~videolan/vlc/+git/vlc-2.1:master

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ea01d28... by JB VideoLAN on 2015-02-26

Update NEWS

d785c65... by Francois Cartegnie on 2015-02-12

demux: ogg: check packets header size (fix #13875)

(cherry picked from commit 0b37fc45954b2da51e452bb7111f32fa61d8edc5)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

430e320... by Gabriel de Perthuis <email address hidden> on 2014-09-15

Prevent potential null pointer dereference in zip access

Close #12149

Signed-off-by: Jean-Baptiste Kempf <email address hidden>
(cherry picked from commit 3c53c13138225c4b2414ab8358847197cf29b718)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

ea750e5... by JB VideoLAN on 2015-01-24

2015

Still alive!

(cherry picked from commit d8976582c45911a2ca4125854cd85780721184e9)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

b5e009a... by Rémi Denis-Courmont on 2014-11-15

SRTP: integer overflow

(cherry picked from commit e76f990e0ba00a9f573c23627ecd66cb9ae9bdd5)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

475d1f5... by Rémi Denis-Courmont on 2014-11-15

SRTP: integer overflow

(cherry picked from commit ab9f28ff688eae845bc2deb62bf50072d4a4690b)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

996ff74... by JB VideoLAN on 2015-01-22

Update NEWS for 2.1.6

41c52fb... by Fabian Yamaguchi <email address hidden> on 2014-12-05

stream_out: rtp: don't use VLA for user controlled data

It should fix a possible invalid memory access

When streaming ogg-files via rtp, an ogg-file can trigger an invalid
write access using an overly long 'configuration' string.

The original code attemps to allocate space to hold the string on the stack
and hence, cannot verify if allocation succeeds. Instead, we now allocate the
buffer on the heap and return if allocation fails.

In detail, rtp_packetize_xiph_config allocates a buffer on the stack at (1) where
the size depends on the local variable 'len'. The variable 'len' is
calculated at (0) to be the length of a string contained in a specially
crafted Ogg Vorbis file, and therefore, it is attacker-controlled.

Signed-off-by: Jean-Baptiste Kempf <email address hidden>
(cherry picked from commit 204291467724867b79735c0ee3aeb0dbc2200f97)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

Conflicts:
 modules/stream_out/rtpfmt.c

8eab5c9... by Fabian Yamaguchi <email address hidden> on 2014-12-05

demux: mp4: fix buffer overflow in parsing of string boxes.

We ensure that pbox->i_size is never smaller than 8 to avoid an
integer underflow in the third argument of the subsequent call to
memcpy. We also make sure no truncation occurs when passing values
derived from the 64 bit integer p_box->i_size to arguments of malloc
and memcpy that may be 32 bit integers on 32 bit platforms.

Signed-off-by: Jean-Baptiste Kempf <email address hidden>
(cherry picked from commit 2e7c7091a61aa5d07e7997b393d821e91f593c39)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>

Conflicts:
 modules/demux/mp4/libmp4.c

4e6137b... by Fabian Yamaguchi <email address hidden> on 2014-12-05

codec: dmo: avoid null-pointer dereference.

Check the return value of malloc to avoid a null-pointer dereference.

Signed-off-by: Jean-Baptiste Kempf <email address hidden>
(cherry picked from commit 229c385a79d48e41687fae8b4dfeaeef9c8c3eb7)
Signed-off-by: Jean-Baptiste Kempf <email address hidden>