From owner-freebsd-multimedia@freebsd.org  Thu May  5 11:05:03 2016
Return-Path: <owner-freebsd-multimedia@freebsd.org>
Delivered-To: freebsd-multimedia@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFC47B2E1FB
 for <freebsd-multimedia@mailman.ysv.freebsd.org>;
 Thu,  5 May 2016 11:05:03 +0000 (UTC)
 (envelope-from alexander@polyvizor.ru)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id E0E8E1442
 for <freebsd-multimedia@freebsd.org>; Thu,  5 May 2016 11:05:03 +0000 (UTC)
 (envelope-from alexander@polyvizor.ru)
Received: by mailman.ysv.freebsd.org (Postfix)
 id E0418B2E1FA; Thu,  5 May 2016 11:05:03 +0000 (UTC)
Delivered-To: multimedia@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFEB9B2E1F8
 for <multimedia@mailman.ysv.freebsd.org>; Thu,  5 May 2016 11:05:03 +0000 (UTC)
 (envelope-from alexander@polyvizor.ru)
Received: from mail.polyvizor.ru (mail.polyvizor.ru [144.76.198.110])
 by mx1.freebsd.org (Postfix) with ESMTP id AD64B1440
 for <multimedia@FreeBSD.org>; Thu,  5 May 2016 11:05:03 +0000 (UTC)
 (envelope-from alexander@polyvizor.ru)
Received: from mail.tauruna.ru (localhost [127.0.0.1])
 by mail.polyvizor.ru (Postfix) with ESMTPA id 1659E35654
 for <multimedia@FreeBSD.org>; Thu,  5 May 2016 10:55:03 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 05 May 2016 13:55:03 +0300
From: =?UTF-8?Q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80_?=
 =?UTF-8?Q?=D0=A3=D1=88=D0=B0=D0=BA=D0=BE=D0=B2?= <alexander@polyvizor.ru>
To: multimedia@FreeBSD.org
Subject: multimedia/ffmpeg port - add "disable network" option
Message-ID: <9da35199c85f250388304808b85761ac@polyvizor.ru>
X-Sender: alexander@polyvizor.ru
User-Agent: Roundcube Webmail/1.1.4
X-BeenThere: freebsd-multimedia@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multimedia discussions <freebsd-multimedia.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-multimedia>, 
 <mailto:freebsd-multimedia-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-multimedia/>
List-Post: <mailto:freebsd-multimedia@freebsd.org>
List-Help: <mailto:freebsd-multimedia-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-multimedia>, 
 <mailto:freebsd-multimedia-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 11:05:04 -0000

Dear, ffmpeg maintainer,

FFmpeg is known for several cross-origin vulnerabilities 
(https://www.cvedetails.com/cve/CVE-2016-1898/ for example) which allow 
to get data from local system even if it processes only local files 
(Theses files may be uploaded to local system from insecure places). 
There is a flag for ffmpeg configure "--disable-network" which 
completely disables ffmpeg interaction with network and gives protection 
from such vulnerabilities (and some others). It will be very useful for 
users who process with ffmpeg only local files to add such an option to 
the ffmpeg port.

-- 
Regards,
Alexander Ushakov