s) >- { >-- av_freep(&s->buffer); >-+ av_free(s->buffer - s->padding); >-+ s->buffer = NULL; >- } >-diff --git libavcodec/vc2enc_dwt.h libavcodec/vc2enc_dwt.h >-index 7fbbfbe0ed9..a6932bcdaf0 100644 >---- external/FFmpeg/libavcodec/vc2enc_dwt.h >-+++ external/FFmpeg/libavcodec/vc2enc_dwt.h >-@@ -41,12 +41,14 @@ enum VC2TransformType { >- >- typedef struct VC2TransformContext { >- dwtcoef *buffer; >-+ int padding; >- void (*vc2_subband_dwt[VC2_TRANSFORMS_NB])(struct VC2TransformContext *t, >- dwtcoef *data, ptrdiff_t stride, >- int width, int height); >- } VC2TransformContext; >- >--int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_width, int p_height); >-+int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_stride, int p_height, >-+ int slice_w, int slice_h); >- void ff_vc2enc_free_transforms(VC2TransformContext *t); >- >- #endif /* AVCODEC_VC2ENC_DWT_H */ > >Property changes on: files/patch-CVE-2017-16840 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-17081a >=================================================================== >--- files/patch-CVE-2017-17081a (revision 491303) >+++ files/patch-CVE-2017-17081a (nonexistent) >@@ -1,28 +0,0 @@ >-From b2c9771dd435fbce4f0a422bbdc16ecf7b243395 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Mon, 9 Oct 2017 00:32:30 +0200 >-Subject: [PATCH] avcodec/mpeg_er: Clear mcsel in mpeg_er_decode_mb() >- >-Fixes out of array read >-Should fix: 3516/clusterfuzz-testcase-minimized-4608518562775040 (not reprodoceable) >- >-Found-by: Insu Yun, Georgia Tech. >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 127a362630e11fe724e2e63fc871791fdcbcfa64) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/mpeg_er.c | 1 + >- 1 file changed, 1 insertion(+) >- >-diff --git libavcodec/mpeg_er.c libavcodec/mpeg_er.c >-index dd87ae9cc9e..9bd269c4402 100644 >---- external/FFmpeg/libavcodec/mpeg_er.c >-+++ external/FFmpeg/libavcodec/mpeg_er.c >-@@ -71,6 +71,7 @@ static void mpeg_er_decode_mb(void *opaque, int ref, int mv_dir, int mv_type, >- s->mb_skipped = mb_skipped; >- s->mb_x = mb_x; >- s->mb_y = mb_y; >-+ s->mcsel = 0; >- memcpy(s->mv, mv, sizeof(*mv)); >- >- ff_init_block_index(s); > >Property changes on: files/patch-CVE-2017-17081a >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2017-17081b >=================================================================== >--- files/patch-CVE-2017-17081b (revision 491303) >+++ files/patch-CVE-2017-17081b (nonexistent) >@@ -1,33 +0,0 @@ >-From b51f515c5c837351f2104b43c0e2a0562a759086 Mon Sep 17 00:00:00 2001 >-From: Michael Niedermayer <michael@niedermayer.cc> >-Date: Mon, 13 Nov 2017 20:47:48 +0100 >-Subject: [PATCH] avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu >- >-Fixes: out of array read >-Fixes: 3516/attachment-311488.dat >- >-Found-by: Insu Yun, Georgia Tech. >-Tested-by: wuninsu@gmail.com >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >-(cherry picked from commit 58cf31cee7a456057f337b3102a03206d833d5e8) >-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >---- >- libavcodec/x86/mpegvideodsp.c | 5 +++-- >- 1 file changed, 3 insertions(+), 2 deletions(-) >- >-diff --git libavcodec/x86/mpegvideodsp.c libavcodec/x86/mpegvideodsp.c >-index e0498f38496..6009b64e076 100644 >---- external/FFmpeg/libavcodec/x86/mpegvideodsp.c >-+++ external/FFmpeg/libavcodec/x86/mpegvideodsp.c >-@@ -52,8 +52,9 @@ static void gmc_mmx(uint8_t *dst, uint8_t *src, >- const int dyh = (dyy - (1 << (16 + shift))) * (h - 1); >- const int dxh = dxy * (h - 1); >- const int dyw = dyx * (w - 1); >-- int need_emu = (unsigned) ix >= width - w || >-- (unsigned) iy >= height - h; >-+ int need_emu = (unsigned) ix >= width - w || width < w || >-+ (unsigned) iy >= height - h || height< h >-+ ; >- >- if ( // non-constant fullpel offset (3% of blocks) >- ((ox ^ (ox + dxw)) | (ox ^ (ox + dxh)) | (ox ^ (ox + dxw + dxh)) | > >Property changes on: files/patch-CVE-2017-17081b >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2018-6392 >=================================================================== >--- files/patch-CVE-2018-6392 (revision 491303) >+++ files/patch-CVE-2018-6392 (nonexistent) >@@ -1,44 +0,0 @@ >-Fix for CVE-2018-6392 >-https://security-tracker.debian.org/tracker/CVE-2018-6392 >-https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5 >-https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235 >- >---- external/FFmpeg/libavfilter/vf_transpose.c.orig 2018-02-01 11:15:37 UTC >-+++ external/FFmpeg/libavfilter/vf_transpose.c >-@@ -27,6 +27,7 @@ >- >- #include <stdio.h> >- >-+#include "libavutil/avassert.h" >- #include "libavutil/imgutils.h" >- #include "libavutil/internal.h" >- #include "libavutil/intreadwrite.h" >-@@ -54,6 +55,7 @@ enum TransposeDir { >- typedef struct TransContext { >- const AVClass *class; >- int hsub, vsub; >-+ int planes; >- int pixsteps[4]; >- >- int passthrough; ///< PassthroughType, landscape passthrough mode enabled >-@@ -106,7 +108,11 @@ static int config_props_output(AVFilterLink *outlink) >- >- s->hsub = desc_in->log2_chroma_w; >- s->vsub = desc_in->log2_chroma_h; >-+ s->planes = av_pix_fmt_count_planes(outlink->format); >- >-+ av_assert0(desc_in->nb_components == desc_out->nb_components); >-+ >-+ >- av_image_fill_max_pixsteps(s->pixsteps, NULL, desc_out); >- >- outlink->w = inlink->h; >-@@ -148,7 +154,7 @@ static int filter_slice(AVFilterContext *ctx, void *ar >- AVFrame *in = td->in; >- int plane; >- >-- for (plane = 0; out->data[plane]; plane++) { >-+ for (plane = 0; plane < s->planes; plane++) { >- int hsub = plane == 1 || plane == 2 ? s->hsub : 0; >- int vsub = plane == 1 || plane == 2 ? s->vsub : 0; >- int pixstep = s->pixsteps[plane]; > >Property changes on: files/patch-CVE-2018-6392 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-CVE-2018-6621 >=================================================================== >--- files/patch-CVE-2018-6621 (revision 491303) >+++ files/patch-CVE-2018-6621 (nonexistent) >@@ -1,15 +0,0 @@ >-Fix for CVE-2018-6621 >-https://security-tracker.debian.org/tracker/CVE-2018-6621 >-https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b >- >---- external/FFmpeg/libavcodec/utvideodec.c.orig 2018-03-01 05:12:04 UTC >-+++ external/FFmpeg/libavcodec/utvideodec.c >-@@ -534,7 +534,7 @@ static int decode_frame(AVCodecContext *avctx, void *d >- for (j = 0; j < c->slices; j++) { >- slice_end = bytestream2_get_le32u(&gb); >- if (slice_end < 0 || slice_end < slice_start || >-- bytestream2_get_bytes_left(&gb) < slice_end) { >-+ bytestream2_get_bytes_left(&gb) < slice_end + 1024LL) { >- av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n"); >- return AVERROR_INVALIDDATA; >- } > >Property changes on: files/patch-CVE-2018-6621 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-configure >=================================================================== >--- files/patch-configure (revision 491303) >+++ files/patch-configure (working copy) >@@ -41,12 +41,4 @@ > } > > as_o(){ >-@@ -8840,7 +8840,7 @@ INCDIR=\$(INSTALL_ROOT)$incdir >- BINDIR=\$(INSTALL_ROOT)$bindir >- DATADIR=\$(INSTALL_ROOT)$datadir >- MANDIR=\$(INSTALL_ROOT)$mandir >--CFLAGS=${CFLAGS} -DFF_API_OLD_DECODE_AUDIO=1 -w >-+CFLAGS=${CFLAGS} -DFF_API_OLD_DECODE_AUDIO=1 -I${prefix}/include -w >- endif # FFMPEG_CONFIG_MAK >- EOF > >Index: files/patch-external_FFmpeg_configure >=================================================================== >--- files/patch-external_FFmpeg_configure (revision 491303) >+++ files/patch-external_FFmpeg_configure (nonexistent) >@@ -1,29 +0,0 @@ >-Fix arch detection >-Fix runtime crashes on i386: enforce stack-alignment=16 >- >---- external/FFmpeg/configure.orig 2018-02-01 11:15:37 UTC >-+++ external/FFmpeg/configure >-@@ -3189,12 +3189,7 @@ target_os_default=$(tolower $(uname -s)) >- host_os=$target_os_default >- >- # machine >--if test "$target_os_default" = aix; then >-- arch_default=$(uname -p) >-- strip_default="strip -X32_64" >--else >-- arch_default=$(uname -m) >--fi >-+arch_default=$(uname -p) >- cpu="generic" >- intrinsics="none" >- >-@@ -6217,6 +6212,9 @@ elif enabled llvm_gcc; then >- elif enabled clang; then >- check_cflags -mllvm -stack-alignment=16 >- check_cflags -mstack-alignment=16 >-+ if enabled x86_32; then >-+ check_cflags -mstackrealign >-+ fi >- check_cflags -Qunused-arguments >- check_cflags -Werror=implicit-function-declaration >- check_cflags -Werror=missing-prototypes > >Property changes on: files/patch-external_FFmpeg_configure >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-external_FFmpeg_libavformat_tls__openssl.c >=================================================================== >--- files/patch-external_FFmpeg_libavformat_tls__openssl.c (revision 491303) >+++ files/patch-external_FFmpeg_libavformat_tls__openssl.c (nonexistent) >@@ -1,58 +0,0 @@ >-Fix build with libressl >- >---- external/FFmpeg/libavformat/tls_openssl.c.orig 2018-02-01 11:15:37 UTC >-+++ external/FFmpeg/libavformat/tls_openssl.c >-@@ -43,7 +43,7 @@ typedef struct TLSContext { >- TLSShared tls_shared; >- SSL_CTX *ctx; >- SSL *ssl; >--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) >- BIO_METHOD* url_bio_method; >- #endif >- } TLSContext; >-@@ -68,7 +68,7 @@ static unsigned long openssl_thread_id(void) >- >- static int url_bio_create(BIO *b) >- { >--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) >- BIO_set_init(b, 1); >- BIO_set_data(b, NULL); >- BIO_set_flags(b, 0); >-@@ -85,7 +85,7 @@ static int url_bio_destroy(BIO *b) >- return 1; >- } >- >--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) >- #define GET_BIO_DATA(x) BIO_get_data(x); >- #else >- #define GET_BIO_DATA(x) (x)->ptr; >-@@ -133,7 +133,7 @@ static int url_bio_bputs(BIO *b, const char *str) >- return url_bio_bwrite(b, str, strlen(str)); >- } >- >--#if OPENSSL_VERSION_NUMBER < 0x1010000fL >-+#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) >- static BIO_METHOD url_bio_method = { >- .type = BIO_TYPE_SOURCE_SINK, >- .name = "urlprotocol bio", >-@@ -212,7 +212,7 @@ static int tls_close(URLContext *h) >- SSL_CTX_free(c->ctx); >- if (c->tls_shared.tcp) >- ffurl_close(c->tls_shared.tcp); >--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) >- if (c->url_bio_method) >- BIO_meth_free(c->url_bio_method); >- #endif >-@@ -265,7 +265,7 @@ static int tls_open(URLContext *h, const char *uri, in >- ret = AVERROR(EIO); >- goto fail; >- } >--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) >- p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio"); >- BIO_meth_set_write(p->url_bio_method, url_bio_bwrite); >- BIO_meth_set_read(p->url_bio_method, url_bio_bread); > >Property changes on: files/patch-external_FFmpeg_libavformat_tls__openssl.c >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-libs_libmythtv_dbcheck.cpp >=================================================================== >--- files/patch-libs_libmythtv_dbcheck.cpp (revision 491303) >+++ files/patch-libs_libmythtv_dbcheck.cpp (nonexistent) >@@ -1,64 +0,0 @@ >-Database schema 1347 fails to update due to bad SQL statement >-Ref: https://code.mythtv.org/trac/ticket/13155 >- >---- libs/libmythtv/dbcheck.cpp.orig 2018-02-01 11:15:37 UTC >-+++ libs/libmythtv/dbcheck.cpp >-@@ -3340,25 +3340,24 @@ NULL >- >- if (dbver == "1346") >- { >-- QString master; >-+ QList<QByteArray> updates_ba; >- // Create new MasterServerName setting >- if (gCoreContext->IsMasterHost()) >-- master = >-- "insert into settings (value,data,hostname) " >-- "values('MasterServerName','" >-- + gCoreContext->GetHostName() + "', null);"; >-+ updates_ba.push_back( >-+ QString("INSERT INTO settings (value, data, hostname) " >-+ "VALUES ('MasterServerName', '%1', NULL);") >-+ .arg(gCoreContext->GetHostName()).toLocal8Bit()); >- else >-- master = >-- "insert into settings (value,data,hostname) " >-- "select 'MasterServerName', b.hostname, null " >-- "from settings a, settings b " >-- "where a.value = 'MasterServerIP' " >-- "and b.value in ('BackendServerIP','BackendServerIP6')" >-- "and a.data = b.data;"; >-+ updates_ba.push_back( >-+ QString("INSERT INTO settings (value,data,hostname) " >-+ "SELECT 'MasterServerName', b.hostname, NULL " >-+ "FROM settings a, settings b " >-+ "WHERE a.value = 'MasterServerIP' " >-+ "AND b.value IN ('BackendServerIP','BackendServerIP6')" >-+ "AND a.data = b.data;") >-+ .toLocal8Bit()); >- >-- const char *updates[] = { >-- // Create new MasterServerName setting >-- master.toLocal8Bit().constData(), >-+ const char *post_sql[] = { >- // Create new BackendServerAddr setting for each backend server >- // Assume using IPV4 value. >- "insert into settings (value,data,hostname) " >-@@ -3385,8 +3384,17 @@ NULL >- // Delete obsolete settings >- "delete from settings " >- "where value in ('WatchTVGuide');", >-- NULL >- }; >-+ >-+ for (uint i = 0; i < sizeof(post_sql)/sizeof(char*); i++) >-+ updates_ba.push_back(QByteArray(post_sql[i])); >-+ >-+ // Convert update ByteArrays to NULL terminated char** >-+ QList<QByteArray>::const_iterator it = updates_ba.begin(); >-+ vector<const char*> updates; >-+ for (; it != updates_ba.end(); ++it) >-+ updates.push_back((*it).constData()); >-+ updates.push_back(NULL); >- >- if (!performActualUpdate(&updates[0], "1347", dbver)) >- return false; > >Property changes on: files/patch-libs_libmythtv_dbcheck.cpp >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-libs_libmythtv_videodev2.h >=================================================================== >--- files/patch-libs_libmythtv_videodev2.h (nonexistent) >+++ files/patch-libs_libmythtv_videodev2.h (working copy) >@@ -0,0 +1,34 @@ >+--- libs/libmythtv/videodev2.h.orig 2018-01-11 12:39:22 UTC >++++ libs/libmythtv/videodev2.h >+@@ -60,6 +60,32 @@ >+ #ifdef __FreeBSD__ >+ #include <linux/input.h> // For __[us][0-9]+ types >++#ifndef __u64 >++typedef uint64_t __u64; >++#endif >++#ifndef __u32 >++typedef uint32_t __u32; >++#endif >++#ifndef __u16 >++typedef uint16_t __u16; >++#endif >++#ifndef __u8 >++typedef uint8_t __u8; >++#endif >++ >++#ifndef __s64 >++typedef int64_t __s64; >++#endif >++#ifndef __s32 >++typedef int32_t __s32; >++#endif >++#ifndef __s16 >++typedef int16_t __s16; >++#endif >++#ifndef __s8 >++typedef int8_t __s8; >++#endif >++ >+ #define __le64 __u64 >+ #define __le32 __u32 >+ #define __le16 __u16 > >Property changes on: files/patch-libs_libmythtv_videodev2.h >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-libs_libmythui_mythpainter.cpp >=================================================================== >--- files/patch-libs_libmythui_mythpainter.cpp (revision 491303) >+++ files/patch-libs_libmythui_mythpainter.cpp (nonexistent) >@@ -1,10 +0,0 @@ >---- libs/libmythui/mythpainter.cpp.orig 2018-01-11 12:39:22 UTC >-+++ libs/libmythui/mythpainter.cpp >-@@ -1,6 +1,7 @@ >- #include <stdint.h> >- #include <algorithm> >- #include <complex> >-+#include <cstdlib> >- >- // QT headers >- #include <QRect> > >Property changes on: files/patch-libs_libmythui_mythpainter.cpp >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-libs_libmythui_mythrender__vdpau.h >=================================================================== >--- files/patch-libs_libmythui_mythrender__vdpau.h (revision 491303) >+++ files/patch-libs_libmythui_mythrender__vdpau.h (nonexistent) >@@ -1,10 +0,0 @@ >---- libs/libmythui/mythrender_vdpau.h.orig 2018-01-27 11:25:49 UTC >-+++ libs/libmythui/mythrender_vdpau.h >-@@ -12,6 +12,7 @@ >- >- extern "C" { >- #include "libavcodec/vdpau.h" >-+#include <vdpau/vdpau_x11.h> >- } >- >- #define MIN_OUTPUT_SURFACES 2 // UI > >Property changes on: files/patch-libs_libmythui_mythrender__vdpau.h >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 491303) >+++ pkg-plist (working copy) >@@ -2,19 +2,18 @@ > bin/mythbackend > bin/mythccextractor > bin/mythcommflag >+bin/mythexternrecorder > bin/mythffmpeg > bin/mythffprobe >-bin/mythffserver > bin/mythfilerecorder > bin/mythfilldatabase > bin/mythfrontend >-bin/mythhdhomerun_config > bin/mythjobqueue > bin/mythlcdserver > bin/mythmediaserver > bin/mythmetadatalookup > bin/mythpreviewgen >-%%BINDINGS%%bin/mythpython >+bin/mythpython > bin/mythreplex > bin/mythscreenwizard > bin/mythshutdown >@@ -22,7 +21,7 @@ > bin/mythtv-setup > bin/mythutil > bin/mythwelcome >-%%BINDINGS%%bin/mythwikiscripts >+bin/mythwikiscripts > include/mythtv/audioconvert.h > include/mythtv/audiooutput.h > include/mythtv/audiooutputsettings.h >@@ -30,40 +29,6 @@ > include/mythtv/audiosettings.h > include/mythtv/autodeletedeque.h > include/mythtv/blockinput.h >-include/mythtv/bluray/array.h >-include/mythtv/bluray/attributes.h >-include/mythtv/bluray/bdid_parse.h >-include/mythtv/bluray/bdparse.h >-include/mythtv/bluray/bits.h >-include/mythtv/bluray/bluray.h >-include/mythtv/bluray/clpi_data.h >-include/mythtv/bluray/clpi_parse.h >-include/mythtv/bluray/dirs.h >-include/mythtv/bluray/dl.h >-include/mythtv/bluray/event_queue.h >-include/mythtv/bluray/extdata_parse.h >-include/mythtv/bluray/file.h >-include/mythtv/bluray/filesystem.h >-include/mythtv/bluray/hdmv_insn.h >-include/mythtv/bluray/hdmv_vm.h >-include/mythtv/bluray/index_parse.h >-include/mythtv/bluray/log_control.h >-include/mythtv/bluray/logging.h >-include/mythtv/bluray/macro.h >-include/mythtv/bluray/meta_data.h >-include/mythtv/bluray/meta_parse.h >-include/mythtv/bluray/mobj_data.h >-include/mythtv/bluray/mobj_parse.h >-include/mythtv/bluray/mobj_print.h >-include/mythtv/bluray/mount.h >-include/mythtv/bluray/mpls_parse.h >-include/mythtv/bluray/mutex.h >-include/mythtv/bluray/navigation.h >-include/mythtv/bluray/refcnt.h >-include/mythtv/bluray/sound_parse.h >-include/mythtv/bluray/strutl.h >-include/mythtv/bluray/time.h >-include/mythtv/bluray/uo_mask_table.h > include/mythtv/bonjourregister.h > include/mythtv/bswap.h > include/mythtv/compat.h >@@ -81,11 +46,25 @@ > include/mythtv/exitcodes.h > include/mythtv/ffmpeg-mmx.h > include/mythtv/filesysteminfo.h >+include/mythtv/goom/drawmethods.h >+include/mythtv/goom/filters.h >+include/mythtv/goom/goom_core.h >+include/mythtv/goom/goom_tools.h >+include/mythtv/goom/goomconfig.h >+include/mythtv/goom/graphic.h >+include/mythtv/goom/ifs.h >+include/mythtv/goom/lines.h >+include/mythtv/goom/mathtools.h >+include/mythtv/goom/mmx.h >+include/mythtv/goom/tentacle3d.h >+include/mythtv/goom/v3d.h > include/mythtv/hardwareprofile.h > include/mythtv/iso3166.h > include/mythtv/iso639.h > include/mythtv/langsettings.h > include/mythtv/lcddevice.h >+include/mythtv/libavcodec/ac3_parser.h >+include/mythtv/libavcodec/adts_parser.h > include/mythtv/libavcodec/avcodec.h > include/mythtv/libavcodec/avdct.h > include/mythtv/libavcodec/avfft.h >@@ -97,7 +76,6 @@ > include/mythtv/libavcodec/mediacodec.h > include/mythtv/libavcodec/qsv.h > include/mythtv/libavcodec/vaapi.h >-include/mythtv/libavcodec/vda.h > include/mythtv/libavcodec/vdpau.h > include/mythtv/libavcodec/version.h > include/mythtv/libavcodec/videotoolbox.h >@@ -106,7 +84,6 @@ > include/mythtv/libavdevice/avdevice.h > include/mythtv/libavdevice/version.h > include/mythtv/libavfilter/avfilter.h >-include/mythtv/libavfilter/avfiltergraph.h > include/mythtv/libavfilter/buffersink.h > include/mythtv/libavfilter/buffersrc.h > include/mythtv/libavfilter/version.h >@@ -137,6 +114,7 @@ > include/mythtv/libavutil/dict.h > include/mythtv/libavutil/display.h > include/mythtv/libavutil/downmix_info.h >+include/mythtv/libavutil/encryption_info.h > include/mythtv/libavutil/error.h > include/mythtv/libavutil/eval.h > include/mythtv/libavutil/ffversion.h >@@ -147,10 +125,14 @@ > include/mythtv/libavutil/hmac.h > include/mythtv/libavutil/hwcontext.h > include/mythtv/libavutil/hwcontext_cuda.h >+include/mythtv/libavutil/hwcontext_d3d11va.h >+include/mythtv/libavutil/hwcontext_drm.h > include/mythtv/libavutil/hwcontext_dxva2.h >+include/mythtv/libavutil/hwcontext_mediacodec.h > include/mythtv/libavutil/hwcontext_qsv.h > include/mythtv/libavutil/hwcontext_vaapi.h > include/mythtv/libavutil/hwcontext_vdpau.h >+include/mythtv/libavutil/hwcontext_videotoolbox.h > include/mythtv/libavutil/imgutils.h > include/mythtv/libavutil/intfloat.h > include/mythtv/libavutil/intreadwrite.h >@@ -177,6 +159,7 @@ > include/mythtv/libavutil/samplefmt.h > include/mythtv/libavutil/sha.h > include/mythtv/libavutil/sha512.h >+include/mythtv/libavutil/spherical.h > include/mythtv/libavutil/stereo3d.h > include/mythtv/libavutil/tea.h > include/mythtv/libavutil/threadmessage.h >@@ -195,8 +178,6 @@ > include/mythtv/libmyth/dialogbox.h > include/mythtv/libmyth/eldutils.h > include/mythtv/libmyth/langsettings.h >-include/mythtv/libmyth/mythconfigdialogs.h >-include/mythtv/libmyth/mythconfiggroups.h > include/mythtv/libmyth/mythcontext.h > include/mythtv/libmyth/mythdialogs.h > include/mythtv/libmyth/mythexp.h >@@ -214,7 +195,6 @@ > include/mythtv/libmyth/remoteutil.h > include/mythtv/libmyth/rssparse.h > include/mythtv/libmyth/schemawizard.h >-include/mythtv/libmyth/settings.h > include/mythtv/libmyth/standardsettings.h > include/mythtv/libmyth/storagegroupeditor.h > include/mythtv/libmyth/visual.h >@@ -261,6 +241,7 @@ > include/mythtv/libmythbase/mythsingledownload.h > include/mythtv/libmythbase/mythsocket.h > include/mythtv/libmythbase/mythsocket_cb.h >+include/mythtv/libmythbase/mythsorthelper.h > include/mythtv/libmythbase/mythstorage.h > include/mythtv/libmythbase/mythsystem.h > include/mythtv/libmythbase/mythsystemlegacy.h >@@ -440,7 +421,6 @@ > include/mythtv/metadata/videoscan.h > include/mythtv/metadata/videoutils.h > include/mythtv/metadataimagehelper.h >-include/mythtv/minilzo.h > include/mythtv/mpeg2dec/mpeg2.h > include/mythtv/mthread.h > include/mythtv/mthreadpool.h >@@ -450,8 +430,6 @@ > include/mythtv/mythcommandlineparser.h > include/mythtv/mythconfig.h > include/mythtv/mythconfig.mak >-include/mythtv/mythconfigdialogs.h >-include/mythtv/mythconfiggroups.h > include/mythtv/mythcontext.h > include/mythtv/mythcorecontext.h > include/mythtv/mythcoreutil.h >@@ -480,6 +458,7 @@ > include/mythtv/mythsingledownload.h > include/mythtv/mythsocket.h > include/mythtv/mythsocket_cb.h >+include/mythtv/mythsorthelper.h > include/mythtv/mythstorage.h > include/mythtv/mythsystem.h > include/mythtv/mythsystemlegacy.h >@@ -504,10 +483,8 @@ > include/mythtv/remotefile.h > include/mythtv/remoteutil.h > include/mythtv/rssparse.h >-include/mythtv/samplerate.h > include/mythtv/schemawizard.h > include/mythtv/serverpool.h >-include/mythtv/settings.h > include/mythtv/signalhandling.h > include/mythtv/standardsettings.h > include/mythtv/storagegroup.h >@@ -550,70 +527,66 @@ > include/mythtv/version.h > include/mythtv/visual.h > include/mythtv/volumebase.h >-lib/libmyth-29.so >-lib/libmyth-29.so.29 >-lib/libmyth-29.so.29.0 >-lib/libmyth-29.so.29.0.0 >+lib/libmyth-30.so >+lib/libmyth-30.so.30 >+lib/libmyth-30.so.30.0 >+lib/libmyth-30.so.30.0.0 > lib/libmythavcodec.so >-lib/libmythavcodec.so.57 >-lib/libmythavcodec.so.57.64.100 >+lib/libmythavcodec.so.58 >+lib/libmythavcodec.so.58.18.100 > lib/libmythavdevice.so >-lib/libmythavdevice.so.57 >-lib/libmythavdevice.so.57.1.100 >+lib/libmythavdevice.so.58 >+lib/libmythavdevice.so.58.3.100 > lib/libmythavfilter.so >-lib/libmythavfilter.so.6 >-lib/libmythavfilter.so.6.65.100 >+lib/libmythavfilter.so.7 >+lib/libmythavfilter.so.7.16.100 > lib/libmythavformat.so >-lib/libmythavformat.so.57 >-lib/libmythavformat.so.57.56.100 >+lib/libmythavformat.so.58 >+lib/libmythavformat.so.58.12.100 > lib/libmythavutil.so >-lib/libmythavutil.so.55 >-lib/libmythavutil.so.55.34.100 >-lib/libmythbase-29.so >-lib/libmythbase-29.so.29 >-lib/libmythbase-29.so.29.0 >-lib/libmythbase-29.so.29.0.0 >-lib/libmythfreemheg-29.so >-lib/libmythfreemheg-29.so.29 >-lib/libmythfreemheg-29.so.29.0 >-lib/libmythfreemheg-29.so.29.0.0 >-lib/libmythhdhomerun-29.so >-lib/libmythhdhomerun-29.so.29 >-lib/libmythhdhomerun-29.so.29.0 >-lib/libmythhdhomerun-29.so.29.0.0 >-lib/libmythmetadata-29.so >-lib/libmythmetadata-29.so.29 >-lib/libmythmetadata-29.so.29.0 >-lib/libmythmetadata-29.so.29.0.0 >+lib/libmythavutil.so.56 >+lib/libmythavutil.so.56.14.100 >+lib/libmythbase-30.so >+lib/libmythbase-30.so.30 >+lib/libmythbase-30.so.30.0 >+lib/libmythbase-30.so.30.0.0 >+lib/libmythfreemheg-30.so >+lib/libmythfreemheg-30.so.30 >+lib/libmythfreemheg-30.so.30.0 >+lib/libmythfreemheg-30.so.30.0.0 >+lib/libmythmetadata-30.so >+lib/libmythmetadata-30.so.30 >+lib/libmythmetadata-30.so.30.0 >+lib/libmythmetadata-30.so.30.0.0 > lib/libmythpostproc.so >-lib/libmythpostproc.so.54 >-lib/libmythpostproc.so.54.1.100 >-lib/libmythprotoserver-29.so >-lib/libmythprotoserver-29.so.29 >-lib/libmythprotoserver-29.so.29.0 >-lib/libmythprotoserver-29.so.29.0.0 >-lib/libmythservicecontracts-29.so >-lib/libmythservicecontracts-29.so.29 >-lib/libmythservicecontracts-29.so.29.0 >-lib/libmythservicecontracts-29.so.29.0.0 >+lib/libmythpostproc.so.55 >+lib/libmythpostproc.so.55.1.100 >+lib/libmythprotoserver-30.so >+lib/libmythprotoserver-30.so.30 >+lib/libmythprotoserver-30.so.30.0 >+lib/libmythprotoserver-30.so.30.0.0 >+lib/libmythservicecontracts-30.so >+lib/libmythservicecontracts-30.so.30 >+lib/libmythservicecontracts-30.so.30.0 >+lib/libmythservicecontracts-30.so.30.0.0 > lib/libmythswresample.so >-lib/libmythswresample.so.2 >-lib/libmythswresample.so.2.3.100 >+lib/libmythswresample.so.3 >+lib/libmythswresample.so.3.1.100 > lib/libmythswscale.so >-lib/libmythswscale.so.4 >-lib/libmythswscale.so.4.2.100 >-lib/libmythtv-29.so >-lib/libmythtv-29.so.29 >-lib/libmythtv-29.so.29.0 >-lib/libmythtv-29.so.29.0.0 >-lib/libmythui-29.so >-lib/libmythui-29.so.29 >-lib/libmythui-29.so.29.0 >-lib/libmythui-29.so.29.0.0 >-lib/libmythupnp-29.so >-lib/libmythupnp-29.so.29 >-lib/libmythupnp-29.so.29.0 >-lib/libmythupnp-29.so.29.0.0 >+lib/libmythswscale.so.5 >+lib/libmythswscale.so.5.1.100 >+lib/libmythtv-30.so >+lib/libmythtv-30.so.30 >+lib/libmythtv-30.so.30.0 >+lib/libmythtv-30.so.30.0.0 >+lib/libmythui-30.so >+lib/libmythui-30.so.30 >+lib/libmythui-30.so.30.0 >+lib/libmythui-30.so.30.0.0 >+lib/libmythupnp-30.so >+lib/libmythupnp-30.so.30 >+lib/libmythupnp-30.so.30.0 >+lib/libmythupnp-30.so.30.0.0 > lib/mythtv/filters/libadjust.so > lib/mythtv/filters/libbobdeint.so > lib/mythtv/filters/libcrop.so >@@ -630,104 +603,112 @@ > lib/mythtv/filters/libquickdnr.so > lib/mythtv/filters/libvflip.so > lib/mythtv/filters/libyadif.so >-%%BINDINGS%%%%SITE_PERL%%/IO/Socket/INET/MythTV.pm >-%%BINDINGS%%%%SITE_PERL%%/MythTV.pm >-%%BINDINGS%%%%SITE_PERL%%/MythTV/Channel.pm >-%%BINDINGS%%%%SITE_PERL%%/MythTV/Program.pm >-%%BINDINGS%%%%SITE_PERL%%/MythTV/Recording.pm >-%%BINDINGS%%%%SITE_PERL%%/MythTV/StorageGroup.pm >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV-0.28._1-py%%PYTHON_VER%%.egg-info >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/__init__.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/__init__.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/altdict.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/altdict.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/connections.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/connections.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/database.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/database.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/dataheap.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/dataheap.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/exceptions.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/exceptions.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/logging.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/logging.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/methodheap.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/methodheap.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/msearch.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/msearch.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/mythproto.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/mythproto.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/static.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/static.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/system.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/system.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbCollection.xsl >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbQuery.xsl >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbVideo.xsl >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/other.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/other.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.pyc >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.py >-%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.pyc >+%%SITE_PERL%%/IO/Socket/INET/MythTV.pm >+%%SITE_PERL%%/MythTV.pm >+%%SITE_PERL%%/MythTV/Channel.pm >+%%SITE_PERL%%/MythTV/Program.pm >+%%SITE_PERL%%/MythTV/Recording.pm >+%%SITE_PERL%%/MythTV/StorageGroup.pm >+%%PYTHON_SITELIBDIR%%/MythTV-30.0._1-py%%PYTHON_VER%%.egg-info >+%%PYTHON_SITELIBDIR%%/MythTV/__init__.py >+%%PYTHON_SITELIBDIR%%/MythTV/__init__.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.py >+%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.py >+%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/altdict.py >+%%PYTHON_SITELIBDIR%%/MythTV/altdict.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/connections.py >+%%PYTHON_SITELIBDIR%%/MythTV/connections.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/database.py >+%%PYTHON_SITELIBDIR%%/MythTV/database.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/dataheap.py >+%%PYTHON_SITELIBDIR%%/MythTV/dataheap.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/exceptions.py >+%%PYTHON_SITELIBDIR%%/MythTV/exceptions.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/logging.py >+%%PYTHON_SITELIBDIR%%/MythTV/logging.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/methodheap.py >+%%PYTHON_SITELIBDIR%%/MythTV/methodheap.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/msearch.py >+%%PYTHON_SITELIBDIR%%/MythTV/msearch.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/mythproto.py >+%%PYTHON_SITELIBDIR%%/MythTV/mythproto.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/__init__.py >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/__init__.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/_version.py >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/_version.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/send.py >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/send.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/utilities.py >+%%PYTHON_SITELIBDIR%%/MythTV/services_api/utilities.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/static.py >+%%PYTHON_SITELIBDIR%%/MythTV/static.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/system.py >+%%PYTHON_SITELIBDIR%%/MythTV/system.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.py >+%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbCollection.xsl >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbQuery.xsl >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbVideo.xsl >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.py >+%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/other.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/other.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.py >+%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.py >+%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.pyc >+%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.py >+%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.pyc > %%DATADIR%%/CDS_scpd.xml > %%DATADIR%%/CMGR_scpd.xml > %%DATADIR%%/MFEXML_scpd.xml >@@ -1251,7 +1232,6 @@ > %%DATADIR%%/metadata/Music/lyrics/filelyrics.py > %%DATADIR%%/metadata/Music/lyrics/genius.py > %%DATADIR%%/metadata/Music/lyrics/gomaudio.py >-%%DATADIR%%/metadata/Music/lyrics/letssingit.py > %%DATADIR%%/metadata/Music/lyrics/lyricscom.py > %%DATADIR%%/metadata/Music/lyrics/lyricsmode.py > %%DATADIR%%/metadata/Music/lyrics/lyricswiki.py >@@ -1314,7 +1294,6 @@ > %%DATADIR%%/themes/MythCenter-wide/osd/tv.png > %%DATADIR%%/themes/MythCenter-wide/osd/video.png > %%DATADIR%%/themes/MythCenter-wide/preview.png >-%%DATADIR%%/themes/MythCenter-wide/qtlook.txt > %%DATADIR%%/themes/MythCenter-wide/recordings-ui.xml > %%DATADIR%%/themes/MythCenter-wide/schedule-ui.xml > %%DATADIR%%/themes/MythCenter-wide/settings-ui.xml >@@ -1427,7 +1406,6 @@ > %%DATADIR%%/themes/MythCenter/osd/tv.png > %%DATADIR%%/themes/MythCenter/osd/video.png > %%DATADIR%%/themes/MythCenter/preview.png >-%%DATADIR%%/themes/MythCenter/qtlook.txt > %%DATADIR%%/themes/MythCenter/recordings-ui.xml > %%DATADIR%%/themes/MythCenter/schedule-ui.xml > %%DATADIR%%/themes/MythCenter/status-ui.xml >@@ -1599,7 +1577,6 @@ > %%DATADIR%%/themes/Terra/popups/selected_submenu_arrow.png > %%DATADIR%%/themes/Terra/popups/submenu_arrow.png > %%DATADIR%%/themes/Terra/preview.png >-%%DATADIR%%/themes/Terra/qtlook.txt > %%DATADIR%%/themes/Terra/recordings-ui.xml > %%DATADIR%%/themes/Terra/recordings/filterlist_background.png > %%DATADIR%%/themes/Terra/recordings/flagging_1.png >@@ -1817,6 +1794,7 @@ > %%DATADIR%%/themes/default-wide/video-ui.xml > %%DATADIR%%/themes/default-wide/welcome-ui.xml > %%DATADIR%%/themes/default/appear-ui.xml >+%%DATADIR%%/themes/default/aspect_button.png > %%DATADIR%%/themes/default/autoexpire.png > %%DATADIR%%/themes/default/avchd.png > %%DATADIR%%/themes/default/background.png >@@ -1828,6 +1806,7 @@ > %%DATADIR%%/themes/default/blankbutton_on.png > %%DATADIR%%/themes/default/blankbutton_pushed.png > %%DATADIR%%/themes/default/bookmark.png >+%%DATADIR%%/themes/default/bookmark_button.png > %%DATADIR%%/themes/default/bottomright.png > %%DATADIR%%/themes/default/busyimages/0.png > %%DATADIR%%/themes/default/busyimages/1.png >@@ -1859,6 +1838,7 @@ > %%DATADIR%%/themes/default/button_selected_background.png > %%DATADIR%%/themes/default/categories.xml > %%DATADIR%%/themes/default/cc.png >+%%DATADIR%%/themes/default/cc_button.png > %%DATADIR%%/themes/default/check.png > %%DATADIR%%/themes/default/checkbox_background_off.png > %%DATADIR%%/themes/default/checkbox_background_selected.png >@@ -1876,6 +1856,8 @@ > %%DATADIR%%/themes/default/cursor.png > %%DATADIR%%/themes/default/cutlist.png > %%DATADIR%%/themes/default/damaged.png >+%%DATADIR%%/themes/default/dbl_left_arrow_button.png >+%%DATADIR%%/themes/default/dbl_right_arrow_button.png > %%DATADIR%%/themes/default/dd.png > %%DATADIR%%/themes/default/def-ro-lines.png > %%DATADIR%%/themes/default/down_arrow.png >@@ -1887,6 +1869,8 @@ > %%DATADIR%%/themes/default/dummy720x576p25.00.ts > %%DATADIR%%/themes/default/dummy768x576p50.00.ts > %%DATADIR%%/themes/default/error.png >+%%DATADIR%%/themes/default/ff_button.png >+%%DATADIR%%/themes/default/fill_button.png > %%DATADIR%%/themes/default/filler.png > %%DATADIR%%/themes/default/galleryfolder.png > %%DATADIR%%/themes/default/gg-arrow-down.png >@@ -1910,6 +1894,9 @@ > %%DATADIR%%/themes/default/htmls/progdetails_page1.html > %%DATADIR%%/themes/default/htmls/progdetails_page2.html > %%DATADIR%%/themes/default/image-ui.xml >+%%DATADIR%%/themes/default/info_button.png >+%%DATADIR%%/themes/default/jump_bookmark_button.png >+%%DATADIR%%/themes/default/jump_start_button.png > %%DATADIR%%/themes/default/keyboard/ar.xml > %%DATADIR%%/themes/default/keyboard/da.xml > %%DATADIR%%/themes/default/keyboard/de.xml >@@ -1975,6 +1962,7 @@ > %%DATADIR%%/themes/default/lb-uparrow-reg.png > %%DATADIR%%/themes/default/lb-uparrow-sel.png > %%DATADIR%%/themes/default/left_arrow.png >+%%DATADIR%%/themes/default/left_arrow_button.png > %%DATADIR%%/themes/default/leftarrow.png > %%DATADIR%%/themes/default/leftright_off.png > %%DATADIR%%/themes/default/leftright_on.png >@@ -2227,12 +2215,15 @@ > %%DATADIR%%/themes/default/locale/zw.png > %%DATADIR%%/themes/default/md_progress_background.png > %%DATADIR%%/themes/default/md_rip_banner.png >+%%DATADIR%%/themes/default/menu_button.png > %%DATADIR%%/themes/default/menu_cutlist.xml > %%DATADIR%%/themes/default/menu_cutlist_compact.xml > %%DATADIR%%/themes/default/menu_playback.xml > %%DATADIR%%/themes/default/menu_playback_compact.xml > %%DATADIR%%/themes/default/mono.png >+%%DATADIR%%/themes/default/more_button.png > %%DATADIR%%/themes/default/musicscanner.png >+%%DATADIR%%/themes/default/muted_button.png > %%DATADIR%%/themes/default/mv_browse_background.png > %%DATADIR%%/themes/default/mv_browse_selector.png > %%DATADIR%%/themes/default/mv_filerequest.png >@@ -2251,6 +2242,7 @@ > %%DATADIR%%/themes/default/notification-ui.xml > %%DATADIR%%/themes/default/osd.xml > %%DATADIR%%/themes/default/osd_subtitle.xml >+%%DATADIR%%/themes/default/pause_button.png > %%DATADIR%%/themes/default/pd-background.png > %%DATADIR%%/themes/default/pf-background.png > %%DATADIR%%/themes/default/pf-lines.png >@@ -2259,6 +2251,7 @@ > %%DATADIR%%/themes/default/pf-sel3.png > %%DATADIR%%/themes/default/pf-top.png > %%DATADIR%%/themes/default/pf-topbackground.png >+%%DATADIR%%/themes/default/play_button.png > %%DATADIR%%/themes/default/playlist_yes.png > %%DATADIR%%/themes/default/preview.png > %%DATADIR%%/themes/default/processing.png >@@ -2267,7 +2260,9 @@ > %%DATADIR%%/themes/default/progressbar_fill2.png > %%DATADIR%%/themes/default/reclist_background.png > %%DATADIR%%/themes/default/recordings-ui.xml >+%%DATADIR%%/themes/default/rew_button.png > %%DATADIR%%/themes/default/right_arrow.png >+%%DATADIR%%/themes/default/right_arrow_button.png > %%DATADIR%%/themes/default/rightarrow.png > %%DATADIR%%/themes/default/rk-background.png > %%DATADIR%%/themes/default/rk-lines.png >@@ -2312,6 +2307,7 @@ > %%DATADIR%%/themes/default/status-bar.png > %%DATADIR%%/themes/default/status-ui.xml > %%DATADIR%%/themes/default/stereo.png >+%%DATADIR%%/themes/default/stop_button.png > %%DATADIR%%/themes/default/subs.png > %%DATADIR%%/themes/default/subs_onscreen.png > %%DATADIR%%/themes/default/surround.png >@@ -2326,6 +2322,7 @@ > %%DATADIR%%/themes/default/trans-sr-background.png > %%DATADIR%%/themes/default/unchecked.png > %%DATADIR%%/themes/default/unchecked_high.png >+%%DATADIR%%/themes/default/unmuted_button.png > %%DATADIR%%/themes/default/up_arrow.png > %%DATADIR%%/themes/default/uparrow.png > %%DATADIR%%/themes/default/very_wide_button_background.png
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=201877">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 234551
:
200688
|
200758
|
200851
|
200852
|
201071
| 201877 |
201878
|
201879