From owner-svn-ports-all@freebsd.org Fri May 26 07:23:21 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AC51D829E8; Fri, 26 May 2017 07:23:21 +0000 (UTC) (envelope-from riggs@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5ADD21C80; Fri, 26 May 2017 07:23:21 +0000 (UTC) (envelope-from riggs@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4Q7NK0g075503; Fri, 26 May 2017 07:23:20 GMT (envelope-from riggs@FreeBSD.org) Received: (from riggs@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4Q7NKm8075501; Fri, 26 May 2017 07:23:20 GMT (envelope-from riggs@FreeBSD.org) Message-Id: <201705260723.v4Q7NKm8075501@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: riggs set sender to riggs@FreeBSD.org using -f From: Thomas Zander Date: Fri, 26 May 2017 07:23:20 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r441756 - head/multimedia/vlc X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 07:23:21 -0000 Author: riggs Date: Fri May 26 07:23:20 2017 New Revision: 441756 URL: https://svnweb.freebsd.org/changeset/ports/441756 Log: Update to upstream version 2.2.6 Details: This is a bugfix release for the recently discovered subtitle remote vulnerability, see http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ In addition to the statements in this blog post, the VLC devs added bounds checks and string termination in multiple places in the subtitle demuxer. It is hence possible that, contrary to the blog post, this issue was not fixed completely in version 2.2.5.1 MFH: 2017Q2 Modified: head/multimedia/vlc/Makefile head/multimedia/vlc/distinfo Modified: head/multimedia/vlc/Makefile ============================================================================== --- head/multimedia/vlc/Makefile Fri May 26 06:54:53 2017 (r441755) +++ head/multimedia/vlc/Makefile Fri May 26 07:23:20 2017 (r441756) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= vlc -DISTVERSION= 2.2.5.1 -PORTREVISION= 1 +DISTVERSION= 2.2.6 PORTEPOCH= 4 CATEGORIES= multimedia audio ipv6 net www MASTER_SITES= http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION:S/a$//}/ \ Modified: head/multimedia/vlc/distinfo ============================================================================== --- head/multimedia/vlc/distinfo Fri May 26 06:54:53 2017 (r441755) +++ head/multimedia/vlc/distinfo Fri May 26 07:23:20 2017 (r441756) @@ -1,3 +1,3 @@ -TIMESTAMP = 1494659367 -SHA256 (vlc-2.2.5.1.tar.xz) = b28b8a28f578c0c6cb1ebed293aca2a3cd368906cf777d1ab599e2784ddda1cc -SIZE (vlc-2.2.5.1.tar.xz) = 21946020 +TIMESTAMP = 1495777516 +SHA256 (vlc-2.2.6.tar.xz) = c403d3accd9a400eb2181c958f3e7bc5524fe5738425f4253d42883b425a42a8 +SIZE (vlc-2.2.6.tar.xz) = 22198720