| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
properly handle (a) negative and (b) zero values during unspecified
read function calls in input_file.c, input_net.c, input_smb.c, and
input_http.c, which allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via vectors such as
(1) a file or (2) an HTTP response, which triggers consequences such
as out-of-bounds reads and heap-based buffer overflows.
|
|
This is an input plugin API extension; ABI is unchanged.
The version is not bumped (we can't bump it due to 1.2).
|
|
Leading whitespace could prevent this from working.
|
|
Instead of using strlen() to get the new size of the string every
time, use the value returned by snprintf() to gather the size of the
final string.
--HG--
extra : transplant_source : %AA%0D%D3d9%D6%99%D7BP%21w%F3%DE%8Au%90l%AD%16
|
|
Instead of duplicating twice the http_proxy environment variable
value, do so only once, avoid a strlen() call when checking if the
string is not empty, remove the http_proxy variable entirely, don't
free the duplicated string as that's what it's used.
|
|
Instead of creating strings through a series os string copy and
concatenations, use directly the appropriate printf-like function.
|
|
Using asprintf() instead of malloc() + sprintf() reduces the lines of
code in xine-lib (moving the allocation to the C library or asprintf
replacement), makes it safer to access the string and can also improve
performance whenever the value returned by a function was used as
parameter, as before it had to run the function twice in almost every
case (once for strlen(), once for sprintf()).
|
|
The xine_xmalloc() function is going to be deprecated, as its
behaviour is rarely needed as such, and it's thus misused.
With this, almost all uses of xine_xmalloc() with static size (for
instance the value returned by sizeof()) or with a size that is
guaranteed not to be zero (like strlen()+1) are replaced with calls to
either calloc(1, ...) or malloc().
malloc() is used whenever the allocated memory is going to be
immediately overwritten, while calloc() is used in every other case,
as it sets the whole memory area to zero.
--HG--
extra : transplant_source : %8F%98%EC%02%1E%83%F0s%06X%83C%205Y%80%B12%CC%E1
|
|
--HG--
extra : transplant_source : %E0%D0%C5%8B%BEU%DD%24%5D7%1F%ADV%AD%EB%23%CBU%80%EB
|
|
I'm not sure whether they changed the Server response to the current
"last.fm proxy streamer" or if depending of what server you hit it answer
that rather than the previous "last.fm Streaming Server", so for now just
look if the Server response starts with "last.fm", which covers both
cases.
|
|
For contributed code, leave whatever the version we last synced for is using
to make simpler future syncs.
|
|
Thanks to Harald Sitter from Amarok team for reporting a testcase.
|
|
|
|
Patch from Dmitri Fedortchenko <dimo <at> angelhill.net>, required
for upstream Totem bug:
http://bugzilla.gnome.org/show_bug.cgi?id=418316
|
|
Thanks to Jeff Mitchell for reporting and testing the fix.
This change reverses the meaning of _x_use_proxy() function to be the one
expected by human logic (1 -> use proxy, 0 -> don't use proxy), this way
a failure in hostname resolution would result in the proxy being used
rather than discarded.
Basically now you can use xine behind a proxy when you can't get out to
the DNS servers (or where the DNS servers don't resolve Internet hosts
that you are not allowed to connect to).
|
|
those, check only the status code. This fixes WikipediaWeekly podcasts for instance.
CVS patchset: 8706
CVS date: 2007/03/17 16:47:16
|
|
CVS patchset: 8608
CVS date: 2007/02/20 00:34:55
|
|
CVS patchset: 8524
CVS date: 2007/01/19 01:05:24
|
|
*, so that 'return "something"' is valid. Note that _()/gettext() returns a char * but statically allocated, that the documentation considers constant.
CVS patchset: 8519
CVS date: 2007/01/18 23:02:18
|
|
Consolidated multiple strncat() calls to snprintf().
CVS patchset: 8407
CVS date: 2006/12/08 16:26:10
|
|
what caused the failure.
CVS patchset: 8395
CVS date: 2006/11/30 10:54:18
|
|
not tried and the proper error message is returned.
CVS patchset: 8233
CVS date: 2006/09/13 23:28:22
|
|
connection; this way the user can configure a shorter timeout if they are on fast lines.
CVS patchset: 8228
CVS date: 2006/09/13 22:50:43
|
|
Missing check for IPv6 localhost.
CVS patchset: 8224
CVS date: 2006/09/13 17:08:19
|
|
(through backports), to avoid exporting unneeded internal symbols, making plugins' loading faster and use of internal copies of libraries more solid. It should automatically fall back to the old way in GCCs that does not support -fvisibility=hidden, but has to be tested carefully. No issues were found in the months of testing in Gentoo, but this requires special attention anyway.
CVS patchset: 8101
CVS date: 2006/07/10 22:08:12
|
|
CVS patchset: 8065
CVS date: 2006/06/20 01:46:41
|
|
CVS patchset: 8014
CVS date: 2006/06/06 16:39:25
|
|
(Based on a patch from Diego Pettenò.)
CVS patchset: 8011
CVS date: 2006/06/02 22:44:58
|
|
CVS patchset: 8002
CVS date: 2006/05/31 21:14:40
|
|
CVS patchset: 8001
CVS date: 2006/05/31 20:58:22
|
|
(Diego Pettenò)
CVS patchset: 7985
CVS date: 2006/05/03 19:46:06
|
|
This patch removes a dummy check on proxy usage before applying authentication.
This was caused by a copy-paste error in older revision of this file, and then
drifted to the current problem while the code evolved. With this simple
change, authenticated streams works just fine.
A big thanks to Mark Kretschmann from the amaroK team who noticed the problem
and helped tracking it down.
CVS patchset: 7979
CVS date: 2006/04/21 23:27:49
|
|
CVS patchset: 7968
CVS date: 2006/04/12 15:37:07
|
|
hopefuly somebody will be able to help fixing the
mess i did in dvdnav ;)
CVS patchset: 7759
CVS date: 2005/10/14 21:02:16
|
|
Don't skip first character of title if the second character is a space
Remove any trailing <BR> from the comment
CVS patchset: 7557
CVS date: 2005/05/21 16:16:35
|
|
Added PLUGIN_NO_UNLOAD to the gnome_vfs plugin because unloading this plugins cause troubles (segfault).
Current plugin loader preloads all input and demuxer plugins, so adding these flags will not change the current behavior of the lib.
CVS patchset: 7390
CVS date: 2005/02/07 23:58:57
|
|
Incremented all input plugins API version.
CVS patchset: 7384
CVS date: 2005/02/06 15:00:34
|
|
Fixed build on solaris:
- use libresolv in hstrerror check
- replace PRIiMAX and PRIXMAX by PRIdMAX and PRIxMAX
Removed timezone struct for MinGW from public os_types.h, update header comment.
Fixed build musepack library on some platforms using xine types.
Thanks to Niki W. Waibel for reporting and testing.
CVS patchset: 7378
CVS date: 2005/02/03 07:19:03
|
|
Fixed bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1098490&group_id=9655&atid=109655
CVS patchset: 7356
CVS date: 2005/01/17 19:27:51
|
|
CVS patchset: 7340
CVS date: 2005/01/13 19:37:15
|
|
CVS patchset: 7326
CVS date: 2005/01/05 21:48:05
|
|
Change separator from ", " to ",".
Make domain matching stricter - require that the character at the start of
the match or the immediately preceding character is a dot.
Add '=DOMAIN' (full match: domain "foo.bar" matches host "foo.bar" only).
Modify config option's description and help text accordingly.
CVS patchset: 7323
CVS date: 2005/01/05 00:37:29
|
|
These URLs are now canonicalised.
CVS patchset: 7297
CVS date: 2004/12/24 01:59:11
|
|
and backwards compatible translation
Sorry, I got a litte tired proof-reading the patch, so their might be
bugs lurking around. I will give it some further examination and
(as necessary) fixing tomorrow.
CVS patchset: 7233
CVS date: 2004/12/12 22:00:47
|
|
- handle stupid Nullsoft URL scheme like :
http://208.53.131.46:9502;stream.nsv
CVS patchset: 7183
CVS date: 2004/12/01 22:55:31
|
|
CVS patchset: 7006
CVS date: 2004/09/28 15:38:11
|
|
- use replacement functions (macro AC_REPLACE_FUNCS and variable LTLIBOBJS),
each function is in a file placed into lib/ directory,
it was not necessary, but it looks nice, IMHO
- headers cleanups (this was needed):
- prototypes of replacement funtions and macros are placed
into separate os_internal.h (and included by config.h)
- drop include inttypes.h from public xine.h, replaced by custom
os_type.h, idea origins from Ogg/Vorbis public headers
- disable generating inttypes.h: generated replacement isn't enough for
xine-lib but nobody complained (and for M$VC we have special version)
- better including headers for win32, let dvdnav use its mutex wrapper
- updated M$VC port
Result:
- xine is compiled nicely by MinGW, CygWin and paritaly M$VC
- frontends in M$VC port don't require additional helping headers
- moved some platform specific things from xine-utils and win32/contrib
to lib/
Finally I can start with real coding. :-)
CVS patchset: 6982
CVS date: 2004/09/20 19:30:02
|
