From owner-svn-ports-branches@freebsd.org Sun May 28 07:10:56 2017 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9362BD854E7; Sun, 28 May 2017 07:10:56 +0000 (UTC) (envelope-from riggs@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4B5951341; Sun, 28 May 2017 07:10:56 +0000 (UTC) (envelope-from riggs@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4S7AtWX057509; Sun, 28 May 2017 07:10:55 GMT (envelope-from riggs@FreeBSD.org) Received: (from riggs@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4S7AtPJ057507; Sun, 28 May 2017 07:10:55 GMT (envelope-from riggs@FreeBSD.org) Message-Id: <201705280710.v4S7AtPJ057507@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: riggs set sender to riggs@FreeBSD.org using -f From: Thomas Zander Date: Sun, 28 May 2017 07:10:55 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r441896 - branches/2017Q2/multimedia/vlc X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 May 2017 07:10:56 -0000 Author: riggs Date: Sun May 28 07:10:55 2017 New Revision: 441896 URL: https://svnweb.freebsd.org/changeset/ports/441896 Log: MFH: r441756 Update to upstream version 2.2.6 Details: This is a bugfix release for the recently discovered subtitle remote vulnerability, see http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ In addition to the statements in this blog post, the VLC devs added bounds checks and string termination in multiple places in the subtitle demuxer. It is hence possible that, contrary to the blog post, this issue was not fixed completely in version 2.2.5.1 Approved by: portmgr (miwi) Modified: branches/2017Q2/multimedia/vlc/Makefile branches/2017Q2/multimedia/vlc/distinfo Directory Properties: branches/2017Q2/ (props changed) Modified: branches/2017Q2/multimedia/vlc/Makefile ============================================================================== --- branches/2017Q2/multimedia/vlc/Makefile Sun May 28 03:53:36 2017 (r441895) +++ branches/2017Q2/multimedia/vlc/Makefile Sun May 28 07:10:55 2017 (r441896) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= vlc -DISTVERSION= 2.2.5.1 +DISTVERSION= 2.2.6 PORTEPOCH= 4 CATEGORIES= multimedia audio ipv6 net www MASTER_SITES= http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION:S/a$//}/ \ Modified: branches/2017Q2/multimedia/vlc/distinfo ============================================================================== --- branches/2017Q2/multimedia/vlc/distinfo Sun May 28 03:53:36 2017 (r441895) +++ branches/2017Q2/multimedia/vlc/distinfo Sun May 28 07:10:55 2017 (r441896) @@ -1,3 +1,3 @@ -TIMESTAMP = 1494659367 -SHA256 (vlc-2.2.5.1.tar.xz) = b28b8a28f578c0c6cb1ebed293aca2a3cd368906cf777d1ab599e2784ddda1cc -SIZE (vlc-2.2.5.1.tar.xz) = 21946020 +TIMESTAMP = 1495777516 +SHA256 (vlc-2.2.6.tar.xz) = c403d3accd9a400eb2181c958f3e7bc5524fe5738425f4253d42883b425a42a8 +SIZE (vlc-2.2.6.tar.xz) = 22198720