From fac37975dd471c945145e5f147932170d4f4198f Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Wed, 6 Feb 2008 18:27:31 +0000 Subject: Change from release numbering to ABI numbering for the plugin directory. This is to avoid having to rebuild external plugins for each new release. --HG-- extra : transplant_source : %C2%3EF%0B%EF%16%40K%FD.%EB9%E07%CB%97GhU%98 --- ChangeLog | 6 ++++ configure.ac | 26 +++++++++----- src/xine-engine/load_plugins.c | 79 +++++++++++++++++++++++------------------- 3 files changed, 67 insertions(+), 44 deletions(-) diff --git a/ChangeLog b/ChangeLog index f05ce93eb..e9af6b424 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ xine-lib (1.1.11) unreleased * Fix a RealPlayer codec detection bug. + * Reworked the plugin directory naming so that external plugins don't have + to be rebuilt for every release. We now use a naming scheme based on the + API/ABI versioning, checking older directories - with this release, the + plugin directory name is 1.19, and if this gets bumped to 1.20 in a + future release, 1.19 will still be available for external plugins. + (Any directories not 1.* won't be looked in.) xine-lib (1.1.10) 2008-01-26 * Security fixes: diff --git a/configure.ac b/configure.ac index 9badb9d23..51d30234b 100644 --- a/configure.ac +++ b/configure.ac @@ -78,6 +78,9 @@ AC_SUBST(XINE_LT_CURRENT) AC_SUBST(XINE_LT_REVISION) AC_SUBST(XINE_LT_AGE) +AC_DEFINE_UNQUOTED(XINE_LT_CURRENT, $XINE_LT_CURRENT, [xine interface version number]) +AC_DEFINE_UNQUOTED(XINE_LT_AGE, $XINE_LT_AGE, [xine interface version age]) + SPEC_VERSION=$XINE_MAJOR.$XINE_MINOR${XINE_SUBPART}$XINE_PRE TAR_NAME="xine-lib-"$SPEC_VERSION dnl TAR_NAME="xine-lib-"$XINE_MAJOR-$XINE_PRE @@ -2399,38 +2402,45 @@ AC_SUBST(xinelibdir) AC_SUBST(xinedatadir) AC_SUBST(pkgconfigdir) -XINE_PLUGINDIR="\${xinelibdir}/plugins/$XINE_MAJOR.$XINE_MINOR.$XINE_SUB$XINE_PATCH" +XINE_PLUGINROOT="\${xinelibdir}/plugins/$(($XINE_LT_CURRENT-$XINE_LT_AGE))" +XINE_PLUGINDIR="$XINE_PLUGINROOT.$XINE_LT_AGE" XINE_FONTDIR="\${xinedatadir}/libxine$XINE_MAJOR/fonts" XINE_LOCALEDIR='${datadir}/locale' -XINE_REL_PLUGINDIR="`makeexpand "$XINE_PLUGINDIR"`" -XINE_REL_PLUGINDIR="`makeexpand "$XINE_REL_PLUGINDIR" | sed -e "s,^${prefix}/,,"`" +XINE_REL_PLUGINROOT="`makeexpand "$XINE_PLUGINROOT"`" +XINE_REL_PLUGINROOT="`makeexpand "$XINE_REL_PLUGINROOT" | sed -e "s,^${prefix}/,,"`" +XINE_REL_PLUGINDIR="$XINE_REL_PLUGINROOT.$XINE_LT_AGE" XINE_REL_FONTDIR="`makeexpand "$XINE_FONTDIR" | sed -e "s,^${prefix}/,,"`" XINE_REL_LOCALEDIR="`makeexpand "$XINE_LOCALEDIR" | sed -e "s,^${prefix}/,,"`" XINE_PKGCONFIG_DIR="`makeexpand "$pkgconfigdir"`" if test "x$SYS" = "xmingw32" -o "x$SYS" = "xcygwin"; then dnl polish paths (MinGW runtime accepts both \ and / anyway) - XINE_REL_PLUGINDIR="`echo "$XINE_REL_PLUGINDIR" | sed -e 's/\\//\\\\\\\\/g'`" + XINE_REL_PLUGINROOT="`echo "$XINE_REL_PLUGINROOT" | sed -e 's/\\//\\\\\\\\/g'`" + XINE_REL_PLUGINDIR="$XINE_REL_PLUGINROOT.$XINE_LT_AGE" XINE_REL_FONTDIR="`echo "$XINE_REL_FONTDIR" | sed -e 's/\\//\\\\\\\\/g'`" XINE_REL_LOCALEDIR="`echo "$XINE_REL_LOCALEDIR" | sed -e 's/\\//\\\\\\\\/g'`" dnl prefix in xine-config XINE_CONFIG_PREFIX="\$(cd \$(dirname \$0)/..; pwd)" dnl installation directories (in xine-config) - XINE_PLUGINPATH="$XINE_CONFIG_PREFIX/$XINE_REL_PLUGINDIR" + XINE_PLUGINROOTPATH="$XINE_CONFIG_PREFIX/$XINE_REL_PLUGINROOT" + XINE_PLUGINPATH="$XINE_PLUGINROOTPATH.$XINE_LT_AGE" XINE_FONTPATH="$XINE_CONFIG_PREFIX/$XINE_REL_FONTDIR" XINE_LOCALEPATH="$XINE_CONFIG_PREFIX/$XINE_REL_LOCALEDIR" dnl runtime directories - AC_DEFINE(XINE_PLUGINDIR,[xine_get_plugindir()],[Define this to plugins directory location]) + AC_DEFINE(XINE_PLUGINROOT,[xine_get_pluginroot()],[Define this to general plugins directory location]) + AC_DEFINE(XINE_PLUGINDIR,[xine_get_plugindir()],[Define this to specific plugins directory location]) AC_DEFINE(XINE_FONTDIR,[xine_get_fontdir()],[Define this to osd fonts dir location]) AC_DEFINE(XINE_LOCALEDIR,[xine_get_localedir()],[Path where catalog files will be.]) else dnl prefix in xine-config XINE_CONFIG_PREFIX="`makeexpand "${prefix}"`" dnl directories from xine-config and runtime directories - XINE_PLUGINPATH="`makeexpand "$XINE_PLUGINDIR"`" + XINE_PLUGINROOTPATH="`makeexpand "$XINE_PLUGINROOT"`" + XINE_PLUGINPATH="$XINE_PLUGINROOTPATH.$XINE_LT_AGE" XINE_FONTPATH="`makeexpand "$XINE_FONTDIR"`" XINE_LOCALEPATH="`makeexpand "$XINE_LOCALEDIR"`" dnl defining runtime directories - AC_DEFINE_UNQUOTED(XINE_PLUGINDIR,"$XINE_PLUGINPATH",[Define this to plugins directory location]) + AC_DEFINE_UNQUOTED(XINE_PLUGINROOT,"$XINE_PLUGINROOTPATH",[Define this to general plugins directory location]) + AC_DEFINE_UNQUOTED(XINE_PLUGINDIR,"$XINE_PLUGINPATH",[Define this to specific plugins directory location]) AC_DEFINE_UNQUOTED(XINE_FONTDIR,"$XINE_FONTPATH",[Define this to osd fonts dir location]) AC_DEFINE_UNQUOTED(XINE_LOCALEDIR, "$XINE_LOCALEPATH",[Path where catalog files will be.]) fi diff --git a/src/xine-engine/load_plugins.c b/src/xine-engine/load_plugins.c index 71cb19d3b..11a74b097 100644 --- a/src/xine-engine/load_plugins.c +++ b/src/xine-engine/load_plugins.c @@ -1119,14 +1119,24 @@ static void load_cached_catalog (xine_t *this) { } +/* helper function for _x_scan_plugins */ +static void push_if_dir (xine_list_t *plugindirs, void *path) +{ + struct stat st; + if (!stat (path, &st) && S_ISDIR (st.st_mode)) + xine_list_push_back (plugindirs, path); + else + free (path); +} + /* * initialize catalog, load all plugins into new catalog */ void _x_scan_plugins (xine_t *this) { - - char *homedir, *plugindir, *pluginpath; - int i,j; - int lenpluginpath; + + char *homedir, *pluginpath; + xine_list_t *plugindirs = xine_list_new (); + xine_list_iterator_t iter; lprintf("_x_scan_plugins()\n"); @@ -1140,41 +1150,38 @@ void _x_scan_plugins (xine_t *this) { this->plugin_catalog = _new_catalog(); load_cached_catalog (this); - if ((pluginpath = getenv("XINE_PLUGIN_PATH")) != NULL) { - pluginpath = strdup(pluginpath); + if ((pluginpath = getenv("XINE_PLUGIN_PATH")) != NULL && *pluginpath) { + char *p = pluginpath - 1; + while (p[1]) + { + char *dir, *q = p; + p = strchr (p + 1, XINE_PATH_SEPARATOR_CHAR); + if (q[0] == '~' && q[1] == '/') + asprintf (&dir, "%s%.*s", homedir, (int)(p - q - 1), q + 1); + else + dir = strndup (q, p - q); + push_if_dir (plugindirs, dir); /* store or free it */ + } } else { - const char *str1, *str2; - int len; - - str1 = "~/.xine/plugins"; - str2 = XINE_PLUGINDIR; - len = strlen(str1) + strlen(str2) + 2; - pluginpath = xine_xmalloc(len); - snprintf(pluginpath, len, "%s" XINE_PATH_SEPARATOR_STRING "%s", str1, str2); - } - plugindir = xine_xmalloc(strlen(pluginpath)+strlen(homedir)+2); - j=0; - lenpluginpath = strlen(pluginpath); - for (i=0; i <= lenpluginpath; ++i){ - switch (pluginpath[i]){ - case XINE_PATH_SEPARATOR_CHAR: - case '\0': - plugindir[j] = '\0'; - collect_plugins(this, plugindir); - j = 0; - break; - case '~': - if (j == 0){ - strcpy(plugindir, homedir); - j = strlen(plugindir); - break; - } - default: - plugindir[j++] = pluginpath[i]; + char *dir; + int i; + asprintf (&dir, "%s/.xine/plugins", homedir); + push_if_dir (plugindirs, dir); + for (i = 0; i <= XINE_LT_AGE; ++i) + { + asprintf (&dir, "%s.%d", XINE_PLUGINROOT, i); + push_if_dir (plugindirs, dir); } } - free(plugindir); - free(pluginpath); + for (iter = xine_list_front (plugindirs); iter; + iter = xine_list_next (plugindirs, iter)) + { + char *dir = xine_list_get_value (plugindirs, iter); +fprintf (stderr, "%s\n", dir); + collect_plugins(this, dir); + free (dir); + } + xine_list_delete (plugindirs); free(homedir); save_catalog (this); -- cgit v1.2.3 From 167035abe222bad88269d296f9d819365a6c6007 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 02:03:00 +0000 Subject: Reverse the order in which the plugin dirs are scanned; remove a stray printf. --- src/xine-engine/load_plugins.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/xine-engine/load_plugins.c b/src/xine-engine/load_plugins.c index 11a74b097..0188fb01d 100644 --- a/src/xine-engine/load_plugins.c +++ b/src/xine-engine/load_plugins.c @@ -1169,7 +1169,7 @@ void _x_scan_plugins (xine_t *this) { push_if_dir (plugindirs, dir); for (i = 0; i <= XINE_LT_AGE; ++i) { - asprintf (&dir, "%s.%d", XINE_PLUGINROOT, i); + asprintf (&dir, "%s.%d", XINE_PLUGINROOT, XINE_LT_AGE - i); push_if_dir (plugindirs, dir); } } @@ -1177,7 +1177,6 @@ void _x_scan_plugins (xine_t *this) { iter = xine_list_next (plugindirs, iter)) { char *dir = xine_list_get_value (plugindirs, iter); -fprintf (stderr, "%s\n", dir); collect_plugins(this, dir); free (dir); } -- cgit v1.2.3 From 89c18074b7f0afb74b5abbfc4a444f41c52f2344 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 17:49:40 +0000 Subject: Keep the plugin dir name to x.y.z - x.y.z.a is inappropriate here. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 9badb9d23..3a7651fb6 100644 --- a/configure.ac +++ b/configure.ac @@ -2399,7 +2399,7 @@ AC_SUBST(xinelibdir) AC_SUBST(xinedatadir) AC_SUBST(pkgconfigdir) -XINE_PLUGINDIR="\${xinelibdir}/plugins/$XINE_MAJOR.$XINE_MINOR.$XINE_SUB$XINE_PATCH" +XINE_PLUGINDIR="\${xinelibdir}/plugins/$XINE_MAJOR.$XINE_MINOR.$XINE_SUB" XINE_FONTDIR="\${xinedatadir}/libxine$XINE_MAJOR/fonts" XINE_LOCALEDIR='${datadir}/locale' XINE_REL_PLUGINDIR="`makeexpand "$XINE_PLUGINDIR"`" -- cgit v1.2.3 From 5c051b721ee7ff79ae655660e9695563a902945c Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 17:51:59 +0000 Subject: Add length checking in the FLAC metadata-parsing code. Make the tracknumber/tracktotal buffer larger (possible overflow). --- ChangeLog | 4 ++++ src/demuxers/demux_flac.c | 15 +++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f05ce93eb..4a66c4c45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ xine-lib (1.1.11) unreleased + * Security fixes: + - Array index vulnerability which may allow remote attackers to execute + arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. + (CVE-2008-0486) * Fix a RealPlayer codec detection bug. xine-lib (1.1.10) 2008-01-26 diff --git a/src/demuxers/demux_flac.c b/src/demuxers/demux_flac.c index 23e2faef9..e5d1297a2 100644 --- a/src/demuxers/demux_flac.c +++ b/src/demuxers/demux_flac.c @@ -189,7 +189,7 @@ static int open_flac_file(demux_flac_t *flac) { case 4: lprintf ("VORBIS_COMMENT metadata\n"); { - char comments[block_length]; + char comments[block_length + 1]; /* last byte for NUL termination */ char *ptr = comments; uint32_t length, user_comment_list_length; int cn; @@ -202,18 +202,25 @@ static int open_flac_file(demux_flac_t *flac) { length = _X_LE_32(ptr); ptr += 4 + length; + if (length >= block_length - 8) + return 0; /* bad length or too little left in the buffer */ user_comment_list_length = _X_LE_32(ptr); ptr += 4; cn = 0; for (; cn < user_comment_list_length; cn++) { + if (ptr > comments + block_length - 4) + return 0; /* too little left in the buffer */ + length = _X_LE_32(ptr); ptr += 4; + if (length >= block_length || ptr + length > comments + block_length) + return 0; /* bad length */ comment = (char*) ptr; c = comment[length]; - comment[length] = 0; + comment[length] = 0; /* NUL termination */ lprintf ("comment[%02d] = %s\n", cn, comment); @@ -248,8 +255,8 @@ static int open_flac_file(demux_flac_t *flac) { } if ((tracknumber > 0) && (tracktotal > 0)) { - char tn[16]; - snprintf (tn, 16, "%02d/%02d", tracknumber, tracktotal); + char tn[24]; + snprintf (tn, 24, "%02d/%02d", tracknumber, tracktotal); _x_meta_info_set(flac->stream, XINE_META_INFO_TRACK_NUMBER, tn); } else if (tracknumber > 0) { -- cgit v1.2.3 From 8c4abd6c7e4dea263e699048137763967858a859 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 17:54:46 +0000 Subject: Adjust some comments. --- configure.ac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 3a7651fb6..5b68c369e 100644 --- a/configure.ac +++ b/configure.ac @@ -17,14 +17,14 @@ dnl XINE_MAJOR=1 XINE_MINOR=1 XINE_SUB=10 -# XINE_PATCH should be left empty or set to ".1" or ".2" or something similar +dnl XINE_PATCH should be left empty or set to ".1" or ".2" or something similar XINE_PATCH= -#if test $XINE_SUB -eq 0 ; then -# XINE_SUBPART=""; -#else +dnl if test $XINE_SUB -eq 0 ; then +dnl XINE_SUBPART=""; +dnl else XINE_SUBPART=".$XINE_SUB$XINE_PATCH" -#fi +dnl fi dnl The libtool version numbers (XINE_LT_*); Don't even think about faking this! dnl -- cgit v1.2.3 From a8d2186af1722c00b4cb9b045d96a5b16f29f7e7 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 17:55:06 +0000 Subject: 1.1.10.1, not 1.1.11. --- ChangeLog | 2 +- configure.ac | 2 +- debian/changelog | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4a66c4c45..5cbde5090 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -xine-lib (1.1.11) unreleased +xine-lib (1.1.10.1) unreleased * Security fixes: - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. diff --git a/configure.ac b/configure.ac index 5b68c369e..6ba204361 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ XINE_MAJOR=1 XINE_MINOR=1 XINE_SUB=10 dnl XINE_PATCH should be left empty or set to ".1" or ".2" or something similar -XINE_PATCH= +XINE_PATCH=.1 dnl if test $XINE_SUB -eq 0 ; then dnl XINE_SUBPART=""; diff --git a/debian/changelog b/debian/changelog index ee28516de..9f2640f7d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -xine-lib (1.1.10+hg-0) unstable; urgency=low +xine-lib (1.1.10.1+hg-0) unstable; urgency=low [ Darren Salt ] * Hg snapshot. @@ -7,7 +7,7 @@ xine-lib (1.1.10+hg-0) unstable; urgency=low * remove gs from build-dependencies * change the maintainer field to xine-devel@lists.sourceforge.net. - -- Darren Salt Sun, 27 Jan 2008 01:41:45 +0000 + -- Darren Salt Thu, 07 Feb 2008 17:52:34 +0000 xine-lib (1.1.5~cvs-0) unstable; urgency=low -- cgit v1.2.3 From 69bc8833d2108303d7984cab5e1ad5f49dd66085 Mon Sep 17 00:00:00 2001 From: Thibaut Mattern Date: Thu, 7 Feb 2008 22:36:52 +0100 Subject: Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag size. --- ChangeLog | 2 ++ src/demuxers/demux_mpgaudio.c | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5cbde5090..02634b43d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ xine-lib (1.1.10.1) unreleased arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. (CVE-2008-0486) * Fix a RealPlayer codec detection bug. + * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag + size. xine-lib (1.1.10) 2008-01-26 * Security fixes: diff --git a/src/demuxers/demux_mpgaudio.c b/src/demuxers/demux_mpgaudio.c index 1bea02302..82a7dd7ab 100644 --- a/src/demuxers/demux_mpgaudio.c +++ b/src/demuxers/demux_mpgaudio.c @@ -807,7 +807,6 @@ static int demux_mpgaudio_read_head(input_plugin_t *input, uint8_t *buf) { * return 1 if detected, 0 otherwise */ static int detect_mpgaudio_file(input_plugin_t *input) { - mpg_audio_frame_t frame; uint8_t buf[MAX_PREVIEW_SIZE]; int preview_len; uint32_t head; @@ -838,8 +837,8 @@ static int detect_mpgaudio_file(input_plugin_t *input) { lprintf("cannot read mp3 frame header\n"); return 0; } - if (!parse_frame_header(&frame, &buf[10 + tag_size])) { - lprintf ("invalid mp3 frame header\n"); + if (!sniff_buffer_looks_like_mp3(&buf[10 + tag_size], preview_len - 10 - tag_size)) { + lprintf ("sniff_buffer_looks_like_mp3 failed\n"); return 0; } else { lprintf ("a valid mp3 frame follows the id3v2 tag\n"); -- cgit v1.2.3 From 27a3e33f4ce17a5e082e983258818e02606be58c Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 23:10:15 +0000 Subject: Add release date. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 02634b43d..c9161619d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -xine-lib (1.1.10.1) unreleased +xine-lib (1.1.10.1) 2008-02-07 * Security fixes: - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. -- cgit v1.2.3 From 18d851ea42a33a78d2e9b3687311ee5e3ea228af Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 23:10:19 +0000 Subject: 1.1.10.1 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index 6e05d9638..51885c59d 100644 --- a/.hgtags +++ b/.hgtags @@ -65,3 +65,4 @@ e0a332b9d3e8bb3fad4d7feac1e519292b062056 xine-lib-1_1_8-release b6be674453e922114b55d4613cb197c77d19f094 xine-lib-1_1_9-release 9438947f88ad2bed1832385301c6b4e62709625a xine-lib-1_1_9_1-release 7f1232425c6d715c404e6df1292075b33ecb8305 xine-lib-1_1_10-release +0e9e4df266f639ac7ba9e0c204f205686b56d5f9 xine-lib-1_1_10_1-release -- cgit v1.2.3