Index: Makefile =================================================================== --- Makefile (revision 491303) +++ Makefile (working copy) @@ -3,8 +3,8 @@ PORTNAME= mythtv DISTVERSIONPREFIX= v -DISTVERSION= 29.1 -PORTREVISION?= 3 +DISTVERSION= 30.0 +PORTREVISION?= 0 PORTEPOCH= 1 CATEGORIES= multimedia @@ -14,21 +14,24 @@ LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/COPYING -BROKEN= fails to build ONLY_FOR_ARCHS= amd64 i386 -LIB_DEPENDS= libmp3lame.so:audio/lame \ +LIB_DEPENDS= liblzo2.so:archivers/lzo2 \ + libmp3lame.so:audio/lame \ + libsamplerate.so:audio/libsamplerate \ libtag.so:audio/taglib \ libexiv2.so:graphics/exiv2 \ libva.so:multimedia/libva \ + libbluray.so:multimedia/libbluray \ libass.so:multimedia/libass \ libfftw3_threads.so:math/fftw3 \ libfftw3f.so:math/fftw3-float \ libfreetype.so:print/freetype2 \ libxml2.so:textproc/libxml2 -BUILD_DEPENDS= yasm:devel/yasm +BUILD_DEPENDS= yasm:devel/yasm \ + ${LOCALBASE}/include/linux/input.h:devel/evdev-proto -USES= gmake iconv libtool pkgconfig pathfix qmake:no_env qt:5 ssl +USES= gmake gl iconv libtool pkgconfig pathfix qmake:no_env qt:5 ssl USE_GITHUB= yes GH_ACCOUNT= MythTV USE_GL= gl @@ -42,8 +45,8 @@ CONFIGURE_ARGS= --prefix="${PREFIX}" --cc="${CC}" --cxx="${CXX}" \ --libxml2-path="${LOCALBASE}/include/libxml2" \ --enable-opengl-video \ - --disable-audio-alsa --disable-indev=alsa --disable-outdev=alsa \ - --disable-mythlogserver + --disable-audio-alsa --disable-indev=alsa \ + --disable-outdev=alsa CONFIGURE_ENV= QMAKESPEC="${QMAKESPEC}" MOC="${MOC}" \ QTDIR="${PREFIX}" PKG_CONFIG_PATH="${LOCALBASE}/libdata/pkgconfig" MAKE_ENV= QTDIR="${PREFIX}" \ @@ -84,7 +87,8 @@ programs/scripts/internetcontent/nv_python_libs/*.py \ programs/scripts/hardwareprofile/*.py \ programs/scripts/metadata/Television/ttvdb.py \ - programs/scripts/metadata/Movie/tmdb3.py + programs/scripts/metadata/Movie/tmdb3.py \ + programs/scripts/metadata/Music/mbutils.py CONFIGURE_ARGS+=--dvb-path="${LOCALBASE}/include" \ --enable-ivtv --enable-v4l2 --enable-xv @@ -108,6 +112,7 @@ p5-DBD-mysql>0:databases/p5-DBD-mysql \ p5-Net-UPnP>=0:multimedia/p5-Net-UPnP \ p5-IO-Socket-INET6>=2.51:net/p5-IO-Socket-INET6 \ + p5-XML-Simple>=0:textproc/p5-XML-Simple \ p5-HTTP-Request-Params>=0:www/p5-HTTP-Request-Params \ p5-LWP-UserAgent-Determined>=0:www/p5-LWP-UserAgent-Determined BINDINGS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}MySQLdb>=1.2.2:databases/py-MySQLdb@${PY_FLAVOR} \ @@ -121,6 +126,7 @@ p5-DBD-mysql>0:databases/p5-DBD-mysql \ p5-Net-UPnP>=0:multimedia/p5-Net-UPnP \ p5-IO-Socket-INET6>=2.51:net/p5-IO-Socket-INET6 \ + p5-XML-Simple>=0:textproc/p5-XML-Simple \ p5-HTTP-Request-Params>=0:www/p5-HTTP-Request-Params \ p5-LWP-UserAgent-Determined>=0:www/p5-LWP-UserAgent-Determined BINDINGS_CONFIGURE_ON= --python=${PYTHON_CMD} Index: distinfo =================================================================== --- distinfo (revision 491303) +++ distinfo (working copy) @@ -1,3 +1,3 @@ -TIMESTAMP = 1539236555 -SHA256 (MythTV-mythtv-v29.1_GH0.tar.gz) = e40ec8111d39fd059a9ec741b10016683bcc66ee3b33c4cdaab93d60851f5d3e -SIZE (MythTV-mythtv-v29.1_GH0.tar.gz) = 105616253 +TIMESTAMP = 1548724555 +SHA256 (MythTV-mythtv-v30.0_GH0.tar.gz) = 7f7ae9b8927659616f181afc12d7ddc26b0a4b0d13982e2586985f4770640b43 +SIZE (MythTV-mythtv-v30.0_GH0.tar.gz) = 101169041 Index: files/extrapatch-programs_programs.pro =================================================================== --- files/extrapatch-programs_programs.pro (revision 491303) +++ files/extrapatch-programs_programs.pro (working copy) @@ -2,7 +2,7 @@ --- programs/programs.pro.orig 2018-01-11 12:39:22 UTC +++ programs/programs.pro -@@ -15,12 +15,4 @@ using_frontend { +@@ -15,13 +15,4 @@ using_frontend { !mingw:!win32-msvc*: SUBDIRS += mythtranscode/external/replex } @@ -12,6 +12,7 @@ - - !win32-msvc*:SUBDIRS += scripts - !mingw:!win32-msvc*: SUBDIRS += mythfilerecorder +- !mingw:!win32-msvc*: SUBDIRS += mythexternrecorder -} - using_mythtranscode: SUBDIRS += mythtranscode Index: files/patch-CVE-2016-10190 =================================================================== --- files/patch-CVE-2016-10190 (revision 491303) +++ files/patch-CVE-2016-10190 (nonexistent) @@ -1,239 +0,0 @@ -From 0e0a413725e0221e1a9d0b7595e22bf57e23a09c Mon Sep 17 00:00:00 2001 -From: "Ronald S. Bultje" -Date: Mon, 5 Dec 2016 08:02:33 -0500 -Subject: [PATCH] http: make length/offset-related variables unsigned. - -Fixes #5992, reported and found by Paul Cher . - -(cherry picked from commit 2a05c8f813de6f2278827734bf8102291e7484aa) ---- - libavformat/http.c | 70 +++++++++++++++++++++++++++++------------------------- - 1 file changed, 38 insertions(+), 32 deletions(-) - -diff --git libavformat/http.c libavformat/http.c -index d48958d8a3c..13f3be42271 100644 ---- external/FFmpeg/libavformat/http.c -+++ external/FFmpeg/libavformat/http.c -@@ -62,8 +62,8 @@ typedef struct HTTPContext { - int line_count; - int http_code; - /* Used if "Transfer-Encoding: chunked" otherwise -1. */ -- int64_t chunksize; -- int64_t off, end_off, filesize; -+ uint64_t chunksize; -+ uint64_t off, end_off, filesize; - char *location; - HTTPAuthState auth_state; - HTTPAuthState proxy_auth_state; -@@ -95,9 +95,9 @@ typedef struct HTTPContext { - AVDictionary *cookie_dict; - int icy; - /* how much data was read since the last ICY metadata packet */ -- int icy_data_read; -+ uint64_t icy_data_read; - /* after how many bytes of read data a new metadata packet will be found */ -- int icy_metaint; -+ uint64_t icy_metaint; - char *icy_metadata_headers; - char *icy_metadata_packet; - AVDictionary *metadata; -@@ -489,7 +489,7 @@ static int http_open(URLContext *h, const char *uri, int flags, - else - h->is_streamed = 1; - -- s->filesize = -1; -+ s->filesize = UINT64_MAX; - s->location = av_strdup(uri); - if (!s->location) - return AVERROR(ENOMEM); -@@ -616,9 +616,9 @@ static void parse_content_range(URLContext *h, const char *p) - - if (!strncmp(p, "bytes ", 6)) { - p += 6; -- s->off = strtoll(p, NULL, 10); -+ s->off = strtoull(p, NULL, 10); - if ((slash = strchr(p, '/')) && strlen(slash) > 0) -- s->filesize = strtoll(slash + 1, NULL, 10); -+ s->filesize = strtoull(slash + 1, NULL, 10); - } - if (s->seekable == -1 && (!s->is_akamai || s->filesize != 2147483647)) - h->is_streamed = 0; /* we _can_ in fact seek */ -@@ -808,8 +808,9 @@ static int process_line(URLContext *h, char *line, int line_count, - if ((ret = parse_location(s, p)) < 0) - return ret; - *new_location = 1; -- } else if (!av_strcasecmp(tag, "Content-Length") && s->filesize == -1) { -- s->filesize = strtoll(p, NULL, 10); -+ } else if (!av_strcasecmp(tag, "Content-Length") && -+ s->filesize == UINT64_MAX) { -+ s->filesize = strtoull(p, NULL, 10); - } else if (!av_strcasecmp(tag, "Content-Range")) { - parse_content_range(h, p); - } else if (!av_strcasecmp(tag, "Accept-Ranges") && -@@ -818,7 +819,7 @@ static int process_line(URLContext *h, char *line, int line_count, - h->is_streamed = 0; - } else if (!av_strcasecmp(tag, "Transfer-Encoding") && - !av_strncasecmp(p, "chunked", 7)) { -- s->filesize = -1; -+ s->filesize = UINT64_MAX; - s->chunksize = 0; - } else if (!av_strcasecmp(tag, "WWW-Authenticate")) { - ff_http_auth_handle_header(&s->auth_state, tag, p); -@@ -842,7 +843,7 @@ static int process_line(URLContext *h, char *line, int line_count, - if (parse_cookie(s, p, &s->cookie_dict)) - av_log(h, AV_LOG_WARNING, "Unable to parse '%s'\n", p); - } else if (!av_strcasecmp(tag, "Icy-MetaInt")) { -- s->icy_metaint = strtoll(p, NULL, 10); -+ s->icy_metaint = strtoull(p, NULL, 10); - } else if (!av_strncasecmp(tag, "Icy-", 4)) { - if ((ret = parse_icy(s, tag, p)) < 0) - return ret; -@@ -972,7 +973,7 @@ static int http_read_header(URLContext *h, int *new_location) - char line[MAX_URL_SIZE]; - int err = 0; - -- s->chunksize = -1; -+ s->chunksize = UINT64_MAX; - - for (;;) { - if ((err = http_get_line(s, line, sizeof(line))) < 0) -@@ -1006,7 +1007,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path, - int post, err; - char headers[HTTP_HEADERS_SIZE] = ""; - char *authstr = NULL, *proxyauthstr = NULL; -- int64_t off = s->off; -+ uint64_t off = s->off; - int len = 0; - const char *method; - int send_expect_100 = 0; -@@ -1060,7 +1061,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path, - // server supports seeking by analysing the reply headers. - if (!has_header(s->headers, "\r\nRange: ") && !post && (s->off > 0 || s->end_off || s->seekable == -1)) { - len += av_strlcatf(headers + len, sizeof(headers) - len, -- "Range: bytes=%"PRId64"-", s->off); -+ "Range: bytes=%"PRIu64"-", s->off); - if (s->end_off) - len += av_strlcatf(headers + len, sizeof(headers) - len, - "%"PRId64, s->end_off - 1); -@@ -1135,7 +1136,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path, - s->line_count = 0; - s->off = 0; - s->icy_data_read = 0; -- s->filesize = -1; -+ s->filesize = UINT64_MAX; - s->willclose = 0; - s->end_chunked_post = 0; - s->end_header = 0; -@@ -1175,15 +1176,13 @@ static int http_buf_read(URLContext *h, uint8_t *buf, int size) - memcpy(buf, s->buf_ptr, len); - s->buf_ptr += len; - } else { -- int64_t target_end = s->end_off ? s->end_off : s->filesize; -- if ((!s->willclose || s->chunksize < 0) && -- target_end >= 0 && s->off >= target_end) -+ uint64_t target_end = s->end_off ? s->end_off : s->filesize; -+ if ((!s->willclose || s->chunksize == UINT64_MAX) && s->off >= target_end) - return AVERROR_EOF; - len = ffurl_read(s->hd, buf, size); -- if (!len && (!s->willclose || s->chunksize < 0) && -- target_end >= 0 && s->off < target_end) { -+ if (!len && (!s->willclose || s->chunksize == UINT64_MAX) && s->off < target_end) { - av_log(h, AV_LOG_ERROR, -- "Stream ends prematurely at %"PRId64", should be %"PRId64"\n", -+ "Stream ends prematurely at %"PRIu64", should be %"PRIu64"\n", - s->off, target_end - ); - return AVERROR(EIO); -@@ -1247,7 +1246,7 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) - return err; - } - -- if (s->chunksize >= 0) { -+ if (s->chunksize != UINT64_MAX) { - if (!s->chunksize) { - char line[32]; - -@@ -1256,13 +1255,19 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) - return err; - } while (!*line); /* skip CR LF from last chunk */ - -- s->chunksize = strtoll(line, NULL, 16); -+ s->chunksize = strtoull(line, NULL, 16); - -- av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n", -+ av_log(h, AV_LOG_TRACE, -+ "Chunked encoding data size: %"PRIu64"'\n", - s->chunksize); - - if (!s->chunksize) - return 0; -+ else if (s->chunksize == UINT64_MAX) { -+ av_log(h, AV_LOG_ERROR, "Invalid chunk size %"PRIu64"\n", -+ s->chunksize); -+ return AVERROR(EINVAL); -+ } - } - size = FFMIN(size, s->chunksize); - } -@@ -1273,17 +1278,17 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) - read_ret = http_buf_read(h, buf, size); - if ( (read_ret < 0 && s->reconnect && (!h->is_streamed || s->reconnect_streamed) && s->filesize > 0 && s->off < s->filesize) - || (read_ret == 0 && s->reconnect_at_eof && (!h->is_streamed || s->reconnect_streamed))) { -- int64_t target = h->is_streamed ? 0 : s->off; -+ uint64_t target = h->is_streamed ? 0 : s->off; - - if (s->reconnect_delay > s->reconnect_delay_max) - return AVERROR(EIO); - -- av_log(h, AV_LOG_INFO, "Will reconnect at %"PRId64" error=%s.\n", s->off, av_err2str(read_ret)); -+ av_log(h, AV_LOG_INFO, "Will reconnect at %"PRIu64" error=%s.\n", s->off, av_err2str(read_ret)); - av_usleep(1000U*1000*s->reconnect_delay); - s->reconnect_delay = 1 + 2*s->reconnect_delay; - seek_ret = http_seek_internal(h, target, SEEK_SET, 1); - if (seek_ret != target) { -- av_log(h, AV_LOG_ERROR, "Failed to reconnect at %"PRId64".\n", target); -+ av_log(h, AV_LOG_ERROR, "Failed to reconnect at %"PRIu64".\n", target); - return read_ret; - } - -@@ -1338,10 +1343,11 @@ static int store_icy(URLContext *h, int size) - { - HTTPContext *s = h->priv_data; - /* until next metadata packet */ -- int remaining = s->icy_metaint - s->icy_data_read; -+ uint64_t remaining; - -- if (remaining < 0) -+ if (s->icy_metaint < s->icy_data_read) - return AVERROR_INVALIDDATA; -+ remaining = s->icy_metaint - s->icy_data_read; - - if (!remaining) { - /* The metadata packet is variable sized. It has a 1 byte header -@@ -1455,7 +1461,7 @@ static int64_t http_seek_internal(URLContext *h, int64_t off, int whence, int fo - { - HTTPContext *s = h->priv_data; - URLContext *old_hd = s->hd; -- int64_t old_off = s->off; -+ uint64_t old_off = s->off; - uint8_t old_buf[BUFFER_SIZE]; - int old_buf_size, ret; - AVDictionary *options = NULL; -@@ -1466,7 +1472,7 @@ static int64_t http_seek_internal(URLContext *h, int64_t off, int whence, int fo - ((whence == SEEK_CUR && off == 0) || - (whence == SEEK_SET && off == s->off))) - return s->off; -- else if ((s->filesize == -1 && whence == SEEK_END)) -+ else if ((s->filesize == UINT64_MAX && whence == SEEK_END)) - return AVERROR(ENOSYS); - - if (whence == SEEK_CUR) -@@ -1621,7 +1627,7 @@ static int http_proxy_open(URLContext *h, const char *uri, int flags) - s->buf_ptr = s->buffer; - s->buf_end = s->buffer; - s->line_count = 0; -- s->filesize = -1; -+ s->filesize = UINT64_MAX; - cur_auth_type = s->proxy_auth_state.auth_type; - - /* Note: This uses buffering, potentially reading more than the Property changes on: files/patch-CVE-2016-10190 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2016-10192 =================================================================== --- files/patch-CVE-2016-10192 (revision 491303) +++ files/patch-CVE-2016-10192 (nonexistent) @@ -1,40 +0,0 @@ -From c12ee64e80af2517005231388fdf4ea78f16bb0e Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Mon, 5 Dec 2016 17:27:45 +0100 -Subject: [PATCH] ffserver: Check chunk size - -Fixes out of array access - -Fixes: poc_ffserver.py -Found-by: Paul Cher -Signed-off-by: Michael Niedermayer -(cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156) -Signed-off-by: Michael Niedermayer ---- - ffserver.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git ffserver.c ffserver.c -index 453d790e6cd..aec808e78cb 100644 ---- external/FFmpeg/ffserver.c.orig -+++ external/FFmpeg/ffserver.c -@@ -2702,8 +2702,10 @@ static int http_receive_data(HTTPContext *c) - } else if (c->buffer_ptr - c->buffer >= 2 && - !memcmp(c->buffer_ptr - 1, "\r\n", 2)) { - c->chunk_size = strtol(c->buffer, 0, 16); -- if (c->chunk_size == 0) // end of stream -+ if (c->chunk_size <= 0) { // end of stream or invalid chunk size -+ c->chunk_size = 0; - goto fail; -+ } - c->buffer_ptr = c->buffer; - break; - } else if (++loop_run > 10) -@@ -2725,6 +2727,7 @@ static int http_receive_data(HTTPContext *c) - /* end of connection : close it */ - goto fail; - else { -+ av_assert0(len <= c->chunk_size); - c->chunk_size -= len; - c->buffer_ptr += len; - c->data_count += len; Property changes on: files/patch-CVE-2016-10192 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-05024 =================================================================== --- files/patch-CVE-2017-05024 (revision 491303) +++ files/patch-CVE-2017-05024 (nonexistent) @@ -1,31 +0,0 @@ -From ed2572b9c8f885e2a4764d2e34604442a71899a1 Mon Sep 17 00:00:00 2001 -From: Matt Wolenetz -Date: Wed, 14 Dec 2016 15:26:19 -0800 -Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid - -Core of patch is from paul@paulmehta.com -Reference https://crbug.com/643951 - -Signed-off-by: Michael Niedermayer -Check value reduced as the code does not support values beyond INT_MAX -Also the check is moved to a more common place and before integer truncation - -(cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd) -Signed-off-by: Michael Niedermayer ---- - libavformat/mov.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavformat/mov.c libavformat/mov.c -index 17d0475aae1..74b58255784 100644 ---- external/FFmpeg/libavformat/mov.c -+++ external/FFmpeg/libavformat/mov.c -@@ -4436,7 +4436,7 @@ static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom) - 0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac - }; - -- if (atom.size < sizeof(uuid) || atom.size == INT64_MAX) -+ if (atom.size < sizeof(uuid) || atom.size >= FFMIN(INT_MAX, SIZE_MAX)) - return AVERROR_INVALIDDATA; - - ret = avio_read(pb, uuid, sizeof(uuid)); Property changes on: files/patch-CVE-2017-05024 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-05025 =================================================================== --- files/patch-CVE-2017-05025 (revision 491303) +++ files/patch-CVE-2017-05025 (nonexistent) @@ -1,30 +0,0 @@ -From cf8e004a51b08c6e8ceaeebca85ab84c7ed0b4cf Mon Sep 17 00:00:00 2001 -From: Matt Wolenetz -Date: Wed, 14 Dec 2016 15:24:42 -0800 -Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr - -Core of patch is from paul@paulmehta.com -Reference https://crbug.com/643950 - -Signed-off-by: Michael Niedermayer -Check value reduced as the code does not support larger lengths - -(cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) -Signed-off-by: Michael Niedermayer ---- - libavformat/mov.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git libavformat/mov.c libavformat/mov.c -index 1e2141808da..17d0475aae1 100644 ---- external/FFmpeg/libavformat/mov.c -+++ external/FFmpeg/libavformat/mov.c -@@ -739,6 +739,8 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom) - - title_size = atom.size - 24; - if (title_size > 0) { -+ if (title_size > FFMIN(INT_MAX, SIZE_MAX-1)) -+ return AVERROR_INVALIDDATA; - title_str = av_malloc(title_size + 1); /* Add null terminator */ - if (!title_str) - return AVERROR(ENOMEM); Property changes on: files/patch-CVE-2017-05025 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-07862 =================================================================== --- files/patch-CVE-2017-07862 (revision 491303) +++ files/patch-CVE-2017-07862 (nonexistent) @@ -1,28 +0,0 @@ -From a1a14982ec5b9954637cdc9ce8daf01d211e5c79 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Tue, 7 Feb 2017 15:49:09 +0100 -Subject: [PATCH] avcodec/pictordec: Fix logic error - -Fixes: 559/clusterfuzz-testcase-6424225917173760 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Signed-off-by: Michael Niedermayer -(cherry picked from commit 8c2ea3030af7b40a3c4275696fb5c76cdb80950a) -Signed-off-by: Michael Niedermayer ---- - libavcodec/pictordec.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavcodec/pictordec.c libavcodec/pictordec.c -index ff6eb7f4fc9..0cfc7858326 100644 ---- external/FFmpeg/libavcodec/pictordec.c -+++ external/FFmpeg/libavcodec/pictordec.c -@@ -142,7 +142,7 @@ static int decode_frame(AVCodecContext *avctx, - - if (av_image_check_size(s->width, s->height, 0, avctx) < 0) - return -1; -- if (s->width != avctx->width && s->height != avctx->height) { -+ if (s->width != avctx->width || s->height != avctx->height) { - ret = ff_set_dimensions(avctx, s->width, s->height); - if (ret < 0) - return ret; Property changes on: files/patch-CVE-2017-07862 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-07866 =================================================================== --- files/patch-CVE-2017-07866 (revision 491303) +++ files/patch-CVE-2017-07866 (nonexistent) @@ -1,37 +0,0 @@ -From bd6c1d5149fbc4f2a0200ad99e7f56f4fb7d518a Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Mon, 23 Jan 2017 01:25:27 +0100 -Subject: [PATCH] avcodec/pngdec: Fix off by 1 size in decode_zbuf() - -Fixes out of array access -Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Signed-off-by: Michael Niedermayer -(cherry picked from commit e371f031b942d73e02c090170975561fabd5c264) -Signed-off-by: Michael Niedermayer ---- - libavcodec/pngdec.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git libavcodec/pngdec.c libavcodec/pngdec.c -index 36275ae43f5..7ade0cee661 100644 ---- external/FFmpeg/libavcodec/pngdec.c -+++ external/FFmpeg/libavcodec/pngdec.c -@@ -437,13 +437,13 @@ static int decode_zbuf(AVBPrint *bp, const uint8_t *data, - av_bprint_init(bp, 0, -1); - - while (zstream.avail_in > 0) { -- av_bprint_get_buffer(bp, 1, &buf, &buf_size); -- if (!buf_size) { -+ av_bprint_get_buffer(bp, 2, &buf, &buf_size); -+ if (buf_size < 2) { - ret = AVERROR(ENOMEM); - goto fail; - } - zstream.next_out = buf; -- zstream.avail_out = buf_size; -+ zstream.avail_out = buf_size - 1; - ret = inflate(&zstream, Z_PARTIAL_FLUSH); - if (ret != Z_OK && ret != Z_STREAM_END) { - ret = AVERROR_EXTERNAL; Property changes on: files/patch-CVE-2017-07866 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09608a =================================================================== --- files/patch-CVE-2017-09608a (revision 491303) +++ files/patch-CVE-2017-09608a (nonexistent) @@ -1,116 +0,0 @@ -From e1940d2458353943e2fab6bdb87d2278077e22a5 Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Mon, 20 Mar 2017 22:47:48 +0100 -Subject: [PATCH] avcodec/dnxhd_parser: take into account compressed frame size - and skip it - -Fixes #6214 and vsynth1-dnxhd-720p-hr-lb. - -Signed-off-by: Paul B Mahol ---- - libavcodec/dnxhd_parser.c | 65 +++++++++++++++++++++++++++---- - tests/ref/vsynth/vsynth1-dnxhd-720p-hr-lb | 4 +- - 2 files changed, 60 insertions(+), 9 deletions(-) - -diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c -index 033b8ee7e11..4f9bbceeeb5 100644 ---- external/FFmpeg/libavcodec/dnxhd_parser.c -+++ external/FFmpeg/libavcodec/dnxhd_parser.c -@@ -31,8 +31,24 @@ typedef struct { - ParseContext pc; - int interlaced; - int cur_field; /* first field is 0, second is 1 */ -+ int cur_byte; -+ int remaining; -+ int w, h; - } DNXHDParserContext; - -+static int dnxhd_get_hr_frame_size(int cid, int w, int h) -+{ -+ int result, i = ff_dnxhd_get_cid_table(cid); -+ -+ if (i < 0) -+ return i; -+ -+ result = ((h + 15) / 16) * ((w + 15) / 16) * ff_dnxhd_cid_table[i].packet_scale.num / ff_dnxhd_cid_table[i].packet_scale.den; -+ result = (result + 2048) / 4096 * 4096; -+ -+ return FFMAX(result, 8192); -+} -+ - static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - const uint8_t *buf, int buf_size) - { -@@ -51,30 +67,65 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - pic_found = 1; - interlaced = (state&2)>>1; /* byte following the 5-byte header prefix */ - cur_field = state&1; -+ dctx->cur_byte = 0; -+ dctx->remaining = 0; - break; - } - } - } - -- if (pic_found) { -+ if (pic_found && !dctx->remaining) { - if (!buf_size) /* EOF considered as end of frame */ - return 0; - for (; i < buf_size; i++) { -+ dctx->cur_byte++; - state = (state << 8) | buf[i]; -- if (ff_dnxhd_check_header_prefix(state & 0xffffffffff00LL) != 0) { -- if (!interlaced || dctx->cur_field) { -+ -+ if (dctx->cur_byte == 24) { -+ dctx->h = (state >> 32) & 0xFFFF; -+ } else if (dctx->cur_byte == 26) { -+ dctx->w = (state >> 32) & 0xFFFF; -+ } else if (dctx->cur_byte == 42) { -+ int cid = (state >> 32) & 0xFFFFFFFF; -+ -+ if (cid <= 0) -+ continue; -+ -+ dctx->remaining = avpriv_dnxhd_get_frame_size(cid); -+ if (dctx->remaining <= 0) { -+ dctx->remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); -+ if (dctx->remaining <= 0) -+ return dctx->remaining; -+ } -+ if (buf_size - i >= dctx->remaining && (!dctx->interlaced || dctx->cur_field)) { -+ int remaining = dctx->remaining; -+ - pc->frame_start_found = 0; - pc->state64 = -1; - dctx->interlaced = interlaced; - dctx->cur_field = 0; -- return i - 5; -+ dctx->cur_byte = 0; -+ dctx->remaining = 0; -+ return remaining; - } else { -- /* continue, to get the second field */ -- dctx->interlaced = interlaced = (state&2)>>1; -- dctx->cur_field = cur_field = state&1; -+ dctx->remaining -= buf_size; - } - } - } -+ } else if (pic_found) { -+ if (dctx->remaining > buf_size) { -+ dctx->remaining -= buf_size; -+ } else { -+ int remaining = dctx->remaining; -+ -+ pc->frame_start_found = 0; -+ pc->state64 = -1; -+ dctx->interlaced = interlaced; -+ dctx->cur_field = 0; -+ dctx->cur_byte = 0; -+ dctx->remaining = 0; -+ return remaining; -+ } - } - pc->frame_start_found = pic_found; - pc->state64 = state; Property changes on: files/patch-CVE-2017-09608a ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09608b =================================================================== --- files/patch-CVE-2017-09608b (revision 491303) +++ files/patch-CVE-2017-09608b (nonexistent) @@ -1,82 +0,0 @@ -From da693f8daa62cb76a2aa05021d6c8d53a1b816b2 Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Sun, 23 Apr 2017 11:53:57 +0200 -Subject: [PATCH] avcodec/dnxhd_parser: fix parsing interlaced video, simplify - code - -There appears to be no need to treat interlaced videos differently, -also that code is flawed, as for at least one input cur_field would -be always 0. - -Fixes ticket #6344. - -Signed-off-by: Paul B Mahol -(cherry picked from commit ac30754a148df58822a272555d1f6f860e42037e) ---- - libavcodec/dnxhd_parser.c | 14 +------------- - 1 file changed, 1 insertion(+), 13 deletions(-) - -diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c -index 4f9bbceeeb5..a1f632a620e 100644 ---- external/FFmpeg/libavcodec/dnxhd_parser.c -+++ external/FFmpeg/libavcodec/dnxhd_parser.c -@@ -29,8 +29,6 @@ - - typedef struct { - ParseContext pc; -- int interlaced; -- int cur_field; /* first field is 0, second is 1 */ - int cur_byte; - int remaining; - int w, h; -@@ -56,8 +54,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - uint64_t state = pc->state64; - int pic_found = pc->frame_start_found; - int i = 0; -- int interlaced = dctx->interlaced; -- int cur_field = dctx->cur_field; - - if (!pic_found) { - for (i = 0; i < buf_size; i++) { -@@ -65,8 +61,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - if (ff_dnxhd_check_header_prefix(state & 0xffffffffff00LL) != 0) { - i++; - pic_found = 1; -- interlaced = (state&2)>>1; /* byte following the 5-byte header prefix */ -- cur_field = state&1; - dctx->cur_byte = 0; - dctx->remaining = 0; - break; -@@ -97,13 +91,11 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - if (dctx->remaining <= 0) - return dctx->remaining; - } -- if (buf_size - i >= dctx->remaining && (!dctx->interlaced || dctx->cur_field)) { -+ if (buf_size - i + 47 >= dctx->remaining) { - int remaining = dctx->remaining; - - pc->frame_start_found = 0; - pc->state64 = -1; -- dctx->interlaced = interlaced; -- dctx->cur_field = 0; - dctx->cur_byte = 0; - dctx->remaining = 0; - return remaining; -@@ -120,8 +112,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - - pc->frame_start_found = 0; - pc->state64 = -1; -- dctx->interlaced = interlaced; -- dctx->cur_field = 0; - dctx->cur_byte = 0; - dctx->remaining = 0; - return remaining; -@@ -129,8 +119,6 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - } - pc->frame_start_found = pic_found; - pc->state64 = state; -- dctx->interlaced = interlaced; -- dctx->cur_field = cur_field; - return END_NOT_FOUND; - } - Property changes on: files/patch-CVE-2017-09608b ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09608c =================================================================== --- files/patch-CVE-2017-09608c (revision 491303) +++ files/patch-CVE-2017-09608c (nonexistent) @@ -1,45 +0,0 @@ -From 0a709e2a10b8288a0cc383547924ecfe285cef89 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Wed, 14 Jun 2017 16:58:20 +0200 -Subject: [PATCH] avcodec/dnxhd_parser: Do not return invalid value from - dnxhd_find_frame_end() on error - -Fixes: Null pointer dereference - -Fixes: CVE-2017-9608 -Found-by: Yihan Lian -Signed-off-by: Michael Niedermayer -(cherry picked from commit 611b35627488a8d0763e75c25ee0875c5b7987dd) -Signed-off-by: Michael Niedermayer ---- - libavcodec/dnxhd_parser.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c -index a1f632a620e..f1166be1007 100644 ---- external/FFmpeg/libavcodec/dnxhd_parser.c -+++ external/FFmpeg/libavcodec/dnxhd_parser.c -@@ -81,16 +81,18 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - dctx->w = (state >> 32) & 0xFFFF; - } else if (dctx->cur_byte == 42) { - int cid = (state >> 32) & 0xFFFFFFFF; -+ int remaining; - - if (cid <= 0) - continue; - -- dctx->remaining = avpriv_dnxhd_get_frame_size(cid); -- if (dctx->remaining <= 0) { -- dctx->remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); -- if (dctx->remaining <= 0) -- return dctx->remaining; -+ remaining = avpriv_dnxhd_get_frame_size(cid); -+ if (remaining <= 0) { -+ remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); -+ if (remaining <= 0) -+ continue; - } -+ dctx->remaining = remaining; - if (buf_size - i + 47 >= dctx->remaining) { - int remaining = dctx->remaining; - Property changes on: files/patch-CVE-2017-09608c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09991 =================================================================== --- files/patch-CVE-2017-09991 (revision 491303) +++ files/patch-CVE-2017-09991 (nonexistent) @@ -1,32 +0,0 @@ -From 85c8c0c826e78d159ea242ce64d7e8feeeeca741 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sun, 7 May 2017 18:50:49 +0200 -Subject: [PATCH] avcodec/xwddec: Check bpp more completely - -Fixes out of array access -Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Signed-off-by: Michael Niedermayer -(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06) -Signed-off-by: Michael Niedermayer ---- - libavcodec/xwddec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git libavcodec/xwddec.c libavcodec/xwddec.c -index 64cd8418a20..8b0845fc013 100644 ---- external/FFmpeg/libavcodec/xwddec.c -+++ external/FFmpeg/libavcodec/xwddec.c -@@ -157,9 +157,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, - case XWD_GRAY_SCALE: - if (bpp != 1 && bpp != 8) - return AVERROR_INVALIDDATA; -- if (pixdepth == 1) { -+ if (bpp == 1 && pixdepth == 1) { - avctx->pix_fmt = AV_PIX_FMT_MONOWHITE; -- } else if (pixdepth == 8) { -+ } else if (bpp == 8 && pixdepth == 8) { - avctx->pix_fmt = AV_PIX_FMT_GRAY8; - } - break; Property changes on: files/patch-CVE-2017-09991 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09992 =================================================================== --- files/patch-CVE-2017-09992 (revision 491303) +++ files/patch-CVE-2017-09992 (nonexistent) @@ -1,29 +0,0 @@ -From 536af4212100dee1577fe2d30814762c58038efc Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Fri, 5 May 2017 20:42:11 +0200 -Subject: [PATCH] avcodec/dfa: Fix off by 1 error - -Fixes out of array access -Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Signed-off-by: Michael Niedermayer -(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360) -Signed-off-by: Michael Niedermayer ---- - libavcodec/dfa.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavcodec/dfa.c libavcodec/dfa.c -index f45d019a792..5ddb647c4cb 100644 ---- external/FFmpeg/libavcodec/dfa.c -+++ external/FFmpeg/libavcodec/dfa.c -@@ -175,7 +175,7 @@ static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height - return AVERROR_INVALIDDATA; - frame += v; - } else { -- if (frame_end - frame < width + 3) -+ if (frame_end - frame < width + 4) - return AVERROR_INVALIDDATA; - frame[0] = frame[1] = - frame[width] = frame[width + 1] = bytestream2_get_byte(gb); Property changes on: files/patch-CVE-2017-09992 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09993a =================================================================== --- files/patch-CVE-2017-09993a (revision 491303) +++ files/patch-CVE-2017-09993a (nonexistent) @@ -1,91 +0,0 @@ -From 25dac3128b605f2867e3e0f0288b896f84d3a033 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 3 Jun 2017 21:20:04 +0200 -Subject: [PATCH] avformat/hls: Check local file extensions - -This reduces the attack surface of local file-system -information leaking. - -It prevents the existing exploit leading to an information leak. As -well as similar hypothetical attacks. - -Leaks of information from files and symlinks ending in common multimedia extensions -are still possible. But files with sensitive information like private keys and passwords -generally do not use common multimedia filename extensions. -It does not stop leaks via remote addresses in the LAN. - -The existing exploit depends on a specific decoder as well. -It does appear though that the exploit should be possible with any decoder. -The problem is that as long as sensitive information gets into the decoder, -the output of the decoder becomes sensitive as well. -The only obvious solution is to prevent access to sensitive information. Or to -disable hls or possibly some of its feature. More complex solutions like -checking the path to limit access to only subdirectories of the hls path may -work as an alternative. But such solutions are fragile and tricky to implement -portably and would not stop every possible attack nor would they work with all -valid hls files. - -Developers have expressed their dislike / objected to disabling hls by default as well -as disabling hls with local files. There also where objections against restricting -remote url file extensions. This here is a less robust but also lower -inconvenience solution. -It can be applied stand alone or together with other solutions. -limiting the check to local files was suggested by nevcairiel - -This recommits the security fix without the author name joke which was -originally requested by Nicolas. - -Found-by: Emil Lerner and Pavel Cheremushkin -Reported-by: Thierry Foucu - -Signed-off-by: Michael Niedermayer -(cherry picked from commit 189ff4219644532bdfa7bab28dfedaee4d6d4021) -Signed-off-by: Michael Niedermayer ---- - libavformat/hls.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git libavformat/hls.c libavformat/hls.c -index 2bf86fadc64..ffefd284f86 100644 ---- external/FFmpeg/libavformat/hls.c -+++ external/FFmpeg/libavformat/hls.c -@@ -204,6 +204,7 @@ typedef struct HLSContext { - char *http_proxy; ///< holds the address of the HTTP proxy server - AVDictionary *avio_opts; - int strict_std_compliance; -+ char *allowed_extensions; - } HLSContext; - - static int read_chomp_line(AVIOContext *s, char *buf, int maxlen) -@@ -618,8 +619,19 @@ static int open_url(AVFormatContext *s, AVIOContext **pb, const char *url, - return AVERROR_INVALIDDATA; - - // only http(s) & file are allowed -- if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) -+ if (av_strstart(proto_name, "file", NULL)) { -+ if (strcmp(c->allowed_extensions, "ALL") && !av_match_ext(url, c->allowed_extensions)) { -+ av_log(s, AV_LOG_ERROR, -+ "Filename extension of \'%s\' is not a common multimedia extension, blocked for security reasons.\n" -+ "If you wish to override this adjust allowed_extensions, you can set it to \'ALL\' to allow all\n", -+ url); -+ return AVERROR_INVALIDDATA; -+ } -+ } else if (av_strstart(proto_name, "http", NULL)) { -+ ; -+ } else - return AVERROR_INVALIDDATA; -+ - if (!strncmp(proto_name, url, strlen(proto_name)) && url[strlen(proto_name)] == ':') - ; - else if (av_strstart(url, "crypto", NULL) && !strncmp(proto_name, url + 7, strlen(proto_name)) && url[7 + strlen(proto_name)] == ':') -@@ -2127,6 +2139,10 @@ static int hls_probe(AVProbeData *p) - static const AVOption hls_options[] = { - {"live_start_index", "segment index to start live streams at (negative values are from the end)", - OFFSET(live_start_index), AV_OPT_TYPE_INT, {.i64 = -3}, INT_MIN, INT_MAX, FLAGS}, -+ {"allowed_extensions", "List of file extensions that hls is allowed to access", -+ OFFSET(allowed_extensions), AV_OPT_TYPE_STRING, -+ {.str = "3gp,aac,avi,flac,mkv,m3u8,m4a,m4s,m4v,mpg,mov,mp2,mp3,mp4,mpeg,mpegts,ogg,ogv,oga,ts,vob,wav"}, -+ INT_MIN, INT_MAX, FLAGS}, - {NULL} - }; - Property changes on: files/patch-CVE-2017-09993a ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09993b =================================================================== --- files/patch-CVE-2017-09993b (revision 491303) +++ files/patch-CVE-2017-09993b (nonexistent) @@ -1,31 +0,0 @@ -From 5415c88e370692a3cf10b998ab230b4a02fc237f Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Tue, 30 May 2017 21:29:20 +0200 -Subject: [PATCH] avformat/avidec: Limit formats in gab2 to srt and ass/ssa - -This prevents part of one exploit leading to an information leak - -Found-by: Emil Lerner and Pavel Cheremushkin -Reported-by: Thierry Foucu - -Signed-off-by: Michael Niedermayer -(cherry picked from commit a5d849b149ca67ced2d271dc84db0bc95a548abb) -Signed-off-by: Michael Niedermayer ---- - libavformat/avidec.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git libavformat/avidec.c libavformat/avidec.c -index ebd14abb12c..9afac825d43 100644 ---- external/FFmpeg/libavformat/avidec.c -+++ external/FFmpeg/libavformat/avidec.c -@@ -1098,6 +1098,9 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt) - if (!sub_demuxer) - goto error; - -+ if (strcmp(sub_demuxer->name, "srt") && strcmp(sub_demuxer->name, "ass")) -+ goto error; -+ - if (!(ast->sub_ctx = avformat_alloc_context())) - goto error; - Property changes on: files/patch-CVE-2017-09993b ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09994 =================================================================== --- files/patch-CVE-2017-09994 (revision 491303) +++ files/patch-CVE-2017-09994 (nonexistent) @@ -1,47 +0,0 @@ -From 869e8b1d0f549e926ecb246f916c9066f881db4a Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Wed, 10 May 2017 18:37:49 +0200 -Subject: [PATCH] avcodec/webp: Always set pix_fmt - -Fixes: out of array access -Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632 -Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Reviewed-by: "Ronald S. Bultje" -Signed-off-by: Michael Niedermayer -(cherry picked from commit 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef) -Signed-off-by: Michael Niedermayer ---- - libavcodec/vp8.c | 2 ++ - libavcodec/webp.c | 3 +-- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git libavcodec/vp8.c libavcodec/vp8.c -index 068223920e4..63e78492848 100644 ---- external/FFmpeg/libavcodec/vp8.c -+++ external/FFmpeg/libavcodec/vp8.c -@@ -2548,6 +2548,8 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, - enum AVDiscard skip_thresh; - VP8Frame *av_uninit(curframe), *prev_frame; - -+ av_assert0(avctx->pix_fmt == AV_PIX_FMT_YUVA420P || avctx->pix_fmt == AV_PIX_FMT_YUV420P); -+ - if (is_vp7) - ret = vp7_decode_frame_header(s, avpkt->data, avpkt->size); - else -diff --git libavcodec/webp.c libavcodec/webp.c -index 7d23cc74356..b2ae5bcbba9 100644 ---- external/FFmpeg/libavcodec/webp.c -+++ external/FFmpeg/libavcodec/webp.c -@@ -1327,9 +1327,8 @@ static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p, - if (!s->initialized) { - ff_vp8_decode_init(avctx); - s->initialized = 1; -- if (s->has_alpha) -- avctx->pix_fmt = AV_PIX_FMT_YUVA420P; - } -+ avctx->pix_fmt = s->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; - s->lossless = 0; - - if (data_size > INT_MAX) { Property changes on: files/patch-CVE-2017-09994 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09996a =================================================================== --- files/patch-CVE-2017-09996a (revision 491303) +++ files/patch-CVE-2017-09996a (nonexistent) @@ -1,29 +0,0 @@ -From 7a69c1b2abfa96f0578cbd3ff82126b883ba6ef0 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 6 May 2017 22:24:52 +0200 -Subject: [PATCH] avcodec/cdxl: Check format parameter - -Fixes out of array access -Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Signed-off-by: Michael Niedermayer -(cherry picked from commit e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d) -Signed-off-by: Michael Niedermayer ---- - libavcodec/cdxl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavcodec/cdxl.c libavcodec/cdxl.c -index 7a9b41943d8..5c0ecb279c7 100644 ---- external/FFmpeg/libavcodec/cdxl.c -+++ external/FFmpeg/libavcodec/cdxl.c -@@ -277,7 +277,7 @@ static int cdxl_decode_frame(AVCodecContext *avctx, void *data, - c->padded_bits = aligned_width - c->avctx->width; - if (c->video_size < aligned_width * avctx->height * (int64_t)c->bpp / 8) - return AVERROR_INVALIDDATA; -- if (!encoding && c->palette_size && c->bpp <= 8) { -+ if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) { - avctx->pix_fmt = AV_PIX_FMT_PAL8; - } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) { - if (c->palette_size != (1 << (c->bpp - 1))) Property changes on: files/patch-CVE-2017-09996a ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-09996b =================================================================== --- files/patch-CVE-2017-09996b (revision 491303) +++ files/patch-CVE-2017-09996b (nonexistent) @@ -1,29 +0,0 @@ -From 7f3a671ece8fd711e2ebc71a4e08cda591d810a8 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Mon, 8 May 2017 11:46:03 +0200 -Subject: [PATCH] avcodec/cdxl: Check format for BGR24 - -Fixes: out of array access -Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg -Signed-off-by: Michael Niedermayer -(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660) -Signed-off-by: Michael Niedermayer ---- - libavcodec/cdxl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavcodec/cdxl.c libavcodec/cdxl.c -index 5c0ecb279c7..78f5d50102f 100644 ---- external/FFmpeg/libavcodec/cdxl.c -+++ external/FFmpeg/libavcodec/cdxl.c -@@ -279,7 +279,7 @@ static int cdxl_decode_frame(AVCodecContext *avctx, void *data, - return AVERROR_INVALIDDATA; - if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) { - avctx->pix_fmt = AV_PIX_FMT_PAL8; -- } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) { -+ } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8) && c->format != CHUNKY) { - if (c->palette_size != (1 << (c->bpp - 1))) - return AVERROR_INVALIDDATA; - avctx->pix_fmt = AV_PIX_FMT_BGR24; Property changes on: files/patch-CVE-2017-09996b ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-11399 =================================================================== --- files/patch-CVE-2017-11399 (revision 491303) +++ files/patch-CVE-2017-11399 (nonexistent) @@ -1,49 +0,0 @@ -From 5bb861d45b86803ec39295cfc04889d2a7138361 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sun, 16 Jul 2017 14:57:20 +0200 -Subject: [PATCH] avcodec/apedec: Fix integer overflow - -Fixes: out of array access -Fixes: PoC.ape and others - -Found-by: Bingchang, Liu@VARAS of IIE -Signed-off-by: Michael Niedermayer -(cherry picked from commit ba4beaf6149f7241c8bd85fe853318c2f6837ad0) -Signed-off-by: Michael Niedermayer ---- - libavcodec/apedec.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git libavcodec/apedec.c libavcodec/apedec.c -index b99598b4ee7..072e3b42cff 100644 ---- external/FFmpeg/libavcodec/apedec.c -+++ external/FFmpeg/libavcodec/apedec.c -@@ -1412,6 +1412,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, - int32_t *sample24; - int i, ch, ret; - int blockstodecode; -+ uint64_t decoded_buffer_size; - - /* this should never be negative, but bad things will happen if it is, so - check it just to make sure. */ -@@ -1467,7 +1468,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, - skip_bits_long(&s->gb, offset); - } - -- if (!nblocks || nblocks > INT_MAX) { -+ if (!nblocks || nblocks > INT_MAX / 2 / sizeof(*s->decoded_buffer) - 8) { - av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %"PRIu32".\n", - nblocks); - return AVERROR_INVALIDDATA; -@@ -1493,8 +1494,9 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, - blockstodecode = s->samples; - - /* reallocate decoded sample buffer if needed */ -- av_fast_malloc(&s->decoded_buffer, &s->decoded_size, -- 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)); -+ decoded_buffer_size = 2LL * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer); -+ av_assert0(decoded_buffer_size <= INT_MAX); -+ av_fast_malloc(&s->decoded_buffer, &s->decoded_size, decoded_buffer_size); - if (!s->decoded_buffer) - return AVERROR(ENOMEM); - memset(s->decoded_buffer, 0, s->decoded_size); Property changes on: files/patch-CVE-2017-11399 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-11665a =================================================================== --- files/patch-CVE-2017-11665a (revision 491303) +++ files/patch-CVE-2017-11665a (nonexistent) @@ -1,119 +0,0 @@ -From f2a6f41dd7b962e0dd24fe695b002532a42e2230 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Fri, 28 Jul 2017 13:41:59 +0200 -Subject: [PATCH] avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2 - -Fixes: out of array accesses -Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV - -Found-by: JunDong Xie of Ant-financial Light-Year Security Lab -Signed-off-by: Michael Niedermayer -(cherry picked from commit 08c073434e25cba8c43aae5ed9554fdd594adfb0) -Signed-off-by: Michael Niedermayer ---- - libavformat/rtmppkt.c | 68 ++++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 48 insertions(+), 20 deletions(-) - -diff --git libavformat/rtmppkt.c libavformat/rtmppkt.c -index cde0da78ce1..2ea88d09c57 100644 ---- external/FFmpeg/libavformat/rtmppkt.c -+++ external/FFmpeg/libavformat/rtmppkt.c -@@ -433,50 +433,78 @@ void ff_rtmp_packet_destroy(RTMPPacket *pkt) - pkt->size = 0; - } - --int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) -+static int amf_tag_skip(GetByteContext *gb) - { -- const uint8_t *base = data; - AMFDataType type; - unsigned nb = -1; - int parse_key = 1; - -- if (data >= data_end) -+ if (bytestream2_get_bytes_left(gb) < 1) - return -1; -- switch ((type = *data++)) { -- case AMF_DATA_TYPE_NUMBER: return 9; -- case AMF_DATA_TYPE_BOOL: return 2; -- case AMF_DATA_TYPE_STRING: return 3 + AV_RB16(data); -- case AMF_DATA_TYPE_LONG_STRING: return 5 + AV_RB32(data); -- case AMF_DATA_TYPE_NULL: return 1; -- case AMF_DATA_TYPE_DATE: return 11; -+ -+ type = bytestream2_get_byte(gb); -+ switch (type) { -+ case AMF_DATA_TYPE_NUMBER: -+ bytestream2_get_be64(gb); -+ return 0; -+ case AMF_DATA_TYPE_BOOL: -+ bytestream2_get_byte(gb); -+ return 0; -+ case AMF_DATA_TYPE_STRING: -+ bytestream2_skip(gb, bytestream2_get_be16(gb)); -+ return 0; -+ case AMF_DATA_TYPE_LONG_STRING: -+ bytestream2_skip(gb, bytestream2_get_be32(gb)); -+ return 0; -+ case AMF_DATA_TYPE_NULL: -+ return 0; -+ case AMF_DATA_TYPE_DATE: -+ bytestream2_skip(gb, 10); -+ return 0; - case AMF_DATA_TYPE_ARRAY: - parse_key = 0; - case AMF_DATA_TYPE_MIXEDARRAY: -- nb = bytestream_get_be32(&data); -+ nb = bytestream2_get_be32(gb); - case AMF_DATA_TYPE_OBJECT: - while (nb-- > 0 || type != AMF_DATA_TYPE_ARRAY) { - int t; - if (parse_key) { -- int size = bytestream_get_be16(&data); -+ int size = bytestream2_get_be16(gb); - if (!size) { -- data++; -+ bytestream2_get_byte(gb); - break; - } -- if (size < 0 || size >= data_end - data) -+ if (size < 0 || size >= bytestream2_get_bytes_left(gb)) - return -1; -- data += size; -+ bytestream2_skip(gb, size); - } -- t = ff_amf_tag_size(data, data_end); -- if (t < 0 || t >= data_end - data) -+ t = amf_tag_skip(gb); -+ if (t < 0 || bytestream2_get_bytes_left(gb) <= 0) - return -1; -- data += t; - } -- return data - base; -- case AMF_DATA_TYPE_OBJECT_END: return 1; -+ return 0; -+ case AMF_DATA_TYPE_OBJECT_END: return 0; - default: return -1; - } - } - -+int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) -+{ -+ GetByteContext gb; -+ int ret; -+ -+ if (data >= data_end) -+ return -1; -+ -+ bytestream2_init(&gb, data, data_end - data); -+ -+ ret = amf_tag_skip(&gb); -+ if (ret < 0 || bytestream2_get_bytes_left(&gb) <= 0) -+ return -1; -+ av_assert0(bytestream2_tell(&gb) >= 0 && bytestream2_tell(&gb) <= data_end - data); -+ return bytestream2_tell(&gb); -+} -+ - int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, - const uint8_t *name, uint8_t *dst, int dst_size) - { Property changes on: files/patch-CVE-2017-11665a ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-11665b =================================================================== --- files/patch-CVE-2017-11665b (revision 491303) +++ files/patch-CVE-2017-11665b (nonexistent) @@ -1,111 +0,0 @@ -From b375cc8bb74a33a7b38175023ee337b1c378281f Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Fri, 28 Jul 2017 14:37:26 +0200 -Subject: [PATCH] avformat/rtmppkt: Convert ff_amf_get_field_value() to - bytestream2 - -Fixes: out of array accesses - -Found-by: JunDong Xie of Ant-financial Light-Year Security Lab -Signed-off-by: Michael Niedermayer -(cherry picked from commit ffcc82219cef0928bed2d558b19ef6ea35634130) -Signed-off-by: Michael Niedermayer ---- - libavformat/rtmppkt.c | 57 +++++++++++++++++++++++++++++++++------------------ - 1 file changed, 37 insertions(+), 20 deletions(-) - -diff --git libavformat/rtmppkt.c libavformat/rtmppkt.c -index 2ea88d09c57..ca7838868e0 100644 ---- external/FFmpeg/libavformat/rtmppkt.c -+++ external/FFmpeg/libavformat/rtmppkt.c -@@ -505,53 +505,70 @@ int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) - return bytestream2_tell(&gb); - } - --int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, -+static int amf_get_field_value2(GetByteContext *gb, - const uint8_t *name, uint8_t *dst, int dst_size) - { - int namelen = strlen(name); - int len; - -- while (*data != AMF_DATA_TYPE_OBJECT && data < data_end) { -- len = ff_amf_tag_size(data, data_end); -- if (len < 0) -- len = data_end - data; -- data += len; -+ while (bytestream2_peek_byte(gb) != AMF_DATA_TYPE_OBJECT && bytestream2_get_bytes_left(gb) > 0) { -+ int ret = amf_tag_skip(gb); -+ if (ret < 0) -+ return -1; - } -- if (data_end - data < 3) -+ if (bytestream2_get_bytes_left(gb) < 3) - return -1; -- data++; -+ bytestream2_get_byte(gb); -+ - for (;;) { -- int size = bytestream_get_be16(&data); -+ int size = bytestream2_get_be16(gb); - if (!size) - break; -- if (size < 0 || size >= data_end - data) -+ if (size < 0 || size >= bytestream2_get_bytes_left(gb)) - return -1; -- data += size; -- if (size == namelen && !memcmp(data-size, name, namelen)) { -- switch (*data++) { -+ bytestream2_skip(gb, size); -+ if (size == namelen && !memcmp(gb->buffer-size, name, namelen)) { -+ switch (bytestream2_get_byte(gb)) { - case AMF_DATA_TYPE_NUMBER: -- snprintf(dst, dst_size, "%g", av_int2double(AV_RB64(data))); -+ snprintf(dst, dst_size, "%g", av_int2double(bytestream2_get_be64(gb))); - break; - case AMF_DATA_TYPE_BOOL: -- snprintf(dst, dst_size, "%s", *data ? "true" : "false"); -+ snprintf(dst, dst_size, "%s", bytestream2_get_byte(gb) ? "true" : "false"); - break; - case AMF_DATA_TYPE_STRING: -- len = bytestream_get_be16(&data); -- av_strlcpy(dst, data, FFMIN(len+1, dst_size)); -+ len = bytestream2_get_be16(gb); -+ if (dst_size < 1) -+ return -1; -+ if (dst_size < len + 1) -+ len = dst_size - 1; -+ bytestream2_get_buffer(gb, dst, len); -+ dst[len] = 0; - break; - default: - return -1; - } - return 0; - } -- len = ff_amf_tag_size(data, data_end); -- if (len < 0 || len >= data_end - data) -+ len = amf_tag_skip(gb); -+ if (len < 0 || bytestream2_get_bytes_left(gb) <= 0) - return -1; -- data += len; - } - return -1; - } - -+int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, -+ const uint8_t *name, uint8_t *dst, int dst_size) -+{ -+ GetByteContext gb; -+ -+ if (data >= data_end) -+ return -1; -+ -+ bytestream2_init(&gb, data, data_end - data); -+ -+ return amf_get_field_value2(&gb, name, dst, dst_size); -+} -+ - static const char* rtmp_packet_type(int type) - { - switch (type) { Property changes on: files/patch-CVE-2017-11665b ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-11719 =================================================================== --- files/patch-CVE-2017-11719 (revision 491303) +++ files/patch-CVE-2017-11719 (nonexistent) @@ -1,41 +0,0 @@ -From 6a10b962e3053b9fc851fcce23a60ac653abdc8c Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Wed, 26 Jul 2017 03:26:59 +0200 -Subject: [PATCH] avcodec/dnxhddec: Move mb height check out of non hr branch - -Fixes: out of array access -Fixes: poc.dnxhd - -Found-by: Bingchang, Liu@VARAS of IIE -Signed-off-by: Michael Niedermayer -(cherry picked from commit 296debd213bd6dce7647cedd34eb64e5b94cdc92) -Signed-off-by: Michael Niedermayer ---- - libavcodec/dnxhddec.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git libavcodec/dnxhddec.c libavcodec/dnxhddec.c -index 4d1b006bb50..66a0de2e627 100644 ---- external/FFmpeg/libavcodec/dnxhddec.c -+++ external/FFmpeg/libavcodec/dnxhddec.c -@@ -294,14 +294,18 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame, - if (ctx->mb_height > 68 && ff_dnxhd_check_header_prefix_hr(header_prefix)) { - ctx->data_offset = 0x170 + (ctx->mb_height << 2); - } else { -- if (ctx->mb_height > 68 || -- (ctx->mb_height << frame->interlaced_frame) > (ctx->height + 15) >> 4) { -+ if (ctx->mb_height > 68) { - av_log(ctx->avctx, AV_LOG_ERROR, - "mb height too big: %d\n", ctx->mb_height); - return AVERROR_INVALIDDATA; - } - ctx->data_offset = 0x280; - } -+ if ((ctx->mb_height << frame->interlaced_frame) > (ctx->height + 15) >> 4) { -+ av_log(ctx->avctx, AV_LOG_ERROR, -+ "mb height too big: %d\n", ctx->mb_height); -+ return AVERROR_INVALIDDATA; -+ } - - if (buf_size < ctx->data_offset) { - av_log(ctx->avctx, AV_LOG_ERROR, Property changes on: files/patch-CVE-2017-11719 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14054 =================================================================== --- files/patch-CVE-2017-14054 (revision 491303) +++ files/patch-CVE-2017-14054 (nonexistent) @@ -1,33 +0,0 @@ -From 2bbef8ee271240ce4509b23fd33e35076715a39f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= - =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= -Date: Fri, 25 Aug 2017 01:15:28 +0200 -Subject: [PATCH] avformat/rmdec: Fix DoS due to lack of eof check - -Fixes: loop.ivr - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 124eb202e70678539544f6268efc98131f19fa49) -Signed-off-by: Michael Niedermayer ---- - libavformat/rmdec.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git libavformat/rmdec.c libavformat/rmdec.c -index 4d565291af2..7656812eb16 100644 ---- external/FFmpeg/libavformat/rmdec.c -+++ external/FFmpeg/libavformat/rmdec.c -@@ -1238,8 +1238,11 @@ static int ivr_read_header(AVFormatContext *s) - av_log(s, AV_LOG_DEBUG, "%s = '%s'\n", key, val); - } else if (type == 4) { - av_log(s, AV_LOG_DEBUG, "%s = '0x", key); -- for (j = 0; j < len; j++) -+ for (j = 0; j < len; j++) { -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - av_log(s, AV_LOG_DEBUG, "%X", avio_r8(pb)); -+ } - av_log(s, AV_LOG_DEBUG, "'\n"); - } else if (len == 4 && type == 3 && !strncmp(key, "StreamCount", tlen)) { - nb_streams = value = avio_rb32(pb); Property changes on: files/patch-CVE-2017-14054 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14055 =================================================================== --- files/patch-CVE-2017-14055 (revision 491303) +++ files/patch-CVE-2017-14055 (nonexistent) @@ -1,28 +0,0 @@ -From d4fc6b211f19365fbae4b4388ec396b293fda249 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Fri, 25 Aug 2017 01:15:30 +0200 -Subject: [PATCH] avformat/mvdec: Fix DoS due to lack of eof check - -Fixes: loop.mv - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e) -Signed-off-by: Michael Niedermayer ---- - libavformat/mvdec.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git libavformat/mvdec.c libavformat/mvdec.c -index 80ef4b1569a..e9e9fab5036 100644 ---- external/FFmpeg/libavformat/mvdec.c -+++ external/FFmpeg/libavformat/mvdec.c -@@ -338,6 +338,8 @@ static int mv_read_header(AVFormatContext *avctx) - uint32_t pos = avio_rb32(pb); - uint32_t asize = avio_rb32(pb); - uint32_t vsize = avio_rb32(pb); -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - avio_skip(pb, 8); - av_add_index_entry(ast, pos, timestamp, asize, 0, AVINDEX_KEYFRAME); - av_add_index_entry(vst, pos + asize, i, vsize, 0, AVINDEX_KEYFRAME); Property changes on: files/patch-CVE-2017-14055 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14056 =================================================================== --- files/patch-CVE-2017-14056 (revision 491303) +++ files/patch-CVE-2017-14056 (nonexistent) @@ -1,45 +0,0 @@ -From 5bc9f70441d7e7067cba9188898c9252c72bab35 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= - =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= -Date: Fri, 25 Aug 2017 01:15:29 +0200 -Subject: [PATCH] avformat/rl2: Fix DoS due to lack of eof check - -Fixes: loop.rl2 - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de) -Signed-off-by: Michael Niedermayer ---- - libavformat/rl2.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git libavformat/rl2.c libavformat/rl2.c -index 0bec8f1d9ab..eb1682dfcb7 100644 ---- external/FFmpeg/libavformat/rl2.c -+++ external/FFmpeg/libavformat/rl2.c -@@ -170,12 +170,21 @@ static av_cold int rl2_read_header(AVFormatContext *s) - } - - /** read offset and size tables */ -- for(i=0; i < frame_count;i++) -+ for(i=0; i < frame_count;i++) { -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - chunk_size[i] = avio_rl32(pb); -- for(i=0; i < frame_count;i++) -+ } -+ for(i=0; i < frame_count;i++) { -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - chunk_offset[i] = avio_rl32(pb); -- for(i=0; i < frame_count;i++) -+ } -+ for(i=0; i < frame_count;i++) { -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - audio_size[i] = avio_rl32(pb) & 0xFFFF; -+ } - - /** build the sample index */ - for(i=0;i -Date: Fri, 25 Aug 2017 12:37:25 +0200 -Subject: [PATCH] avformat/asfdec: Fix DoS due to lack of eof check - -Fixes: loop.asf - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 7f9ec5593e04827249e7aeb466da06a98a0d7329) -Signed-off-by: Michael Niedermayer ---- - libavformat/asfdec_f.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git libavformat/asfdec_f.c libavformat/asfdec_f.c -index b973eff96e4..2cacafe50d5 100644 ---- external/FFmpeg/libavformat/asfdec_f.c -+++ external/FFmpeg/libavformat/asfdec_f.c -@@ -749,13 +749,15 @@ static int asf_read_marker(AVFormatContext *s, int64_t size) - count = avio_rl32(pb); // markers count - avio_rl16(pb); // reserved 2 bytes - name_len = avio_rl16(pb); // name length -- for (i = 0; i < name_len; i++) -- avio_r8(pb); // skip the name -+ avio_skip(pb, name_len); - - for (i = 0; i < count; i++) { - int64_t pres_time; - int name_len; - -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; -+ - avio_rl64(pb); // offset, 8 bytes - pres_time = avio_rl64(pb); // presentation time - pres_time -= asf->hdr.preroll * 10000; Property changes on: files/patch-CVE-2017-14057 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14058 =================================================================== --- files/patch-CVE-2017-14058 (revision 491303) +++ files/patch-CVE-2017-14058 (nonexistent) @@ -1,88 +0,0 @@ -From 2920c7cec0b1958b59e5e7990078bea4428f6912 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 26 Aug 2017 01:26:58 +0200 -Subject: [PATCH] avformat/hls: Fix DoS due to infinite loop - -Fixes: loop.m3u - -The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome - -Found-by: Xiaohei and Wangchu from Alibaba Security Team - -Previous version reviewed-by: Steven Liu -Signed-off-by: Michael Niedermayer -(cherry picked from commit 7ec414892ddcad88313848494b6fc5f437c9ca4a) -Signed-off-by: Michael Niedermayer ---- - doc/demuxers.texi | 18 ++++++++++++++++++ - libavformat/hls.c | 7 +++++++ - 2 files changed, 25 insertions(+) - -diff --git doc/demuxers.texi doc/demuxers.texi -index 2934a1cf7f4..d56ad1622a8 100644 ---- external/FFmpeg/doc/demuxers.texi -+++ external/FFmpeg/doc/demuxers.texi -@@ -293,6 +293,24 @@ used to end the output video at the length of the shortest input file, - which in this case is @file{input.mp4} as the GIF in this example loops - infinitely. - -+@section hls -+ -+HLS demuxer -+ -+It accepts the following options: -+ -+@table @option -+@item live_start_index -+segment index to start live streams at (negative values are from the end). -+ -+@item allowed_extensions -+',' separated list of file extensions that hls is allowed to access. -+ -+@item max_reload -+Maximum number of times a insufficient list is attempted to be reloaded. -+Default value is 1000. -+@end table -+ - @section image2 - - Image file demuxer. -diff --git libavformat/hls.c libavformat/hls.c -index ffefd284f86..87948726da6 100644 ---- external/FFmpeg/libavformat/hls.c -+++ external/FFmpeg/libavformat/hls.c -@@ -205,6 +205,7 @@ typedef struct HLSContext { - AVDictionary *avio_opts; - int strict_std_compliance; - char *allowed_extensions; -+ int max_reload; - } HLSContext; - - static int read_chomp_line(AVIOContext *s, char *buf, int maxlen) -@@ -1255,6 +1256,7 @@ static int read_data(void *opaque, uint8_t *buf, int buf_size) - HLSContext *c = v->parent->priv_data; - int ret, i; - int just_opened = 0; -+ int reload_count = 0; - - restart: - if (!v->needed) -@@ -1286,6 +1288,9 @@ static int read_data(void *opaque, uint8_t *buf, int buf_size) - reload_interval = default_reload_interval(v); - - reload: -+ reload_count++; -+ if (reload_count > c->max_reload) -+ return AVERROR_EOF; - if (!v->finished && - av_gettime_relative() - v->last_load_time >= reload_interval) { - if ((ret = parse_playlist(c, v->url, v, NULL)) < 0) { -@@ -2143,6 +2148,8 @@ static const AVOption hls_options[] = { - OFFSET(allowed_extensions), AV_OPT_TYPE_STRING, - {.str = "3gp,aac,avi,flac,mkv,m3u8,m4a,m4s,m4v,mpg,mov,mp2,mp3,mp4,mpeg,mpegts,ogg,ogv,oga,ts,vob,wav"}, - INT_MIN, INT_MAX, FLAGS}, -+ {"max_reload", "Maximum number of times a insufficient list is attempted to be reloaded", -+ OFFSET(max_reload), AV_OPT_TYPE_INT, {.i64 = 1000}, 0, INT_MAX, FLAGS}, - {NULL} - }; - Property changes on: files/patch-CVE-2017-14058 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14059 =================================================================== --- files/patch-CVE-2017-14059 (revision 491303) +++ files/patch-CVE-2017-14059 (nonexistent) @@ -1,34 +0,0 @@ -From 98e177c7288574b336d80618f4ec5d1f94243070 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= - =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= -Date: Fri, 25 Aug 2017 01:15:27 +0200 -Subject: [PATCH] avformat/cinedec: Fix DoS due to lack of eof check - -Fixes: loop.cine - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 7e80b63ecd259d69d383623e75b318bf2bd491f6) -Signed-off-by: Michael Niedermayer ---- - libavformat/cinedec.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git libavformat/cinedec.c libavformat/cinedec.c -index 32cccf566b4..c615d4fc497 100644 ---- external/FFmpeg/libavformat/cinedec.c -+++ external/FFmpeg/libavformat/cinedec.c -@@ -267,8 +267,12 @@ static int cine_read_header(AVFormatContext *avctx) - - /* parse image offsets */ - avio_seek(pb, offImageOffsets, SEEK_SET); -- for (i = 0; i < st->duration; i++) -+ for (i = 0; i < st->duration; i++) { -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; -+ - av_add_index_entry(st, avio_rl64(pb), i, 0, 0, AVINDEX_KEYFRAME); -+ } - - return 0; - } Property changes on: files/patch-CVE-2017-14059 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14169 =================================================================== --- files/patch-CVE-2017-14169 (revision 491303) +++ files/patch-CVE-2017-14169 (nonexistent) @@ -1,33 +0,0 @@ -From 816f7337bf3ed3e08afdc28278668d8eb81910cb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= - -Date: Tue, 29 Aug 2017 23:59:21 +0200 -Subject: [PATCH] avformat/mxfdec: Fix Sign error in mxf_read_primer_pack() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: 20170829B.mxf - -Co-Author: 张洪亮(望初)" -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad) -Signed-off-by: Michael Niedermayer ---- - libavformat/mxfdec.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavformat/mxfdec.c libavformat/mxfdec.c -index e2e34b246f7..0e9153847e8 100644 ---- external/FFmpeg/libavformat/mxfdec.c -+++ external/FFmpeg/libavformat/mxfdec.c -@@ -500,7 +500,7 @@ static int mxf_read_primer_pack(void *arg, AVIOContext *pb, int tag, int size, U - avpriv_request_sample(pb, "Primer pack item length %d", item_len); - return AVERROR_PATCHWELCOME; - } -- if (item_num > 65536) { -+ if (item_num > 65536 || item_num < 0) { - av_log(mxf->fc, AV_LOG_ERROR, "item_num %d is too large\n", item_num); - return AVERROR_INVALIDDATA; - } Property changes on: files/patch-CVE-2017-14169 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14170 =================================================================== --- files/patch-CVE-2017-14170 (revision 491303) +++ files/patch-CVE-2017-14170 (nonexistent) @@ -1,43 +0,0 @@ -From 9cbac3602610afa0867b03bc1475c5c13441d096 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= - -Date: Tue, 29 Aug 2017 23:59:21 +0200 -Subject: [PATCH] avformat/mxfdec: Fix DoS issues in - mxf_read_index_entry_array() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: 20170829A.mxf - -Co-Author: 张洪亮(望初)" -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 900f39692ca0337a98a7cf047e4e2611071810c2) -Signed-off-by: Michael Niedermayer ---- - libavformat/mxfdec.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git libavformat/mxfdec.c libavformat/mxfdec.c -index 2ad0c288f89..e2e34b246f7 100644 ---- external/FFmpeg/libavformat/mxfdec.c -+++ external/FFmpeg/libavformat/mxfdec.c -@@ -899,6 +899,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg - segment->nb_index_entries = avio_rb32(pb); - - length = avio_rb32(pb); -+ if(segment->nb_index_entries && length < 11) -+ return AVERROR_INVALIDDATA; - - if (!(segment->temporal_offset_entries=av_calloc(segment->nb_index_entries, sizeof(*segment->temporal_offset_entries))) || - !(segment->flag_entries = av_calloc(segment->nb_index_entries, sizeof(*segment->flag_entries))) || -@@ -909,6 +911,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg - } - - for (i = 0; i < segment->nb_index_entries; i++) { -+ if(avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - segment->temporal_offset_entries[i] = avio_r8(pb); - avio_r8(pb); /* KeyFrameOffset */ - segment->flag_entries[i] = avio_r8(pb); Property changes on: files/patch-CVE-2017-14170 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14171 =================================================================== --- files/patch-CVE-2017-14171 (revision 491303) +++ files/patch-CVE-2017-14171 (nonexistent) @@ -1,38 +0,0 @@ -From a051de092e9c709b69d24d94b66a382909be67d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= - -Date: Tue, 29 Aug 2017 23:59:21 +0200 -Subject: [PATCH] avformat/nsvdec: Fix DoS due to lack of eof check in - nsvs_file_offset loop. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: 20170829.nsv - -Co-Author: 张洪亮(望初)" -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit c24bcb553650b91e9eff15ef6e54ca73de2453b7) -Signed-off-by: Michael Niedermayer ---- - libavformat/nsvdec.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git libavformat/nsvdec.c libavformat/nsvdec.c -index 507fb396a51..16d2fa59e21 100644 ---- external/FFmpeg/libavformat/nsvdec.c -+++ external/FFmpeg/libavformat/nsvdec.c -@@ -350,8 +350,11 @@ static int nsv_parse_NSVf_header(AVFormatContext *s) - if (!nsv->nsvs_file_offset) - return AVERROR(ENOMEM); - -- for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; -+ } - - if(table_entries > table_entries_used && - avio_rl32(pb) == MKTAG('T','O','C','2')) { Property changes on: files/patch-CVE-2017-14171 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14222 =================================================================== --- files/patch-CVE-2017-14222 (revision 491303) +++ files/patch-CVE-2017-14222 (nonexistent) @@ -1,34 +0,0 @@ -From c9527df274ada02a19c2f973b29d1d5b7069d4bf Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Tue, 5 Sep 2017 00:16:29 +0200 -Subject: [PATCH] avformat/mov: Fix DoS in read_tfra() - -Fixes: Missing EOF check in loop -No testcase - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382) -Signed-off-by: Michael Niedermayer ---- - libavformat/mov.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git libavformat/mov.c libavformat/mov.c -index 405476fd712..b97aa001a37 100644 ---- external/FFmpeg/libavformat/mov.c -+++ external/FFmpeg/libavformat/mov.c -@@ -5394,6 +5394,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f) - } - for (i = 0; i < index->item_count; i++) { - int64_t time, offset; -+ -+ if (avio_feof(f)) { -+ index->item_count = 0; -+ av_freep(&index->items); -+ return AVERROR_INVALIDDATA; -+ } -+ - if (version == 1) { - time = avio_rb64(f); - offset = avio_rb64(f); Property changes on: files/patch-CVE-2017-14222 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14223 =================================================================== --- files/patch-CVE-2017-14223 (revision 491303) +++ files/patch-CVE-2017-14223 (nonexistent) @@ -1,32 +0,0 @@ -From 4e4177dde23be77a97887f409f237e17ef53f329 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Tue, 5 Sep 2017 00:16:29 +0200 -Subject: [PATCH] avformat/asfdec: Fix DoS in asf_build_simple_index() - -Fixes: Missing EOF check in loop -No testcase - -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer -(cherry picked from commit afc9c683ed9db01edb357bc8c19edad4282b3a97) -Signed-off-by: Michael Niedermayer ---- - libavformat/asfdec_f.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git libavformat/asfdec_f.c libavformat/asfdec_f.c -index 2cacafe50d5..d9dfbf0fa33 100644 ---- external/FFmpeg/libavformat/asfdec_f.c -+++ external/FFmpeg/libavformat/asfdec_f.c -@@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index) - int64_t pos = s->internal->data_offset + s->packet_size * (int64_t)pktnum; - int64_t index_pts = FFMAX(av_rescale(itime, i, 10000) - asf->hdr.preroll, 0); - -+ if (avio_feof(s->pb)) { -+ ret = AVERROR_INVALIDDATA; -+ goto end; -+ } -+ - if (pos != last_pos) { - av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d pts: %"PRId64"\n", - pktnum, pktct, index_pts); Property changes on: files/patch-CVE-2017-14223 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14225 =================================================================== --- files/patch-CVE-2017-14225 (revision 491303) +++ files/patch-CVE-2017-14225 (nonexistent) @@ -1,48 +0,0 @@ -From 726133b6d2cd8f5f43b5af536024d8e02791d8cf Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Tue, 22 Aug 2017 11:02:38 +0200 -Subject: [PATCH] ffprobe: Fix null pointer dereference with color primaries - -Found-by: AD-lab of venustech -Signed-off-by: Michael Niedermayer -(cherry picked from commit 837cb4325b712ff1aab531bf41668933f61d75d2) -Signed-off-by: Michael Niedermayer -(cherry picked from commit b2c39fcc3c0749490dc93bca80f56724878b55fe) -Signed-off-by: Michael Niedermayer ---- - ffprobe.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git ffprobe.c ffprobe.c -index 79fe296489d..703304a8c0f 100644 ---- external/FFmpeg/ffprobe.c -+++ external/FFmpeg/ffprobe.c -@@ -1789,6 +1789,16 @@ static void print_pkt_side_data(WriterContext *w, - writer_print_section_footer(w); - } - -+static void print_primaries(WriterContext *w, enum AVColorPrimaries color_primaries) -+{ -+ const char *val = av_color_primaries_name(color_primaries); -+ if (!val || color_primaries == AVCOL_PRI_UNSPECIFIED) { -+ print_str_opt("color_primaries", "unknown"); -+ } else { -+ print_str("color_primaries", val); -+ } -+} -+ - static void show_packet(WriterContext *w, InputFile *ifile, AVPacket *pkt, int packet_idx) - { - char val_str[128]; -@@ -2258,10 +2268,7 @@ static int show_stream(WriterContext *w, AVFormatContext *fmt_ctx, int stream_id - else - print_str_opt("color_transfer", av_color_transfer_name(par->color_trc)); - -- if (par->color_primaries != AVCOL_PRI_UNSPECIFIED) -- print_str("color_primaries", av_color_primaries_name(par->color_primaries)); -- else -- print_str_opt("color_primaries", av_color_primaries_name(par->color_primaries)); -+ print_primaries(w, par->color_primaries); - - if (par->chroma_location != AVCHROMA_LOC_UNSPECIFIED) - print_str("chroma_location", av_chroma_location_name(par->chroma_location)); Property changes on: files/patch-CVE-2017-14225 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-14767 =================================================================== --- files/patch-CVE-2017-14767 (revision 491303) +++ files/patch-CVE-2017-14767 (nonexistent) @@ -1,28 +0,0 @@ -From 53a6cdf89d694be1f075729f16e0a9e2dcbbcb78 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Wed, 23 Aug 2017 21:30:37 +0200 -Subject: [PATCH] avformat/rtpdec_h264: Fix heap-buffer-overflow - -Fixes: rtp_sdp/poc.sdp - -Found-by: Bingchang -Signed-off-by: Michael Niedermayer -(cherry picked from commit c42a1388a6d1bfd8001bf6a4241d8ca27e49326d) -Signed-off-by: Michael Niedermayer ---- - libavformat/rtpdec_h264.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libavformat/rtpdec_h264.c libavformat/rtpdec_h264.c -index 8dd56a549e4..6f8148ab6d5 100644 ---- external/FFmpeg/libavformat/rtpdec_h264.c -+++ external/FFmpeg/libavformat/rtpdec_h264.c -@@ -166,7 +166,7 @@ static int sdp_parse_fmtp_config_h264(AVFormatContext *s, - parse_profile_level_id(s, h264_data, value); - } else if (!strcmp(attr, "sprop-parameter-sets")) { - int ret; -- if (value[strlen(value) - 1] == ',') { -+ if (*value == 0 || value[strlen(value) - 1] == ',') { - av_log(s, AV_LOG_WARNING, "Missing PPS in sprop-parameter-sets, ignoring\n"); - return 0; - } Property changes on: files/patch-CVE-2017-14767 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-15186 =================================================================== --- files/patch-CVE-2017-15186 (revision 491303) +++ files/patch-CVE-2017-15186 (nonexistent) @@ -1,78 +0,0 @@ -From 0eb0b21c7f4f2b6a3a74d2d252f95b81a4d472c3 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 30 Sep 2017 00:20:09 +0200 -Subject: [PATCH] avcodec/x86/lossless_videoencdsp: Fix handling of small - widths -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes out of array access -Fixes: crash-huf.avi - -Regression since: 6b41b4414934cc930468ccd5db598dd6ef643987 - -This could also be fixed by adding checks in the C code that calls the dsp - -Found-by: Zhibin Hu and 连一汉 -Signed-off-by: Michael Niedermayer -(cherry picked from commit df62b70de8aaa285168e72fe8f6e740843ca91fa) -Signed-off-by: Michael Niedermayer ---- - libavcodec/x86/huffyuvencdsp.asm | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git libavcodec/x86/huffyuvencdsp.asm libavcodec/x86/huffyuvencdsp.asm -index a55a1de65de..7a1ce2e839e 100644 ---- external/FFmpeg/libavcodec/x86/huffyuvencdsp.asm -+++ external/FFmpeg/libavcodec/x86/huffyuvencdsp.asm -@@ -42,10 +42,11 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w - %define i t0q - %endmacro - --; label to jump to if w < regsize --%macro DIFF_BYTES_LOOP_PREP 1 -+; labels to jump to if w < regsize and w < 0 -+%macro DIFF_BYTES_LOOP_PREP 2 - mov i, wq - and i, -2 * regsize -+ js %2 - jz %1 - add dstq, i - add src1q, i -@@ -87,7 +88,7 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w - %if mmsize > 16 - ; fall back to narrower xmm - %define regsize mmsize / 2 -- DIFF_BYTES_LOOP_PREP .setup_loop_gpr_aa -+ DIFF_BYTES_LOOP_PREP .setup_loop_gpr_aa, .end_aa - .loop2_%1%2: - DIFF_BYTES_LOOP_CORE %1, %2, xm0, xm1 - add i, 2 * regsize -@@ -114,7 +115,7 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w - INIT_MMX mmx - DIFF_BYTES_PROLOGUE - %define regsize mmsize -- DIFF_BYTES_LOOP_PREP .skip_main_aa -+ DIFF_BYTES_LOOP_PREP .skip_main_aa, .end_aa - DIFF_BYTES_BODY a, a - %undef i - %endif -@@ -122,7 +123,7 @@ DIFF_BYTES_PROLOGUE - INIT_XMM sse2 - DIFF_BYTES_PROLOGUE - %define regsize mmsize -- DIFF_BYTES_LOOP_PREP .skip_main_aa -+ DIFF_BYTES_LOOP_PREP .skip_main_aa, .end_aa - test dstq, regsize - 1 - jnz .loop_uu - test src1q, regsize - 1 -@@ -138,7 +139,7 @@ DIFF_BYTES_PROLOGUE - %define regsize mmsize - ; Directly using unaligned SSE2 version is marginally faster than - ; branching based on arguments. -- DIFF_BYTES_LOOP_PREP .skip_main_uu -+ DIFF_BYTES_LOOP_PREP .skip_main_uu, .end_uu - test dstq, regsize - 1 - jnz .loop_uu - test src1q, regsize - 1 Property changes on: files/patch-CVE-2017-15186 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-16840 =================================================================== --- files/patch-CVE-2017-16840 (revision 491303) +++ files/patch-CVE-2017-16840 (nonexistent) @@ -1,93 +0,0 @@ -From 519a54cc195b92fe6ba71fd156e31e944d862d7e Mon Sep 17 00:00:00 2001 -From: Rostislav Pehlivanov -Date: Wed, 8 Nov 2017 23:50:04 +0000 -Subject: [PATCH] vc2enc_dwt: pad the temporary buffer by the slice size - -Since non-Haar wavelets need to look into pixels outside the frame, we -need to pad the buffer. The old factor of two seemed to be a workaround -that fact and only padded to the left and bottom. This correctly pads -by the slice size and as such reduces memory usage and potential -exploits. -Reported by Liu Bingchang. - -Ideally, there should be no temporary buffer but the encoder is designed -to deinterleave the coefficients into the classical wavelet structure -with the lower frequency values in the top left corner. - -Signed-off-by: Rostislav Pehlivanov -(cherry picked from commit 3228ac730c11eca49d5680d5550128e397061c85) ---- - libavcodec/vc2enc.c | 3 ++- - libavcodec/vc2enc_dwt.c | 12 +++++++++--- - libavcodec/vc2enc_dwt.h | 4 +++- - 3 files changed, 14 insertions(+), 5 deletions(-) - -diff --git libavcodec/vc2enc.c libavcodec/vc2enc.c -index eda390163ff..745c6e974d5 100644 ---- external/FFmpeg/libavcodec/vc2enc.c -+++ external/FFmpeg/libavcodec/vc2enc.c -@@ -1190,7 +1190,8 @@ static av_cold int vc2_encode_init(AVCodecContext *avctx) - /* DWT init */ - if (ff_vc2enc_init_transforms(&s->transform_args[i].t, - s->plane[i].coef_stride, -- s->plane[i].dwt_height)) -+ s->plane[i].dwt_height, -+ s->slice_width, s->slice_height)) - goto alloc_fail; - } - -diff --git libavcodec/vc2enc_dwt.c libavcodec/vc2enc_dwt.c -index c60b003a313..d22af8a3138 100644 ---- external/FFmpeg/libavcodec/vc2enc_dwt.c -+++ external/FFmpeg/libavcodec/vc2enc_dwt.c -@@ -255,21 +255,27 @@ static void vc2_subband_dwt_haar_shift(VC2TransformContext *t, dwtcoef *data, - dwt_haar(t, data, stride, width, height, 1); - } - --av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_width, int p_height) -+av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_stride, -+ int p_height, int slice_w, int slice_h) - { - s->vc2_subband_dwt[VC2_TRANSFORM_9_7] = vc2_subband_dwt_97; - s->vc2_subband_dwt[VC2_TRANSFORM_5_3] = vc2_subband_dwt_53; - s->vc2_subband_dwt[VC2_TRANSFORM_HAAR] = vc2_subband_dwt_haar; - s->vc2_subband_dwt[VC2_TRANSFORM_HAAR_S] = vc2_subband_dwt_haar_shift; - -- s->buffer = av_malloc(2*p_width*p_height*sizeof(dwtcoef)); -+ /* Pad by the slice size, only matters for non-Haar wavelets */ -+ s->buffer = av_calloc((p_stride + slice_w)*(p_height + slice_h), sizeof(dwtcoef)); - if (!s->buffer) - return 1; - -+ s->padding = (slice_h >> 1)*p_stride + (slice_w >> 1); -+ s->buffer += s->padding; -+ - return 0; - } - - av_cold void ff_vc2enc_free_transforms(VC2TransformContext *s) - { -- av_freep(&s->buffer); -+ av_free(s->buffer - s->padding); -+ s->buffer = NULL; - } -diff --git libavcodec/vc2enc_dwt.h libavcodec/vc2enc_dwt.h -index 7fbbfbe0ed9..a6932bcdaf0 100644 ---- external/FFmpeg/libavcodec/vc2enc_dwt.h -+++ external/FFmpeg/libavcodec/vc2enc_dwt.h -@@ -41,12 +41,14 @@ enum VC2TransformType { - - typedef struct VC2TransformContext { - dwtcoef *buffer; -+ int padding; - void (*vc2_subband_dwt[VC2_TRANSFORMS_NB])(struct VC2TransformContext *t, - dwtcoef *data, ptrdiff_t stride, - int width, int height); - } VC2TransformContext; - --int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_width, int p_height); -+int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_stride, int p_height, -+ int slice_w, int slice_h); - void ff_vc2enc_free_transforms(VC2TransformContext *t); - - #endif /* AVCODEC_VC2ENC_DWT_H */ Property changes on: files/patch-CVE-2017-16840 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-17081a =================================================================== --- files/patch-CVE-2017-17081a (revision 491303) +++ files/patch-CVE-2017-17081a (nonexistent) @@ -1,28 +0,0 @@ -From b2c9771dd435fbce4f0a422bbdc16ecf7b243395 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Mon, 9 Oct 2017 00:32:30 +0200 -Subject: [PATCH] avcodec/mpeg_er: Clear mcsel in mpeg_er_decode_mb() - -Fixes out of array read -Should fix: 3516/clusterfuzz-testcase-minimized-4608518562775040 (not reprodoceable) - -Found-by: Insu Yun, Georgia Tech. -Signed-off-by: Michael Niedermayer -(cherry picked from commit 127a362630e11fe724e2e63fc871791fdcbcfa64) -Signed-off-by: Michael Niedermayer ---- - libavcodec/mpeg_er.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git libavcodec/mpeg_er.c libavcodec/mpeg_er.c -index dd87ae9cc9e..9bd269c4402 100644 ---- external/FFmpeg/libavcodec/mpeg_er.c -+++ external/FFmpeg/libavcodec/mpeg_er.c -@@ -71,6 +71,7 @@ static void mpeg_er_decode_mb(void *opaque, int ref, int mv_dir, int mv_type, - s->mb_skipped = mb_skipped; - s->mb_x = mb_x; - s->mb_y = mb_y; -+ s->mcsel = 0; - memcpy(s->mv, mv, sizeof(*mv)); - - ff_init_block_index(s); Property changes on: files/patch-CVE-2017-17081a ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2017-17081b =================================================================== --- files/patch-CVE-2017-17081b (revision 491303) +++ files/patch-CVE-2017-17081b (nonexistent) @@ -1,33 +0,0 @@ -From b51f515c5c837351f2104b43c0e2a0562a759086 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Mon, 13 Nov 2017 20:47:48 +0100 -Subject: [PATCH] avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu - -Fixes: out of array read -Fixes: 3516/attachment-311488.dat - -Found-by: Insu Yun, Georgia Tech. -Tested-by: wuninsu@gmail.com -Signed-off-by: Michael Niedermayer -(cherry picked from commit 58cf31cee7a456057f337b3102a03206d833d5e8) -Signed-off-by: Michael Niedermayer ---- - libavcodec/x86/mpegvideodsp.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git libavcodec/x86/mpegvideodsp.c libavcodec/x86/mpegvideodsp.c -index e0498f38496..6009b64e076 100644 ---- external/FFmpeg/libavcodec/x86/mpegvideodsp.c -+++ external/FFmpeg/libavcodec/x86/mpegvideodsp.c -@@ -52,8 +52,9 @@ static void gmc_mmx(uint8_t *dst, uint8_t *src, - const int dyh = (dyy - (1 << (16 + shift))) * (h - 1); - const int dxh = dxy * (h - 1); - const int dyw = dyx * (w - 1); -- int need_emu = (unsigned) ix >= width - w || -- (unsigned) iy >= height - h; -+ int need_emu = (unsigned) ix >= width - w || width < w || -+ (unsigned) iy >= height - h || height< h -+ ; - - if ( // non-constant fullpel offset (3% of blocks) - ((ox ^ (ox + dxw)) | (ox ^ (ox + dxh)) | (ox ^ (ox + dxw + dxh)) | Property changes on: files/patch-CVE-2017-17081b ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2018-6392 =================================================================== --- files/patch-CVE-2018-6392 (revision 491303) +++ files/patch-CVE-2018-6392 (nonexistent) @@ -1,44 +0,0 @@ -Fix for CVE-2018-6392 -https://security-tracker.debian.org/tracker/CVE-2018-6392 -https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5 -https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235 - ---- external/FFmpeg/libavfilter/vf_transpose.c.orig 2018-02-01 11:15:37 UTC -+++ external/FFmpeg/libavfilter/vf_transpose.c -@@ -27,6 +27,7 @@ - - #include - -+#include "libavutil/avassert.h" - #include "libavutil/imgutils.h" - #include "libavutil/internal.h" - #include "libavutil/intreadwrite.h" -@@ -54,6 +55,7 @@ enum TransposeDir { - typedef struct TransContext { - const AVClass *class; - int hsub, vsub; -+ int planes; - int pixsteps[4]; - - int passthrough; ///< PassthroughType, landscape passthrough mode enabled -@@ -106,7 +108,11 @@ static int config_props_output(AVFilterLink *outlink) - - s->hsub = desc_in->log2_chroma_w; - s->vsub = desc_in->log2_chroma_h; -+ s->planes = av_pix_fmt_count_planes(outlink->format); - -+ av_assert0(desc_in->nb_components == desc_out->nb_components); -+ -+ - av_image_fill_max_pixsteps(s->pixsteps, NULL, desc_out); - - outlink->w = inlink->h; -@@ -148,7 +154,7 @@ static int filter_slice(AVFilterContext *ctx, void *ar - AVFrame *in = td->in; - int plane; - -- for (plane = 0; out->data[plane]; plane++) { -+ for (plane = 0; plane < s->planes; plane++) { - int hsub = plane == 1 || plane == 2 ? s->hsub : 0; - int vsub = plane == 1 || plane == 2 ? s->vsub : 0; - int pixstep = s->pixsteps[plane]; Property changes on: files/patch-CVE-2018-6392 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-CVE-2018-6621 =================================================================== --- files/patch-CVE-2018-6621 (revision 491303) +++ files/patch-CVE-2018-6621 (nonexistent) @@ -1,15 +0,0 @@ -Fix for CVE-2018-6621 -https://security-tracker.debian.org/tracker/CVE-2018-6621 -https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b - ---- external/FFmpeg/libavcodec/utvideodec.c.orig 2018-03-01 05:12:04 UTC -+++ external/FFmpeg/libavcodec/utvideodec.c -@@ -534,7 +534,7 @@ static int decode_frame(AVCodecContext *avctx, void *d - for (j = 0; j < c->slices; j++) { - slice_end = bytestream2_get_le32u(&gb); - if (slice_end < 0 || slice_end < slice_start || -- bytestream2_get_bytes_left(&gb) < slice_end) { -+ bytestream2_get_bytes_left(&gb) < slice_end + 1024LL) { - av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n"); - return AVERROR_INVALIDDATA; - } Property changes on: files/patch-CVE-2018-6621 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-configure =================================================================== --- files/patch-configure (revision 491303) +++ files/patch-configure (working copy) @@ -41,12 +41,4 @@ } as_o(){ -@@ -8840,7 +8840,7 @@ INCDIR=\$(INSTALL_ROOT)$incdir - BINDIR=\$(INSTALL_ROOT)$bindir - DATADIR=\$(INSTALL_ROOT)$datadir - MANDIR=\$(INSTALL_ROOT)$mandir --CFLAGS=${CFLAGS} -DFF_API_OLD_DECODE_AUDIO=1 -w -+CFLAGS=${CFLAGS} -DFF_API_OLD_DECODE_AUDIO=1 -I${prefix}/include -w - endif # FFMPEG_CONFIG_MAK - EOF Index: files/patch-external_FFmpeg_configure =================================================================== --- files/patch-external_FFmpeg_configure (revision 491303) +++ files/patch-external_FFmpeg_configure (nonexistent) @@ -1,29 +0,0 @@ -Fix arch detection -Fix runtime crashes on i386: enforce stack-alignment=16 - ---- external/FFmpeg/configure.orig 2018-02-01 11:15:37 UTC -+++ external/FFmpeg/configure -@@ -3189,12 +3189,7 @@ target_os_default=$(tolower $(uname -s)) - host_os=$target_os_default - - # machine --if test "$target_os_default" = aix; then -- arch_default=$(uname -p) -- strip_default="strip -X32_64" --else -- arch_default=$(uname -m) --fi -+arch_default=$(uname -p) - cpu="generic" - intrinsics="none" - -@@ -6217,6 +6212,9 @@ elif enabled llvm_gcc; then - elif enabled clang; then - check_cflags -mllvm -stack-alignment=16 - check_cflags -mstack-alignment=16 -+ if enabled x86_32; then -+ check_cflags -mstackrealign -+ fi - check_cflags -Qunused-arguments - check_cflags -Werror=implicit-function-declaration - check_cflags -Werror=missing-prototypes Property changes on: files/patch-external_FFmpeg_configure ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-external_FFmpeg_libavformat_tls__openssl.c =================================================================== --- files/patch-external_FFmpeg_libavformat_tls__openssl.c (revision 491303) +++ files/patch-external_FFmpeg_libavformat_tls__openssl.c (nonexistent) @@ -1,58 +0,0 @@ -Fix build with libressl - ---- external/FFmpeg/libavformat/tls_openssl.c.orig 2018-02-01 11:15:37 UTC -+++ external/FFmpeg/libavformat/tls_openssl.c -@@ -43,7 +43,7 @@ typedef struct TLSContext { - TLSShared tls_shared; - SSL_CTX *ctx; - SSL *ssl; --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - BIO_METHOD* url_bio_method; - #endif - } TLSContext; -@@ -68,7 +68,7 @@ static unsigned long openssl_thread_id(void) - - static int url_bio_create(BIO *b) - { --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - BIO_set_init(b, 1); - BIO_set_data(b, NULL); - BIO_set_flags(b, 0); -@@ -85,7 +85,7 @@ static int url_bio_destroy(BIO *b) - return 1; - } - --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - #define GET_BIO_DATA(x) BIO_get_data(x); - #else - #define GET_BIO_DATA(x) (x)->ptr; -@@ -133,7 +133,7 @@ static int url_bio_bputs(BIO *b, const char *str) - return url_bio_bwrite(b, str, strlen(str)); - } - --#if OPENSSL_VERSION_NUMBER < 0x1010000fL -+#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) - static BIO_METHOD url_bio_method = { - .type = BIO_TYPE_SOURCE_SINK, - .name = "urlprotocol bio", -@@ -212,7 +212,7 @@ static int tls_close(URLContext *h) - SSL_CTX_free(c->ctx); - if (c->tls_shared.tcp) - ffurl_close(c->tls_shared.tcp); --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - if (c->url_bio_method) - BIO_meth_free(c->url_bio_method); - #endif -@@ -265,7 +265,7 @@ static int tls_open(URLContext *h, const char *uri, in - ret = AVERROR(EIO); - goto fail; - } --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio"); - BIO_meth_set_write(p->url_bio_method, url_bio_bwrite); - BIO_meth_set_read(p->url_bio_method, url_bio_bread); Property changes on: files/patch-external_FFmpeg_libavformat_tls__openssl.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-libs_libmythtv_dbcheck.cpp =================================================================== --- files/patch-libs_libmythtv_dbcheck.cpp (revision 491303) +++ files/patch-libs_libmythtv_dbcheck.cpp (nonexistent) @@ -1,64 +0,0 @@ -Database schema 1347 fails to update due to bad SQL statement -Ref: https://code.mythtv.org/trac/ticket/13155 - ---- libs/libmythtv/dbcheck.cpp.orig 2018-02-01 11:15:37 UTC -+++ libs/libmythtv/dbcheck.cpp -@@ -3340,25 +3340,24 @@ NULL - - if (dbver == "1346") - { -- QString master; -+ QList updates_ba; - // Create new MasterServerName setting - if (gCoreContext->IsMasterHost()) -- master = -- "insert into settings (value,data,hostname) " -- "values('MasterServerName','" -- + gCoreContext->GetHostName() + "', null);"; -+ updates_ba.push_back( -+ QString("INSERT INTO settings (value, data, hostname) " -+ "VALUES ('MasterServerName', '%1', NULL);") -+ .arg(gCoreContext->GetHostName()).toLocal8Bit()); - else -- master = -- "insert into settings (value,data,hostname) " -- "select 'MasterServerName', b.hostname, null " -- "from settings a, settings b " -- "where a.value = 'MasterServerIP' " -- "and b.value in ('BackendServerIP','BackendServerIP6')" -- "and a.data = b.data;"; -+ updates_ba.push_back( -+ QString("INSERT INTO settings (value,data,hostname) " -+ "SELECT 'MasterServerName', b.hostname, NULL " -+ "FROM settings a, settings b " -+ "WHERE a.value = 'MasterServerIP' " -+ "AND b.value IN ('BackendServerIP','BackendServerIP6')" -+ "AND a.data = b.data;") -+ .toLocal8Bit()); - -- const char *updates[] = { -- // Create new MasterServerName setting -- master.toLocal8Bit().constData(), -+ const char *post_sql[] = { - // Create new BackendServerAddr setting for each backend server - // Assume using IPV4 value. - "insert into settings (value,data,hostname) " -@@ -3385,8 +3384,17 @@ NULL - // Delete obsolete settings - "delete from settings " - "where value in ('WatchTVGuide');", -- NULL - }; -+ -+ for (uint i = 0; i < sizeof(post_sql)/sizeof(char*); i++) -+ updates_ba.push_back(QByteArray(post_sql[i])); -+ -+ // Convert update ByteArrays to NULL terminated char** -+ QList::const_iterator it = updates_ba.begin(); -+ vector updates; -+ for (; it != updates_ba.end(); ++it) -+ updates.push_back((*it).constData()); -+ updates.push_back(NULL); - - if (!performActualUpdate(&updates[0], "1347", dbver)) - return false; Property changes on: files/patch-libs_libmythtv_dbcheck.cpp ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-libs_libmythtv_videodev2.h =================================================================== --- files/patch-libs_libmythtv_videodev2.h (nonexistent) +++ files/patch-libs_libmythtv_videodev2.h (working copy) @@ -0,0 +1,34 @@ +--- libs/libmythtv/videodev2.h.orig 2018-01-11 12:39:22 UTC ++++ libs/libmythtv/videodev2.h +@@ -60,6 +60,32 @@ + #ifdef __FreeBSD__ + #include // For __[us][0-9]+ types ++#ifndef __u64 ++typedef uint64_t __u64; ++#endif ++#ifndef __u32 ++typedef uint32_t __u32; ++#endif ++#ifndef __u16 ++typedef uint16_t __u16; ++#endif ++#ifndef __u8 ++typedef uint8_t __u8; ++#endif ++ ++#ifndef __s64 ++typedef int64_t __s64; ++#endif ++#ifndef __s32 ++typedef int32_t __s32; ++#endif ++#ifndef __s16 ++typedef int16_t __s16; ++#endif ++#ifndef __s8 ++typedef int8_t __s8; ++#endif ++ + #define __le64 __u64 + #define __le32 __u32 + #define __le16 __u16 Property changes on: files/patch-libs_libmythtv_videodev2.h ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/patch-libs_libmythui_mythpainter.cpp =================================================================== --- files/patch-libs_libmythui_mythpainter.cpp (revision 491303) +++ files/patch-libs_libmythui_mythpainter.cpp (nonexistent) @@ -1,10 +0,0 @@ ---- libs/libmythui/mythpainter.cpp.orig 2018-01-11 12:39:22 UTC -+++ libs/libmythui/mythpainter.cpp -@@ -1,6 +1,7 @@ - #include - #include - #include -+#include - - // QT headers - #include Property changes on: files/patch-libs_libmythui_mythpainter.cpp ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: files/patch-libs_libmythui_mythrender__vdpau.h =================================================================== --- files/patch-libs_libmythui_mythrender__vdpau.h (revision 491303) +++ files/patch-libs_libmythui_mythrender__vdpau.h (nonexistent) @@ -1,10 +0,0 @@ ---- libs/libmythui/mythrender_vdpau.h.orig 2018-01-27 11:25:49 UTC -+++ libs/libmythui/mythrender_vdpau.h -@@ -12,6 +12,7 @@ - - extern "C" { - #include "libavcodec/vdpau.h" -+#include - } - - #define MIN_OUTPUT_SURFACES 2 // UI Property changes on: files/patch-libs_libmythui_mythrender__vdpau.h ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: pkg-plist =================================================================== --- pkg-plist (revision 491303) +++ pkg-plist (working copy) @@ -2,19 +2,18 @@ bin/mythbackend bin/mythccextractor bin/mythcommflag +bin/mythexternrecorder bin/mythffmpeg bin/mythffprobe -bin/mythffserver bin/mythfilerecorder bin/mythfilldatabase bin/mythfrontend -bin/mythhdhomerun_config bin/mythjobqueue bin/mythlcdserver bin/mythmediaserver bin/mythmetadatalookup bin/mythpreviewgen -%%BINDINGS%%bin/mythpython +bin/mythpython bin/mythreplex bin/mythscreenwizard bin/mythshutdown @@ -22,7 +21,7 @@ bin/mythtv-setup bin/mythutil bin/mythwelcome -%%BINDINGS%%bin/mythwikiscripts +bin/mythwikiscripts include/mythtv/audioconvert.h include/mythtv/audiooutput.h include/mythtv/audiooutputsettings.h @@ -30,40 +29,6 @@ include/mythtv/audiosettings.h include/mythtv/autodeletedeque.h include/mythtv/blockinput.h -include/mythtv/bluray/array.h -include/mythtv/bluray/attributes.h -include/mythtv/bluray/bdid_parse.h -include/mythtv/bluray/bdparse.h -include/mythtv/bluray/bits.h -include/mythtv/bluray/bluray.h -include/mythtv/bluray/clpi_data.h -include/mythtv/bluray/clpi_parse.h -include/mythtv/bluray/dirs.h -include/mythtv/bluray/dl.h -include/mythtv/bluray/event_queue.h -include/mythtv/bluray/extdata_parse.h -include/mythtv/bluray/file.h -include/mythtv/bluray/filesystem.h -include/mythtv/bluray/hdmv_insn.h -include/mythtv/bluray/hdmv_vm.h -include/mythtv/bluray/index_parse.h -include/mythtv/bluray/log_control.h -include/mythtv/bluray/logging.h -include/mythtv/bluray/macro.h -include/mythtv/bluray/meta_data.h -include/mythtv/bluray/meta_parse.h -include/mythtv/bluray/mobj_data.h -include/mythtv/bluray/mobj_parse.h -include/mythtv/bluray/mobj_print.h -include/mythtv/bluray/mount.h -include/mythtv/bluray/mpls_parse.h -include/mythtv/bluray/mutex.h -include/mythtv/bluray/navigation.h -include/mythtv/bluray/refcnt.h -include/mythtv/bluray/sound_parse.h -include/mythtv/bluray/strutl.h -include/mythtv/bluray/time.h -include/mythtv/bluray/uo_mask_table.h include/mythtv/bonjourregister.h include/mythtv/bswap.h include/mythtv/compat.h @@ -81,11 +46,25 @@ include/mythtv/exitcodes.h include/mythtv/ffmpeg-mmx.h include/mythtv/filesysteminfo.h +include/mythtv/goom/drawmethods.h +include/mythtv/goom/filters.h +include/mythtv/goom/goom_core.h +include/mythtv/goom/goom_tools.h +include/mythtv/goom/goomconfig.h +include/mythtv/goom/graphic.h +include/mythtv/goom/ifs.h +include/mythtv/goom/lines.h +include/mythtv/goom/mathtools.h +include/mythtv/goom/mmx.h +include/mythtv/goom/tentacle3d.h +include/mythtv/goom/v3d.h include/mythtv/hardwareprofile.h include/mythtv/iso3166.h include/mythtv/iso639.h include/mythtv/langsettings.h include/mythtv/lcddevice.h +include/mythtv/libavcodec/ac3_parser.h +include/mythtv/libavcodec/adts_parser.h include/mythtv/libavcodec/avcodec.h include/mythtv/libavcodec/avdct.h include/mythtv/libavcodec/avfft.h @@ -97,7 +76,6 @@ include/mythtv/libavcodec/mediacodec.h include/mythtv/libavcodec/qsv.h include/mythtv/libavcodec/vaapi.h -include/mythtv/libavcodec/vda.h include/mythtv/libavcodec/vdpau.h include/mythtv/libavcodec/version.h include/mythtv/libavcodec/videotoolbox.h @@ -106,7 +84,6 @@ include/mythtv/libavdevice/avdevice.h include/mythtv/libavdevice/version.h include/mythtv/libavfilter/avfilter.h -include/mythtv/libavfilter/avfiltergraph.h include/mythtv/libavfilter/buffersink.h include/mythtv/libavfilter/buffersrc.h include/mythtv/libavfilter/version.h @@ -137,6 +114,7 @@ include/mythtv/libavutil/dict.h include/mythtv/libavutil/display.h include/mythtv/libavutil/downmix_info.h +include/mythtv/libavutil/encryption_info.h include/mythtv/libavutil/error.h include/mythtv/libavutil/eval.h include/mythtv/libavutil/ffversion.h @@ -147,10 +125,14 @@ include/mythtv/libavutil/hmac.h include/mythtv/libavutil/hwcontext.h include/mythtv/libavutil/hwcontext_cuda.h +include/mythtv/libavutil/hwcontext_d3d11va.h +include/mythtv/libavutil/hwcontext_drm.h include/mythtv/libavutil/hwcontext_dxva2.h +include/mythtv/libavutil/hwcontext_mediacodec.h include/mythtv/libavutil/hwcontext_qsv.h include/mythtv/libavutil/hwcontext_vaapi.h include/mythtv/libavutil/hwcontext_vdpau.h +include/mythtv/libavutil/hwcontext_videotoolbox.h include/mythtv/libavutil/imgutils.h include/mythtv/libavutil/intfloat.h include/mythtv/libavutil/intreadwrite.h @@ -177,6 +159,7 @@ include/mythtv/libavutil/samplefmt.h include/mythtv/libavutil/sha.h include/mythtv/libavutil/sha512.h +include/mythtv/libavutil/spherical.h include/mythtv/libavutil/stereo3d.h include/mythtv/libavutil/tea.h include/mythtv/libavutil/threadmessage.h @@ -195,8 +178,6 @@ include/mythtv/libmyth/dialogbox.h include/mythtv/libmyth/eldutils.h include/mythtv/libmyth/langsettings.h -include/mythtv/libmyth/mythconfigdialogs.h -include/mythtv/libmyth/mythconfiggroups.h include/mythtv/libmyth/mythcontext.h include/mythtv/libmyth/mythdialogs.h include/mythtv/libmyth/mythexp.h @@ -214,7 +195,6 @@ include/mythtv/libmyth/remoteutil.h include/mythtv/libmyth/rssparse.h include/mythtv/libmyth/schemawizard.h -include/mythtv/libmyth/settings.h include/mythtv/libmyth/standardsettings.h include/mythtv/libmyth/storagegroupeditor.h include/mythtv/libmyth/visual.h @@ -261,6 +241,7 @@ include/mythtv/libmythbase/mythsingledownload.h include/mythtv/libmythbase/mythsocket.h include/mythtv/libmythbase/mythsocket_cb.h +include/mythtv/libmythbase/mythsorthelper.h include/mythtv/libmythbase/mythstorage.h include/mythtv/libmythbase/mythsystem.h include/mythtv/libmythbase/mythsystemlegacy.h @@ -440,7 +421,6 @@ include/mythtv/metadata/videoscan.h include/mythtv/metadata/videoutils.h include/mythtv/metadataimagehelper.h -include/mythtv/minilzo.h include/mythtv/mpeg2dec/mpeg2.h include/mythtv/mthread.h include/mythtv/mthreadpool.h @@ -450,8 +430,6 @@ include/mythtv/mythcommandlineparser.h include/mythtv/mythconfig.h include/mythtv/mythconfig.mak -include/mythtv/mythconfigdialogs.h -include/mythtv/mythconfiggroups.h include/mythtv/mythcontext.h include/mythtv/mythcorecontext.h include/mythtv/mythcoreutil.h @@ -480,6 +458,7 @@ include/mythtv/mythsingledownload.h include/mythtv/mythsocket.h include/mythtv/mythsocket_cb.h +include/mythtv/mythsorthelper.h include/mythtv/mythstorage.h include/mythtv/mythsystem.h include/mythtv/mythsystemlegacy.h @@ -504,10 +483,8 @@ include/mythtv/remotefile.h include/mythtv/remoteutil.h include/mythtv/rssparse.h -include/mythtv/samplerate.h include/mythtv/schemawizard.h include/mythtv/serverpool.h -include/mythtv/settings.h include/mythtv/signalhandling.h include/mythtv/standardsettings.h include/mythtv/storagegroup.h @@ -550,70 +527,66 @@ include/mythtv/version.h include/mythtv/visual.h include/mythtv/volumebase.h -lib/libmyth-29.so -lib/libmyth-29.so.29 -lib/libmyth-29.so.29.0 -lib/libmyth-29.so.29.0.0 +lib/libmyth-30.so +lib/libmyth-30.so.30 +lib/libmyth-30.so.30.0 +lib/libmyth-30.so.30.0.0 lib/libmythavcodec.so -lib/libmythavcodec.so.57 -lib/libmythavcodec.so.57.64.100 +lib/libmythavcodec.so.58 +lib/libmythavcodec.so.58.18.100 lib/libmythavdevice.so -lib/libmythavdevice.so.57 -lib/libmythavdevice.so.57.1.100 +lib/libmythavdevice.so.58 +lib/libmythavdevice.so.58.3.100 lib/libmythavfilter.so -lib/libmythavfilter.so.6 -lib/libmythavfilter.so.6.65.100 +lib/libmythavfilter.so.7 +lib/libmythavfilter.so.7.16.100 lib/libmythavformat.so -lib/libmythavformat.so.57 -lib/libmythavformat.so.57.56.100 +lib/libmythavformat.so.58 +lib/libmythavformat.so.58.12.100 lib/libmythavutil.so -lib/libmythavutil.so.55 -lib/libmythavutil.so.55.34.100 -lib/libmythbase-29.so -lib/libmythbase-29.so.29 -lib/libmythbase-29.so.29.0 -lib/libmythbase-29.so.29.0.0 -lib/libmythfreemheg-29.so -lib/libmythfreemheg-29.so.29 -lib/libmythfreemheg-29.so.29.0 -lib/libmythfreemheg-29.so.29.0.0 -lib/libmythhdhomerun-29.so -lib/libmythhdhomerun-29.so.29 -lib/libmythhdhomerun-29.so.29.0 -lib/libmythhdhomerun-29.so.29.0.0 -lib/libmythmetadata-29.so -lib/libmythmetadata-29.so.29 -lib/libmythmetadata-29.so.29.0 -lib/libmythmetadata-29.so.29.0.0 +lib/libmythavutil.so.56 +lib/libmythavutil.so.56.14.100 +lib/libmythbase-30.so +lib/libmythbase-30.so.30 +lib/libmythbase-30.so.30.0 +lib/libmythbase-30.so.30.0.0 +lib/libmythfreemheg-30.so +lib/libmythfreemheg-30.so.30 +lib/libmythfreemheg-30.so.30.0 +lib/libmythfreemheg-30.so.30.0.0 +lib/libmythmetadata-30.so +lib/libmythmetadata-30.so.30 +lib/libmythmetadata-30.so.30.0 +lib/libmythmetadata-30.so.30.0.0 lib/libmythpostproc.so -lib/libmythpostproc.so.54 -lib/libmythpostproc.so.54.1.100 -lib/libmythprotoserver-29.so -lib/libmythprotoserver-29.so.29 -lib/libmythprotoserver-29.so.29.0 -lib/libmythprotoserver-29.so.29.0.0 -lib/libmythservicecontracts-29.so -lib/libmythservicecontracts-29.so.29 -lib/libmythservicecontracts-29.so.29.0 -lib/libmythservicecontracts-29.so.29.0.0 +lib/libmythpostproc.so.55 +lib/libmythpostproc.so.55.1.100 +lib/libmythprotoserver-30.so +lib/libmythprotoserver-30.so.30 +lib/libmythprotoserver-30.so.30.0 +lib/libmythprotoserver-30.so.30.0.0 +lib/libmythservicecontracts-30.so +lib/libmythservicecontracts-30.so.30 +lib/libmythservicecontracts-30.so.30.0 +lib/libmythservicecontracts-30.so.30.0.0 lib/libmythswresample.so -lib/libmythswresample.so.2 -lib/libmythswresample.so.2.3.100 +lib/libmythswresample.so.3 +lib/libmythswresample.so.3.1.100 lib/libmythswscale.so -lib/libmythswscale.so.4 -lib/libmythswscale.so.4.2.100 -lib/libmythtv-29.so -lib/libmythtv-29.so.29 -lib/libmythtv-29.so.29.0 -lib/libmythtv-29.so.29.0.0 -lib/libmythui-29.so -lib/libmythui-29.so.29 -lib/libmythui-29.so.29.0 -lib/libmythui-29.so.29.0.0 -lib/libmythupnp-29.so -lib/libmythupnp-29.so.29 -lib/libmythupnp-29.so.29.0 -lib/libmythupnp-29.so.29.0.0 +lib/libmythswscale.so.5 +lib/libmythswscale.so.5.1.100 +lib/libmythtv-30.so +lib/libmythtv-30.so.30 +lib/libmythtv-30.so.30.0 +lib/libmythtv-30.so.30.0.0 +lib/libmythui-30.so +lib/libmythui-30.so.30 +lib/libmythui-30.so.30.0 +lib/libmythui-30.so.30.0.0 +lib/libmythupnp-30.so +lib/libmythupnp-30.so.30 +lib/libmythupnp-30.so.30.0 +lib/libmythupnp-30.so.30.0.0 lib/mythtv/filters/libadjust.so lib/mythtv/filters/libbobdeint.so lib/mythtv/filters/libcrop.so @@ -630,104 +603,112 @@ lib/mythtv/filters/libquickdnr.so lib/mythtv/filters/libvflip.so lib/mythtv/filters/libyadif.so -%%BINDINGS%%%%SITE_PERL%%/IO/Socket/INET/MythTV.pm -%%BINDINGS%%%%SITE_PERL%%/MythTV.pm -%%BINDINGS%%%%SITE_PERL%%/MythTV/Channel.pm -%%BINDINGS%%%%SITE_PERL%%/MythTV/Program.pm -%%BINDINGS%%%%SITE_PERL%%/MythTV/Recording.pm -%%BINDINGS%%%%SITE_PERL%%/MythTV/StorageGroup.pm -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV-0.28._1-py%%PYTHON_VER%%.egg-info -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/__init__.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/__init__.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/altdict.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/altdict.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/connections.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/connections.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/database.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/database.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/dataheap.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/dataheap.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/exceptions.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/exceptions.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/logging.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/logging.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/methodheap.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/methodheap.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/msearch.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/msearch.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/mythproto.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/mythproto.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/static.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/static.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/system.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/system.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbCollection.xsl -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbQuery.xsl -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbVideo.xsl -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/other.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/other.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.pyc -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.py -%%BINDINGS%%%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.pyc +%%SITE_PERL%%/IO/Socket/INET/MythTV.pm +%%SITE_PERL%%/MythTV.pm +%%SITE_PERL%%/MythTV/Channel.pm +%%SITE_PERL%%/MythTV/Program.pm +%%SITE_PERL%%/MythTV/Recording.pm +%%SITE_PERL%%/MythTV/StorageGroup.pm +%%PYTHON_SITELIBDIR%%/MythTV-30.0._1-py%%PYTHON_VER%%.egg-info +%%PYTHON_SITELIBDIR%%/MythTV/__init__.py +%%PYTHON_SITELIBDIR%%/MythTV/__init__.pyc +%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.py +%%PYTHON_SITELIBDIR%%/MythTV/_conn_mysqldb.pyc +%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.py +%%PYTHON_SITELIBDIR%%/MythTV/_conn_oursql.pyc +%%PYTHON_SITELIBDIR%%/MythTV/altdict.py +%%PYTHON_SITELIBDIR%%/MythTV/altdict.pyc +%%PYTHON_SITELIBDIR%%/MythTV/connections.py +%%PYTHON_SITELIBDIR%%/MythTV/connections.pyc +%%PYTHON_SITELIBDIR%%/MythTV/database.py +%%PYTHON_SITELIBDIR%%/MythTV/database.pyc +%%PYTHON_SITELIBDIR%%/MythTV/dataheap.py +%%PYTHON_SITELIBDIR%%/MythTV/dataheap.pyc +%%PYTHON_SITELIBDIR%%/MythTV/exceptions.py +%%PYTHON_SITELIBDIR%%/MythTV/exceptions.pyc +%%PYTHON_SITELIBDIR%%/MythTV/logging.py +%%PYTHON_SITELIBDIR%%/MythTV/logging.pyc +%%PYTHON_SITELIBDIR%%/MythTV/methodheap.py +%%PYTHON_SITELIBDIR%%/MythTV/methodheap.pyc +%%PYTHON_SITELIBDIR%%/MythTV/msearch.py +%%PYTHON_SITELIBDIR%%/MythTV/msearch.pyc +%%PYTHON_SITELIBDIR%%/MythTV/mythproto.py +%%PYTHON_SITELIBDIR%%/MythTV/mythproto.pyc +%%PYTHON_SITELIBDIR%%/MythTV/services_api/__init__.py +%%PYTHON_SITELIBDIR%%/MythTV/services_api/__init__.pyc +%%PYTHON_SITELIBDIR%%/MythTV/services_api/_version.py +%%PYTHON_SITELIBDIR%%/MythTV/services_api/_version.pyc +%%PYTHON_SITELIBDIR%%/MythTV/services_api/send.py +%%PYTHON_SITELIBDIR%%/MythTV/services_api/send.pyc +%%PYTHON_SITELIBDIR%%/MythTV/services_api/utilities.py +%%PYTHON_SITELIBDIR%%/MythTV/services_api/utilities.pyc +%%PYTHON_SITELIBDIR%%/MythTV/static.py +%%PYTHON_SITELIBDIR%%/MythTV/static.pyc +%%PYTHON_SITELIBDIR%%/MythTV/system.py +%%PYTHON_SITELIBDIR%%/MythTV/system.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/__init__.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_engine.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_file.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/cache_null.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/locales.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/pager.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/request.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_api.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_auth.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/tmdb_exceptions.pyc +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.py +%%PYTHON_SITELIBDIR%%/MythTV/tmdb3/util.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbCollection.xsl +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbQuery.xsl +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/XSLT/tvdbVideo.xsl +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/__init__.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/requests_cache_compatability.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdbXslt.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_api.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_create_key.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_exceptions.pyc +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.py +%%PYTHON_SITELIBDIR%%/MythTV/ttvdb/tvdb_ui.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/__init__.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/altdict.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/dequebuffer.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/dicttoxml.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/dt.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/enum.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/mixin.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/other.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/other.pyc +%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.py +%%PYTHON_SITELIBDIR%%/MythTV/utility/singleton.pyc +%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.py +%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/__init__.pyc +%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.py +%%PYTHON_SITELIBDIR%%/MythTV/wikiscripts/wikiscripts.pyc %%DATADIR%%/CDS_scpd.xml %%DATADIR%%/CMGR_scpd.xml %%DATADIR%%/MFEXML_scpd.xml @@ -1251,7 +1232,6 @@ %%DATADIR%%/metadata/Music/lyrics/filelyrics.py %%DATADIR%%/metadata/Music/lyrics/genius.py %%DATADIR%%/metadata/Music/lyrics/gomaudio.py -%%DATADIR%%/metadata/Music/lyrics/letssingit.py %%DATADIR%%/metadata/Music/lyrics/lyricscom.py %%DATADIR%%/metadata/Music/lyrics/lyricsmode.py %%DATADIR%%/metadata/Music/lyrics/lyricswiki.py @@ -1314,7 +1294,6 @@ %%DATADIR%%/themes/MythCenter-wide/osd/tv.png %%DATADIR%%/themes/MythCenter-wide/osd/video.png %%DATADIR%%/themes/MythCenter-wide/preview.png -%%DATADIR%%/themes/MythCenter-wide/qtlook.txt %%DATADIR%%/themes/MythCenter-wide/recordings-ui.xml %%DATADIR%%/themes/MythCenter-wide/schedule-ui.xml %%DATADIR%%/themes/MythCenter-wide/settings-ui.xml @@ -1427,7 +1406,6 @@ %%DATADIR%%/themes/MythCenter/osd/tv.png %%DATADIR%%/themes/MythCenter/osd/video.png %%DATADIR%%/themes/MythCenter/preview.png -%%DATADIR%%/themes/MythCenter/qtlook.txt %%DATADIR%%/themes/MythCenter/recordings-ui.xml %%DATADIR%%/themes/MythCenter/schedule-ui.xml %%DATADIR%%/themes/MythCenter/status-ui.xml @@ -1599,7 +1577,6 @@ %%DATADIR%%/themes/Terra/popups/selected_submenu_arrow.png %%DATADIR%%/themes/Terra/popups/submenu_arrow.png %%DATADIR%%/themes/Terra/preview.png -%%DATADIR%%/themes/Terra/qtlook.txt %%DATADIR%%/themes/Terra/recordings-ui.xml %%DATADIR%%/themes/Terra/recordings/filterlist_background.png %%DATADIR%%/themes/Terra/recordings/flagging_1.png @@ -1817,6 +1794,7 @@ %%DATADIR%%/themes/default-wide/video-ui.xml %%DATADIR%%/themes/default-wide/welcome-ui.xml %%DATADIR%%/themes/default/appear-ui.xml +%%DATADIR%%/themes/default/aspect_button.png %%DATADIR%%/themes/default/autoexpire.png %%DATADIR%%/themes/default/avchd.png %%DATADIR%%/themes/default/background.png @@ -1828,6 +1806,7 @@ %%DATADIR%%/themes/default/blankbutton_on.png %%DATADIR%%/themes/default/blankbutton_pushed.png %%DATADIR%%/themes/default/bookmark.png +%%DATADIR%%/themes/default/bookmark_button.png %%DATADIR%%/themes/default/bottomright.png %%DATADIR%%/themes/default/busyimages/0.png %%DATADIR%%/themes/default/busyimages/1.png @@ -1859,6 +1838,7 @@ %%DATADIR%%/themes/default/button_selected_background.png %%DATADIR%%/themes/default/categories.xml %%DATADIR%%/themes/default/cc.png +%%DATADIR%%/themes/default/cc_button.png %%DATADIR%%/themes/default/check.png %%DATADIR%%/themes/default/checkbox_background_off.png %%DATADIR%%/themes/default/checkbox_background_selected.png @@ -1876,6 +1856,8 @@ %%DATADIR%%/themes/default/cursor.png %%DATADIR%%/themes/default/cutlist.png %%DATADIR%%/themes/default/damaged.png +%%DATADIR%%/themes/default/dbl_left_arrow_button.png +%%DATADIR%%/themes/default/dbl_right_arrow_button.png %%DATADIR%%/themes/default/dd.png %%DATADIR%%/themes/default/def-ro-lines.png %%DATADIR%%/themes/default/down_arrow.png @@ -1887,6 +1869,8 @@ %%DATADIR%%/themes/default/dummy720x576p25.00.ts %%DATADIR%%/themes/default/dummy768x576p50.00.ts %%DATADIR%%/themes/default/error.png +%%DATADIR%%/themes/default/ff_button.png +%%DATADIR%%/themes/default/fill_button.png %%DATADIR%%/themes/default/filler.png %%DATADIR%%/themes/default/galleryfolder.png %%DATADIR%%/themes/default/gg-arrow-down.png @@ -1910,6 +1894,9 @@ %%DATADIR%%/themes/default/htmls/progdetails_page1.html %%DATADIR%%/themes/default/htmls/progdetails_page2.html %%DATADIR%%/themes/default/image-ui.xml +%%DATADIR%%/themes/default/info_button.png +%%DATADIR%%/themes/default/jump_bookmark_button.png +%%DATADIR%%/themes/default/jump_start_button.png %%DATADIR%%/themes/default/keyboard/ar.xml %%DATADIR%%/themes/default/keyboard/da.xml %%DATADIR%%/themes/default/keyboard/de.xml @@ -1975,6 +1962,7 @@ %%DATADIR%%/themes/default/lb-uparrow-reg.png %%DATADIR%%/themes/default/lb-uparrow-sel.png %%DATADIR%%/themes/default/left_arrow.png +%%DATADIR%%/themes/default/left_arrow_button.png %%DATADIR%%/themes/default/leftarrow.png %%DATADIR%%/themes/default/leftright_off.png %%DATADIR%%/themes/default/leftright_on.png @@ -2227,12 +2215,15 @@ %%DATADIR%%/themes/default/locale/zw.png %%DATADIR%%/themes/default/md_progress_background.png %%DATADIR%%/themes/default/md_rip_banner.png +%%DATADIR%%/themes/default/menu_button.png %%DATADIR%%/themes/default/menu_cutlist.xml %%DATADIR%%/themes/default/menu_cutlist_compact.xml %%DATADIR%%/themes/default/menu_playback.xml %%DATADIR%%/themes/default/menu_playback_compact.xml %%DATADIR%%/themes/default/mono.png +%%DATADIR%%/themes/default/more_button.png %%DATADIR%%/themes/default/musicscanner.png +%%DATADIR%%/themes/default/muted_button.png %%DATADIR%%/themes/default/mv_browse_background.png %%DATADIR%%/themes/default/mv_browse_selector.png %%DATADIR%%/themes/default/mv_filerequest.png @@ -2251,6 +2242,7 @@ %%DATADIR%%/themes/default/notification-ui.xml %%DATADIR%%/themes/default/osd.xml %%DATADIR%%/themes/default/osd_subtitle.xml +%%DATADIR%%/themes/default/pause_button.png %%DATADIR%%/themes/default/pd-background.png %%DATADIR%%/themes/default/pf-background.png %%DATADIR%%/themes/default/pf-lines.png @@ -2259,6 +2251,7 @@ %%DATADIR%%/themes/default/pf-sel3.png %%DATADIR%%/themes/default/pf-top.png %%DATADIR%%/themes/default/pf-topbackground.png +%%DATADIR%%/themes/default/play_button.png %%DATADIR%%/themes/default/playlist_yes.png %%DATADIR%%/themes/default/preview.png %%DATADIR%%/themes/default/processing.png @@ -2267,7 +2260,9 @@ %%DATADIR%%/themes/default/progressbar_fill2.png %%DATADIR%%/themes/default/reclist_background.png %%DATADIR%%/themes/default/recordings-ui.xml +%%DATADIR%%/themes/default/rew_button.png %%DATADIR%%/themes/default/right_arrow.png +%%DATADIR%%/themes/default/right_arrow_button.png %%DATADIR%%/themes/default/rightarrow.png %%DATADIR%%/themes/default/rk-background.png %%DATADIR%%/themes/default/rk-lines.png @@ -2312,6 +2307,7 @@ %%DATADIR%%/themes/default/status-bar.png %%DATADIR%%/themes/default/status-ui.xml %%DATADIR%%/themes/default/stereo.png +%%DATADIR%%/themes/default/stop_button.png %%DATADIR%%/themes/default/subs.png %%DATADIR%%/themes/default/subs_onscreen.png %%DATADIR%%/themes/default/surround.png @@ -2326,6 +2322,7 @@ %%DATADIR%%/themes/default/trans-sr-background.png %%DATADIR%%/themes/default/unchecked.png %%DATADIR%%/themes/default/unchecked_high.png +%%DATADIR%%/themes/default/unmuted_button.png %%DATADIR%%/themes/default/up_arrow.png %%DATADIR%%/themes/default/uparrow.png %%DATADIR%%/themes/default/very_wide_button_background.png