lp://staging/ubuntu/edgy-security/mplayer

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

21. By William Grant on 2008-03-09

* SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header
  parser, and URL parser. (LP: #191488)
* stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c,
  stream/realrtsp/rmff.h, libmpdemux/demux_mov.c, libmpdemux/demux_audio.c,
  stream/stream_cddb.c, stream/url.c: Patches from upstream.
* References:
  - CVE-2008-0225
  - CVE-2008-0238
  - CVE-2008-0485
  - CVE-2008-0486
  - CVE-2008-0629
  - CVE-2008-0630

20. By William Grant on 2007-12-03

* SECURITY UPDATE: buffer overruns in CDDB (LP: #118855), DMO decoder
  (LP: #92968) and RTSP handler (LP: #163291).
* libmpdemux/realrtsp/asmrp.[ch], libmpdemux/realrtsp/real.c: Don't match
  too many ASM rules, lest we overrun the buffers. Patch from upstream.
* loader/dmo/DMO_VideoDecoder.c: Avoid buffer overrun in DMO decoder. Patch
  from upstream SVN.
* libmpdemux/cddb.c: Don't take strings of unlimited length from CDDB input.
  Patch from upstream SVN.
* References
  CVE-2006-6172
  CVE-2007-1246
  CVE-2007-2948

19. By William Grant <email address hidden> on 2007-11-06

* SECURITY UPDATE: buffer overrun in mpdemux code (LP: #140891).
* libmpdemux/aviheader.c: Apply upstream patch.
* References:
  - CVE-2007-4938

18. By Daniel T Chen on 2006-10-12

* No-change rebuild against newer libx264-dev (affects
  Ubuntu: #63842),
  - RC freeze exception granted by Andrew Mitchell.

17. By Nafallo Bjälevik on 2006-09-26

* libvo/osd_template.c:
  - Add patch from Ubuntu #62209 to fix AMD64 FTBFS.
    Thanks Andreas Schultz.

16. By Nafallo Bjälevik on 2006-09-22

* debian/preinst:
  - Remove codecs.conf if it exists on the system
    (thanks Johan Kiviniemi).

15. By Nafallo Bjälevik on 2006-09-21

* configure:
  - Revert "if cygwin", we don't want to care changes like that.
* etc/example.conf:
  - Revert vo and make "ao=alsa,". That means prefer alsa and
    then auto-detect the rest.
* libmpcodecs/ve_lavc.c:
  - Revert our changes. We build against internal ffmpeg again.
* debian/control:
  - Dropped dpatch and libmad0-dev as Build-Deps.
  - Drop all dummy packages and fix Conflicts/Replaces.
  - Dropped the field Uploaders. Useless for Ubuntu.
  - Dropped libavcodec-dev, libavformat-dev, libpostproc-dev
    from Build-Deps.
* debian/rules:
  - Stop copying config.{guess,sub}, this just add bloat to the
    diff.
  - Use --with-codecsdir instead of setting the same for win32,
    xanim and real. Also drop --enable-{win32,real}, they are
    implied by --with-codecsdir and enabled on all arches now.
  - Drop defaults (--datadir and --disable-external-faad).
  - Dropped libmad, the other two mp3-decoders should be enough.
  - --enable-dshow was dropped upstream.
  - Stop installing codecs.conf.
  - Build against internal ffmpeg.

14. By Sebastian Dröge on 2006-07-23

* debian/control,
  debian/rules:
  + Use the system's libavcodec, libavformat and libpostproc
* debian/rules:
  + Add hack to enable more runtime-detected CPU optimizations on i386
* debian/control:
  + Build-Depend on libx264-dev (>= 1:0.cvs20060720) to get a compatible
    version
* debian/rules:
  + disable internal mp3lib. This will enable mad or ffmpeg as
    replacement (Ubuntu: #52729)
* libmpcodecs/ve_lavc.c:
  + remove stuff that uses a newer libavcodec API than we have
* libmpcodecs/ve_x264.c:
  + fix from upstream svn to build against our latest libx264

13. By Sebastian Dröge on 2006-07-08

Remove a broken newline in debian/rules to really build with i586 as
target

12. By Sebastian Dröge on 2006-07-08

Don't use --enable-vidix on powerpc. This parameter doesn't exist anymore