debian/0000775000000000000000000000000012712170772007176 5ustar debian/control0000664000000000000000000000305112260240106010563 0ustar Source: libmms Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Multimedia Maintainers Uploaders: Arthur Loiret , Fabian Greffrath Build-Depends: debhelper (>= 8.1.3~), libglib2.0-dev, dh-autoreconf Standards-Version: 3.9.2 Section: libs DM-Upload-Allowed: yes Homepage: http://libmms.sourceforge.net/ Vcs-Git: git://git.debian.org/git/pkg-multimedia/libmms.git Vcs-Browser: http://git.debian.org/?p=pkg-multimedia/libmms.git;a=summary Package: libmms-dev Section: libdevel Architecture: any Multi-Arch: same Depends: libmms0 (= ${binary:Version}), ${misc:Depends} Description: MMS stream protocol library - development files LibMMS is a common library for parsing mms:// and mmsh:// type network streams. These are commonly used to stream Windows Media Video content over the web. LibMMS itself is only for receiving MMS stream, it doesn't handle sending at all. . This package holds the development files. Package: libmms0 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Description: MMS stream protocol library - shared library LibMMS is a common library for parsing mms:// and mmsh:// type network streams. These are commonly used to stream Windows Media Video content over the web. LibMMS itself is only for receiving MMS stream, it doesn't handle sending at all. . This package holds the shared library. debian/libmms0.install0000664000000000000000000000002411716430757012132 0ustar usr/lib/*/lib*.so.* debian/docs0000664000000000000000000000000711516256123010042 0ustar README debian/changelog0000664000000000000000000002241612712170702011046 0ustar libmms (0.6.2-3ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: heap based buffer overrun - debian/patches/0002-CVE-2014-2892.patch: check length in src/mmsh.c. - CVE-2014-2892 -- Marc Deslauriers Tue, 03 May 2016 14:44:09 -0400 libmms (0.6.2-3ubuntu2) trusty; urgency=medium * Build with dh-autoreconf instead of autotools-dev for new libtool. -- William Grant Mon, 30 Dec 2013 09:40:23 +0000 libmms (0.6.2-3ubuntu1) saucy; urgency=low * Build --with autotools_dev to fix arm64 build. -- William Grant Wed, 16 Oct 2013 20:19:15 +1100 libmms (0.6.2-3) unstable; urgency=low * Team upload. * Introduce multiarch. * Update Standards-Version. -- Alessio Treglia Tue, 14 Feb 2012 11:17:14 +0100 libmms (0.6.2-2) unstable; urgency=low * Use 3.0 (quilt) source format. * Apply patch from upstream git to fixup bswap.h macros. This patch does not change anything functionally, but it does make the code read correctly (see #611791). -- Fabian Greffrath Mon, 21 Feb 2011 14:40:39 +0100 libmms (0.6.2-1) unstable; urgency=low [ Alessio Treglia ] * Correct team's name. * Really set DM-Upload-Allowed to yes. [ Fabian Greffrath ] * Imported Upstream version 0.6.2 + Fix alignment issues on ARM (Closes: #611791). * Remove all patches, applied upstream. + Remove Build-Depends on quilt. + Run dh without quilt extension. * TODO file has been removed upstream. * Update debian/libmms0.symbols file. -- Fabian Greffrath Thu, 03 Feb 2011 10:50:28 +0100 libmms (0.6-1) unstable; urgency=low * Imported Upstream version 0.6 + Includes support for extended stream properties (Closes: #498174). + Includes many bug fixes (Closes: #517105, #552127, #448559, #470806, #501068). All tried to reproduce by upstream with Fedora-13 x86_64 (so a pretty brand spanking new gstreamer stack) with libmms-0.6 installed. * Add myself to Uploaders. * Update Arthur's e-mail address. * Wrap lines in debian/control. * Bump Standards-Version to 3.8.4. * Fix binary-control-field-duplicates-source. * Add Homepage field to debian/control. * Add Vcs-* fields to debian/control. * Remove 11_nested_comments.diff, applied upstream. * Add patch from upstream GIT to remove unneeded bswap.h from public headers and avoid needless dependency on glib.h, remove Depends: libglib2.0-dev from libmms-dev. (Closes: #362657). * Add patch from upstream GIT to not incorrectly use the reserved keyword "this" as a variable name (Closes: #493735). * Add Depends: ${misc:Depends} to libmms-dev. * Convert Debian packaging to dh 7, use dh_quilt* and remove unnecessary chrpath usage. * Add debian/source/format, keep at "1.0" for now. * Add debian/README.source. * Add debian/gbp.conf. * Add .gitignore. * Add debian/libmms0.symbols. * Drop the replacement of config.{sub,guess} altogether, the ones upstream provides are newer than those in current Debian stable. * Improve debian/copyright. -- Fabian Greffrath Wed, 09 Jun 2010 10:37:24 +0200 libmms (0.4-2) unstable; urgency=low * Apply patches from bzr branch libmms-devel: - 10_this_keyword.diff: Replace "this" keywork by "instance", also thanks to Kumar Appaiah for the patch. Closes: #458870 - 11_nested_comments.diff: Fix warning about nested comments. * debian/control: Build-Depends on quilt again. * debian/rules: Update accordingly. * debian/copyright: Mention the new code source repository. -- Arthur Loiret Sun, 20 Jan 2008 18:11:26 +0100 libmms (0.4-1) unstable; urgency=low [ Arthur Loiret ] * New upstream release (closes: #456633). * Remove patches applied upstream: - 10_asf-header-size.patch - 11_fix-stream-id-crash.patch - 20_seeking-support.patch - 21_handle_mms_uris.patch - 60_first-packet.patch - 70_append_query_string.patch * debian/control: Remove Build-Depends on quilt. * debian/rules: Update accordingly. * Bump Standards-Version to 3.7.3. * debian/watch: Add. * Remove rpath: - debian/control: Add chrpath to Build-Depends. - debian/rules: Update. [ Pierre Habouzit ] * debian/control: DM-Upload-Allowed set to yes. -- Arthur Loiret Sun, 30 Dec 2007 02:44:07 +0000 libmms (0.3-6) unstable; urgency=low * New Maintainer. (Closes: #381029) * Apply patches from Ubuntu: - 21_handle_mms_uris.patch: Fix handle of mms URIs. (Closes: #438937) - 70_append_query_string.patch: Not discard query string from URI. * Update debian/patches/series. * debian/rules: Fix debian-rules-ignores-make-clean-error. -- Arthur Loiret Tue, 11 Sep 2007 12:11:40 +0200 libmms (0.3-5) unstable; urgency=low * Minor tweak in rules. * Use ${binary:Version} instead of ${Source-Version}. * New patch, 60_first-packet, fixes discarding of first package; taken from SF #1747740; thanks Sven Arvidsson; closes: #438524. -- Loic Minier Fri, 17 Aug 2007 21:07:05 +0200 libmms (0.3-4) unstable; urgency=low * New patch, 20_seeking-support, adds API permitting seeking of mms streams; by Anon Sricharoenchai; bump shlibs to >= 0.3-4; closes: #387267. * Wrap build-deps and deps. -- Loic Minier Mon, 14 May 2007 13:41:10 +0200 libmms (0.3-3) unstable; urgency=low * Set Maintainer to pkg-multimedia-maintainers and list myself as Uploader. * Don't pass --host to configure if DEB_BUILD_GNU_TYPE equals DEB_HOST_GNU_TYPE. * Misc cleanups. * Bump up Debhelper compatibility level to 5. - Drop usr/share/pkgconfig from libmms-dev.install. * Stop shipping /usr/lib/libmms.la in libmms-dev; no rdep. * New patch, 11_fix-stream-id-crash, fixes support of streams with id above 23; see GNOME #347151 and SF bug #1521441; thanks Sven Arvidsson; closes: #416430. -- Loic Minier Fri, 30 Mar 2007 14:18:38 +0200 libmms (0.3-2) unstable; urgency=low * Hook a quilt patch system in the build; build-depend on quilt. * New patch, 10_asf-header-size, doubles the size of the ASF header to permit decoding of some ASF streams and fixes a couple of debug messages; thanks Sjoerd Simons; closes: #412851. -- Loic Minier Wed, 28 Feb 2007 17:52:13 +0100 libmms (0.3-1) unstable; urgency=low * New upstream release; closes: #392233. - Merges all Debian changes. -- Loic Minier Wed, 11 Oct 2006 11:17:00 +0200 libmms (0.2-7) unstable; urgency=high * SECURITY: CVE-2006-2200: buffer overflows in mms / mmsh parsers: additional fixes thanks to Matthias Hopf: - even more checks on "packet_length" / "packet_len" in src/mms.c and src/mmsh.c - fix memset() calls in the two string_utf16() implementations in src/mms.c to clear all bytes in dest, "len" is the UTF-16 length of the string in wide chars, so the memset should use "2 * len". -- Loic Minier Tue, 11 Jul 2006 13:11:11 +0200 libmms (0.2-6) unstable; urgency=low * SECURITY: CVE-2006-2200: buffer overflows in mms / mmsh parsers: fix an error that crept in the previous fix and use start < end instead of start > end in src/mms.c and src/mmsh.c, thanks Martin Pitt. -- Loic Minier Wed, 5 Jul 2006 18:13:36 +0200 libmms (0.2-5) unstable; urgency=high * SECURITY: CVE-2006-2200: buffer overflows in mms / mmsh parsers: apply memset() range fixes adapted from #374577 by Wesley J. Landaker. -- Loic Minier Thu, 22 Jun 2006 20:53:44 +0200 libmms (0.2-4) unstable; urgency=low * Apply patch from Wesley J. Landaker for the headers to be usable from C++. (Closes: #362662) [src/mms.h, src/mmsh.h, src/mmsio.h] -- Loic Minier Mon, 5 Jun 2006 16:33:29 +0200 libmms (0.2-3) unstable; urgency=low * Add a libglib2.0-dev dependency to libmms-dev. [debian/control] * Bump up Standards Version to 3.7.2. [debian/control] * Drop references to PKG_CFLAGS and PKG_LIBS and use GLIB_LIBS instead as it seems these were not properly renamed and relibtoolize. (Closes: #362666) [src/Makefile.am, libmms-0.2/Makefile.in, libmms-0.2/src/Makefile.in, libmms-0.2/pkgconfig/Makefile.in] -- Loic Minier Mon, 22 May 2006 18:11:10 +0200 libmms (0.2-2) unstable; urgency=low * Fix shlibs to use parenthesis. [debian/rules] -- Loic Minier Mon, 16 Jan 2006 22:00:16 +0100 libmms (0.2-1) unstable; urgency=low * New upstream release. - Bump shlibs to libmms0 >= 0.2. [debian/rules] -- Loic Minier Mon, 16 Jan 2006 21:19:46 +0100 libmms (0.1-1) unstable; urgency=low * Initial upload for Debian based on the Ubuntu package in version 0.1-0ubuntu1. (Closes: #330355) * Clarify copyright status and license. [debian/copyright] * Clean up package descriptions. [debian/control] * Inherit CFLAGS. [debian/rules] * Remove useless files. [debian/dirs, libmms0.dirs, libmms-dev.dirs] -- Loic Minier Thu, 29 Sep 2005 21:52:44 +0200 libmms (0.1-0ubuntu1) breezy; urgency=low * Initial release -- Søren Hansen Thu, 15 Sep 2005 16:56:05 +0200 debian/source/0000775000000000000000000000000011716430543010474 5ustar debian/source/format0000664000000000000000000000001411716430543011702 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000211716430774010400 0ustar 9 debian/libmms0.symbols0000664000000000000000000000351511516256123012153 0ustar libmms.so.0 libmms0 #MINVER# gnet_mms_helper@Base 0.6 gnet_uri_clone@Base 0.4 gnet_uri_delete@Base 0.4 gnet_uri_equal@Base 0.4 gnet_uri_escape@Base 0.4 gnet_uri_get_string@Base 0.4 gnet_uri_hash@Base 0.4 gnet_uri_new@Base 0.4 gnet_uri_new_fields@Base 0.4 gnet_uri_new_fields_all@Base 0.4 gnet_uri_set_fragment@Base 0.4 gnet_uri_set_hostname@Base 0.4 gnet_uri_set_path@Base 0.4 gnet_uri_set_port@Base 0.4 gnet_uri_set_query@Base 0.4 gnet_uri_set_scheme@Base 0.4 gnet_uri_set_userinfo@Base 0.4 gnet_uri_unescape@Base 0.4 mms_close@Base 0.4 mms_connect@Base 0.4 mms_default_io@Base 0.6.2 mms_get_asf_header_len@Base 0.4 mms_get_asf_packet_len@Base 0.4 mms_get_current_pos@Base 0.4 mms_get_default_io_impl@Base 0.4 mms_get_file_time@Base 0.6.2 mms_get_length@Base 0.4 mms_get_raw_time_length@Base 0.4 mms_get_seekable@Base 0.4 mms_get_time_length@Base 0.4 mms_peek_header@Base 0.4 mms_read@Base 0.4 mms_request_packet_seek@Base 0.4 mms_request_time_seek@Base 0.4 mms_seek@Base 0.4 mms_set_default_io_impl@Base 0.4 mms_time_seek@Base 0.4 mmsh_close@Base 0.4 mmsh_connect@Base 0.4 mmsh_get_asf_header_len@Base 0.4 mmsh_get_asf_packet_len@Base 0.4 mmsh_get_current_pos@Base 0.4 mmsh_get_file_time@Base 0.6.2 mmsh_get_length@Base 0.4 mmsh_get_raw_time_length@Base 0.4 mmsh_get_seekable@Base 0.4 mmsh_get_time_length@Base 0.4 mmsh_peek_header@Base 0.4 mmsh_read@Base 0.4 mmsh_seek@Base 0.4 mmsh_time_seek@Base 0.4 mmsx_close@Base 0.4 mmsx_connect@Base 0.4 mmsx_get_asf_header_len@Base 0.4 mmsx_get_asf_packet_len@Base 0.4 mmsx_get_current_pos@Base 0.4 mmsx_get_file_time@Base 0.6.2 mmsx_get_length@Base 0.4 mmsx_get_raw_time_length@Base 0.4 mmsx_get_seekable@Base 0.4 mmsx_get_time_length@Base 0.4 mmsx_peek_header@Base 0.4 mmsx_read@Base 0.4 mmsx_seek@Base 0.4 mmsx_time_seek@Base 0.4 status_to_string@Base 0.6 debian/patches/0000775000000000000000000000000012712170561010621 5ustar debian/patches/0002-CVE-2014-2892.patch0000664000000000000000000000113712712170561013626 0ustar Description: Fix heap based buffer overrun Bug-Debian: https://bugs.debian.org/745301 Origin: upstream, http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 Last-Update: 2014-04-25 diff --git a/src/mmsh.c b/src/mmsh.c index f7cee4a..bca7fb8 100644 --- a/src/mmsh.c +++ b/src/mmsh.c @@ -307,7 +307,10 @@ static int get_answer (mms_io_t *io, mmsh_t *this) { len = 0; } } else { - len ++; + if (++len >= sizeof(this->buf)) { + lprintf("answer too large\n"); + return 0; + } } } if (this->stream_type == MMSH_UNKNOWN) { debian/patches/series0000664000000000000000000000007112712170561012034 0ustar 0001-Fixup-bswap.h-macros.patch 0002-CVE-2014-2892.patch debian/patches/0001-Fixup-bswap.h-macros.patch0000664000000000000000000000644511716430543016150 0ustar From 487d4dc7ea330d14d6e43e6cce092c4ffac926eb Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 21 Feb 2011 10:28:55 +0100 Subject: [PATCH] Fixup bswap.h macros The SWAP and SAME names used for the macros are named incorrectly, they should be called LITTLE_ENDIAN_TO_NATIVE resp. BIG_ENDIAN_TO_NATIVE. This also means that they will do the wrong thing on bigendian if used as intended in the previous version of bswap.h, but the WORDS_BIGENDIAN define which is checked for does not get defined by standard C headers, so we end up using the "/* Little endian */" block on big endian machines too, which makes things work with the old version there too. So this was a case were 2 wrongs make a right. This patch thus does not change anything functionally, but it does make the code read correctly. --- src/bswap.h | 45 ++++++++++++++------------------------------- 1 files changed, 14 insertions(+), 31 deletions(-) --- libmms.orig/src/bswap.h +++ libmms/src/bswap.h @@ -20,51 +20,34 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/* These macros are for converting an array of bytes containing a + integer to such an integer in the processors native format */ #include -#define SWAP_ENDIAN_16(val) \ +#define BE_16_TO_NATIVE(val) \ (val[1] | (val[0] << 8)) -#define SWAP_ENDIAN_32(val) \ +#define BE_32_TO_NATIVE(val) \ (val[3] | (val[2] << 8) | (val[1] << 16) | (val[0] << 24)) -#define SWAP_ENDIAN_64(val) \ +#define BE_64_TO_NATIVE(val) \ (val[7] | (val[6] << 8) | (val[5] << 16) | (val[4] << 24) | \ ((uint64_t)val[3] << 32) | ((uint64_t)val[2] << 40) | \ ((uint64_t)val[1] << 48) | ((uint64_t)val[0] << 56)) -#define SAME_ENDIAN_16(val) \ +#define LE_16_TO_NATIVE(val) \ (val[0] | (val[1] << 8)) -#define SAME_ENDIAN_32(val) \ +#define LE_32_TO_NATIVE(val) \ (val[0] | (val[1] << 8) | (val[2] << 16) | (val[3] << 24)) -#define SAME_ENDIAN_64(val) \ +#define LE_64_TO_NATIVE(val) \ (val[0] | (val[1] << 8) | (val[2] << 16) | (val[3] << 24) | \ ((uint64_t)val[4] << 32) | ((uint64_t)val[5] << 40) | \ ((uint64_t)val[6] << 48) | ((uint64_t)val[7] << 56)) -#ifndef WORDS_BIGENDIAN +#define BE_16(val) BE_16_TO_NATIVE(((uint8_t *)(val))) +#define BE_32(val) BE_32_TO_NATIVE(((uint8_t *)(val))) +#define BE_64(val) BE_64_TO_NATIVE(((uint8_t *)(val))) +#define LE_16(val) LE_16_TO_NATIVE(((uint8_t *)(val))) +#define LE_32(val) LE_32_TO_NATIVE(((uint8_t *)(val))) +#define LE_64(val) LE_64_TO_NATIVE(((uint8_t *)(val))) -/* Little endian */ - -#define LE_16(val) SAME_ENDIAN_16(((uint8_t *)(val))) -#define LE_32(val) SAME_ENDIAN_32(((uint8_t *)(val))) -#define LE_64(val) SAME_ENDIAN_64(((uint8_t *)(val))) -#define BE_16(val) SWAP_ENDIAN_16(((uint8_t *)(val))) -#define BE_32(val) SWAP_ENDIAN_32(((uint8_t *)(val))) -#define BE_64(val) SWAP_ENDIAN_64(((uint8_t *)(val))) - -#elif WORDS_BIGENDIAN == 1 - -/* Big endian */ - -#define LE_16(val) SWAP_ENDIAN_16(((uint8_t *)(val))) -#define LE_32(val) SWAP_ENDIAN_32(((uint8_t *)(val))) -#define LE_64(val) SWAP_ENDIAN_64(((uint8_t *)(val))) -#define BE_16(val) SAME_ENDIAN_16(((uint8_t *)(val))) -#define BE_32(val) SAME_ENDIAN_32(((uint8_t *)(val))) -#define BE_64(val) SAME_ENDIAN_64(((uint8_t *)(val))) - -#else -#error Unknown endianness! #endif - -#endif /* BSWAP_H_INCLUDED */ debian/libmms-dev.install0000664000000000000000000000010311716430767012625 0ustar usr/include usr/lib/*/lib*.a usr/lib/*/lib*.so usr/lib/*/pkgconfig debian/copyright0000664000000000000000000000630411716430661011133 0ustar This package was debianized by Søren Hansen on Wed, 14 Sep 2005 19:44:38 +0200. It was downloaded from Ubuntu and uploaded to Debian with some modifications by Loic Minier on Wed, 28 Sep 2005 21:56:25 +0200. It was downloaded from . Upstream Authors: Original author of the MMS interface code was Major MMS of http://www.geocities.com/majormms/ Enhanced and maintained by Xine project at http://xine.sf.net Current developers of libmms are: Maciej Katafiasz (Mathrick) Søren Hansen (shawarma) Copyright Holders: src/mmsx.h: LGPL (v2 or later) (with incorrect FSF address) [Copyright: 2007 Hans de Goede ] src/uri.c: LGPL (v2 or later) (with incorrect FSF address) [Copyright: 2000-2003 David Helder, David Bolcsfoldi, Eric Williams] src/mms.c: GPL (v2 or later) (with incorrect FSF address) [Copyright: 2002-2004 the xine project] src/uri.h: LGPL (v2 or later) (with incorrect FSF address) [Copyright: 2000-2001 David Helder, David Bolcsfoldi] src/mms.h: GPL (v2 or later) (with incorrect FSF address) [Copyright: 2002-2003 the xine project] src/mmsh.c: GPL (v2 or later) (with incorrect FSF address) [Copyright: 2002-2003 the xine project] src/bswap.h: LGPL (v2 or later) (with incorrect FSF address) [Copyright: 2004 Maciej Katafiasz ] src/asfheader.h: GPL (v2 or later) (with incorrect FSF address) [Copyright: 2000, 2001 Gerard Lantau / 2000-2003 the xine project] src/mmsh.h: GPL (v2 or later) (with incorrect FSF address) [Copyright: 2002-2003 the xine project] src/mmsx.c: LGPL (v2 or later) (with incorrect FSF address) [Copyright: 2007 Hans de Goede ] src/mms-common.h: LGPL (v2 or later) (with incorrect FSF address) [Copyright: 2010 Hans de Goede ] License: (Some of the upstream sources have Xine headers and are copyrighted under the GPL, and some newer files have LGPL headers. However, these snipsets were relicensed by their authors as claimed at: ) This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL-2'. debian/watch0000664000000000000000000000007111516256123010221 0ustar version=3 http://sf.net/libmms/libmms-([\d\.]+)\.tar\.gz debian/gbp.conf0000664000000000000000000000022411516256123010607 0ustar [DEFAULT] upstream-branch = upstream debian-branch = master upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True debian/rules0000775000000000000000000000006012260240106010235 0ustar #!/usr/bin/make -f %: dh $@ --with autoreconf