* Tue Aug 13 2013 Julian Sikorski <belegdol@fedoraproject.org> - 1.1-13.20130811svn

- 20130811 snapshot
12 years ago · 0c00d403df
parent 121a37546e
commit 0c00d403df
4 changed files with 7 additions and 159 deletions
--- a/mplayer-asx-parser.patch
+++ b/mplayer-asx-parser.patch
@ -1,111 +0,0 @@
 Index: asxparser.c
 ===================================================================
 --- asxparser.c	(wersja 36241)
 +++ asxparser.c	(wersja 36242)
@@ -388,7 +388,7 @@
 static void
 asx_parse_param(ASX_Parser_t* parser, char** attribs, play_tree_t* pt) {
 -  char *name,*val;
 +  char *name = NULL,*val = NULL;
   name = asx_get_attrib("NAME",attribs);
   if(!name) {
@@ -402,9 +402,11 @@
       mp_msg(MSGT_PLAYTREE,MSGL_WARN,"=%s\n",val);
     else
       mp_msg(MSGT_PLAYTREE,MSGL_WARN,"\n");
 -    return;
 +    goto err_out;
   }
 -  play_tree_set_param(pt,name,val);
 +  mp_msg(MSGT_PLAYTREE, MSGL_ERR, "Support for specifying parameters in playlists has been disabled.\n");
 +//  play_tree_set_param(pt,name,val);
 +err_out:
   free(name);
   free(val);
 }
 Index: DOCS/man/en/mplayer.1
 ===================================================================
 --- DOCS/man/en/mplayer.1	(wersja 36241)
 +++ DOCS/man/en/mplayer.1	(wersja 36242)
@@ -1259,6 +1259,15 @@
 Play files according to a playlist file (ASX, Winamp, SMIL, or
 one-file-per-line format).
 .br
 +.I WARNING:
 +The way MPlayer parses and uses playlist files is not safe against
 +maliciously constructed files.
 +Such files may trigger harmful actions.
 +This has been the case for all MPlayer versions, but unfortunately this
 +fact was not well documented earlier, and some people have even misguidedly
 +recommended use of -playlist with untrusted sources.
 +Do NOT use -playlist with random internet sources or files you don't trust!
 +.br
 .I NOTE:
 This option is considered an entry so options found after it will apply
 only to the elements of this playlist.
@@ -1266,6 +1275,13 @@
 FIXME: This needs to be clarified and documented thoroughly.
 .
 .TP
 +.B \-allow-dangerous-playlist-parsing
 +This enables parsing any file as a playlist if e.g. a server advertises
 +a file as playlist.
 +Only enable if you know all servers involved are trustworthy.
 +MPlayer's playlist code is not designed to handle malicious playlist files.
 +.
 +.TP
 .B \-rtc\-device <device>
 Use the specified device for RTC timing.
 .
 Index: mplayer.c
 ===================================================================
 --- mplayer.c	(wersja 36241)
 +++ mplayer.c	(wersja 36242)
@@ -328,6 +328,8 @@
 static int crash_debug;
 #endif
 +static int allow_playlist_parsing;
 +
 /* This header requires all the global variable declarations. */
 #include "cfg-mplayer.h"
@@ -3234,8 +3236,12 @@
         current_module = "handle_playlist";
         mp_msg(MSGT_CPLAYER, MSGL_V, "Parsing playlist %s...\n",
                filename_recode(filename));
 -        entry      = parse_playtree(mpctx->stream, use_gui);
 -        mpctx->eof = playtree_add_playlist(entry);
 +        if (allow_playlist_parsing) {
 +            entry      = parse_playtree(mpctx->stream, use_gui);
 +            mpctx->eof = playtree_add_playlist(entry);
 +        } else {
 +            mp_msg(MSGT_CPLAYER, MSGL_ERR, "Playlist parsing disabled for security reasons. Ignoring file.\n");
 +        }
         goto goto_next_file;
     }
     mpctx->stream->start_pos += seek_to_byte;
 Index: cfg-mplayer.h
 ===================================================================
 --- cfg-mplayer.h	(wersja 36241)
 +++ cfg-mplayer.h	(wersja 36242)
@@ -306,6 +306,8 @@
     {"noloop", &mpctx_s.loop_times, CONF_TYPE_FLAG, 0, 0, -1, NULL},
     {"loop", &mpctx_s.loop_times, CONF_TYPE_INT, CONF_RANGE, -1, 10000, NULL},
 +    {"allow-dangerous-playlist-parsing", &allow_playlist_parsing, CONF_TYPE_FLAG, 0, 0, 1, NULL},
 +    {"noallow-dangerous-playlist-parsing", &allow_playlist_parsing, CONF_TYPE_FLAG, 0, 1, 0, NULL},
     {"playlist", NULL, CONF_TYPE_STRING, CONF_NOCFG, 0, 0, NULL},
     {"shuffle", NULL, CONF_TYPE_FLAG, CONF_NOCFG, 0, 0, NULL},
     {"noshuffle", NULL, CONF_TYPE_FLAG, CONF_NOCFG, 0, 0, NULL},
 Index: .
 ===================================================================
 --- .	(wersja 36241)
 +++ .	(wersja 36242)
 Zmiany atrybutów dla: .
 ___________________________________________________________________
 Added: svn:mergeinfo
   Połączono zmiany /trunk:r36238-36241
--- a/mplayer-cpudetect.patch
+++ b/mplayer-cpudetect.patch
@ -1,44 +0,0 @@
 Index: cpudetect.c
 ===================================================================
 --- cpudetect.c	(wersja 36298)
 +++ cpudetect.c	(wersja 36300)
@@ -56,7 +56,7 @@
 #if CONFIG_RUNTIME_CPUDETECT
 /* I believe this code works.  However, it has only been used on a PII and PIII */
 -#if defined(__linux__) && defined(_POSIX_SOURCE) && !ARCH_X86_64
 +#if defined(__linux__) && !ARCH_X86_64
 static void sigill_handler_sse( int signal, struct sigcontext sc )
 {
    mp_msg(MSGT_CPUDETECT,MSGL_V, "SIGILL, " );
@@ -75,7 +75,7 @@
    gCpuCaps.hasSSE=0;
 }
 -#endif /* __linux__ && _POSIX_SOURCE */
 +#endif /* __linux__ */
 #if (defined(__MINGW32__) || defined(__CYGWIN__)) && !ARCH_X86_64
 LONG CALLBACK win32_sig_handler_sse(EXCEPTION_POINTERS* ep)
@@ -177,7 +177,6 @@
         mp_msg(MSGT_CPUDETECT,MSGL_V, gCpuCaps.hasSSE ? "yes.\n" : "no!\n" );
     }
 #elif defined(__linux__)
 -#if defined(_POSIX_SOURCE)
     struct sigaction saved_sigill;
     /* Save the original signal handlers.
@@ -210,13 +209,6 @@
      */
     mp_msg(MSGT_CPUDETECT,MSGL_V, "Tests of OS support for SSE %s\n", gCpuCaps.hasSSE ? "passed." : "failed!" );
 #else
 -    /* We can't use POSIX signal handling to test the availability of
 -     * SSE, so we disable it by default.
 -     */
 -    mp_msg(MSGT_CPUDETECT,MSGL_WARN, "Cannot test OS support for SSE, disabling to be safe.\n" );
 -    gCpuCaps.hasSSE=0;
 -#endif /* _POSIX_SOURCE */
 -#else
     /* Do nothing on other platforms for now.
      */
     mp_msg(MSGT_CPUDETECT,MSGL_WARN, "Cannot test OS support for SSE, leaving disabled.\n" );
--- a/mplayer-snapshot.sh
+++ b/mplayer-snapshot.sh
@ -13,7 +13,7 @@ cleanup() {
 unset CDPATH
 pwd=$(pwd)
 svn=$(date +%Y-%m-%d)
-svn=2013-08-01
+svn=2013-08-11
 dirname=mplayer-export-$svn
 mplayer_rev={$svn}
 #mplayer_rev=HEAD
--- a/mplayer.spec
+++ b/mplayer.spec
@ -1,12 +1,12 @@
 %define         codecdir %{_libdir}/codecs
-%define         pre 20130801svn
+%define         pre 20130811svn
 %define         svn 1
-%define         svnbuild 2013-08-01
+%define         svnbuild 2013-08-11
 %define         faad2min 1:2.6.1
 Name:           mplayer
 Version:        1.1
-Release:        12.%{?pre}%{?dist}
+Release:        13.%{?pre}%{?dist}
 Summary:        Movie player playing most video formats and DVDs
 %if 0%{!?_without_amr:1}
@ -380,6 +380,9 @@ update-desktop-database &>/dev/null || :
 %{_datadir}/mplayer/*.fp
 %changelog
 * Tue Aug 13 2013 Julian Sikorski <belegdol@fedoraproject.org> - 1.1-13.20130811svn
 - 20130811 snapshot
 * Thu Aug 01 2013 Julian Sikorski <belegdol@fedoraproject.org> - 1.1-12.20130801svn
 - 20130801 snapshot
 - Updated the ffmpeg patch