[MPlayer-DOCS] [homepage] (rtogni): r2445 - in /trunk/src: news-archive.src.en news.src.en
syncmail at mplayerhq.hu
syncmail at mplayerhq.hu
Tue May 23 23:49:51 CEST 2006
Author: rtogni
Date: Tue May 23 23:49:43 2006
New Revision: 2445
Log:
Move oldest newsentries to archive
Modified:
trunk/src/news-archive.src.en
trunk/src/news.src.en
Modified: trunk/src/news-archive.src.en
==============================================================================
--- trunk/src/news-archive.src.en (original)
+++ trunk/src/news-archive.src.en Tue May 23 23:49:43 2006
@@ -4,6 +4,3125 @@
<!-- $Revision$ -->
<h1>News Archive</h1>
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln11">2005.04.16, Saturday :: MMST heap overflow</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+A potential buffer overflow was found and fixed in code used to handle
+MMST streams.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when streaming MMS/TCP data from a malicious server, null if you do not use
+this feature.
+At this time there is no known exploit.
+</p>
+
+<h3>Description</h3>
+
+<p>
+While enumerating streams from a server, MMST code stores stream IDs in a
+fixed length array, but there is no check to stop the process if too many
+stream IDs are received. A malicious server could announce more than 20
+streams and overflow the array.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Fri Apr 15 23:31:57 2005 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/mmst_fix_20050415.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre6 and before (including pre6a)
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre7 and after<br>
+CVS HEAD after Fri Apr 15 23:31:57 2005 UTC
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln10">2005.04.16, Saturday :: Real RTSP heap overflow</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+A potential buffer overflow was found and fixed in code used to handle
+RealMedia RTSP streams.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when streaming RTSP data from a malicious server, null if you do not use
+this feature.
+At this time there is no known exploit.
+</p>
+
+<h3>Description</h3>
+
+<p>
+While getting lines from a server, Real RTSP code stores them in a fixed size
+array of MAX_FIELDS elements, but there is no check to stop the process if
+too many lines are received. A malicious server could send more than
+MAX_FIELDS lines and overflow the array. Since the array holds pointers to
+answer strings, an attacker cannot write arbitrary data into it, making an
+exploit more difficult.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Fri Apr 15 23:30:44 2005 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/rtsp_fix_20050415.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre6 and before (including pre6a)
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre7 and after<br>
+CVS HEAD after Fri Apr 15 23:30:44 2005 UTC
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="about_advisories">2005.04.10, Sunday :: a word about the last round of advisories</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p>
+Before anyone gets wrong impressions...
+</p>
+
+<p>
+The last round of advisories from today is about vulnerabilities that were
+reported and fixed a long time ago, please look at the dates closely.
+</p>
+
+<p>
+So you can blame me for being lazy and not writing the advisories earlier,
+but not the MPlayer team for reacting slowly to vulnerability reports.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln09">2005.04.10, Sunday :: mpg123 buffer overflows</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+Several potential buffer overflows were found in mpg123, an
+MP3 decoder library included with MPlayer in the mp3lib directory.
+You can read more details in the
+<a href="http://www.securityfocus.com/archive/1/374433">mpg123 advisory</a>.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+Medium (arbitrary code execution under the user ID running the player)
+when playing MP3 audio, should the buffer overflows be exploitable.
+It is unclear whether this is the case.
+At the time the buffer overflows were fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Tue Sep 14 21:02:19 2004 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/mp3_fix_20041215.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre5 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre5try2 and after
+</p>
+
+<h3>History</h3>
+
+<p>
+After being alerted to the potential buffer overflows
+a fix was checked into MPlayer CVS on Tue Sep 14 21:02:19 2004 UTC.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln08">2005.04.09, Saturday :: PNM streaming buffer overflow vulnerabilities</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+<a href="http://www.idefense.com/">iDEFENSE</a> found two buffer overflow
+vulnerabilities in the PNM streaming code of <a href="http://xinehq.de">xine</a>
+that also affects MPlayer. You can read the details in the
+<a href="http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities">iDEFENSE advisory</a>
+and the
+<a href="http://xinehq.de/index.php/security/XSA-2004-6">xine advisory</a>.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when playing PNM streams.
+At the time the vulnerability was fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Wed Dec 15 21:27:14 2004 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/pnm_fix_20041215.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre5 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre5try2 and after
+</p>
+
+<h3>History</h3>
+
+<p>
+On Fri, 10 Dec 2004 xine developers were contacted by
+<a href="http://www.idefense.com">iDEFENSE</a> who had found two remote
+buffer overflow vulnerabilities in the xine PNM streaming code.
+Since this code is shared between MPlayer and xine, xine informed us of the
+problem and a fix was checked into MPlayer CVS on Wed Dec 15 21:27:14 2004 UTC.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln07">2005.04.09, Saturday :: RTSP streaming heap overflow vulnerability</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+<a href="http://www.idefense.com/">iDEFENSE</a> found a heap overflow
+vulnerability in the RTSP streaming code. You can read the details in the
+<a href="http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities">iDEFENSE advisory</a>.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when playing RTSP streams.
+At the time the vulnerability was fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Wed Dec 15 18:16:24 2004 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/rtsp_fix_20041215.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre5 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre5try2 and after
+</p>
+
+<h3>History</h3>
+
+<p>
+On Fri, 10 Dec 2004 MPlayer developers were contacted by
+<a href="http://www.idefense.com">iDEFENSE</a> who had found a remote
+heap overflow vulnerability in the MPlayer RTSP streaming code.
+A fix was checked into MPlayer CVS on Wed Dec 15 18:16:24 2004 UTC.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln06">2005.04.09, Saturday :: MMST streaming stack overflow vulnerability</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+<a href="http://www.idefense.com/">iDEFENSE</a> found a stack overflow
+vulnerability in the MMST streaming code. You can read the details in the
+<a href="http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities">iDEFENSE advisory</a>.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when playing MMST streams.
+At the time the vulnerability was fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Wed, Dec 15 19:12:46 2004 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/mmst_fix_20041215.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre5 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre5try2 and after
+</p>
+
+<h3>History</h3>
+
+<p>
+On Fri, 10 Dec 2004 MPlayer developers were contacted by
+<a href="http://www.idefense.com">iDEFENSE</a> who had found a remote
+stack overflow vulnerability in the MPlayer MMST streaming code.
+A fix was checked into MPlayer CVS on Wed, Dec 15 19:12:46 2004 UTC.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln05">2005.04.09, Saturday :: vulnerability in the bitmap parser</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+<a href="http://www.idefense.com/">iDEFENSE</a> found a heap overflow
+vulnerability in the BMP demuxer. You can read the details in the
+<a href="http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities">iDEFENSE advisory</a>.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+Theoretical, the BMP demuxer is proof of concept code.
+We are not aware of multimedia content needing it.
+At the time the vulnerability was fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Wed Dec 15 18:52:38 2004 UTC. Since the bitmap demuxer serves no known
+purpose it was removed immediately afterwards. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/bmp_fix_20041215.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre5 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre5try2 and after
+</p>
+
+<h3>History</h3>
+
+<p>
+On Fri, 10 Dec 2004 MPlayer developers were contacted by
+<a href="http://www.idefense.com">iDEFENSE</a> who had found a remote
+heap overflow vulnerability in the MPlayer BMP parsing code.
+A fix was checked into MPlayer CVS on Wed, Dec 15 18:52:38 2004 UTC.
+Since the bitmap demuxer was written as proof of concept and is not needed
+for multimedia playback it was removed immediately afterwards.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="LqAward2004">2005.02.08, Tuesday :: LinuxQuestions.org Members Choice Award</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.linuxquestions.org/questions/t272115.html">
+<img src="../images/LQ-2004MCA-video.png" alt="2004 LinuxQuestions.org Members Choice Award" width="163" height="173"></a>
+</p>
+
+<p>
+We're proud to announce that
+<a href="http://www.linuxquestions.org/">LinuxQuestions.org</a> has
+held its annual Members Choice Award and MPlayer has been voted
+<a href="http://www.linuxquestions.org/questions/t272115.html">Video Multimedia Application of the Year</a>.
+</p>
+
+<p>
+MPlayer received 487 votes (49.85%), beating
+<a href="http://www.xinehq.de">xine</a> with 304 (31.12%) and
+<a href="http://www.hadess.net/totem.php3">Totem</a> with 77 (7.88%).
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="brokenboxAward2005">2005.02.05, Saturday :: Brokenbox Program of the Month</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://brokenbox.com.ar/">
+<img src="../images/brokenboxAward2005.png" alt="Brokenbox Award 2005" width="120" height="140"></a>
+</p>
+
+<p>
+Hey, we've won an award from Argentina... The Argentinian Linux software site
+<a href="http://brokenbox.com.ar/">brokenbox.com.ar</a> has elected MPlayer
+1.0pre6 "programa del mes" (program of the month). Thank you!
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="mplayer10pre6a">2004.12.29, Wednesday :: MPlayer 1.0pre6 re-released</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<p>
+The HTML version of the documentation is missing in the pre6 release tarball.
+MPlayer 1.0pre6a is a repackaging of MPlayer 1.0pre6 with the missing
+documentation added back. Except for the DOCS/HTML directory, the two files
+are identical.
+</p>
+
+<p>
+MPlayer and MEncoder will report 1.0-pre6 as the version number, since there
+are no changes in the code.
+</p>
+
+<p>
+If you still haven't got pre6, grab the new pre6a tarball. Else you don't need
+to download it, unless you're interested in HTML docs but you can't build them
+yourself from the XML sources.
+</p>
+
+<p>
+MPlayer 1.0pre6a can be downloaded from the following locations. Please be kind
+to our server and use one of our many mirrors.
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a></li>
+ <li>USA
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>a812d945b884c2e2fa7f90c57cd76bff</b>
+</p>
+
+<p>
+You can send truckloads of cola at my address :-)
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="mplayer10pre6">2004.12.23, Thursday :: MPlayer 1.0pre6 released</a>
+ <br><span class="poster">posted by the release team</span>
+</h2>
+
+<p>
+It's been five months since our last release and boy, does it show. This is
+the longest changelog ever, we've been hitting the keyboards hard. So we've
+decided to put this out at last and bestow an X-mas present upon the world.
+Since X-mas is tomorrow this means you'll have to wait one day to compile this.
+Opening presents before their time is out of the question! And no peeking,
+keep those tarballs compressed! If you send in bug reports or a comment
+prematurely we'll know you've been a nasty kid and unpacked your present
+early. And you know what happens to nasty kids...
+</p>
+
+<p>
+The most important changes are support for a seemingly infinite number of
+new codecs and important fixes for some of the old ones. The experimental
+wavelet-based snow video codec by Michael Niedermayer deserves a special
+mention. It is very promising, maybe this is what the future of video
+encoding looks like. We also added support for encoding to H.264 with
+x264 and to MP2 through toolame.
+</p>
+
+<p>
+Apart from that the unbelievable has happened and all the myriad of available
+options are finally documented. If you cannot find it in the documentation it
+simply does not exist, so RTFM! If you have a slow machine you should check
+out low resolution decoding with libavcodec (<code>-vfm ffmpeg -lavdopts
+lowres=0-3</code>). With some luck you should be able to play DVDs and MPEG-4
+movies. Mac OS X has had some nice improvements with VCD and Real/Helix codec
+(get new codec packages) support among others. On Windows there is a shiny
+new DirectSound audio output and support for the <code>-wid</code> option
+should allow building browser plugins. If you use the polypaudio sound server
+there is now an audio output module for you. The remaining old audio plugins
+have been converted to audio filters so expect audio plugins to disappear
+in the next release. Already gone are the old alsa9 and alsa1x audio
+output drivers, use alsa instead.
+</p>
+
+<p>
+As usual there were too many bug fixes to mention. They are all over the place,
+so MPlayer should run smoother and more stable than ever. A notable one is that
+length and position are now displayed for MOV files as well and that MPlayer's
+output is slowly becoming less verbose.
+</p>
+
+<p>
+The changelog is relative to MPlayer 1.0pre5try2, so all recent security
+fixes are included.
+</p>
+
+<p>
+Merry X-mas...
+</p>
+
+
+<h3>MPlayer 1.0pre6: <i>"X-mas present"</i></h3>
+
+<h4>DOCS</h4>
+
+<ul>
+ <li>finally all options are documented</li>
+ <li>man page completely reviewed for spelling, wording and clarity</li>
+ <li>all audio output driver suboptions documented</li>
+ <li>all video output driver suboptions documented</li>
+ <li>audio filters section added to the man page</li>
+ <li>XviD documentation completed</li>
+ <li>French man page in sync again</li>
+ <li>German man page updated</li>
+ <li>new Czech (complete) and Swedish man page translations</li>
+ <li>fixes and updates in various places</li>
+</ul>
+
+<h4>Ports</h4>
+
+<ul>
+ <li>full x86_64 support</li>
+ <li>-rootwin, -panscan support in the quartz video output driver</li>
+ <li>key repetition and aspect fixed in the quartz video output driver</li>
+ <li>"Movie" menu for quartz video output driver with zoom options & preset</li>
+ <li>fs_res quartz video output driver suboption chooses fullscreen resolution</li>
+ <li>VCD support for Darwin (Mac OS X)</li>
+ <li>Mac OS X Finder startup argument support</li>
+ <li>fix for stdin input and slave mode on MinGW</li>
+ <li>support for -rootwin, -colorkey, -wid in the DirectX video output driver</li>
+ <li>improved monitor selection in the DirectX video output driver</li>
+ <li>new DirectSound audio output driver</li>
+ <li>mouse support in Windows</li>
+ <li>support for ZetaOS (mostly working)</li>
+</ul>
+
+<h4>Drivers</h4>
+
+<ul>
+ <li>fixes in the VESA and GGI video output drivers</li>
+ <li>-jpeg removed in favor of -vo jpeg suboptions</li>
+ <li>jpeg video output driver now supports output to multiple directories</li>
+ <li>improvements for the Blinkenlights video output driver ;-)</li>
+ <li>OpenGL video output driver colorformat fixes (with manyfmts suboption)</li>
+ <li>aspect, panscan, hardware OSD support in the OpenGL video output driver</li>
+ <li>new pnm and md5sum video output drivers, replacing pgm and md5</li>
+ <li>yuv4mpeg video output now has a file= suboption, can be used with
+ -fixed-vo to concatenate files having same width, height and fps</li>
+ <li>JACK audio output driver updated to bio2jack API changes</li>
+ <li>alsa9 and alsa1x replaced by alsa audio output driver</li>
+ <li>ALSA audio output driver always uses specified device, even for hwac3</li>
+ <li>support for mixer channel selection in the ALSA audio output driver</li>
+ <li>audio output driver for the polypaudio sound server</li>
+ <li>VIDIX Cyberblade TV-out fixed</li>
+ <li>VIDIX I420 support for Cyberblade and mga</li>
+ <li>VIDIX Radeon support on big-endian systems, other Radeon fixes</li>
+ <li>VIDIX Radeon R200 QM (Radeon 9100) support</li>
+ <li>CLE266 VIDIX driver</li>
+ <li>experimental SAVAGE VIDIX driver</li>
+</ul>
+
+<h4>Decoders</h4>
+
+<ul>
+ <li>"experimental" support for 20 and 24 bit LPCM (DVD-Audio)</li>
+ <li>libmpeg2 updated to 0.4.0b</li>
+ <li>libfaad2 updated to 2.1beta CVS snapshot</li>
+ <li>DTS decoding via libavcodec</li>
+ <li>Windows Media Audio 9 Voice support via binary DLL</li>
+ <li>Windows Media Video 9 Advanced support via binary DLL</li>
+ <li>Windows Media Screen Codec 2 support via binary DLL</li>
+ <li>Windows Media Image Codec support via binary DLL</li>
+ <li>Windows Media Image 2 Codec support via binary DLL</li>
+ <li>VDOWave video support via binary DLL</li>
+ <li>Miro VideoXL video support via libavcodec</li>
+ <li>Creative ADPCM audio support via libavcodec or binary DLL</li>
+ <li>IBM Ultimotion video support via libavcodec</li>
+ <li>Micronas Speech codec support via binary DLL</li>
+ <li>H.261 video codec support via libavcodec</li>
+ <li>TechSmith Camtasia video codec support via libavcodec</li>
+ <li>sonic audio codec support via libavcodec</li>
+ <li>snow video codec support via libavcodec</li>
+ <li>QuickDraw video support via libavcodec</li>
+ <li>Cinepak, CYUV and RoQ audio/video moved to FFmpeg</li>
+ <li>Vianet Lsvx video support via binary DLL</li>
+</ul>
+
+<h4>Demuxers</h4>
+
+<ul>
+ <li>fix -nosound and -novideo for NSV</li>
+ <li>subtitle switching and language code displaying for Matroska</li>
+ <li>support for the .vp5 file format (AVI variant)</li>
+ <li>seeking in audio-only ASF files fixed</li>
+ <li>improved MP3 detection</li>
+ <li>support for AVC in .mp4 files</li>
+ <li>support for raw H.261 files via libavformat</li>
+ <li>improved seeking precision in MPEG files</li>
+ <li>better subtitle language code handling for MKV files</li>
+ <li>support DVHS files and H.264 over MPEG-TS</li>
+ <li>display length and position (in the seekbar) for MOV files</li>
+ <li>raw video in MOV files playback improved</li>
+</ul>
+
+<h4>Streaming</h4>
+
+<ul>
+ <li>-cache-min and -cache-prefill options added</li>
+ <li>compilation fix for newer LIVE.COM versions</li>
+ <li>make ASF without ECC work</li>
+ <li>support for MMS on non-standard port</li>
+ <li>EOF detected in Real RTSP streams</li>
+</ul>
+
+<h4>FFmpeg/libavcodec</h4>
+
+<ul>
+ <li>reduced resolution decoding with the lowres option</li>
+ <li>new experimental wavelet-based snow video codec</li>
+ <li>new sonic audio codec</li>
+ <li>TechSmith Camtasia video decoder</li>
+ <li>IBM Ultimotion video decoder</li>
+ <li>QuickDraw video decoder</li>
+ <li>Creative ADPCM decoder</li>
+ <li>Miro VideoXL decoder</li>
+ <li>Sierra online audio files demuxer and decoder</li>
+ <li>QPEG video decoder</li>
+ <li>Electronic Arts Game Multimedia format demuxer</li>
+ <li>H.261 fixes, H.261 encoder</li>
+ <li>fix VIS accelerated code</li>
+ <li>DTS support via libdts</li>
+ <li>many DV fixes, seek in raw DV files</li>
+ <li>support AAC in MOV files</li>
+ <li>RV10, RV20 fixes</li>
+ <li>RV20 encoding</li>
+ <li>AVI demuxer cleanup, palette change support</li>
+ <li>iTunes metadata support</li>
+ <li>HuffYUV fixes (endianness, RGB32 predictor, median encoding, interlacing)</li>
+ <li>ffvhuff (enhanced HuffYUV codec)</li>
+ <li>SSE optimizations for 4x4 compare function</li>
+ <li>epzs motion search enhancements</li>
+ <li>quad tree based motion compensation</li>
+ <li>MPEG-4 qpel MMX2/3DNow! optimizations</li>
+ <li>H.264: lot of fixes and MMX2/3DNow! optimizations</li>
+ <li>AVC1 (H.264 without sync word in .mp4 files) support</li>
+ <li>H.264 qpel motion compensation</li>
+ <li>Indeo3 grayscale decoding</li>
+ <li>preliminary Truemotion 24 bit decoder</li>
+ <li>avizlib encoder fixed</li>
+ <li>trellis quantization support in H.263</li>
+ <li>DCT optimizations</li>
+ <li>AltiVec support on AmigaOS4</li>
+ <li>adapt MMX/MMX2/SSE/3DNow! optimizations to work on x86_64</li>
+ <li>seeking fixes</li>
+ <li>better and faster audio resampler</li>
+ <li>New dc1394 grabbing interface</li>
+ <li>preliminary decoding support for H.264 with CABAC and B-frames</li>
+ <li>dvr-ms support in ASF demuxer</li>
+ <li>NSV demuxer</li>
+ <li>DVD compatible MPEG muxer</li>
+ <li>MJPEG-B fixes</li>
+ <li>range coder (arithmetic entropy coder) used by snow and ffv1</li>
+ <li>ffv1 enhancements: signed golomb, range codes</li>
+ <li>multi slice support for main profile H.264 streams</li>
+ <li>as usual, lots of bug fixes and optimizations</li>
+</ul>
+
+<h4>Filters</h4>
+
+<ul>
+ <li>software volume control when no hardware support available, can be
+ controlled with the -softvol and -softvol-max parameters</li>
+ <li>high-quality audio resampling with -af lavcresample</li>
+ <li>cropdetect rounding parameter</li>
+ <li>MPlayer -af help</li>
+ <li>missing audio plugins (extrastereo, volnorm) converted to audio filters</li>
+ <li>sine sweep generator audio filter</li>
+ <li>hrtf audio filter to convert multichannel audio to 2 channel output
+ for headphones, preserving the spatiality of the sound</li>
+ <li>big-endian fixes in rgb2rgb converter</li>
+ <li>yuv2rgb Altivec optimization fixes</li>
+ <li>support for LADSPA plugins</li>
+</ul>
+
+<h4>GUI</h4>
+
+<ul>
+ <li>unified audio options dialog, also for ALSA</li>
+ <li>redrawing limited, decreases CPU usage in audio-only case</li>
+ <li>icons for the context menu</li>
+ <li>doublesize bug fixed</li>
+ <li>slowdown after opening the preferences panel bug fixed</li>
+ <li>remaining messages moved to help file for translation</li>
+ <li>slowdown after using the preferences panel fixed</li>
+</ul>
+
+<h4>Encoding</h4>
+
+<ul>
+ <li>x264 encoder support</li>
+ <li>support for MP2 encoding with libtoolame</li>
+ <li>libavcodec "turbo mode" to speed up 2-pass encoding</li>
+ <li>support for 3-pass encode for libavcodec and x264</li>
+ <li>XviD encoder and decoder modules updated to API-4.1 (XviD-1.1.x)</li>
+ <li>flush remaining frames at end of encoding process</li>
+</ul>
+
+<h4>Others</h4>
+
+<ul>
+ <li>-loop and -shuffle now work together</li>
+ <li>better EDL support</li>
+ <li>some --disable configure options finally work (mp3lib, liba52, libmpeg2)</li>
+ <li>framestepping</li>
+ <li>change playback speed during playback</li>
+ <li>some crashes with binary codecs fixed</li>
+ <li>subtitle alignment support for SAMI files</li>
+ <li>also support Windows path separator '\'</li>
+ <li>FriBiDi fixes for comma handling in Hebrew subtitles</li>
+ <li>-crash-debug option to attach gdb automatically after crashes</li>
+ <li>gcc 4 compilation fixes</li>
+ <li>compilation fixes for many files in the TOOLS directory</li>
+ <li>infamous "stuck mouse button" bug fixed, new -key-fifo-size option</li>
+ <li>reduced verbosity of MPlayer's output somewhat</li>
+ <li>-identify now prints some information about available languages</li>
+ <li>double buffering (-double) is now default</li>
+ <li>many memleaks fixed</li>
+</ul>
+
+<p>
+MPlayer 1.0pre6 can be downloaded from the following locations. Please be kind
+to our server and use one of our many mirrors.
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a></li>
+ <li>USA
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>4a628f87a7070e10ffea04a1598979a9</b>
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="br-linuxAward2004">2004.12.22, Wednesday :: Brazilian Free Community Award 2004</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://br-linux.org/main/noticia-favoritos_da_comunidade_livre_.html">
+<img src="../images/br-linux2004.jpg" alt="Brazilian Free Community Award 2004" width="411" height="76"></a>
+</p>
+
+<p>
+Today seems to be award day... We were just notified that MPlayer has won
+another award, this time from the Brazilian Linux community at
+<a href="http://br-linux.org">br-linux.org</a>, the "Favoritos da
+Comunidade Livre brasileira em 2004" (Favourites of the Brazilian
+Free Community in 2004) in the category "Visualizador de Vídeo"
+(Video Player) with 1395 votes (48%), followed by xine and Kaffeine.
+</p>
+
+<p>
+If you understand Portuguese you can read the details on
+<a href="http://br-linux.org/main/noticia-favoritos_da_comunidade_livre_.html">the award page</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="HUPAward2004">2004.12.22, Wednesday :: HUP Readers' Choice Award 2004</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://hup.hu/modules.php?name=News&file=article&sid=7628">
+<img src="../images/hup2004.png" alt="HUP Readers' Choice Award 2004" width="150" height="150"></a>
+</p>
+
+<p>
+We're proud to announce that MPlayer has won the Readers' Choice Award of the
+<a href="http://hup.hu">Hungarian Unix Portal</a> in the "favorite video
+player of the year" as well as "favorite Hungarian project of
+the year" category.
+</p>
+
+<p>
+In the video player category MPlayer got 473 votes (89%), xine 39 (7%) and
+VLC 10 (1%). It's the second year in a row for MPlayer to win this award.
+If you understand Hungarian you can read about it on the
+<a href="http://hup.hu/modules.php?name=News&file=article&sid=7628">HUP award page</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="mplayer10pre5try2">2004.12.15, Wednesday :: MPlayer 1.0pre5try2 released</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<p>
+Multiple vulnerabilities were discovered in MPlayer by
+<a href="http://www.idefense.com/">iDEFENSE</a>, and
+more were found by us while reviewing the code:
+</p>
+
+<ul>
+ <li>potential heap overflow in Real RTSP streaming code
+ (<a href="http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20041215.diff">patch</a>)</li>
+ <li>potential stack overflow in MMST streaming code
+ (<a href="http://www.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff">patch</a>)</li>
+ <li>multiple buffer overflows in BMP demuxer
+ (<a href="http://www.mplayerhq.hu/MPlayer/patches/bmp_fix_20041215.diff">patch</a>)</li>
+ <li>potential heap overflow in pnm streaming code
+ (<a href="http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff">patch</a>)</li>
+ <li>potential buffer overflow in mp3lib
+ (<a href="http://www.mplayerhq.hu/MPlayer/patches/mp3_fix_20041215.diff">patch</a>)</li>
+</ul>
+
+<p>
+All issues affect both MPlayer 1.0pre5 and current CVS versions.
+MPlayer 0.93 is obsolete and was not checked nor fixed.
+All problems were fixed, and the BMP demuxer was also disabled because it's
+useless and requires further analysis to be totally safe.
+</p>
+
+<p>
+To be safe from harm users of MPlayer 1.0pre5 and below should
+upgrade to 1.0pre5try2 or apply this
+<a href="http://www.mplayerhq.hu/MPlayer/patches/pre5-pre5try2.diff">cumulative patch</a>
+to 1.0pre5 and not play streams over the network in the meantime.
+CVS users can just 'cvs update'. An updated
+<a href="http://www.mplayerhq.hu/MPlayer/releases/win32/">CVS build</a>
+for Windows users is also available.
+</p>
+
+<p>
+Detailed advisories will follow.
+</p>
+
+<p>
+MPlayer 1.0pre5try2 can be downloaded from the following locations:
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>USA 2
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>724c905a8dddb7e8ec9722fc585f833d</b>
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="LnmAward2004">2004.10.30, Saturday :: Linux New Media Award 2004</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.linuxnewmedia.de/presse/en">
+<img src="../images/LnmAwardLogo2004.jpg" alt="Linux New Media Award 2004" width="241" height="193"></a>
+</p>
+
+<p>
+MPlayer has won the
+<a href="http://www.linuxnewmedia.de/presse/en">Linux New Media Award 2004</a>
+in the category "Best Media Player". The award is organized by the
+<a href="http://www.linuxnewmedia.de/en">Linux New Media AG</a> and the jury
+consists of about 150 respected community members.
+</p>
+
+<p>
+MPlayer got 29.8% of the votes, beating <a href="http://xinehq.de">xine</a>
+(24.2%) and <a href="http://xmms.org">XMMS</a> (23.4%) making this the second
+win in a row. Detailed results can be found on the
+<a href="http://www.linuxnewmedia.de/Award_2004/award2004/">German award page</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="sucon2004">2004.09.02, Thursday :: MPlayer at SUCON '04</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p>
+The MPlayer team will be represented at
+<a href="http://www.suug.ch/sucon/04/">SUCON '04</a>
+by at least Alex Beregszaszi, Roberto Togni, Jonas Jermann and Diego Biurrun.
+SUCON is the Swiss Unix Conference held September 2-4, 2004 at the Technopark
+in Zürich, Switzerland. From the description at their homepage:
+</p>
+
+<blockquote cite="http://www.suug.ch/sucon/04/">
+<p>
+SUCON is a emerging conference focused on topics related to the Unix operating
+system. Our goal is to bring together developers, system administrators and
+users in the field of Unix to foster projects, ideas and the knowledge of
+every individual.
+</p>
+</blockquote>
+
+<p>
+Alex will give a talk about MPlayer on Friday, so if you are interested in
+MPlayer or would like to meet some of us and happen to be in the area, drop
+by.
+</p>
+
+<h3>Update</h3>
+
+<p>
+Also present are Mike Melanson from
+<a href="http://xinehq.de/">xine</a>
+and Samuel Hocevar from
+<a href="http://videolan.org/">VideoLAN</a>.
+They will be giving presentations as well and we will all be holding a
+multimedia birds-of-a-feather session together on Saturday.
+</p>
+
+<h3>Update 2</h3>
+
+<p>
+Some <a href="http://www.suug.ch/sucon/04/video.html">recorded talks</a>
+have been made available. The talks by Mike Melanson and Alex Beregszaszi
+are among them.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="hard_drive_donation">2004.07.23, Friday :: Hard drive donation needed</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p>
+One of the hard drives in our project server is failing and needs to be
+replaced. Since it is part of a RAID1 array and performance suffers a lot when
+running RAID1 with different geometry drives we need either the same model
+as replacement or two new IDE drives. The drive is an IBM IC35L040AVER07-0
+40GB IDE drive.
+</p>
+
+<p>
+If you have such a drive or a pair of new drives lying around or are willing
+to buy it for us, please contact our admin
+<a href="mailto:arpi_REMOVE_THE_UNDERSCORES_AND_THE_TEXT_IN_BETWEEN_ at thot.banki.hu">Arpad Gereöffy</a>
+and send the drive to him.
+</p>
+
+<h3>Update</h3>
+
+<p>
+We have received a DTLA305040 in donation from Stefan Seyfried (Thank you!)
+and Sascha Sommer exchanged it for his IC35L040AVER07, which is now in the
+project server. Also many thanks to the other people who offered help.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="mplayer10pre5">2004.07.15, Wednesday :: MPlayer 1.0pre5 released</a>
+ <br><span class="poster">posted by the release team</span>
+</h2>
+
+<p>
+Once again after a long delay we are proud and happy to present you our latest
+release. Tons of new features and bug fixes were included, many during a big
+hacking session at LinuxTag 2004. The pending patch queue has been greatly
+reduced and as usual we expect to make the next release in a more timely
+fashion ;-)
+</p>
+
+<p>
+Since you already know about the <a href="#name_change">name change</a> the
+most important change is the security relevant string handling code audit.
+Read the details in the <a href="#vuln04">relevant advisory</a>.
+If you haven't upgraded to a CVS snapshot already, upgrade to pre5 now.
+</p>
+
+<p>
+Highlights of this release include improved Mac OS X and Windows support,
+improved seeking in Real files, better MEncoder documentation with an
+updated DVD ripping guide, streaming related bug fixes, fullscreen bug fixes,
+a new unified ao_alsa ALSA audio output driver to replace ao_alsa9 and
+ao_alsa1x, a JACK audio output driver and new icons for the GUI and menus.
+Of course we also did the usual stuff like support for more codecs, new video
+filters and bug fixes all over the place.
+</p>
+
+<p>
+The codec packages have been updated and they now sport version numbers so you
+can easily tell whether you have the latest one or not. Grab them if you are
+interested in complete codec support.
+</p>
+
+<p>
+Have fun...
+</p>
+
+
+<h3>MPlayer 1.0pre5: <i>"LinuxTag release"</i></h3>
+
+<h4>Name</h4>
+
+<ul>
+ <li>It's "MPlayer - The Movie Player" instead of
+ "MPlayer - The Movie Player for Linux" now.</li>
+</ul>
+
+<h4>Security</h4>
+
+<ul>
+ <li>complete review of string operations, buffer overflows fixed</li>
+</ul>
+
+<h4>DOCS</h4>
+
+<ul>
+ <li>small additions, corrections, updates all over the place</li>
+ <li>audio output driver section added to the man page</li>
+ <li>several bug fixes and improvements in the MEncoder documentation</li>
+ <li>DVD ripping guide extended and improved</li>
+ <li>AUTHORS file massively extended</li>
+ <li>German man page partially updated</li>
+ <li>Hungarian XML documentation translation started</li>
+</ul>
+
+<h4>Ports</h4>
+
+<ul>
+ <li>encrypted DVD playback on Windows fixed (again)</li>
+ <li>Cygwin and MinGW now accept the same -dvd-device syntax</li>
+ <li>LIVE.COM now works under MinGW</li>
+ <li>foundations for MinGW crosscompilation</li>
+ <li>disabled SSE on MinGW as it caused crashes</li>
+ <li>AC3 passthrough for ao_win32</li>
+ <li>improved vo_quartz (YUV, multiple screens support)</li>
+ <li>vo_quartz made default on Mac OS X</li>
+ <li>ao_macosx fixed and made default again on Mac OS X</li>
+ <li>RealVideo binary codecs support on Mac OS X (still buggy)</li>
+ <li>bigendian fixes in vf.c, vo_tga</li>
+ <li>OpenBSD portability fixes</li>
+ <li>OpenBSD/VAX support</li>
+ <li>AMD64 support</li>
+</ul>
+
+<h4>Drivers</h4>
+
+<ul>
+ <li>support for more Radeons (9800 XT among them) in VIDIX</li>
+ <li>Radeon related bug fixes in VIDIX</li>
+ <li>vo_gl2 now supports GUI, fix for flickering borders in fullscreen</li>
+ <li>support 24 and 32 bit PCM files, bigendian fixes</li>
+ <li>ao_sdl now converts unsupported formats instead of quitting</li>
+ <li>ENCA support</li>
+ <li>merged ao_alsa9 and ao_alsa1x drivers into ao_alsa</li>
+ <li>NeoMagic TV-out support through VESA</li>
+ <li>JACK audio output driver</li>
+ <li>vo_sdl fixes (wrong flags and screensaver disabling)</li>
+ <li>vo_directx fixes</li>
+</ul>
+
+<h4>Decoders</h4>
+
+<ul>
+ <li>MSZH/ZLIB, FLI, QTRLE, RoQ video and RoQ audio support moved to FFmpeg</li>
+ <li>FFmpeg Cinepak and CYUV decoders preferred</li>
+ <li>audio format 0xff support (is AAC)</li>
+ <li>"raw" audio in MOV supported</li>
+ <li>Indeo audio (iac25) support via binary codec</li>
+ <li>upgrade libfaad2 to the FAAD 2.0 release</li>
+ <li>MPEG-2 chroma422/444 support</li>
+ <li>Winnov WINX and WNV1 support via binary codec</li>
+</ul>
+
+<h4>Demuxers</h4>
+
+<ul>
+ <li>Ogg subtitle handling and other bug fixes</li>
+ <li>Matroska improvements</li>
+ <li>support seeking in Real files without -idx</li>
+ <li>support seeking in Real files without index with -forceidx</li>
+</ul>
+
+<h4>Streaming</h4>
+
+<ul>
+ <li>ASF, MMST streaming fixes</li>
+ <li>URL escaping fixed</li>
+ <li>NSA (Nullsoft audio) streaming support</li>
+ <li>embedded RAM playlist support</li>
+ <li>multibyte URL support</li>
+ <li>rtp:// now supported even with LIVE.COM compiled in</li>
+ <li>miscellaneous bug fixes</li>
+</ul>
+
+<h4>Filters</h4>
+
+<ul>
+ <li>vf_softskip: frame skipping filter for MEncoder</li>
+ <li>vf_harddup: frame duplication filter for MEncoder</li>
+ <li>vf_pullup minor fixes and improvements</li>
+ <li>AltiVec-optimized YUV to RGB converter</li>
+ <li>vf_spp memory corruption fix on reallocation</li>
+</ul>
+
+<h4>FFmpeg/libavcodec</h4>
+
+<ul>
+ <li>MPEG-2 encoding with 8, 9, 10, 11 bit intra DC precision</li>
+ <li>DC clipping fix, intra_dc_precision > 0 support</li>
+ <li>Cinepak fixes and palette support</li>
+ <li>support skipping of MB rows during decoding</li>
+ <li>Vorbis in NUT fixed</li>
+ <li>NUT updated to latest specification</li>
+ <li>segfault and artifact fixes in SVQ3 decoder</li>
+ <li>motion estimation code: overflow and chroma fixes</li>
+ <li>change qscale -> lambda for the motion estimation</li>
+ <li>noise preserving sum of squares comparison function in ME code</li>
+ <li>fixed memory overwrite in truemotion decoder</li>
+ <li>clip input motion vectors, better error tolerance on bad vectors</li>
+ <li>FLAC decoder cleanup (partial demuxer/decoder separation)</li>
+ <li>memalign hack for SSE/SSE2 on that alternative OS :)</li>
+ <li>lots of AltiVec optimizations</li>
+ <li>qscale + qprd fix</li>
+ <li>QTrle4 support</li>
+ <li>H.261 decoder</li>
+ <li>coefficient saturation fix in H.263</li>
+ <li>H.263 MCBPC fix</li>
+ <li>per line lowpass filter in MMX and faster C lowpass filter</li>
+ <li>SVQ1 encoder</li>
+ <li>as usual, lots of bug fixes and optimizations</li>
+</ul>
+
+<h4>Others</h4>
+
+<ul>
+ <li>fullscreen fixes for many window managers</li>
+ <li>fix crash on original Pentiums and older</li>
+ <li>dvd://start-end support</li>
+ <li>netstream (mpst://) support fixed</li>
+ <li>support comments in plaintext playlists</li>
+ <li>loader/ dependency removed</li>
+ <li>keepaspect option extended to all video output drivers</li>
+ <li>WMA to Ogg conversion and simple subtitle editing script added to TOOLS</li>
+ <li>support for more lame options</li>
+ <li>new set of GUI icons</li>
+ <li>memory conserving implementation of GUI potmeters</li>
+ <li>X11 code reindented</li>
+ <li>further gcc 3.4 support fixes</li>
+ <li>mixer API written for changing volume through libaf</li>
+ <li>-rtc-device option for specifying the RTC device</li>
+ <li>desktop/menu icon added</li>
+ <li>miscellaneous bug fixes and cleanups</li>
+ <li>multi-threaded encoding with lavc</li>
+ <li>fixed a bug with Real files introduced in pre4</li>
+ <li>-use-stdin renamed to -noconsolecontrols</li>
+</ul>
+
+<p>
+MPlayer 1.0pre5 can be downloaded from the following locations. Please be kind
+to our server and use one of our many mirrors.
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
+ <li>USA 2
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>fbe6919eb025526e8ed129cd61a49969</b>
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="mplayer093">2004.07.09, Wednesday :: MPlayer 0.93 released</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p>
+This is a security only update for our outdated stable branch. It contains
+a simple port of the fixes for the recent
+<a href="#vuln04">GUI remote buffer overflow vulnerabilities</a>
+committed to the main MPlayer source tree.
+This was done without a complete audit of the 0.90 branch of our code base
+due to a lack of resources.
+</p>
+
+<p>
+The 0.90 branch is long obsolete, there will be no further releases,
+probably not even security fix releases. Therefore we strongly recommend
+upgrading to MPlayer 1.0pre5 once it becomes available or a current CVS
+snapshot.
+</p>
+
+<h3>MPlayer 0.93</h3>
+
+<h4>Security:</h4>
+
+<ul>
+ <li>string operation buffer overflows fixed</li>
+</ul>
+
+<p>
+MPlayer 0.93 can be downloaded from the following locations:
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
+ <li>USA 2
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.93.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">HTTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>2ddd395cd1bc56559006398ef5105710</b>
+</p>
+
+</div>
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln04">2004.07.01, Thursday :: remote buffer overflow vulnerabilities in the GUI code</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+Multiple string vulnerabilities have been found and fixed in the MPlayer GUI
+code, at least one of which was remotely exploitable.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player) if
+using the GUI to play certain types of playlist files, none when using only the
+command line. The MPlayer GUI is optional and not built by default.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability with the known exploit was checked into MPlayer CVS
+on Wed, 2 June 2004 12:40:41 +0000 (UTC). The result of a thorough code audit
+that uncovered further potentially exploitable bugs was checked into MPlayer CVS
+on Fri, 25 June 2004 16:49:52 +0000 (UTC). All of this will be included in MPlayer
+1.0pre5. Users of affected MPlayer versions should upgrade to latest CVS or MPlayer 1.0pre5
+once it becomes available. Alternatively a patch for the
+<a href="../../MPlayer/patches/vuln04-fix.diff">main</a> and
+<a href="../../MPlayer/patches/vuln04-0_90-fix.diff">0_90</a>
+MPlayer CVS versions is available that can be applied to the MPlayer source
+tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre4 and before<br>
+MPlayer 0.92.1 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+none
+</p>
+
+
+<h3>History</h3>
+
+<p>
+On Tue, 1 June 2004 MPlayer developers were contacted by
+<a href="mailto:c0ntex at open-security.org">c0ntex</a> who had found a string
+handling vulnerability in the MPlayer GUI code complete with an example
+exploit and a preliminary fix. That fix was checked into MPlayer CVS on
+Wed, 2 June 2004 12:40:41 +0000 (UTC).
+</p>
+
+<p>
+When playing certain types of playlist files with extremely long entries a
+buffer overflow error occurs. This allows an attacker to overwrite memory with
+specially crafted playlist files and execute arbitrary code under the user ID
+running MPlayer.
+</p>
+
+<p>
+Richard Felker started a general audit of the GUI code for further string
+handling problems and uncovered a host of potential bugs, some of which were
+probably exploitable. Nicholas Kain proceeded to do a full audit of the MPlayer
+code for insecure string handling, which was finished by Alexander Strasser.
+The result of this audit was checked into MPlayer CVS on
+Fri, 25 June 2004 16:49:52 +0000 (UTC).
+</p>
+
+<p>
+Since the first quick review of the GUI code immediately revealed several
+potentially exploitable bugs we have refrained from publishing this advisory
+until a thorough audit of the whole code was finished.
+</p>
+
+<p>
+On Thu, 1 July 2004 11:22:29 (UTC) a simple port of the fixes was committed to
+the 0_90 stable MPlayer source tree. This was done without a further audit of
+the 0_90 code base due to lack of resources. We have therefore dropped further
+support of the 0_90 tree and recommend upgrading to MPlayer 1.0pre5 or latest
+CVS.
+</p>
+
+<h3>Download</h3>
+
+<p>
+MPlayer 1.0pre5, 0.93 and CVS snapshots can be downloaded from the MPlayer homepage or one of its many
+mirrors as soon as they become available. Go to the
+<a href="dload.html">MPlayer download page</a>
+to get MPlayer 1.0pre5 source code or a CVS snapshot.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="name_change">2004.06.25, Friday :: MPlayer name change</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p>
+No, it's still MPlayer ;-).
+</p>
+
+<p>
+But since we run on so many different operating systems now we thought that
+</p>
+
+<p>
+ <b>MPlayer - The Movie Player For Linux</b>
+</p>
+
+<p>
+is not really a fitting name any longer. So from now on it will be just
+</p>
+
+<p>
+ <b>MPlayer - The Movie Player</b>
+</p>
+
+<p>
+The king is dead - long live the king!
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="linuxtag2004_patents">2004.06.24, Thursday :: Software Patents</a>
+ <br><span class="poster">posted by Alex</span>
+</h2>
+
+<p>
+Your video player is... <b>PATENTED</b> <i>(in the USA)</i>
+</p>
+
+<p>
+Demonstration against Software Patents in Karlsruhe, the city of LinuxTag with
+some developers and advocates of MPlayer.
+Read more <a href="http://kwiki.ffii.org/DemoKarlsruhe04En">at the FFII page</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="linuxtag2004">2004.06.02, Wednesday :: MPlayer at LinuxTag 2004</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.linuxtag.org/">
+<img src="../images/linuxtag.png" alt="LinuxTag logo" width="119" height="80"></a>
+</p>
+
+<p>
+The MPlayer team will be represented at
+<a href="http://www.linuxtag.org/2004/index.html">LinuxTag 2004</a>
+by at least Alex Beregszaszi, Sascha Sommer and Diego Biurrun.
+LinuxTag is a mix between trade show and conference about Linux and free
+software for both companies and projects. It is held in Karlsruhe, Germany,
+from the 23rd to the 26th of June. We will have a booth in the projects area
+and be present for the full four days. Hopefully we will also be able to hold
+a small conference with as many developers as possible. If you ever wished to
+have a chat with us, that would be the perfect opportunity.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln03">2004.04.28, Wednesday :: Exploitable remote buffer overflow vulnerability in the Real RTSP streaming code</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary:</h3>
+
+<p>
+Multiple vulnerabilities have been found and fixed in the Real-Time
+Streaming Protocol (RTSP) client for RealNetworks servers, including a
+series of potentially remotely exploitable buffer overflows. This is a
+joint advisory by the MPlayer and xine teams as the code in question is
+common to these projects. The xine team has assigned ID XSA-2004-3 to this
+security announcement.
+</p>
+
+<h3>Severity:</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when playing Real RTSP streams.
+At this time, there is no known exploit for these vulnerabilities.
+</p>
+
+<h3>Prerequisites:</h3>
+
+<p>
+The players are only vulnerable when playing Real RTSP streams.
+There is no risk if Real RTSP (realrtsp) streaming is not employed.
+</p>
+
+<h3>Solution:</h3>
+
+<p>
+A fix was checked into MPlayer CVS on Sat, 24 Apr 2004 12:33:22 +0200 (CEST).
+This fix is included in MPlayer 1.0pre4. Users of affected MPlayer versions
+should upgrade to MPlayer 1.0pre4 or later. Alternatively a standalone
+<a href="../../MPlayer/patches/vuln03-fix.diff">patch</a> is available that
+can be applied to the MPlayer source tree.
+</p>
+
+<p>
+xine-lib fix was checked into CVS on Fri, Apr 23 21:59:04 2004 UTC. This fix
+is included in xine-lib 1-rc4. Users of affected xine-lib versions should
+upgrade to xine-lib 1-rc4 or later.
+If this upgrade is not feasible for some reason, the vulnerable code
+can be disabled by removing xine's RTSP input plugin, which is located at
+$(xine-config --plugindir)/xineplug_inp_rtsp.so. If installed with default
+paths, that is: /usr/local/lib/xine/plugins/1.0.0/xineplug_inp_rtsp.so
+This workaround disables RTSP streaming.
+</p>
+
+<h3>Affected versions:</h3>
+
+<p>
+MPlayer 1.0pre1-pre3try2<br>
+xine-lib 1-beta1 to 1-rc3c
+<p>
+
+<h3>Unaffected versions:</h3>
+
+<p>
+MPlayer 0.92.1 and below<br>
+MPlayer 1.0pre4 and above<br>
+MPlayer CVS HEAD
+</p>
+
+<p>
+xine-lib 1-beta0 and below<br>
+xine-lib 1-rc4 and above<br>
+xine-lib CVS HEAD
+</p>
+
+<h3>History / Attack Vectors:</h3>
+
+<p>
+On Thu, 22 Apr 2004 Diego Biurrun found a crashing bug in the MPlayer
+realrtsp code that Roberto Togni confirmed to be a buffer overflow
+vulnerability later that day. The xine team was notified and independent
+code audits were performed by Miguel Freitas (xine) and Roberto Togni
+(MPlayer), revealing multiple vulnerabilities.
+</p>
+
+<ol>
+ <li>Fixed length buffers were assigned for the URL used in server requests
+ and the length of the input was never checked. Very long URLs could thus
+ overflow these buffers and crash the application. A malicious person
+ might possibly use a specially crafted URL or playlist to run arbitrary
+ code on the user's machine.</li>
+ <li>Not all strings returned from a Real server were checked for length.
+ It might be possible to cause a buffer overflow during the RTSP session
+ negotiation sequence. A malicious person could use a fake RTSP server
+ to feed the client with malformed strings.</li>
+ <li>Packets of RealNetworks' Real Data Transport (RDT) format were received
+ using a fixed length buffer whose size was never checked. It might also be
+ possible to exploit this by emulating a RealNetworks' RTSP server.</li>
+ <li>On Wed, 14 Apr 2004 22:45:28 +0200 (CEST) a change was made to MPlayer
+ CVS that removes the extension checking on RTSP streams. MPlayer now
+ attempts to handle every RTSP connection as realrtsp first, falling back
+ to live.com RTSP. CVS versions from that date to the time the fix was
+ checked in are susceptible to the same problem when playing normal RTSP
+ streams as well.</li>
+ <li>At the time of the writing of this advisory no real exploits are known
+ to the authors and we hope to be the first to stumble across this
+ vulnerability. Since we believe that the bugs described in this advisory
+ are exploitable we have released this proactive advisory.</li>
+</ol>
+
+<h3>Download:</h3>
+
+<p>
+MPlayer 1.0pre4 can be downloaded from the MPlayer homepage or one of its many
+mirrors. Go to the
+<a href="dload.html">MPlayer download page</a>
+to get MPlayer 1.0pre4 source code.
+</p>
+
+<p>
+xine-lib 1-rc4 can be downloaded from the
+<a href="http://xinehq.de/index.php/releases">xine homepage</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="mplayer10pre4">2004.04.28, Wednesday :: MPlayer 1.0pre4 released</a>
+ <br><span class="poster">posted by the release team</span>
+</h2>
+
+<p>
+A long time has passed without a release and really a lot has
+happened. Between the KiSS affair and the farewell of some developers
+one might almost get the impression that not much development has been
+taking place. Indeed there have been many internal changes. Alex
+Beregszaszi (who has been the maintainer since 0.90rc3) is now
+supported by a team of maintainers, making this the first real team
+release of MPlayer. To reflect that we are also presenting the site in
+a new design. If you thought about helping us out in building the
+fastest and most flexible video player, now would be the perfect moment
+to join our team, just come and join us on our
+<a href="info.html#mailing_lists">mailing lists</a> and
+<a href="info.html#irc">IRC</a> channels. We can use not only coders but
+also documenters and people that want to help us out with the many details
+that have to be taken care of to make such a big project a success. But if
+you thought MPlayer development was stalled, just have a look at the huge
+changelog.
+</p>
+
+<p>
+We fixed a remotely exploitable security vulnerability in the Real
+RTSP code, please read our advisory for details. Many thanks go to the
+<a href="http://www.xinehq.de">xine</a> team for cooperating so well
+with us in the audit of this shared code.
+We also found a buffer overflow in the Matroska demuxer and in
+the CDDB code, so we strongly urge you to upgrade.
+</p>
+
+<p>
+Apart from that there are so many changes it gets hard to pick out the
+highlights.
+</p>
+
+<p>
+As usual the documentation has been improved and extended and our many
+ports have been improved. The BSDs are getting closer and closer to
+the Linux version, Mac OS X and PowerPC users will enjoy as
+much as a 100% speed improvement through many AltiVec optimizations
+and a native Quartz (Mac OS X) output driver. The Windows version of
+MPlayer is shaping up to be an equal contender to the Unix versions,
+grab and spread it.
+</p>
+
+<p>
+If you had problems with streaming in the past this may be the release
+for you. We fixed tons of bugs and added support for SMIL playlist to
+Real streaming and now support Nullsoft Streaming Video (NSV)
+</p>
+
+<p>
+With (experimental) AVI OpenDML read and write support we have knocked
+a longstanding item from the wishlist. Now is the time to play and
+create huge AVI files.
+</p>
+
+<p>
+Our video filter system has been extended by no less than seven
+filters and is thus more flexible than ever.
+</p>
+
+<p>
+If you are an oldschool text mode addict and like ASCII art output you
+can now enjoy it in full color with the caca output driver.
+</p>
+
+<p>
+On the codec front we now support XviD 1.0, VP5 and VP6 and the
+existing codecs have been improved and optimized. Accordingly the
+codec package has been extended by a few DLLs, don't forget to grab a
+new one.
+</p>
+
+<p>
+As usual we would be nothing without
+<a href="http://ffmpeg.org">FFmpeg</a> and the many native codecs
+they provide. FLAC among others has joined their long list of
+supported codecs and the rest has seen notable speed and quality
+improvements.
+</p>
+
+<p>
+Enjoy...
+</p>
+
+
+<h3>MPlayer 1.0pre4: <i>"YAML Counter"</i></h3>
+
+<h4>Security:</h4>
+
+<ul>
+ <li>HTTP parser remote heap overflow vulnerability fixed</li>
+ <li>Real RTSP remote buffer overflow vulnerability fixed</li>
+ <li>buffer overflow in the Matroska demuxer</li>
+ <li>potentially exploitable buffer overflow in CDDB TOC code</li>
+</ul>
+
+<h4>DOCS:</h4>
+
+<ul>
+ <li>new Copyright file covers files from other projects and their licenses</li>
+ <li>new DOCS/tech/translations.txt explains how to properly translate MPlayer</li>
+ <li>new Japanese console message translation</li>
+ <li>Polish translation finished</li>
+ <li>Italian man page translation</li>
+ <li>DVD ripping guide</li>
+ <li>telecine/interlacing guide</li>
+ <li>video out driver section added to the man page</li>
+ <li>XML build system rewritten - now supports building individual languages</li>
+ <li>miscellaneous updates all over the place</li>
+</ul>
+
+<h4>Ports:</h4>
+
+<ul>
+ <li>better PA-RISC detection</li>
+ <li>support for VAX (tested on VAXstation 4000/VLC) -- really, believe me!</li>
+ <li>optimizing for specific MIPS CPUs under IRIX</li>
+ <li>AMD64 detection under BSDs</li>
+ <li>fbdev driver updated for Linux 2.6</li>
+ <li>support for ELF only OpenBSD</li>
+ <li>optimizing for PPC 970 (aka G5)</li>
+ <li>SDL support fixed on MinGW</li>
+ <li>VIDIX working under Windows XP/2000 (native dhahelper)</li>
+ <li>builds out of the box under GNU Hurd</li>
+ <li>SSE optimizations enabled under MinGW</li>
+ <li>SSE support under OpenBSD</li>
+ <li>AltiVec support under NetBSD</li>
+ <li>GCC 3.4 support (due to changed behaviour in ASM code snippets)</li>
+</ul>
+
+<h4>Demuxers:</h4>
+
+<ul>
+ <li>Matroska containing RealVideo works better</li>
+ <li>fixed random segfaults in VIVO</li>
+ <li>endianess fixes in CDDA</li>
+ <li>UYVY support in tvi/v4l2</li>
+ <li>tvi/bsdbt848 now working under FreeBSD 5.2-CURRENT</li>
+ <li>tvi/bsdbt848 audio part working under NetBSD</li>
+ <li>LIVE.COM demuxer updated to conform with latest libraries</li>
+ <li>new, independent, C implementation of the Matroska demuxer</li>
+ <li>fix for rare Real files</li>
+ <li>more robust Real demuxer (can resync after errors)</li>
+ <li>support for AAC inside Real</li>
+ <li>MPEG Aspect code 4 fixed</li>
+ <li>support for selecting subtitle streams with -slang inside Ogg</li>
+ <li>wrapper demuxer for FFMpeg's libavformat (Nut is playable this way)</li>
+ <li>much improved seeking in Ogg</li>
+ <li>Nullsoft streaming video (NSV) demuxer</li>
+ <li>AVI OpenDML read and write support</li>
+</ul>
+
+<h4>Streaming:</h4>
+
+<ul>
+ <li>SMIL playlist parser</li>
+ <li>support for URL redirection</li>
+ <li>support for seeking in HTTP streams</li>
+ <li>updated LIVE.COM streaming code</li>
+ <li>fallback to live.com RTSP after Real RTSP</li>
+ <li>suggests -playlist if normal streaming fails</li>
+ <li>many improvements and bug fixes in the streaming code</li>
+</ul>
+
+<h4>Decoders:</h4>
+
+<ul>
+ <li>compilation failure without zlib in vd/lcl fixed</li>
+ <li>removed obsoleted decoders (which were moved to libavcodec), affected:
+ vd/8bps, vd/msrle, vd/msvideo1, vd/rpza, vd/smc</li>
+ <li>workaround for buggy codecs in ad/acm (support for Sharp G.726)</li>
+ <li>fixed chroma-swapping in Hauppauge Macroblock decoder</li>
+ <li>AltiVec optimized resampler in liba52</li>
+ <li>support for VP5 and VP6 DLL decoders</li>
+ <li>support for Alparysoft lossless video codec (through DLLs)</li>
+ <li>support for Lead MCMW wavelet video codec (through DLLs)</li>
+ <li>HE-AAC working through libfaad</li>
+ <li>removed libmpflac in favor of FFmpeg's FLAC implementation</li>
+ <li>liba52 dynamic range compression support</li>
+</ul>
+
+<h4>Filters:</h4>
+
+<ul>
+ <li>vf_bmovl bugfixes</li>
+ <li>vf_filmdint now handles 15fps NTSC input</li>
+ <li>huge updates and speedup on vf_pullup</li>
+ <li>big updates to vf_ilpack (proper interpolation and MMX optimizations)</li>
+ <li>vf_zrmjpeg: fast MJPEG encoder using libavcodec for Zoran</li>
+ <li>interlaced scaling support in vf_scale</li>
+ <li>vf_kerndeint: adaptive deinterlacer</li>
+ <li>vf_rgbtest: rgb test pattern generator for developers</li>
+ <li>vf_qp: qp change filter</li>
+ <li>vf_noformat: the same as vf_format but with reversed meaning</li>
+ <li>AltiVec optimized SWScaler</li>
+ <li>vf_phase: phase shift fields</li>
+ <li>vf_divtc: duplicate frame removal from deinterlaced telecined video</li>
+</ul>
+
+<h4>Drivers:</h4>
+
+<ul>
+ <li>ao/esd behaves better over network now</li>
+ <li>support for Radeon 9200/9600/9600 Pro/9700 in VIDIX</li>
+ <li>-mixer support for alsa9</li>
+ <li>fixed OSS audio grabber module with hardware not supporting 44khz</li>
+ <li>native ALSA 1.x support (not through 0.9 emulation)</li>
+ <li>better multibuffer support in VIDIX nVidia driver</li>
+ <li>pan & scan support in VIDIX nVidia driver</li>
+ <li>support for more cards in VIDIX nVidia driver</li>
+ <li>vo_libcaca: color ASCII art output driver</li>
+ <li>vo_quartz: native MacOS X/Quartz video output</li>
+ <li>support for VIDIX when ATI FireGLX drivers are used</li>
+</ul>
+
+<h4>FFmpeg/libavcodec:</h4>
+
+<ul>
+ <li>H.263 AIC and MQ encoding support</li>
+ <li>fixed low delay decoding</li>
+ <li>fixed H.263+ encoding without UMV</li>
+ <li>lots of CBR improvements</li>
+ <li>MB type and QP visualization</li>
+ <li>lots of code cleanup</li>
+ <li>intra & inter dequantization split -> speedup</li>
+ <li>fixed stereo IMA ADPCM encoding</li>
+ <li>VBV delay setting support (MPEG-2 CBR)</li>
+ <li>improved RV20 decoder (most known errors eliminated)</li>
+ <li>interlaced DCT</li>
+ <li>interlaced motion estimation</li>
+ <li>interlaced MPEG-2 encoding</li>
+ <li>4MV encoding fixes</li>
+ <li>initial interlaced MPEG-4 encoding</li>
+ <li>improved visual quality in SVQ3 decoder</li>
+ <li>fixed never-before-tested embedded string decoder in SVQ1</li>
+ <li>optimized quantization (including the trellis way)</li>
+ <li>Sierra VMD video decoder</li>
+ <li>MMX and SSE2 optimized H263 denoiser</li>
+ <li>better SVCD compliance (encoder side)</li>
+ <li>MMX and MMX2 optimized interlaced DCT decision</li>
+ <li>various cleanup, memleak and segfault fixes</li>
+ <li>optimized (2x faster) the MPEG layer 3 decoder</li>
+ <li>grayscale coded MJPEG decoding support</li>
+ <li>avimszh and avizlib decoders</li>
+ <li>"packed" XviD decoding</li>
+ <li>fixed some bugs in RV20 B-frames decoding</li>
+ <li>closed GOP encoding</li>
+ <li>SSE2 optimized FDCT</li>
+ <li>support for quantizer noise shaping</li>
+ <li> support for EA ADPCM and SMJPEG IMA ADPCM</li>
+ <li>QT RLE decoder</li>
+ <li>OBMC fixes</li>
+ <li>FLAC decoder</li>
+ <li>better support for DivX5</li>
+ <li>MMX and SSE2 optimized VP3/Theora decoding</li>
+ <li>support for Theora alpha3</li>
+ <li>many H.264 improvements</li>
+ <li>more robust MJPEG startcode search mechanism</li>
+ <li>better WMV8 decoding</li>
+ <li>native Sparc VIS optimizations</li>
+ <li>native G.726 codec</li>
+</ul>
+
+<h4>Others:</h4>
+
+<ul>
+ <li>-codecs-file option for specifying alternative codecs.conf file</li>
+ <li>fixed some minor bugs in the GUI</li>
+ <li>prevent sig11 when $HOME is not set</li>
+ <li>fix some command line handling corruptions</li>
+ <li>Swedish and Polish yes/no options in config files</li>
+ <li>support binding F11 and F12 keys</li>
+ <li>TOOLS/divx2svcd updated</li>
+ <li>stricter thread code in Win32 loader (works under NetBSD)</li>
+ <li>PJS subtitle support (was: dunnowhat)</li>
+ <li>TOOLS/avifix: simple tool to fix chunk sizes in AVI files</li>
+ <li>proper extraheader handling when libavcodec is used in MEncoder</li>
+ <li>AVI OpenDML read and write support</li>
+ <li>AVI VPRP (video property) read and write support</li>
+ <li>fixed long standing lame quality option off-by-one bug in MEncoder</li>
+ <li>MPL2 subtitle support</li>
+ <li>less verbosity in Win32 loader and other places</li>
+</ul>
+
+<p>
+MPlayer 1.0pre4 can be downloaded from the following locations:
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
+ <li>USA 2
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>83ebac0f05b192516a41fca2350ca01a</b>
+</p>
+
+<p>
+Grab the Windows port from here: <a href="http://www.mplayerhq.hu/MPlayer/releases/win32/">http://www.mplayerhq.hu/MPlayer/releases/win32/</a><br>
+</p>
+
+<p>
+Also don't forget to visit the downloads page for the updated codec pack!
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="newforums">2004.04.26, Monday :: New ways of communication</a>
+ <br><span class="poster">posted by Alex</span>
+</h2>
+
+<p>
+Since a while, MPlayer has two official IRC channels on the
+<a href="http://freenode.net/">freenode</a> network:
+</p>
+
+<ul>
+ <li><b>#mplayer</b> for users</li>
+ <li><b>#mplayerdev</b> for developers</li>
+</ul>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="resurrection">2004.04.23, Friday :: Resurrection</a>
+ <br><span class="poster">posted by Alex</span>
+</h2>
+
+<p>
+After two (nowadays not so active, but valuable) developers leaving the project
+(both of them posting an unneeded news article about it), one could think it's
+almost dead now. This assumption is false, other developers are still active,
+but busy with work.
+</p>
+
+<p>
+Be prepared for a new tech release!
+</p>
+
+<p>
+<i>Just for clarification: I say 'unneeded news article', because many
+developers left already without news entries and more joined the project
+after them.</i>
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="bxl2004">2004.04.23, Friday :: Say NO to software patents - Bruxelles 2004</a>
+ <br><span class="poster">posted by Alex</span>
+</h2>
+
+<p>
+The <a href="http://www.ffii.org/">FFII</a> has organized a demo this year
+just like the one in 2003.<br><br>
+The MPlayer project is proud to be a part of the conferences: Diego Biurrun
+and myself have been there and talked about patents and the KiSS issue with
+known and great authorities, such as Alan Cox and George Greve (President
+of FSF Europe).
+</p>
+
+<p>
+As a report, read
+<a href="http://mplayerhq.hu/pipermail/mplayer-dev-eng/2004-April/025420.html">this</a>
+post from Diego.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="leave2">2004.04.23, Friday :: Leaving</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+I've decided to leave the MPlayer project. Personal thanks go to:
+</p>
+
+<ul>
+ <li><b>A'rpi, Pontscho, Alex</b> for all the fun we've been through together</li>
+ <li><b>LGB</b> for his poetry</li>
+ <li><b>Diego Biurrun</b> for never giving up</li>
+</ul>
+
+<p>
+Farewell.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln02">2004.03.30, Tuesday :: Exploitable remote buffer overflow vulnerability in the HTTP parser</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<h3>Severity:</h3>
+
+<p>
+HIGH (if playing HTTP streaming content)<br>
+LOW (if playing only normal files)<br>
+<br>
+
+<h3>Description:</h3>
+
+<p>
+A remotely exploitable buffer overflow vulnerability was found in MPlayer.
+A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer
+into executing arbitrary code upon parsing that header.
+</p>
+
+<h3>affected MPlayer versions:</h3>
+
+<p>
+MPlayer 0.90pre series<br>
+MPlayer 0.90rc series<br>
+MPlayer 0.90<br>
+MPlayer 0.91<br>
+MPlayer 1.0pre1<br>
+MPlayer 1.0pre2<br>
+MPlayer 1.0pre3
+</p>
+
+<h3>unaffected MPlayer versions:</h3>
+
+<p>
+MPlayer releases before 0.60pre1<br>
+MPlayer 0.92.1<br>
+MPlayer 1.0pre3try2<br>
+MPlayer 0_92 CVS<br>
+MPlayer HEAD CVS
+</p>
+
+<h3>Notification status:</h3>
+
+<p>
+Developers were notified on <b>2004.03.29</b> (by <b><a href="mailto:blexim at hush.com">"blexim"</a></b>)<br>
+Fix was commited into HEAD CVS at <b>2004.03.30 12:58:43 CEST</b><br>
+<i>MPlayer 0.92.1 (vuln-fix-only release)</i> was released on <b>2004.03.30
+16:45:00 CEST</b><br>
+<i>MPlayer 1.0pre3try2 (vuln-fix-only release)</i> was released on <b>2004.03.30
+16:51:00 CEST</b>
+</p>
+
+<h3>Patch availability:</h3>
+
+<p>
+A <a href="../../MPlayer/patches/vuln02-fix.diff">patch</a> for all
+vulnerable versions is available.
+</p>
+
+<h3>Suggested upgrading methods:</h3>
+
+<p>
+MPlayer 1.0pre3 users should upgrade to <b>latest CVS</b>.<br>
+MPlayer 0.92 (and below) users should upgrade to <b>0.92.1</b> or <b>latest CVS.</b>
+</p>
+
+<p>
+MPlayer 0.92.1
+<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2.asc">(PGP signature)</a>
+<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2.md5">(MD5 checksum)</a>
+can be downloaded from the following sites:
+</p>
+
+<ul>
+ <li>Hungary 1 <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a>
+<a href="ftp://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
+ <li>Hungary 2 <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a>
+<a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
+ <li>Switzerland <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a></li>
+ <li>USA2 <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a>
+<a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
+ <li>Australia <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MPlayer 1.0pre3try2
+<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2.asc">(PGP signature)</a>
+<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2.md5">(MD5 checksum)</a>
+can be downloaded from the following sites:
+</p>
+
+<ul>
+ <li>Hungary 1 <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a>
+<a href="ftp://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
+ <li>Hungary 2 <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a>
+<a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
+ <li>Switzerland <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a></li>
+ <li>USA2 <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a>
+<a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
+ <li>Australia <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
+</ul>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="arpiton">2004.03.26, Friday :: Leaving MPlayer</a>
+ <br><span class="poster">posted by A'rpi</span>
+</h2>
+
+<p>
+I (A'rpi) already left MPlayer G1 a year ago, when 0.90 was released.
+This is not YAML (Yet Another Mplayer Leaving :)), I left G1 dev
+to work on MPlayer G2. Now I'm leaving the whole MPlayer project,
+including G2 development and all the rest, except for MPHQ server
+administration (for technical reasons). I did not read mplayer
+lists (any) since months (except for a few mails pointed to me),
+and I lost the rest of my interest towards MPlayer development.
+</p>
+
+<p>
+About G2, my primary reason of giving up on it was the dual
+licensing issues, discussed recently on the g2-dev list.
+My opinion about GPL was proven again, ie. it doesn't protect us
+against code stealing (see the KiSS issue for example), while
+it keeps project sponsors and companies away. I wanted to make
+G2 to be usable by any program as the standard linux media lib/API,
+but GPL is too strict for this, and all other license options
+were immediately refused by all other (potential) G2 developers.
+Of course G2 can be written as free GPL software (free as RMS:)) too,
+but it will took long, and I have no interest to participate.
+</p>
+
+<p>
+What's now with me? I'm back to some of my old projects, like AMC,
+and I've started a new project about heuristic email virus scanning,
+called <a href="http://mplayerhq.hu/~arpi/pymavis">pymavis</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="poncsotilos">2004.03.10, Wednesday :: Radio interview with Pontscho</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+The hungarian <a href="http://tilos.hu">Tilos Radio</a>'s
+<b>Speedlight</b> program has made a live interview with
+Zoltán Ponekker (Pontscho), one of the MPlayer founders who has
+developed significant parts of MPlayer, most notably the GUI
+(Graphical User Interface).
+</p>
+
+<p>
+Download the interview here (Hungarian):
+<a href="http://mplayerhq.hu/~gabucino/tilos/1800.mp3">1. part</a> |
+<a href="http://mplayerhq.hu/~gabucino/tilos/1830.mp3">2. part</a> |
+<a href="http://mplayerhq.hu/~gabucino/tilos/1900.mp3">3. part</a> |
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="softonicAward2003">2004.03.06, Saturday :: Softonic Multimedia Award Won</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.softonic.com/premios/premios2003_linux.html">
+<img src="../images/softonic2003.png" alt="Softonic Award 2003" width="70" height="70"></a>
+</p>
+
+<p>
+Thanks to our fellow users, we've won another award, this time it is
+<a href="http://www.softonic.com">Softonic's</a> <i>"Mejor Reproductor
+de Vídeo"</i> trophy.
+</p>
+
+<p>
+Thanks for the support!
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="scsi">2004.01.26, Monday :: MPlayerHQ server update: moved to SCSI disks</a>
+ <br><span class="poster">posted by Arpi</span>
+</h2>
+
+<p>
+Thanks to the great donations by Charlie (Adaptec 29160 controller)
+and Lupin III (2 x 36GB 10krpm disks), we could finally move OS and
+data (mailing lists, cvs, web etc) to SCSI base,
+hopefully solving the continous stability issues we had with those
+old IBM IDE disks since December. It should also improve speed and
+reaction time of the server.
+</p>
+
+<p>
+Anyway we still have a small problem: the disks have 80-pin (SCA)
+connectors, and the 80-to-68pin converters I could buy here
+don't work in LVD mode, thus limiting bandwith to 40Mb/sec (SE mode).
+It should be enough for our current needs, but if you have 2 pieces of
+spare LVD-capable 80/68 converters, don't hesitate to donate! :)
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="HUPAward2003">2004.01.19, Monday :: HUP Reader's Choice Awards 2003</a>
+ <br><span class="poster">posted by Alex</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.hup.hu/modules.php?name=News&file=article&sid=4977">
+<img src="../images/hup2003.png" alt="HUP Reader's Choice Awards 2003" width="100" height="110"></a>
+</p>
+
+<p>
+2003 seems to be the year of MPlayer. Yet another award we got!
+</p>
+
+<p>
+The Hungarian Unix Portal - the biggest Hungarian free software site -
+promoted it's first Reader's Choice Awards in November 2003. Members
+could vote starting on 19th November 2003 until the 20th December 2003.
+</p>
+
+<p>
+For the people, who don't speak Hungarian, here are the results:
+</p>
+
+<ol>
+ <li>MPlayer (<b>96%</b>)</li>
+ <li>xine (<b>2%</b>)</li>
+ <li>VideoLan and avifile - head to head</li>
+</ol>
+
+<p>
+The Hungarian speaking minority could visit the portal:
+<a href="http://www.hup.hu/modules.php?name=News&file=article&sid=4977">article</a>
+about the winners.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="LqAward2003">2004.01.18, Sunday :: LinuxQuestions.org Members Choice Award</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.linuxquestions.org/questions/showthread.php?s=&threadid=116684">
+<img src="../images/LQ-2003MCA-MultimediaApp.png" alt="2003 LinuxQuestions.org Members Choice Award" width="169" height="147"></a>
+</p>
+
+<p>
+<a href="http://www.linuxquestions.org/">LinuxQuestions.org</a> has
+finished voting for its LinuxQuestions.org Members Choice Award and
+MPlayer has been voted
+<a href="http://www.linuxquestions.org/questions/showthread.php?s=&threadid=116684">Multimedia application of the Year</a>.
+</p>
+
+<p>
+MPlayer received 44.61% of the votes, beating
+<a href="http://www.xmms.org">XMMS</a> with 27.90% and
+<a href="http://www.xinehq.de">xine</a> with 17.40%.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="ext2sux">2004.01.15, Thursday :: Mailing lists problem</a>
+ <br><span class="poster">posted by Arpi</span>
+</h2>
+
+<p>
+Thanks to the serie of IDE HDD crashes we've got in past weeks,
+some of the mailman config/user databases got corrupted.
+</p>
+
+<p>
+Especially the <b>MPlayer-G2-dev</b> list, which is uncorrectable, so
+I've re-created the list today, and subscribed everyone again, at
+least who subscribed until Aug 15 this year. I have no info
+about member (un)subscribes past that date, as I've disabled the
+notification. Please verify your membership and settings!
+</p>
+
+<p>
+Since the <b>MPlayer-users</b> list also got somehow corrupted,
+several people reported that they either stop receiving mail
+or begin to receive them again despite of their are no longer
+member (they've already unsubscribed). Anyway this list has
+over 1500 members, many of them with broken (bouncing) addresses.
+</p>
+
+<h3>Update:</h3>
+
+<p>
+So, to clean things up, I've created an mplayer-newusers list, but
+Attila Kinali suggested a better method: send a mail asking everyone
+at mplayer-users to subscribe again, mass unsubscribe everyone,
+and then re-create the list.<br>
+So, you have to subscribe again, even if you were already subscribed:
+<a href="http://www.mplayerhq.hu/mailman/listinfo/mplayer-users/">
+SUBSCRIBE</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="kiss05">2004.01.10, Saturday :: Radio interview: KiSS VS MPlayer</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+The Danish National Radio (<a href="http://dr.dk">http://dr.dk</a>) has
+made an interview with me (as MPlayer representative), and
+<a href="http://www.kiss-technology.com">KiSS Technology</a>'s
+managing director
+<a href="mailto:peter.wilmar.christensen at kiss-technology.com">Peter Wilmar Christensen</a>.
+</p>
+
+<p>
+It is going to be broadcasted tonight at 20:35, but it is also
+downloadable from the Internet right now:
+</p>
+
+<ul>
+ <li><a href="rtsp://real01.dr.dk/p1/harddisk/040108_kiss-vs-mplayer.rm">streaming</a></li>
+ <li><a href="http://mplayerhq.hu/~gabucino/mp-kiss-gabu.rm">downloadable file</a></li>
+</ul>
+
+<p>
+A written article is <a href="http://www.dr.dk/videnskab/harddisken/artikler/2004/kiss-vs-mplayer.asp">also available</a>,
+in Danish.
+</p>
+
+<p>
+We have made a rough english translation of the session (thanks to
+Anders Rune Jensen). <b>Our commentaries can be found at the bottom</b>.
+</p>
+
+<dl>
+<dt>Speaker:</dt>
+<dd>The development of <a href="http://www.mplayerhq.hu">MPlayer</a> was
+ started by a little group of Hungarian programmers 3 years ago.</dd>
+
+<dt>Speaker:</dt>
+<dd>We needed a program that could play media files under Linux
+and were so unsatisfied with the existing choices that we started making
+a better alternative - said Gabucino, the spokesperson for the
+<a href="http://www.mplayerhq.hu">MPlayer</a> programmers.</dd>
+
+<dt>Speaker:</dt>
+<dd><a href="http://www.mplayerhq.hu">MPlayer</a> has reached a wide recognition in the Open Source
+community. Gabucino emphasizes the program's stability and ability to
+play many different movie formats as some of the obvious advantages.</dd>
+
+<dt>Speaker:</dt>
+<dd>The trouble with <a href="http://www.kiss-technology.com">KiSS technology</a> started recently when one of
+the MPlayer developers was shopping for a new DVD player
+and went for a product by the Danish company. For fun the programmer
+started looking at the software in the Danish DVD player, the so
+called firmware, and compared it with MPlayer's own code. There were
+enough similarities to take a closer look at the case and make the
+<a href="http://www.mplayerhq.hu">MPlayer</a> team angry - Gabucino said.</dd>
+
+<dt>Speaker:</dt>
+<dd>The specific part of the code in which the similarities are found
+is the one controlling the subtitles when playing movies.
+The reality is that the code doesn't contain anything really brilliant. On
+the contrary, it's very simple. So Gabucino is puzzled why anyone would
+even bother using the code instead of writing it themselves. He
+suggests that it could be laziness on the programmer's side.</dd>
+
+<dt>Speaker:</dt>
+<dd>I think it's actually a very normal thing that programmers
+borrow Open Source code because they are too lazy to write it
+themselves. There have been some cases prior to this which have
+caused quite a lot of trouble. I think there are hundreds of
+examples like this that we just don't hear about - Gabucino said.</dd>
+
+<dt>Speaker:</dt>
+<dd>The <a href="http://www.mplayerhq.hu">MPlayer</a> team has published the accusation of the code
+theft on their website and has tried to document it by listing the
+strings in the code which are identical in the two pieces of software.
+According to Gabucino, there are so many similarities that it's
+unthinkable that this might be a coincidence.</dd>
+
+<dt>Speaker:</dt>
+<dd>Normally this type of code is different depending on who
+implemented it, so, when there are so many identical strings, it's
+obvious that we're dealing with theft, the Hungarians believe.</dd>
+
+<dt>Speaker:</dt>
+<dd>GPL or General Public License which <a href="http://www.mplayerhq.hu">MPlayer</a> is licensed under
+is a very widely used Open Source license, which gives the users
+certain rights and certain duties. Long story short, it is okay to take
+the code from <a href="http://www.mplayerhq.hu">MPlayer</a> and develop it further, as long as the result is
+given back to the community. In this specific example Gabucino and the
+other Hungarians therefore demand that <a href="http://www.kiss-technology.com">KiSS Technology</a> should release
+the software used in its DVD players. And makes it clear that it is
+not a matter of getting some money from the Danish company, but a
+matter of fulfilling the requirements of the GPL and releasing the
+software.</dd>
+
+<dt>Speaker:</dt>
+<dd><a href="http://www.kiss-technology.com">KiSS Technology</a> at first didn't react to the Hungarians'
+inquiry, but after the story began to get large publicity in the
+different net-medias and forums the company began to investigate
+the case this week. There are two main questions: whether
+code from <a href="http://www.mplayerhq.hu">MPlayer</a> really is inside the KiSS software and
+how the licenses of Open Source software should be
+interpreted and applied. Apart from being accused of taking code
+from <a href="http://www.mplayerhq.hu">MPlayer</a>, <a href="http://www.kiss-technology.com">KiSS Technology</a> has also been accused of using other
+Open Source software, but managing director Peter Wilmar Christensen
+denies all accusations with small requisitions. The DVD player from
+<a href="http://www.kiss-technology.com">KiSS</a> uses a modified version of Linux as its operating system and
+that part of the software has been released in accordance with the
+licenses. But <a href="http://www.kiss-technology.com">KiSS</a> proclaims that the programs used in the machines on
+top of the operating system, which enables them to play video and
+music files are the company's own and therefore are not required to be
+released, the managing director Peter Christensen explains.</dd>
+
+<dt>Peter:</dt>
+<dd>I would say that the is no truth to the accusations. In large
+there has been some interest regarding our applications recently and
+around GPL, which is the software used in the Open Source community
+which requires you to publish the source code if you use it. And there
+has been some interest in some of the programs used on our DVD
+players. Something called libmad and libjpg and than this Hungarian
+company <a href="http://www.mplayerhq.hu">MPlayer</a>. On our DVD players we run Linux which is licensed
+under the GPL, we have on our webpage published the operating system
+so that people can download the improved version of Linux that we use.
+The application layer on top of Linux is proprietary and is not based
+on any GPL code. We doesn't use <a href="http://www.mplayerhq.hu">MPlayer</a>, we use our own player, a
+player like we know from Real Player, Microsoft Media Player is the
+application used to display movies. It is a fundamental thing for our
+player, because it's what we are known for, being able to play a wide
+range of different formats.</dd>
+
+<dt>Speaker:</dt>
+<dd>The documentation the Hungarians has presented on their
+website is parts from your code. By simply comparing the strings line
+for line and concludes that they are so identical that this can be no
+coincidence. What is your comment on this?</dd>
+
+<dt>Peter:</dt>
+<dd>We are currently investigating exactly that specific part, how
+that can be and if it's really true what they say. Currently we have
+not investigated it enough to be sure whether or not they are right or
+wrong in their accusations. What is important is that we do not use
+their application (<i>Of course, only the subtitle reader! - Gabucino</i>). Should there be cases where the code is very much
+alike, we have to look at how that could have happened. But we doubt
+that there is any truth to the accusations. There are a lot of things
+that could have happened, one could imagine that code from our
+community has spread to other communities included the Open Source and
+code originating from our player could accordingly be a part of
+<a href="http://www.mplayerhq.hu">MPlayer</a>, if in fact there are any similarities. It can be hard to
+tell how those similarities have supposedly appeared. What is important is that
+we do not use their application. If there are a few identical lines
+then one might ask themselves how that has happened. But it could have just
+as well come from one side as from the other. In any case, we are under no
+circumstances of the opinion that we have borrowed code.</dd>
+
+<dt>Speaker:</dt>
+<dd>Whoever made the code for subtitles in the Hungarian software
+and in the Danish DVD players can be thought of as a minor issue in
+today's world. But what is important is the matter of principles in
+this specific issue and what private companies can allow themselves
+when they use Open Source and on the other hand what the Open Source
+community can expect from the companies. Because of the current case,
+managing director Peter Wilmar Christensen has had a closer look
+at the GPL license and evaluated its legal status.</dd>
+
+<dt>Peter:</dt>
+<dd>We have confirmed what we already knew, that when using code
+licensed under the GPL then we have to publish any derivative work.
+This means that the legal foundation is very thin and there is no
+place in the world that I know of where the GPL has been tested in
+court. So from a business perspective I would say that the license is
+relatively weak. This doesn't change the fundamental spirit in the
+Open Source community which I think - all in all - is positive.
+But it is clear that as a commercial company living off selling its
+product, can not and will not release its proprietary code. It is naturally
+so that one should not use GPL code in proprietary systems.</dd>
+
+<dt>Speaker:</dt>
+<dd>According to Gabucino, the Hungarian software
+developers of <a href="http://www.mplayerhq.hu">MPlayer</a> are glad that
+their accusation against the Danish company has reached the media. </dd>
+
+<dt>Speaker:</dt>
+<dd>As he said, there are no big economical options for
+dragging the case to court. Instead they hope that the Open Source
+community will put so much pressure on KiSS Techonology that they
+will be forced to release all its software.</dd>
+
+<dt>Speaker:</dt>
+<dd>But that is completely out of the question, said the managing
+director Peter Wilmar Christensen, even though he is very keen on
+staying good friends with the Open Source community.</dd>
+
+<dt>Peter:</dt>
+<dd>We don't have any intentions of working against or in another
+way make enemies with the people in this community. We try to tell
+what we use and what guidelines we follow. Have we made any error,
+such as making incorrect descriptions in our manuals then we will of
+course fix those things. It is not so that we in any way want
+confrontation, but we have to make a clear statement that our
+software will not be released as Open Source.</dd>
+
+<dt>Speaker:</dt>
+<dd>What is your conclusion of this case, what will it be after
+this?</dd>
+
+<dt>Peter:</dt>
+<dd>The conclusion will be that the licenses in this area are a good
+description of how one ought to operate within this community. They're
+more of a tool to describe how to operate than a set of rules that can
+be used in court. And I think that the Open Source circles uses far
+too much energy on hunting down private companies like us for
+instance, because it's so obvious that one as a private company simply
+can't release your source code. We appreciate the Linux community very
+much and see it as a good thing for the industry. Generally that there
+is an alternative to the Microsoft community. But we think that the
+community should respect the companies who use Linux and not hunt
+them because I don't think that's beneficial for anyone.</dd>
+</dl>
+
+<p>
+<i>END OF TRANSLATION</i>
+</p>
+
+<p>
+<b>Gabucino's comments</b>: I find it quite disgusting to read so much
+plain lies. It's obvious how companies like KiSS or SCO treat
+open source. Let's read these particular sentences again:
+</p>
+
+<dl>
+<dt>Peter:</dt>
+<dd><i>...There are a lot of things
+that could have happened, one could imagine that code from our
+community has spread to other communities included the Open Source and
+code originating from our player could accordingly be a part of
+<a href="http://www.mplayerhq.hu">MPlayer</a>, if in fact there are any similarities. It can be hard to
+tell how those similarities have supposedly started. What is important is that
+we do not use their application. If there are a few identical lines
+then one might ask themselves how that has happened.</i></dd>
+</dl>
+
+<p>
+It's quite clear that they've never read our News section, because we
+hurried to state they've even stolen <b><i>our own</i></b> subtitle
+file format MPsub (<a href="../../DOCS/HTML/en/subosd.html#mpsub">see our
+specifications</a>).
+</p>
+
+<p>
+Its idea was mine, then I asked <i>laaz</i> if he would be so kind as
+to implement it in MPlayer. Then in 2001 October 12 at 13:51:58 he
+commited the support, as can be
+<a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/subreader.c.diff?r1=1.27&r2=1.28">seen here</a>.
+The format was never spotted in the wild.
+</p>
+
+<p>
+Several things can be concluded:
+</p>
+
+<ol>
+ <li><a href="mailto:peter.wilmar.christensen at kiss-technology.com">Mr. Christensen</a>
+ never took the time to read our announcements.</li>
+ <li><a href="mailto:peter.wilmar.christensen at kiss-technology.com">Mr. Christensen</a>
+ suggest they've implemented our subtitle format <i>way before we did it
+ ourselves</i>. The KiSS firmwares are all made in 2003, which is - as far
+ as I know - a way later year than 2001.</li>
+ <li><a href="mailto:peter.wilmar.christensen at kiss-technology.com">Mr. Christensen</a>
+ doesn't have the slightest clue about what software his company is using.</li>
+ <li>KiSS Technology has strange interpretation problems with
+ some sentences, like
+ <i>"...We don't have any intentions of working against, or in
+ another way make enemies with the people in this (Open
+ Source) community."</i></li>
+</ol>
+
+<p>
+Actually we can picture a quite nice representation of their viewpoint,
+especially after seeing their unwillingness to start a conversation
+with us in E-Mail. <a href="http://www.kiss-technology.com">KiSS Technology</a>'s views are:
+</p>
+
+<ol>
+ <li><i>"...making our source open to public is out of
+ question"</i></li>
+ <li>Pressing Microsoft (or Bush)-style PR, like repeating
+ their own lies, emphasized again and again: <i>"What is
+ important is that we do not use their application."</i></li>
+ <li>Spreading <b>FUD</b>: <i>"It can be hard to tell how
+ those similarities have supposedly started."</i> Ever heard of
+ version control systems?</li>
+ <li>Holding good communiqe with the Open Source community:
+ <i>"If there are a few identical lines then one might ask
+ themselves how that has happened. But it could have just as well
+ come from one side as from the other..."</i> The pitful aspect of
+ this is that it implies a totally ignorant viewpoint, like
+ 'our sources are ours, it's completely obfuscated, but yes,
+ our claims are the truth, yours are plain lies'</li>
+</ol>
+
+<p>
+How come companies like KiSS cant'be punished by Law?
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="kiss04">2004.01.07, Wednesday :: Update on KiSS Technology</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+The binaries in KiSS Technology's newer firmwares doesn't seem to
+contain our strings <i>at the first sight</i>.
+First we though they are encrypted, or obfuscated in some other way,
+like an executable packer. Actually these new files are simply
+compressed with gzip. Decompressing them is very simple:
+</p>
+
+<p>
+<code>dd if=fileplayer.bin bs=64 skip=1 | gunzip > fileplayer.bin.decomp</code>
+</p>
+
+<p>
+The strings are still there. Nothing has changed.
+</p>
+
+<p>
+Downloads:
+</p>
+
+<ul>
+ <li><a href="http://www.kiss-technology.com/files/firmware/KiSS_DP-1000_FW2.8.0_PAL.zip">a new firmware</a></li>
+</ul>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="kiss03">2004.01.03, Saturday :: Another stolen software in KiSS firmware</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+It has been brought to my attention, that the now famous <i>KiSS
+Technology</i> - already <a href="#kiss01">in violation of the GNU
+General Public License</a> - has been confirmed stealing another
+program which is also completely under the GPL license.
+</p>
+
+<p>
+The software in question is the high-quality MPEG audio codec,
+<a href="http://www.underbit.com/products/mad/">MAD</a> (libmad).
+This codec is used by a lot of other audio players, like
+<a href="http://mpg321.sourceforge.net/">mpg321</a>, a command line
+MP3 player found in most Linux distributions - including Debian.
+</p>
+
+<p>
+The strings from the KiSS firmware (matching
+<a href="ftp://ftp.mars.org/pub/mpeg/libmad-0.15.0b.tar.gz">libmad sources</a>),
+can be <a href="http://mplayerhq.hu/~gabucino/kiss/libmad.str">viewed</a> -
+but you can also check it for yourself, it's really easy.
+</p>
+
+<p>
+And if you do: don't be surprised when you run into <b>more</b> strings -
+which match <a href="http://www.ijg.org">libjpeg</a>'s.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="kiss02">2004.01.03, Saturday :: KiSS Tech comment</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+Before I get another 10 mails about this: the <code>GPL.ZIP</code> file
+which they offer for download on their site contains <i>only the Linux
+kernel and busybox sources</i>, not MPlayer's!
+</p>
+
+<p>
+Thanks.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="kiss01">2004.01.02, Friday :: Another GPL violation: KiSS Technology</a>
+ <br><span class="poster">posted by Gabucino</span>
+</h2>
+
+<p>
+Basically <a href="http://www.kiss-technology.com">KiSS Technology</a>
+is specialized in particular kinds of media hardware, namely DVD and
+MPEG-4 players,
+set-top-boxes, <a href="http://www.kiss-technology.com/?p=profile&v=company">and such.</a>
+</p>
+
+<p>
+There is nothing wrong with that.
+</p>
+
+<p>
+However, if a careless user initiates a string search in one of their
+firmwares:
+</p>
+
+<p>
+<code>
+$ strings KiSS_DP-508_FW2.7.4_PAL.iso | grep -A 3 -B 6 MPSub<br>
+Microdvd<br>
+Subrip<br>
+Subviewer<br>
+Sami<br>
+Vplayer<br>
+<b>Unknown</b><br>
+<b>MPSub</b><br>
+Subviewer 2.0<br>
+Subrip 0.9<br>
+Jacosub<br>
+</code>
+</p>
+
+<p>
+Running the same command on the MPlayer binary:
+</p>
+
+<p>
+<code>
+$ strings /usr/bin/mplayer | grep -B 8 mpsub -A 4<br>
+<...><br>
+L>microdvd<br>
+subrip<br>
+subviewer<br>
+sami<br>
+vplayer<br>
+dunnowhat<br>
+mpsub<br>
+subviewer 2.0<br>
+subrip 0.9<br>
+jacosub<br>
+<...><br>
+</code>
+</p>
+
+<p>
+You can also check the <a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/subreader.h?rev=1.29&content-type=text/x-cvsweb-markup"><code>subreader.h</code></a>
+or the <a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/subreader.c?rev=1.126&content-type=text/x-cvsweb-markup"><code>subreader.c</code></a>
+files in MPlayer sources.
+</p>
+
+<p>
+As you can see, the KiSS firmware contains the subtitle formats in
+the very same order as we do. The thing that really catches the eye is
+the <b>MPSub</b> format, which is our own subtitle format, which hasn't
+been used anywhere else so far.
+</p>
+
+<p>
+Another nice nit is the <i>"dunnowhat"</i> AKA <i>"unknown"</i>
+subtitle format, whose name remains unknown for us - thus the naming.
+It's the same in KiSS' files.
+</p>
+
+<p>
+This of course is hardly enough for a proof. What really makes it
+a one hundred percent stealing is quite obvious: the sscanf() calls
+which contains the patterns of the subtitle formats known to the subtitle
+parser, in order to identify the chosen subtitle file.
+</p>
+
+<p>
+Let's take an easy example:
+</p>
+
+<pre><code>
+$ strings fileplayer.bin
+<...>
+<SAMI>
+%d:%d:%d.%d %d:%d:%d.%d
+@%d @%d
+%d:%d:%d:
+%d:%d:%d
+Dialogue: Marked
+%d,%d,"%c
+FORMAT=%d
+FORMAT=TIM%c
+-->>
+<...>
+</code></pre>
+
+<pre><code>
+$ strings subreader.o
+<...>
+<SAMI>
+%d:%d:%d.%d %d:%d:%d.%d
+@%d @%d
+%d:%d:%d:
+%d:%d:%d
+Dialogue: Marked
+Dialogue:
+%d,%d,"%c
+FORMAT=%d
+FORMAT=TIM%c
+-->>
+<...>
+</code></pre>
+
+<p>
+These are the patterns we use to identify a SAMI subtitle file.
+We have one more pattern in our parser, which was commited on
+2003 July 20, in effect of supporting a new subtitle format,
+called "ASS". KiSS Tech's files are missing this one, so they must
+have lifted our code before that date.
+</p>
+
+<p>
+Let's see another:
+</p>
+
+<p>
+<code>
+$ strings fileplayer.bin<br>
+<...><br>
+<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d.%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d:%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
+<...><br>
+</code>
+</p>
+
+<p>
+<code>
+$ strings subreader.o<br>
+<...><br>
+<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d.%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
+<%*[tT]ime %*[bB]egin="%d:%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
+<...><br>
+</code>
+</p>
+
+<p>
+These are the patterns we use to identify an RT subtitle file.
+</p>
+
+<p>
+<b>Every single one</b> of their patterns match ours! This is not
+coincidence. This is stealing GPL code into a proprietary
+product! KiSS Technology failed to answer our inquiry for their
+source files (which they are obligated to provide), so this news
+entry is posted.
+</p>
+
+<p>
+Downloads:
+</p>
+
+<ul>
+ <li><a href="http://www.kiss-technology.com/files/firmware/KiSS_DP-508_FW2.7.4_PAL.zip">KiSS firmware</a></li>
+ <li><a href="http://mplayerhq.hu/~gabucino/kiss/kiss-fileplayer.bin.str">KiSS fileplayer strings</a></li>
+ <li><a href="http://mplayerhq.hu/~gabucino/kiss/mplayer-subreader.o.str">MPlayer subreader strings</a></li>
+</ul>
+
+</div>
+
+
<div class="newsentry">
Modified: trunk/src/news.src.en
==============================================================================
--- trunk/src/news.src.en (original)
+++ trunk/src/news.src.en Tue May 23 23:49:43 2006
@@ -938,3123 +938,4 @@
</div>
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln11">2005.04.16, Saturday :: MMST heap overflow</a>
- <br><span class="poster">posted by Roberto</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-A potential buffer overflow was found and fixed in code used to handle
-MMST streams.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when streaming MMS/TCP data from a malicious server, null if you do not use
-this feature.
-At this time there is no known exploit.
-</p>
-
-<h3>Description</h3>
-
-<p>
-While enumerating streams from a server, MMST code stores stream IDs in a
-fixed length array, but there is no check to stop the process if too many
-stream IDs are received. A malicious server could announce more than 20
-streams and overflow the array.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Fri Apr 15 23:31:57 2005 UTC. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/mmst_fix_20050415.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre6 and before (including pre6a)
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre7 and after<br>
-CVS HEAD after Fri Apr 15 23:31:57 2005 UTC
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln10">2005.04.16, Saturday :: Real RTSP heap overflow</a>
- <br><span class="poster">posted by Roberto</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-A potential buffer overflow was found and fixed in code used to handle
-RealMedia RTSP streams.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when streaming RTSP data from a malicious server, null if you do not use
-this feature.
-At this time there is no known exploit.
-</p>
-
-<h3>Description</h3>
-
-<p>
-While getting lines from a server, Real RTSP code stores them in a fixed size
-array of MAX_FIELDS elements, but there is no check to stop the process if
-too many lines are received. A malicious server could send more than
-MAX_FIELDS lines and overflow the array. Since the array holds pointers to
-answer strings, an attacker cannot write arbitrary data into it, making an
-exploit more difficult.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Fri Apr 15 23:30:44 2005 UTC. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/rtsp_fix_20050415.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre6 and before (including pre6a)
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre7 and after<br>
-CVS HEAD after Fri Apr 15 23:30:44 2005 UTC
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="about_advisories">2005.04.10, Sunday :: a word about the last round of advisories</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p>
-Before anyone gets wrong impressions...
-</p>
-
-<p>
-The last round of advisories from today is about vulnerabilities that were
-reported and fixed a long time ago, please look at the dates closely.
-</p>
-
-<p>
-So you can blame me for being lazy and not writing the advisories earlier,
-but not the MPlayer team for reacting slowly to vulnerability reports.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln09">2005.04.10, Sunday :: mpg123 buffer overflows</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-Several potential buffer overflows were found in mpg123, an
-MP3 decoder library included with MPlayer in the mp3lib directory.
-You can read more details in the
-<a href="http://www.securityfocus.com/archive/1/374433">mpg123 advisory</a>.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-Medium (arbitrary code execution under the user ID running the player)
-when playing MP3 audio, should the buffer overflows be exploitable.
-It is unclear whether this is the case.
-At the time the buffer overflows were fixed there was no known exploit.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Tue Sep 14 21:02:19 2004 UTC. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/mp3_fix_20041215.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre5 and before
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre5try2 and after
-</p>
-
-<h3>History</h3>
-
-<p>
-After being alerted to the potential buffer overflows
-a fix was checked into MPlayer CVS on Tue Sep 14 21:02:19 2004 UTC.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln08">2005.04.09, Saturday :: PNM streaming buffer overflow vulnerabilities</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-<a href="http://www.idefense.com/">iDEFENSE</a> found two buffer overflow
-vulnerabilities in the PNM streaming code of <a href="http://xinehq.de">xine</a>
-that also affects MPlayer. You can read the details in the
-<a href="http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities">iDEFENSE advisory</a>
-and the
-<a href="http://xinehq.de/index.php/security/XSA-2004-6">xine advisory</a>.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when playing PNM streams.
-At the time the vulnerability was fixed there was no known exploit.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Wed Dec 15 21:27:14 2004 UTC. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/pnm_fix_20041215.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre5 and before
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre5try2 and after
-</p>
-
-<h3>History</h3>
-
-<p>
-On Fri, 10 Dec 2004 xine developers were contacted by
-<a href="http://www.idefense.com">iDEFENSE</a> who had found two remote
-buffer overflow vulnerabilities in the xine PNM streaming code.
-Since this code is shared between MPlayer and xine, xine informed us of the
-problem and a fix was checked into MPlayer CVS on Wed Dec 15 21:27:14 2004 UTC.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln07">2005.04.09, Saturday :: RTSP streaming heap overflow vulnerability</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-<a href="http://www.idefense.com/">iDEFENSE</a> found a heap overflow
-vulnerability in the RTSP streaming code. You can read the details in the
-<a href="http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities">iDEFENSE advisory</a>.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when playing RTSP streams.
-At the time the vulnerability was fixed there was no known exploit.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Wed Dec 15 18:16:24 2004 UTC. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/rtsp_fix_20041215.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre5 and before
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre5try2 and after
-</p>
-
-<h3>History</h3>
-
-<p>
-On Fri, 10 Dec 2004 MPlayer developers were contacted by
-<a href="http://www.idefense.com">iDEFENSE</a> who had found a remote
-heap overflow vulnerability in the MPlayer RTSP streaming code.
-A fix was checked into MPlayer CVS on Wed Dec 15 18:16:24 2004 UTC.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln06">2005.04.09, Saturday :: MMST streaming stack overflow vulnerability</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-<a href="http://www.idefense.com/">iDEFENSE</a> found a stack overflow
-vulnerability in the MMST streaming code. You can read the details in the
-<a href="http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities">iDEFENSE advisory</a>.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when playing MMST streams.
-At the time the vulnerability was fixed there was no known exploit.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Wed, Dec 15 19:12:46 2004 UTC. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/mmst_fix_20041215.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre5 and before
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre5try2 and after
-</p>
-
-<h3>History</h3>
-
-<p>
-On Fri, 10 Dec 2004 MPlayer developers were contacted by
-<a href="http://www.idefense.com">iDEFENSE</a> who had found a remote
-stack overflow vulnerability in the MPlayer MMST streaming code.
-A fix was checked into MPlayer CVS on Wed, Dec 15 19:12:46 2004 UTC.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln05">2005.04.09, Saturday :: vulnerability in the bitmap parser</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-<a href="http://www.idefense.com/">iDEFENSE</a> found a heap overflow
-vulnerability in the BMP demuxer. You can read the details in the
-<a href="http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities">iDEFENSE advisory</a>.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-Theoretical, the BMP demuxer is proof of concept code.
-We are not aware of multimedia content needing it.
-At the time the vulnerability was fixed there was no known exploit.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability was checked into MPlayer CVS on
-Wed Dec 15 18:52:38 2004 UTC. Since the bitmap demuxer serves no known
-purpose it was removed immediately afterwards. Users of affected MPlayer
-versions should upgrade to an unaffected MPlayer version. Alternatively a
-<a href="../../MPlayer/patches/bmp_fix_20041215.diff">patch</a>
-is available that can be applied to the MPlayer source tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre5 and before
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-MPlayer 1.0pre5try2 and after
-</p>
-
-<h3>History</h3>
-
-<p>
-On Fri, 10 Dec 2004 MPlayer developers were contacted by
-<a href="http://www.idefense.com">iDEFENSE</a> who had found a remote
-heap overflow vulnerability in the MPlayer BMP parsing code.
-A fix was checked into MPlayer CVS on Wed, Dec 15 18:52:38 2004 UTC.
-Since the bitmap demuxer was written as proof of concept and is not needed
-for multimedia playback it was removed immediately afterwards.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="LqAward2004">2005.02.08, Tuesday :: LinuxQuestions.org Members Choice Award</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.linuxquestions.org/questions/t272115.html">
-<img src="../images/LQ-2004MCA-video.png" alt="2004 LinuxQuestions.org Members Choice Award" width="163" height="173"></a>
-</p>
-
-<p>
-We're proud to announce that
-<a href="http://www.linuxquestions.org/">LinuxQuestions.org</a> has
-held its annual Members Choice Award and MPlayer has been voted
-<a href="http://www.linuxquestions.org/questions/t272115.html">Video Multimedia Application of the Year</a>.
-</p>
-
-<p>
-MPlayer received 487 votes (49.85%), beating
-<a href="http://www.xinehq.de">xine</a> with 304 (31.12%) and
-<a href="http://www.hadess.net/totem.php3">Totem</a> with 77 (7.88%).
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="brokenboxAward2005">2005.02.05, Saturday :: Brokenbox Program of the Month</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://brokenbox.com.ar/">
-<img src="../images/brokenboxAward2005.png" alt="Brokenbox Award 2005" width="120" height="140"></a>
-</p>
-
-<p>
-Hey, we've won an award from Argentina... The Argentinian Linux software site
-<a href="http://brokenbox.com.ar/">brokenbox.com.ar</a> has elected MPlayer
-1.0pre6 "programa del mes" (program of the month). Thank you!
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="mplayer10pre6a">2004.12.29, Wednesday :: MPlayer 1.0pre6 re-released</a>
- <br><span class="poster">posted by Roberto</span>
-</h2>
-
-<p>
-The HTML version of the documentation is missing in the pre6 release tarball.
-MPlayer 1.0pre6a is a repackaging of MPlayer 1.0pre6 with the missing
-documentation added back. Except for the DOCS/HTML directory, the two files
-are identical.
-</p>
-
-<p>
-MPlayer and MEncoder will report 1.0-pre6 as the version number, since there
-are no changes in the code.
-</p>
-
-<p>
-If you still haven't got pre6, grab the new pre6a tarball. Else you don't need
-to download it, unless you're interested in HTML docs but you can't build them
-yourself from the XML sources.
-</p>
-
-<p>
-MPlayer 1.0pre6a can be downloaded from the following locations. Please be kind
-to our server and use one of our many mirrors.
-</p>
-
-<ul>
- <li>Hungary 1
- <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a>
- <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
- <li>Hungary 2
- <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a>
- <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
- <li>Switzerland
- <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a></li>
- <li>USA
- <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6a.tar.bz2">HTTP</a>
- <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
- <li>Australia
- <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
- <li>Bulgaria
- <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6a.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MD5SUM: <b>a812d945b884c2e2fa7f90c57cd76bff</b>
-</p>
-
-<p>
-You can send truckloads of cola at my address :-)
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="mplayer10pre6">2004.12.23, Thursday :: MPlayer 1.0pre6 released</a>
- <br><span class="poster">posted by the release team</span>
-</h2>
-
-<p>
-It's been five months since our last release and boy, does it show. This is
-the longest changelog ever, we've been hitting the keyboards hard. So we've
-decided to put this out at last and bestow an X-mas present upon the world.
-Since X-mas is tomorrow this means you'll have to wait one day to compile this.
-Opening presents before their time is out of the question! And no peeking,
-keep those tarballs compressed! If you send in bug reports or a comment
-prematurely we'll know you've been a nasty kid and unpacked your present
-early. And you know what happens to nasty kids...
-</p>
-
-<p>
-The most important changes are support for a seemingly infinite number of
-new codecs and important fixes for some of the old ones. The experimental
-wavelet-based snow video codec by Michael Niedermayer deserves a special
-mention. It is very promising, maybe this is what the future of video
-encoding looks like. We also added support for encoding to H.264 with
-x264 and to MP2 through toolame.
-</p>
-
-<p>
-Apart from that the unbelievable has happened and all the myriad of available
-options are finally documented. If you cannot find it in the documentation it
-simply does not exist, so RTFM! If you have a slow machine you should check
-out low resolution decoding with libavcodec (<code>-vfm ffmpeg -lavdopts
-lowres=0-3</code>). With some luck you should be able to play DVDs and MPEG-4
-movies. Mac OS X has had some nice improvements with VCD and Real/Helix codec
-(get new codec packages) support among others. On Windows there is a shiny
-new DirectSound audio output and support for the <code>-wid</code> option
-should allow building browser plugins. If you use the polypaudio sound server
-there is now an audio output module for you. The remaining old audio plugins
-have been converted to audio filters so expect audio plugins to disappear
-in the next release. Already gone are the old alsa9 and alsa1x audio
-output drivers, use alsa instead.
-</p>
-
-<p>
-As usual there were too many bug fixes to mention. They are all over the place,
-so MPlayer should run smoother and more stable than ever. A notable one is that
-length and position are now displayed for MOV files as well and that MPlayer's
-output is slowly becoming less verbose.
-</p>
-
-<p>
-The changelog is relative to MPlayer 1.0pre5try2, so all recent security
-fixes are included.
-</p>
-
-<p>
-Merry X-mas...
-</p>
-
-
-<h3>MPlayer 1.0pre6: <i>"X-mas present"</i></h3>
-
-<h4>DOCS</h4>
-
-<ul>
- <li>finally all options are documented</li>
- <li>man page completely reviewed for spelling, wording and clarity</li>
- <li>all audio output driver suboptions documented</li>
- <li>all video output driver suboptions documented</li>
- <li>audio filters section added to the man page</li>
- <li>XviD documentation completed</li>
- <li>French man page in sync again</li>
- <li>German man page updated</li>
- <li>new Czech (complete) and Swedish man page translations</li>
- <li>fixes and updates in various places</li>
-</ul>
-
-<h4>Ports</h4>
-
-<ul>
- <li>full x86_64 support</li>
- <li>-rootwin, -panscan support in the quartz video output driver</li>
- <li>key repetition and aspect fixed in the quartz video output driver</li>
- <li>"Movie" menu for quartz video output driver with zoom options & preset</li>
- <li>fs_res quartz video output driver suboption chooses fullscreen resolution</li>
- <li>VCD support for Darwin (Mac OS X)</li>
- <li>Mac OS X Finder startup argument support</li>
- <li>fix for stdin input and slave mode on MinGW</li>
- <li>support for -rootwin, -colorkey, -wid in the DirectX video output driver</li>
- <li>improved monitor selection in the DirectX video output driver</li>
- <li>new DirectSound audio output driver</li>
- <li>mouse support in Windows</li>
- <li>support for ZetaOS (mostly working)</li>
-</ul>
-
-<h4>Drivers</h4>
-
-<ul>
- <li>fixes in the VESA and GGI video output drivers</li>
- <li>-jpeg removed in favor of -vo jpeg suboptions</li>
- <li>jpeg video output driver now supports output to multiple directories</li>
- <li>improvements for the Blinkenlights video output driver ;-)</li>
- <li>OpenGL video output driver colorformat fixes (with manyfmts suboption)</li>
- <li>aspect, panscan, hardware OSD support in the OpenGL video output driver</li>
- <li>new pnm and md5sum video output drivers, replacing pgm and md5</li>
- <li>yuv4mpeg video output now has a file= suboption, can be used with
- -fixed-vo to concatenate files having same width, height and fps</li>
- <li>JACK audio output driver updated to bio2jack API changes</li>
- <li>alsa9 and alsa1x replaced by alsa audio output driver</li>
- <li>ALSA audio output driver always uses specified device, even for hwac3</li>
- <li>support for mixer channel selection in the ALSA audio output driver</li>
- <li>audio output driver for the polypaudio sound server</li>
- <li>VIDIX Cyberblade TV-out fixed</li>
- <li>VIDIX I420 support for Cyberblade and mga</li>
- <li>VIDIX Radeon support on big-endian systems, other Radeon fixes</li>
- <li>VIDIX Radeon R200 QM (Radeon 9100) support</li>
- <li>CLE266 VIDIX driver</li>
- <li>experimental SAVAGE VIDIX driver</li>
-</ul>
-
-<h4>Decoders</h4>
-
-<ul>
- <li>"experimental" support for 20 and 24 bit LPCM (DVD-Audio)</li>
- <li>libmpeg2 updated to 0.4.0b</li>
- <li>libfaad2 updated to 2.1beta CVS snapshot</li>
- <li>DTS decoding via libavcodec</li>
- <li>Windows Media Audio 9 Voice support via binary DLL</li>
- <li>Windows Media Video 9 Advanced support via binary DLL</li>
- <li>Windows Media Screen Codec 2 support via binary DLL</li>
- <li>Windows Media Image Codec support via binary DLL</li>
- <li>Windows Media Image 2 Codec support via binary DLL</li>
- <li>VDOWave video support via binary DLL</li>
- <li>Miro VideoXL video support via libavcodec</li>
- <li>Creative ADPCM audio support via libavcodec or binary DLL</li>
- <li>IBM Ultimotion video support via libavcodec</li>
- <li>Micronas Speech codec support via binary DLL</li>
- <li>H.261 video codec support via libavcodec</li>
- <li>TechSmith Camtasia video codec support via libavcodec</li>
- <li>sonic audio codec support via libavcodec</li>
- <li>snow video codec support via libavcodec</li>
- <li>QuickDraw video support via libavcodec</li>
- <li>Cinepak, CYUV and RoQ audio/video moved to FFmpeg</li>
- <li>Vianet Lsvx video support via binary DLL</li>
-</ul>
-
-<h4>Demuxers</h4>
-
-<ul>
- <li>fix -nosound and -novideo for NSV</li>
- <li>subtitle switching and language code displaying for Matroska</li>
- <li>support for the .vp5 file format (AVI variant)</li>
- <li>seeking in audio-only ASF files fixed</li>
- <li>improved MP3 detection</li>
- <li>support for AVC in .mp4 files</li>
- <li>support for raw H.261 files via libavformat</li>
- <li>improved seeking precision in MPEG files</li>
- <li>better subtitle language code handling for MKV files</li>
- <li>support DVHS files and H.264 over MPEG-TS</li>
- <li>display length and position (in the seekbar) for MOV files</li>
- <li>raw video in MOV files playback improved</li>
-</ul>
-
-<h4>Streaming</h4>
-
-<ul>
- <li>-cache-min and -cache-prefill options added</li>
- <li>compilation fix for newer LIVE.COM versions</li>
- <li>make ASF without ECC work</li>
- <li>support for MMS on non-standard port</li>
- <li>EOF detected in Real RTSP streams</li>
-</ul>
-
-<h4>FFmpeg/libavcodec</h4>
-
-<ul>
- <li>reduced resolution decoding with the lowres option</li>
- <li>new experimental wavelet-based snow video codec</li>
- <li>new sonic audio codec</li>
- <li>TechSmith Camtasia video decoder</li>
- <li>IBM Ultimotion video decoder</li>
- <li>QuickDraw video decoder</li>
- <li>Creative ADPCM decoder</li>
- <li>Miro VideoXL decoder</li>
- <li>Sierra online audio files demuxer and decoder</li>
- <li>QPEG video decoder</li>
- <li>Electronic Arts Game Multimedia format demuxer</li>
- <li>H.261 fixes, H.261 encoder</li>
- <li>fix VIS accelerated code</li>
- <li>DTS support via libdts</li>
- <li>many DV fixes, seek in raw DV files</li>
- <li>support AAC in MOV files</li>
- <li>RV10, RV20 fixes</li>
- <li>RV20 encoding</li>
- <li>AVI demuxer cleanup, palette change support</li>
- <li>iTunes metadata support</li>
- <li>HuffYUV fixes (endianness, RGB32 predictor, median encoding, interlacing)</li>
- <li>ffvhuff (enhanced HuffYUV codec)</li>
- <li>SSE optimizations for 4x4 compare function</li>
- <li>epzs motion search enhancements</li>
- <li>quad tree based motion compensation</li>
- <li>MPEG-4 qpel MMX2/3DNow! optimizations</li>
- <li>H.264: lot of fixes and MMX2/3DNow! optimizations</li>
- <li>AVC1 (H.264 without sync word in .mp4 files) support</li>
- <li>H.264 qpel motion compensation</li>
- <li>Indeo3 grayscale decoding</li>
- <li>preliminary Truemotion 24 bit decoder</li>
- <li>avizlib encoder fixed</li>
- <li>trellis quantization support in H.263</li>
- <li>DCT optimizations</li>
- <li>AltiVec support on AmigaOS4</li>
- <li>adapt MMX/MMX2/SSE/3DNow! optimizations to work on x86_64</li>
- <li>seeking fixes</li>
- <li>better and faster audio resampler</li>
- <li>New dc1394 grabbing interface</li>
- <li>preliminary decoding support for H.264 with CABAC and B-frames</li>
- <li>dvr-ms support in ASF demuxer</li>
- <li>NSV demuxer</li>
- <li>DVD compatible MPEG muxer</li>
- <li>MJPEG-B fixes</li>
- <li>range coder (arithmetic entropy coder) used by snow and ffv1</li>
- <li>ffv1 enhancements: signed golomb, range codes</li>
- <li>multi slice support for main profile H.264 streams</li>
- <li>as usual, lots of bug fixes and optimizations</li>
-</ul>
-
-<h4>Filters</h4>
-
-<ul>
- <li>software volume control when no hardware support available, can be
- controlled with the -softvol and -softvol-max parameters</li>
- <li>high-quality audio resampling with -af lavcresample</li>
- <li>cropdetect rounding parameter</li>
- <li>MPlayer -af help</li>
- <li>missing audio plugins (extrastereo, volnorm) converted to audio filters</li>
- <li>sine sweep generator audio filter</li>
- <li>hrtf audio filter to convert multichannel audio to 2 channel output
- for headphones, preserving the spatiality of the sound</li>
- <li>big-endian fixes in rgb2rgb converter</li>
- <li>yuv2rgb Altivec optimization fixes</li>
- <li>support for LADSPA plugins</li>
-</ul>
-
-<h4>GUI</h4>
-
-<ul>
- <li>unified audio options dialog, also for ALSA</li>
- <li>redrawing limited, decreases CPU usage in audio-only case</li>
- <li>icons for the context menu</li>
- <li>doublesize bug fixed</li>
- <li>slowdown after opening the preferences panel bug fixed</li>
- <li>remaining messages moved to help file for translation</li>
- <li>slowdown after using the preferences panel fixed</li>
-</ul>
-
-<h4>Encoding</h4>
-
-<ul>
- <li>x264 encoder support</li>
- <li>support for MP2 encoding with libtoolame</li>
- <li>libavcodec "turbo mode" to speed up 2-pass encoding</li>
- <li>support for 3-pass encode for libavcodec and x264</li>
- <li>XviD encoder and decoder modules updated to API-4.1 (XviD-1.1.x)</li>
- <li>flush remaining frames at end of encoding process</li>
-</ul>
-
-<h4>Others</h4>
-
-<ul>
- <li>-loop and -shuffle now work together</li>
- <li>better EDL support</li>
- <li>some --disable configure options finally work (mp3lib, liba52, libmpeg2)</li>
- <li>framestepping</li>
- <li>change playback speed during playback</li>
- <li>some crashes with binary codecs fixed</li>
- <li>subtitle alignment support for SAMI files</li>
- <li>also support Windows path separator '\'</li>
- <li>FriBiDi fixes for comma handling in Hebrew subtitles</li>
- <li>-crash-debug option to attach gdb automatically after crashes</li>
- <li>gcc 4 compilation fixes</li>
- <li>compilation fixes for many files in the TOOLS directory</li>
- <li>infamous "stuck mouse button" bug fixed, new -key-fifo-size option</li>
- <li>reduced verbosity of MPlayer's output somewhat</li>
- <li>-identify now prints some information about available languages</li>
- <li>double buffering (-double) is now default</li>
- <li>many memleaks fixed</li>
-</ul>
-
-<p>
-MPlayer 1.0pre6 can be downloaded from the following locations. Please be kind
-to our server and use one of our many mirrors.
-</p>
-
-<ul>
- <li>Hungary 1
- <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a>
- <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
- <li>Hungary 2
- <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a>
- <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
- <li>Switzerland
- <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a></li>
- <li>USA
- <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6.tar.bz2">HTTP</a>
- <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
- <li>Australia
- <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
- <li>Bulgaria
- <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre6.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MD5SUM: <b>4a628f87a7070e10ffea04a1598979a9</b>
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="br-linuxAward2004">2004.12.22, Wednesday :: Brazilian Free Community Award 2004</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://br-linux.org/main/noticia-favoritos_da_comunidade_livre_.html">
-<img src="../images/br-linux2004.jpg" alt="Brazilian Free Community Award 2004" width="411" height="76"></a>
-</p>
-
-<p>
-Today seems to be award day... We were just notified that MPlayer has won
-another award, this time from the Brazilian Linux community at
-<a href="http://br-linux.org">br-linux.org</a>, the "Favoritos da
-Comunidade Livre brasileira em 2004" (Favourites of the Brazilian
-Free Community in 2004) in the category "Visualizador de Vídeo"
-(Video Player) with 1395 votes (48%), followed by xine and Kaffeine.
-</p>
-
-<p>
-If you understand Portuguese you can read the details on
-<a href="http://br-linux.org/main/noticia-favoritos_da_comunidade_livre_.html">the award page</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="HUPAward2004">2004.12.22, Wednesday :: HUP Readers' Choice Award 2004</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://hup.hu/modules.php?name=News&file=article&sid=7628">
-<img src="../images/hup2004.png" alt="HUP Readers' Choice Award 2004" width="150" height="150"></a>
-</p>
-
-<p>
-We're proud to announce that MPlayer has won the Readers' Choice Award of the
-<a href="http://hup.hu">Hungarian Unix Portal</a> in the "favorite video
-player of the year" as well as "favorite Hungarian project of
-the year" category.
-</p>
-
-<p>
-In the video player category MPlayer got 473 votes (89%), xine 39 (7%) and
-VLC 10 (1%). It's the second year in a row for MPlayer to win this award.
-If you understand Hungarian you can read about it on the
-<a href="http://hup.hu/modules.php?name=News&file=article&sid=7628">HUP award page</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="mplayer10pre5try2">2004.12.15, Wednesday :: MPlayer 1.0pre5try2 released</a>
- <br><span class="poster">posted by Roberto</span>
-</h2>
-
-<p>
-Multiple vulnerabilities were discovered in MPlayer by
-<a href="http://www.idefense.com/">iDEFENSE</a>, and
-more were found by us while reviewing the code:
-</p>
-
-<ul>
- <li>potential heap overflow in Real RTSP streaming code
- (<a href="http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20041215.diff">patch</a>)</li>
- <li>potential stack overflow in MMST streaming code
- (<a href="http://www.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff">patch</a>)</li>
- <li>multiple buffer overflows in BMP demuxer
- (<a href="http://www.mplayerhq.hu/MPlayer/patches/bmp_fix_20041215.diff">patch</a>)</li>
- <li>potential heap overflow in pnm streaming code
- (<a href="http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff">patch</a>)</li>
- <li>potential buffer overflow in mp3lib
- (<a href="http://www.mplayerhq.hu/MPlayer/patches/mp3_fix_20041215.diff">patch</a>)</li>
-</ul>
-
-<p>
-All issues affect both MPlayer 1.0pre5 and current CVS versions.
-MPlayer 0.93 is obsolete and was not checked nor fixed.
-All problems were fixed, and the BMP demuxer was also disabled because it's
-useless and requires further analysis to be totally safe.
-</p>
-
-<p>
-To be safe from harm users of MPlayer 1.0pre5 and below should
-upgrade to 1.0pre5try2 or apply this
-<a href="http://www.mplayerhq.hu/MPlayer/patches/pre5-pre5try2.diff">cumulative patch</a>
-to 1.0pre5 and not play streams over the network in the meantime.
-CVS users can just 'cvs update'. An updated
-<a href="http://www.mplayerhq.hu/MPlayer/releases/win32/">CVS build</a>
-for Windows users is also available.
-</p>
-
-<p>
-Detailed advisories will follow.
-</p>
-
-<p>
-MPlayer 1.0pre5try2 can be downloaded from the following locations:
-</p>
-
-<ul>
- <li>Hungary 1
- <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
- <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
- <li>Hungary 2
- <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
- <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
- <li>USA 2
- <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
- <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
- <li>Switzerland
- <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a></li>
- <li>Australia
- <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
- <li>Bulgaria
- <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MD5SUM: <b>724c905a8dddb7e8ec9722fc585f833d</b>
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="LnmAward2004">2004.10.30, Saturday :: Linux New Media Award 2004</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.linuxnewmedia.de/presse/en">
-<img src="../images/LnmAwardLogo2004.jpg" alt="Linux New Media Award 2004" width="241" height="193"></a>
-</p>
-
-<p>
-MPlayer has won the
-<a href="http://www.linuxnewmedia.de/presse/en">Linux New Media Award 2004</a>
-in the category "Best Media Player". The award is organized by the
-<a href="http://www.linuxnewmedia.de/en">Linux New Media AG</a> and the jury
-consists of about 150 respected community members.
-</p>
-
-<p>
-MPlayer got 29.8% of the votes, beating <a href="http://xinehq.de">xine</a>
-(24.2%) and <a href="http://xmms.org">XMMS</a> (23.4%) making this the second
-win in a row. Detailed results can be found on the
-<a href="http://www.linuxnewmedia.de/Award_2004/award2004/">German award page</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="sucon2004">2004.09.02, Thursday :: MPlayer at SUCON '04</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p>
-The MPlayer team will be represented at
-<a href="http://www.suug.ch/sucon/04/">SUCON '04</a>
-by at least Alex Beregszaszi, Roberto Togni, Jonas Jermann and Diego Biurrun.
-SUCON is the Swiss Unix Conference held September 2-4, 2004 at the Technopark
-in Zürich, Switzerland. From the description at their homepage:
-</p>
-
-<blockquote cite="http://www.suug.ch/sucon/04/">
-<p>
-SUCON is a emerging conference focused on topics related to the Unix operating
-system. Our goal is to bring together developers, system administrators and
-users in the field of Unix to foster projects, ideas and the knowledge of
-every individual.
-</p>
-</blockquote>
-
-<p>
-Alex will give a talk about MPlayer on Friday, so if you are interested in
-MPlayer or would like to meet some of us and happen to be in the area, drop
-by.
-</p>
-
-<h3>Update</h3>
-
-<p>
-Also present are Mike Melanson from
-<a href="http://xinehq.de/">xine</a>
-and Samuel Hocevar from
-<a href="http://videolan.org/">VideoLAN</a>.
-They will be giving presentations as well and we will all be holding a
-multimedia birds-of-a-feather session together on Saturday.
-</p>
-
-<h3>Update 2</h3>
-
-<p>
-Some <a href="http://www.suug.ch/sucon/04/video.html">recorded talks</a>
-have been made available. The talks by Mike Melanson and Alex Beregszaszi
-are among them.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="hard_drive_donation">2004.07.23, Friday :: Hard drive donation needed</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p>
-One of the hard drives in our project server is failing and needs to be
-replaced. Since it is part of a RAID1 array and performance suffers a lot when
-running RAID1 with different geometry drives we need either the same model
-as replacement or two new IDE drives. The drive is an IBM IC35L040AVER07-0
-40GB IDE drive.
-</p>
-
-<p>
-If you have such a drive or a pair of new drives lying around or are willing
-to buy it for us, please contact our admin
-<a href="mailto:arpi_REMOVE_THE_UNDERSCORES_AND_THE_TEXT_IN_BETWEEN_ at thot.banki.hu">Arpad Gereöffy</a>
-and send the drive to him.
-</p>
-
-<h3>Update</h3>
-
-<p>
-We have received a DTLA305040 in donation from Stefan Seyfried (Thank you!)
-and Sascha Sommer exchanged it for his IC35L040AVER07, which is now in the
-project server. Also many thanks to the other people who offered help.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="mplayer10pre5">2004.07.15, Wednesday :: MPlayer 1.0pre5 released</a>
- <br><span class="poster">posted by the release team</span>
-</h2>
-
-<p>
-Once again after a long delay we are proud and happy to present you our latest
-release. Tons of new features and bug fixes were included, many during a big
-hacking session at LinuxTag 2004. The pending patch queue has been greatly
-reduced and as usual we expect to make the next release in a more timely
-fashion ;-)
-</p>
-
-<p>
-Since you already know about the <a href="#name_change">name change</a> the
-most important change is the security relevant string handling code audit.
-Read the details in the <a href="#vuln04">relevant advisory</a>.
-If you haven't upgraded to a CVS snapshot already, upgrade to pre5 now.
-</p>
-
-<p>
-Highlights of this release include improved Mac OS X and Windows support,
-improved seeking in Real files, better MEncoder documentation with an
-updated DVD ripping guide, streaming related bug fixes, fullscreen bug fixes,
-a new unified ao_alsa ALSA audio output driver to replace ao_alsa9 and
-ao_alsa1x, a JACK audio output driver and new icons for the GUI and menus.
-Of course we also did the usual stuff like support for more codecs, new video
-filters and bug fixes all over the place.
-</p>
-
-<p>
-The codec packages have been updated and they now sport version numbers so you
-can easily tell whether you have the latest one or not. Grab them if you are
-interested in complete codec support.
-</p>
-
-<p>
-Have fun...
-</p>
-
-
-<h3>MPlayer 1.0pre5: <i>"LinuxTag release"</i></h3>
-
-<h4>Name</h4>
-
-<ul>
- <li>It's "MPlayer - The Movie Player" instead of
- "MPlayer - The Movie Player for Linux" now.</li>
-</ul>
-
-<h4>Security</h4>
-
-<ul>
- <li>complete review of string operations, buffer overflows fixed</li>
-</ul>
-
-<h4>DOCS</h4>
-
-<ul>
- <li>small additions, corrections, updates all over the place</li>
- <li>audio output driver section added to the man page</li>
- <li>several bug fixes and improvements in the MEncoder documentation</li>
- <li>DVD ripping guide extended and improved</li>
- <li>AUTHORS file massively extended</li>
- <li>German man page partially updated</li>
- <li>Hungarian XML documentation translation started</li>
-</ul>
-
-<h4>Ports</h4>
-
-<ul>
- <li>encrypted DVD playback on Windows fixed (again)</li>
- <li>Cygwin and MinGW now accept the same -dvd-device syntax</li>
- <li>LIVE.COM now works under MinGW</li>
- <li>foundations for MinGW crosscompilation</li>
- <li>disabled SSE on MinGW as it caused crashes</li>
- <li>AC3 passthrough for ao_win32</li>
- <li>improved vo_quartz (YUV, multiple screens support)</li>
- <li>vo_quartz made default on Mac OS X</li>
- <li>ao_macosx fixed and made default again on Mac OS X</li>
- <li>RealVideo binary codecs support on Mac OS X (still buggy)</li>
- <li>bigendian fixes in vf.c, vo_tga</li>
- <li>OpenBSD portability fixes</li>
- <li>OpenBSD/VAX support</li>
- <li>AMD64 support</li>
-</ul>
-
-<h4>Drivers</h4>
-
-<ul>
- <li>support for more Radeons (9800 XT among them) in VIDIX</li>
- <li>Radeon related bug fixes in VIDIX</li>
- <li>vo_gl2 now supports GUI, fix for flickering borders in fullscreen</li>
- <li>support 24 and 32 bit PCM files, bigendian fixes</li>
- <li>ao_sdl now converts unsupported formats instead of quitting</li>
- <li>ENCA support</li>
- <li>merged ao_alsa9 and ao_alsa1x drivers into ao_alsa</li>
- <li>NeoMagic TV-out support through VESA</li>
- <li>JACK audio output driver</li>
- <li>vo_sdl fixes (wrong flags and screensaver disabling)</li>
- <li>vo_directx fixes</li>
-</ul>
-
-<h4>Decoders</h4>
-
-<ul>
- <li>MSZH/ZLIB, FLI, QTRLE, RoQ video and RoQ audio support moved to FFmpeg</li>
- <li>FFmpeg Cinepak and CYUV decoders preferred</li>
- <li>audio format 0xff support (is AAC)</li>
- <li>"raw" audio in MOV supported</li>
- <li>Indeo audio (iac25) support via binary codec</li>
- <li>upgrade libfaad2 to the FAAD 2.0 release</li>
- <li>MPEG-2 chroma422/444 support</li>
- <li>Winnov WINX and WNV1 support via binary codec</li>
-</ul>
-
-<h4>Demuxers</h4>
-
-<ul>
- <li>Ogg subtitle handling and other bug fixes</li>
- <li>Matroska improvements</li>
- <li>support seeking in Real files without -idx</li>
- <li>support seeking in Real files without index with -forceidx</li>
-</ul>
-
-<h4>Streaming</h4>
-
-<ul>
- <li>ASF, MMST streaming fixes</li>
- <li>URL escaping fixed</li>
- <li>NSA (Nullsoft audio) streaming support</li>
- <li>embedded RAM playlist support</li>
- <li>multibyte URL support</li>
- <li>rtp:// now supported even with LIVE.COM compiled in</li>
- <li>miscellaneous bug fixes</li>
-</ul>
-
-<h4>Filters</h4>
-
-<ul>
- <li>vf_softskip: frame skipping filter for MEncoder</li>
- <li>vf_harddup: frame duplication filter for MEncoder</li>
- <li>vf_pullup minor fixes and improvements</li>
- <li>AltiVec-optimized YUV to RGB converter</li>
- <li>vf_spp memory corruption fix on reallocation</li>
-</ul>
-
-<h4>FFmpeg/libavcodec</h4>
-
-<ul>
- <li>MPEG-2 encoding with 8, 9, 10, 11 bit intra DC precision</li>
- <li>DC clipping fix, intra_dc_precision > 0 support</li>
- <li>Cinepak fixes and palette support</li>
- <li>support skipping of MB rows during decoding</li>
- <li>Vorbis in NUT fixed</li>
- <li>NUT updated to latest specification</li>
- <li>segfault and artifact fixes in SVQ3 decoder</li>
- <li>motion estimation code: overflow and chroma fixes</li>
- <li>change qscale -> lambda for the motion estimation</li>
- <li>noise preserving sum of squares comparison function in ME code</li>
- <li>fixed memory overwrite in truemotion decoder</li>
- <li>clip input motion vectors, better error tolerance on bad vectors</li>
- <li>FLAC decoder cleanup (partial demuxer/decoder separation)</li>
- <li>memalign hack for SSE/SSE2 on that alternative OS :)</li>
- <li>lots of AltiVec optimizations</li>
- <li>qscale + qprd fix</li>
- <li>QTrle4 support</li>
- <li>H.261 decoder</li>
- <li>coefficient saturation fix in H.263</li>
- <li>H.263 MCBPC fix</li>
- <li>per line lowpass filter in MMX and faster C lowpass filter</li>
- <li>SVQ1 encoder</li>
- <li>as usual, lots of bug fixes and optimizations</li>
-</ul>
-
-<h4>Others</h4>
-
-<ul>
- <li>fullscreen fixes for many window managers</li>
- <li>fix crash on original Pentiums and older</li>
- <li>dvd://start-end support</li>
- <li>netstream (mpst://) support fixed</li>
- <li>support comments in plaintext playlists</li>
- <li>loader/ dependency removed</li>
- <li>keepaspect option extended to all video output drivers</li>
- <li>WMA to Ogg conversion and simple subtitle editing script added to TOOLS</li>
- <li>support for more lame options</li>
- <li>new set of GUI icons</li>
- <li>memory conserving implementation of GUI potmeters</li>
- <li>X11 code reindented</li>
- <li>further gcc 3.4 support fixes</li>
- <li>mixer API written for changing volume through libaf</li>
- <li>-rtc-device option for specifying the RTC device</li>
- <li>desktop/menu icon added</li>
- <li>miscellaneous bug fixes and cleanups</li>
- <li>multi-threaded encoding with lavc</li>
- <li>fixed a bug with Real files introduced in pre4</li>
- <li>-use-stdin renamed to -noconsolecontrols</li>
-</ul>
-
-<p>
-MPlayer 1.0pre5 can be downloaded from the following locations. Please be kind
-to our server and use one of our many mirrors.
-</p>
-
-<ul>
- <li>Hungary 1
- <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a>
- <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
- <li>Hungary 2
- <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a>
- <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
- <li>USA 2
- <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a>
- <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
- <li>Switzerland
- <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">HTTP</a></li>
- <li>Australia
- <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
- <li>Bulgaria
- <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MD5SUM: <b>fbe6919eb025526e8ed129cd61a49969</b>
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="mplayer093">2004.07.09, Wednesday :: MPlayer 0.93 released</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p>
-This is a security only update for our outdated stable branch. It contains
-a simple port of the fixes for the recent
-<a href="#vuln04">GUI remote buffer overflow vulnerabilities</a>
-committed to the main MPlayer source tree.
-This was done without a complete audit of the 0.90 branch of our code base
-due to a lack of resources.
-</p>
-
-<p>
-The 0.90 branch is long obsolete, there will be no further releases,
-probably not even security fix releases. Therefore we strongly recommend
-upgrading to MPlayer 1.0pre5 once it becomes available or a current CVS
-snapshot.
-</p>
-
-<h3>MPlayer 0.93</h3>
-
-<h4>Security:</h4>
-
-<ul>
- <li>string operation buffer overflows fixed</li>
-</ul>
-
-<p>
-MPlayer 0.93 can be downloaded from the following locations:
-</p>
-
-<ul>
- <li>Hungary 1
- <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">HTTP</a>
- <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
- <li>Hungary 2
- <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">HTTP</a>
- <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
- <li>USA 2
- <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.93.tar.bz2">HTTP</a>
- <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
- <li>Switzerland
- <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-0.93.tar.bz2">HTTP</a></li>
- <li>Australia
- <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
- <li>Bulgaria
- <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-0.93.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MD5SUM: <b>2ddd395cd1bc56559006398ef5105710</b>
-</p>
-
-</div>
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln04">2004.07.01, Thursday :: remote buffer overflow vulnerabilities in the GUI code</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-Multiple string vulnerabilities have been found and fixed in the MPlayer GUI
-code, at least one of which was remotely exploitable.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player) if
-using the GUI to play certain types of playlist files, none when using only the
-command line. The MPlayer GUI is optional and not built by default.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A fix for the vulnerability with the known exploit was checked into MPlayer CVS
-on Wed, 2 June 2004 12:40:41 +0000 (UTC). The result of a thorough code audit
-that uncovered further potentially exploitable bugs was checked into MPlayer CVS
-on Fri, 25 June 2004 16:49:52 +0000 (UTC). All of this will be included in MPlayer
-1.0pre5. Users of affected MPlayer versions should upgrade to latest CVS or MPlayer 1.0pre5
-once it becomes available. Alternatively a patch for the
-<a href="../../MPlayer/patches/vuln04-fix.diff">main</a> and
-<a href="../../MPlayer/patches/vuln04-0_90-fix.diff">0_90</a>
-MPlayer CVS versions is available that can be applied to the MPlayer source
-tree.
-</p>
-
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0pre4 and before<br>
-MPlayer 0.92.1 and before
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-none
-</p>
-
-
-<h3>History</h3>
-
-<p>
-On Tue, 1 June 2004 MPlayer developers were contacted by
-<a href="mailto:c0ntex at open-security.org">c0ntex</a> who had found a string
-handling vulnerability in the MPlayer GUI code complete with an example
-exploit and a preliminary fix. That fix was checked into MPlayer CVS on
-Wed, 2 June 2004 12:40:41 +0000 (UTC).
-</p>
-
-<p>
-When playing certain types of playlist files with extremely long entries a
-buffer overflow error occurs. This allows an attacker to overwrite memory with
-specially crafted playlist files and execute arbitrary code under the user ID
-running MPlayer.
-</p>
-
-<p>
-Richard Felker started a general audit of the GUI code for further string
-handling problems and uncovered a host of potential bugs, some of which were
-probably exploitable. Nicholas Kain proceeded to do a full audit of the MPlayer
-code for insecure string handling, which was finished by Alexander Strasser.
-The result of this audit was checked into MPlayer CVS on
-Fri, 25 June 2004 16:49:52 +0000 (UTC).
-</p>
-
-<p>
-Since the first quick review of the GUI code immediately revealed several
-potentially exploitable bugs we have refrained from publishing this advisory
-until a thorough audit of the whole code was finished.
-</p>
-
-<p>
-On Thu, 1 July 2004 11:22:29 (UTC) a simple port of the fixes was committed to
-the 0_90 stable MPlayer source tree. This was done without a further audit of
-the 0_90 code base due to lack of resources. We have therefore dropped further
-support of the 0_90 tree and recommend upgrading to MPlayer 1.0pre5 or latest
-CVS.
-</p>
-
-<h3>Download</h3>
-
-<p>
-MPlayer 1.0pre5, 0.93 and CVS snapshots can be downloaded from the MPlayer homepage or one of its many
-mirrors as soon as they become available. Go to the
-<a href="dload.html">MPlayer download page</a>
-to get MPlayer 1.0pre5 source code or a CVS snapshot.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="name_change">2004.06.25, Friday :: MPlayer name change</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p>
-No, it's still MPlayer ;-).
-</p>
-
-<p>
-But since we run on so many different operating systems now we thought that
-</p>
-
-<p>
- <b>MPlayer - The Movie Player For Linux</b>
-</p>
-
-<p>
-is not really a fitting name any longer. So from now on it will be just
-</p>
-
-<p>
- <b>MPlayer - The Movie Player</b>
-</p>
-
-<p>
-The king is dead - long live the king!
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="linuxtag2004_patents">2004.06.24, Thursday :: Software Patents</a>
- <br><span class="poster">posted by Alex</span>
-</h2>
-
-<p>
-Your video player is... <b>PATENTED</b> <i>(in the USA)</i>
-</p>
-
-<p>
-Demonstration against Software Patents in Karlsruhe, the city of LinuxTag with
-some developers and advocates of MPlayer.
-Read more <a href="http://kwiki.ffii.org/DemoKarlsruhe04En">at the FFII page</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="linuxtag2004">2004.06.02, Wednesday :: MPlayer at LinuxTag 2004</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.linuxtag.org/">
-<img src="../images/linuxtag.png" alt="LinuxTag logo" width="119" height="80"></a>
-</p>
-
-<p>
-The MPlayer team will be represented at
-<a href="http://www.linuxtag.org/2004/index.html">LinuxTag 2004</a>
-by at least Alex Beregszaszi, Sascha Sommer and Diego Biurrun.
-LinuxTag is a mix between trade show and conference about Linux and free
-software for both companies and projects. It is held in Karlsruhe, Germany,
-from the 23rd to the 26th of June. We will have a booth in the projects area
-and be present for the full four days. Hopefully we will also be able to hold
-a small conference with as many developers as possible. If you ever wished to
-have a chat with us, that would be the perfect opportunity.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln03">2004.04.28, Wednesday :: Exploitable remote buffer overflow vulnerability in the Real RTSP streaming code</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<h3>Summary:</h3>
-
-<p>
-Multiple vulnerabilities have been found and fixed in the Real-Time
-Streaming Protocol (RTSP) client for RealNetworks servers, including a
-series of potentially remotely exploitable buffer overflows. This is a
-joint advisory by the MPlayer and xine teams as the code in question is
-common to these projects. The xine team has assigned ID XSA-2004-3 to this
-security announcement.
-</p>
-
-<h3>Severity:</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when playing Real RTSP streams.
-At this time, there is no known exploit for these vulnerabilities.
-</p>
-
-<h3>Prerequisites:</h3>
-
-<p>
-The players are only vulnerable when playing Real RTSP streams.
-There is no risk if Real RTSP (realrtsp) streaming is not employed.
-</p>
-
-<h3>Solution:</h3>
-
-<p>
-A fix was checked into MPlayer CVS on Sat, 24 Apr 2004 12:33:22 +0200 (CEST).
-This fix is included in MPlayer 1.0pre4. Users of affected MPlayer versions
-should upgrade to MPlayer 1.0pre4 or later. Alternatively a standalone
-<a href="../../MPlayer/patches/vuln03-fix.diff">patch</a> is available that
-can be applied to the MPlayer source tree.
-</p>
-
-<p>
-xine-lib fix was checked into CVS on Fri, Apr 23 21:59:04 2004 UTC. This fix
-is included in xine-lib 1-rc4. Users of affected xine-lib versions should
-upgrade to xine-lib 1-rc4 or later.
-If this upgrade is not feasible for some reason, the vulnerable code
-can be disabled by removing xine's RTSP input plugin, which is located at
-$(xine-config --plugindir)/xineplug_inp_rtsp.so. If installed with default
-paths, that is: /usr/local/lib/xine/plugins/1.0.0/xineplug_inp_rtsp.so
-This workaround disables RTSP streaming.
-</p>
-
-<h3>Affected versions:</h3>
-
-<p>
-MPlayer 1.0pre1-pre3try2<br>
-xine-lib 1-beta1 to 1-rc3c
-<p>
-
-<h3>Unaffected versions:</h3>
-
-<p>
-MPlayer 0.92.1 and below<br>
-MPlayer 1.0pre4 and above<br>
-MPlayer CVS HEAD
-</p>
-
-<p>
-xine-lib 1-beta0 and below<br>
-xine-lib 1-rc4 and above<br>
-xine-lib CVS HEAD
-</p>
-
-<h3>History / Attack Vectors:</h3>
-
-<p>
-On Thu, 22 Apr 2004 Diego Biurrun found a crashing bug in the MPlayer
-realrtsp code that Roberto Togni confirmed to be a buffer overflow
-vulnerability later that day. The xine team was notified and independent
-code audits were performed by Miguel Freitas (xine) and Roberto Togni
-(MPlayer), revealing multiple vulnerabilities.
-</p>
-
-<ol>
- <li>Fixed length buffers were assigned for the URL used in server requests
- and the length of the input was never checked. Very long URLs could thus
- overflow these buffers and crash the application. A malicious person
- might possibly use a specially crafted URL or playlist to run arbitrary
- code on the user's machine.</li>
- <li>Not all strings returned from a Real server were checked for length.
- It might be possible to cause a buffer overflow during the RTSP session
- negotiation sequence. A malicious person could use a fake RTSP server
- to feed the client with malformed strings.</li>
- <li>Packets of RealNetworks' Real Data Transport (RDT) format were received
- using a fixed length buffer whose size was never checked. It might also be
- possible to exploit this by emulating a RealNetworks' RTSP server.</li>
- <li>On Wed, 14 Apr 2004 22:45:28 +0200 (CEST) a change was made to MPlayer
- CVS that removes the extension checking on RTSP streams. MPlayer now
- attempts to handle every RTSP connection as realrtsp first, falling back
- to live.com RTSP. CVS versions from that date to the time the fix was
- checked in are susceptible to the same problem when playing normal RTSP
- streams as well.</li>
- <li>At the time of the writing of this advisory no real exploits are known
- to the authors and we hope to be the first to stumble across this
- vulnerability. Since we believe that the bugs described in this advisory
- are exploitable we have released this proactive advisory.</li>
-</ol>
-
-<h3>Download:</h3>
-
-<p>
-MPlayer 1.0pre4 can be downloaded from the MPlayer homepage or one of its many
-mirrors. Go to the
-<a href="dload.html">MPlayer download page</a>
-to get MPlayer 1.0pre4 source code.
-</p>
-
-<p>
-xine-lib 1-rc4 can be downloaded from the
-<a href="http://xinehq.de/index.php/releases">xine homepage</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="mplayer10pre4">2004.04.28, Wednesday :: MPlayer 1.0pre4 released</a>
- <br><span class="poster">posted by the release team</span>
-</h2>
-
-<p>
-A long time has passed without a release and really a lot has
-happened. Between the KiSS affair and the farewell of some developers
-one might almost get the impression that not much development has been
-taking place. Indeed there have been many internal changes. Alex
-Beregszaszi (who has been the maintainer since 0.90rc3) is now
-supported by a team of maintainers, making this the first real team
-release of MPlayer. To reflect that we are also presenting the site in
-a new design. If you thought about helping us out in building the
-fastest and most flexible video player, now would be the perfect moment
-to join our team, just come and join us on our
-<a href="info.html#mailing_lists">mailing lists</a> and
-<a href="info.html#irc">IRC</a> channels. We can use not only coders but
-also documenters and people that want to help us out with the many details
-that have to be taken care of to make such a big project a success. But if
-you thought MPlayer development was stalled, just have a look at the huge
-changelog.
-</p>
-
-<p>
-We fixed a remotely exploitable security vulnerability in the Real
-RTSP code, please read our advisory for details. Many thanks go to the
-<a href="http://www.xinehq.de">xine</a> team for cooperating so well
-with us in the audit of this shared code.
-We also found a buffer overflow in the Matroska demuxer and in
-the CDDB code, so we strongly urge you to upgrade.
-</p>
-
-<p>
-Apart from that there are so many changes it gets hard to pick out the
-highlights.
-</p>
-
-<p>
-As usual the documentation has been improved and extended and our many
-ports have been improved. The BSDs are getting closer and closer to
-the Linux version, Mac OS X and PowerPC users will enjoy as
-much as a 100% speed improvement through many AltiVec optimizations
-and a native Quartz (Mac OS X) output driver. The Windows version of
-MPlayer is shaping up to be an equal contender to the Unix versions,
-grab and spread it.
-</p>
-
-<p>
-If you had problems with streaming in the past this may be the release
-for you. We fixed tons of bugs and added support for SMIL playlist to
-Real streaming and now support Nullsoft Streaming Video (NSV)
-</p>
-
-<p>
-With (experimental) AVI OpenDML read and write support we have knocked
-a longstanding item from the wishlist. Now is the time to play and
-create huge AVI files.
-</p>
-
-<p>
-Our video filter system has been extended by no less than seven
-filters and is thus more flexible than ever.
-</p>
-
-<p>
-If you are an oldschool text mode addict and like ASCII art output you
-can now enjoy it in full color with the caca output driver.
-</p>
-
-<p>
-On the codec front we now support XviD 1.0, VP5 and VP6 and the
-existing codecs have been improved and optimized. Accordingly the
-codec package has been extended by a few DLLs, don't forget to grab a
-new one.
-</p>
-
-<p>
-As usual we would be nothing without
-<a href="http://ffmpeg.org">FFmpeg</a> and the many native codecs
-they provide. FLAC among others has joined their long list of
-supported codecs and the rest has seen notable speed and quality
-improvements.
-</p>
-
-<p>
-Enjoy...
-</p>
-
-
-<h3>MPlayer 1.0pre4: <i>"YAML Counter"</i></h3>
-
-<h4>Security:</h4>
-
-<ul>
- <li>HTTP parser remote heap overflow vulnerability fixed</li>
- <li>Real RTSP remote buffer overflow vulnerability fixed</li>
- <li>buffer overflow in the Matroska demuxer</li>
- <li>potentially exploitable buffer overflow in CDDB TOC code</li>
-</ul>
-
-<h4>DOCS:</h4>
-
-<ul>
- <li>new Copyright file covers files from other projects and their licenses</li>
- <li>new DOCS/tech/translations.txt explains how to properly translate MPlayer</li>
- <li>new Japanese console message translation</li>
- <li>Polish translation finished</li>
- <li>Italian man page translation</li>
- <li>DVD ripping guide</li>
- <li>telecine/interlacing guide</li>
- <li>video out driver section added to the man page</li>
- <li>XML build system rewritten - now supports building individual languages</li>
- <li>miscellaneous updates all over the place</li>
-</ul>
-
-<h4>Ports:</h4>
-
-<ul>
- <li>better PA-RISC detection</li>
- <li>support for VAX (tested on VAXstation 4000/VLC) -- really, believe me!</li>
- <li>optimizing for specific MIPS CPUs under IRIX</li>
- <li>AMD64 detection under BSDs</li>
- <li>fbdev driver updated for Linux 2.6</li>
- <li>support for ELF only OpenBSD</li>
- <li>optimizing for PPC 970 (aka G5)</li>
- <li>SDL support fixed on MinGW</li>
- <li>VIDIX working under Windows XP/2000 (native dhahelper)</li>
- <li>builds out of the box under GNU Hurd</li>
- <li>SSE optimizations enabled under MinGW</li>
- <li>SSE support under OpenBSD</li>
- <li>AltiVec support under NetBSD</li>
- <li>GCC 3.4 support (due to changed behaviour in ASM code snippets)</li>
-</ul>
-
-<h4>Demuxers:</h4>
-
-<ul>
- <li>Matroska containing RealVideo works better</li>
- <li>fixed random segfaults in VIVO</li>
- <li>endianess fixes in CDDA</li>
- <li>UYVY support in tvi/v4l2</li>
- <li>tvi/bsdbt848 now working under FreeBSD 5.2-CURRENT</li>
- <li>tvi/bsdbt848 audio part working under NetBSD</li>
- <li>LIVE.COM demuxer updated to conform with latest libraries</li>
- <li>new, independent, C implementation of the Matroska demuxer</li>
- <li>fix for rare Real files</li>
- <li>more robust Real demuxer (can resync after errors)</li>
- <li>support for AAC inside Real</li>
- <li>MPEG Aspect code 4 fixed</li>
- <li>support for selecting subtitle streams with -slang inside Ogg</li>
- <li>wrapper demuxer for FFMpeg's libavformat (Nut is playable this way)</li>
- <li>much improved seeking in Ogg</li>
- <li>Nullsoft streaming video (NSV) demuxer</li>
- <li>AVI OpenDML read and write support</li>
-</ul>
-
-<h4>Streaming:</h4>
-
-<ul>
- <li>SMIL playlist parser</li>
- <li>support for URL redirection</li>
- <li>support for seeking in HTTP streams</li>
- <li>updated LIVE.COM streaming code</li>
- <li>fallback to live.com RTSP after Real RTSP</li>
- <li>suggests -playlist if normal streaming fails</li>
- <li>many improvements and bug fixes in the streaming code</li>
-</ul>
-
-<h4>Decoders:</h4>
-
-<ul>
- <li>compilation failure without zlib in vd/lcl fixed</li>
- <li>removed obsoleted decoders (which were moved to libavcodec), affected:
- vd/8bps, vd/msrle, vd/msvideo1, vd/rpza, vd/smc</li>
- <li>workaround for buggy codecs in ad/acm (support for Sharp G.726)</li>
- <li>fixed chroma-swapping in Hauppauge Macroblock decoder</li>
- <li>AltiVec optimized resampler in liba52</li>
- <li>support for VP5 and VP6 DLL decoders</li>
- <li>support for Alparysoft lossless video codec (through DLLs)</li>
- <li>support for Lead MCMW wavelet video codec (through DLLs)</li>
- <li>HE-AAC working through libfaad</li>
- <li>removed libmpflac in favor of FFmpeg's FLAC implementation</li>
- <li>liba52 dynamic range compression support</li>
-</ul>
-
-<h4>Filters:</h4>
-
-<ul>
- <li>vf_bmovl bugfixes</li>
- <li>vf_filmdint now handles 15fps NTSC input</li>
- <li>huge updates and speedup on vf_pullup</li>
- <li>big updates to vf_ilpack (proper interpolation and MMX optimizations)</li>
- <li>vf_zrmjpeg: fast MJPEG encoder using libavcodec for Zoran</li>
- <li>interlaced scaling support in vf_scale</li>
- <li>vf_kerndeint: adaptive deinterlacer</li>
- <li>vf_rgbtest: rgb test pattern generator for developers</li>
- <li>vf_qp: qp change filter</li>
- <li>vf_noformat: the same as vf_format but with reversed meaning</li>
- <li>AltiVec optimized SWScaler</li>
- <li>vf_phase: phase shift fields</li>
- <li>vf_divtc: duplicate frame removal from deinterlaced telecined video</li>
-</ul>
-
-<h4>Drivers:</h4>
-
-<ul>
- <li>ao/esd behaves better over network now</li>
- <li>support for Radeon 9200/9600/9600 Pro/9700 in VIDIX</li>
- <li>-mixer support for alsa9</li>
- <li>fixed OSS audio grabber module with hardware not supporting 44khz</li>
- <li>native ALSA 1.x support (not through 0.9 emulation)</li>
- <li>better multibuffer support in VIDIX nVidia driver</li>
- <li>pan & scan support in VIDIX nVidia driver</li>
- <li>support for more cards in VIDIX nVidia driver</li>
- <li>vo_libcaca: color ASCII art output driver</li>
- <li>vo_quartz: native MacOS X/Quartz video output</li>
- <li>support for VIDIX when ATI FireGLX drivers are used</li>
-</ul>
-
-<h4>FFmpeg/libavcodec:</h4>
-
-<ul>
- <li>H.263 AIC and MQ encoding support</li>
- <li>fixed low delay decoding</li>
- <li>fixed H.263+ encoding without UMV</li>
- <li>lots of CBR improvements</li>
- <li>MB type and QP visualization</li>
- <li>lots of code cleanup</li>
- <li>intra & inter dequantization split -> speedup</li>
- <li>fixed stereo IMA ADPCM encoding</li>
- <li>VBV delay setting support (MPEG-2 CBR)</li>
- <li>improved RV20 decoder (most known errors eliminated)</li>
- <li>interlaced DCT</li>
- <li>interlaced motion estimation</li>
- <li>interlaced MPEG-2 encoding</li>
- <li>4MV encoding fixes</li>
- <li>initial interlaced MPEG-4 encoding</li>
- <li>improved visual quality in SVQ3 decoder</li>
- <li>fixed never-before-tested embedded string decoder in SVQ1</li>
- <li>optimized quantization (including the trellis way)</li>
- <li>Sierra VMD video decoder</li>
- <li>MMX and SSE2 optimized H263 denoiser</li>
- <li>better SVCD compliance (encoder side)</li>
- <li>MMX and MMX2 optimized interlaced DCT decision</li>
- <li>various cleanup, memleak and segfault fixes</li>
- <li>optimized (2x faster) the MPEG layer 3 decoder</li>
- <li>grayscale coded MJPEG decoding support</li>
- <li>avimszh and avizlib decoders</li>
- <li>"packed" XviD decoding</li>
- <li>fixed some bugs in RV20 B-frames decoding</li>
- <li>closed GOP encoding</li>
- <li>SSE2 optimized FDCT</li>
- <li>support for quantizer noise shaping</li>
- <li> support for EA ADPCM and SMJPEG IMA ADPCM</li>
- <li>QT RLE decoder</li>
- <li>OBMC fixes</li>
- <li>FLAC decoder</li>
- <li>better support for DivX5</li>
- <li>MMX and SSE2 optimized VP3/Theora decoding</li>
- <li>support for Theora alpha3</li>
- <li>many H.264 improvements</li>
- <li>more robust MJPEG startcode search mechanism</li>
- <li>better WMV8 decoding</li>
- <li>native Sparc VIS optimizations</li>
- <li>native G.726 codec</li>
-</ul>
-
-<h4>Others:</h4>
-
-<ul>
- <li>-codecs-file option for specifying alternative codecs.conf file</li>
- <li>fixed some minor bugs in the GUI</li>
- <li>prevent sig11 when $HOME is not set</li>
- <li>fix some command line handling corruptions</li>
- <li>Swedish and Polish yes/no options in config files</li>
- <li>support binding F11 and F12 keys</li>
- <li>TOOLS/divx2svcd updated</li>
- <li>stricter thread code in Win32 loader (works under NetBSD)</li>
- <li>PJS subtitle support (was: dunnowhat)</li>
- <li>TOOLS/avifix: simple tool to fix chunk sizes in AVI files</li>
- <li>proper extraheader handling when libavcodec is used in MEncoder</li>
- <li>AVI OpenDML read and write support</li>
- <li>AVI VPRP (video property) read and write support</li>
- <li>fixed long standing lame quality option off-by-one bug in MEncoder</li>
- <li>MPL2 subtitle support</li>
- <li>less verbosity in Win32 loader and other places</li>
-</ul>
-
-<p>
-MPlayer 1.0pre4 can be downloaded from the following locations:
-</p>
-
-<ul>
- <li>Hungary 1
- <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a>
- <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
- <li>Hungary 2
- <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a>
- <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
- <li>USA 2
- <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a>
- <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
- <li>Switzerland
- <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">HTTP</a></li>
- <li>Australia
- <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
- <li>Bulgaria
- <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre4.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MD5SUM: <b>83ebac0f05b192516a41fca2350ca01a</b>
-</p>
-
-<p>
-Grab the Windows port from here: <a href="http://www.mplayerhq.hu/MPlayer/releases/win32/">http://www.mplayerhq.hu/MPlayer/releases/win32/</a><br>
-</p>
-
-<p>
-Also don't forget to visit the downloads page for the updated codec pack!
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="newforums">2004.04.26, Monday :: New ways of communication</a>
- <br><span class="poster">posted by Alex</span>
-</h2>
-
-<p>
-Since a while, MPlayer has two official IRC channels on the
-<a href="http://freenode.net/">freenode</a> network:
-</p>
-
-<ul>
- <li><b>#mplayer</b> for users</li>
- <li><b>#mplayerdev</b> for developers</li>
-</ul>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="resurrection">2004.04.23, Friday :: Resurrection</a>
- <br><span class="poster">posted by Alex</span>
-</h2>
-
-<p>
-After two (nowadays not so active, but valuable) developers leaving the project
-(both of them posting an unneeded news article about it), one could think it's
-almost dead now. This assumption is false, other developers are still active,
-but busy with work.
-</p>
-
-<p>
-Be prepared for a new tech release!
-</p>
-
-<p>
-<i>Just for clarification: I say 'unneeded news article', because many
-developers left already without news entries and more joined the project
-after them.</i>
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="bxl2004">2004.04.23, Friday :: Say NO to software patents - Bruxelles 2004</a>
- <br><span class="poster">posted by Alex</span>
-</h2>
-
-<p>
-The <a href="http://www.ffii.org/">FFII</a> has organized a demo this year
-just like the one in 2003.<br><br>
-The MPlayer project is proud to be a part of the conferences: Diego Biurrun
-and myself have been there and talked about patents and the KiSS issue with
-known and great authorities, such as Alan Cox and George Greve (President
-of FSF Europe).
-</p>
-
-<p>
-As a report, read
-<a href="http://mplayerhq.hu/pipermail/mplayer-dev-eng/2004-April/025420.html">this</a>
-post from Diego.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="leave2">2004.04.23, Friday :: Leaving</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-I've decided to leave the MPlayer project. Personal thanks go to:
-</p>
-
-<ul>
- <li><b>A'rpi, Pontscho, Alex</b> for all the fun we've been through together</li>
- <li><b>LGB</b> for his poetry</li>
- <li><b>Diego Biurrun</b> for never giving up</li>
-</ul>
-
-<p>
-Farewell.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="vuln02">2004.03.30, Tuesday :: Exploitable remote buffer overflow vulnerability in the HTTP parser</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<h3>Severity:</h3>
-
-<p>
-HIGH (if playing HTTP streaming content)<br>
-LOW (if playing only normal files)<br>
-<br>
-
-<h3>Description:</h3>
-
-<p>
-A remotely exploitable buffer overflow vulnerability was found in MPlayer.
-A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer
-into executing arbitrary code upon parsing that header.
-</p>
-
-<h3>affected MPlayer versions:</h3>
-
-<p>
-MPlayer 0.90pre series<br>
-MPlayer 0.90rc series<br>
-MPlayer 0.90<br>
-MPlayer 0.91<br>
-MPlayer 1.0pre1<br>
-MPlayer 1.0pre2<br>
-MPlayer 1.0pre3
-</p>
-
-<h3>unaffected MPlayer versions:</h3>
-
-<p>
-MPlayer releases before 0.60pre1<br>
-MPlayer 0.92.1<br>
-MPlayer 1.0pre3try2<br>
-MPlayer 0_92 CVS<br>
-MPlayer HEAD CVS
-</p>
-
-<h3>Notification status:</h3>
-
-<p>
-Developers were notified on <b>2004.03.29</b> (by <b><a href="mailto:blexim at hush.com">"blexim"</a></b>)<br>
-Fix was commited into HEAD CVS at <b>2004.03.30 12:58:43 CEST</b><br>
-<i>MPlayer 0.92.1 (vuln-fix-only release)</i> was released on <b>2004.03.30
-16:45:00 CEST</b><br>
-<i>MPlayer 1.0pre3try2 (vuln-fix-only release)</i> was released on <b>2004.03.30
-16:51:00 CEST</b>
-</p>
-
-<h3>Patch availability:</h3>
-
-<p>
-A <a href="../../MPlayer/patches/vuln02-fix.diff">patch</a> for all
-vulnerable versions is available.
-</p>
-
-<h3>Suggested upgrading methods:</h3>
-
-<p>
-MPlayer 1.0pre3 users should upgrade to <b>latest CVS</b>.<br>
-MPlayer 0.92 (and below) users should upgrade to <b>0.92.1</b> or <b>latest CVS.</b>
-</p>
-
-<p>
-MPlayer 0.92.1
-<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2.asc">(PGP signature)</a>
-<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2.md5">(MD5 checksum)</a>
-can be downloaded from the following sites:
-</p>
-
-<ul>
- <li>Hungary 1 <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a>
-<a href="ftp://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
- <li>Hungary 2 <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a>
-<a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
- <li>Switzerland <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a></li>
- <li>USA2 <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.92.1.tar.bz2">HTTP</a>
-<a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
- <li>Australia <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-0.92.1.tar.bz2">FTP</a></li>
-</ul>
-
-<p>
-MPlayer 1.0pre3try2
-<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2.asc">(PGP signature)</a>
-<a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2.md5">(MD5 checksum)</a>
-can be downloaded from the following sites:
-</p>
-
-<ul>
- <li>Hungary 1 <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a>
-<a href="ftp://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
- <li>Hungary 2 <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a>
-<a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
- <li>Switzerland <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a></li>
- <li>USA2 <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre3try2.tar.bz2">HTTP</a>
-<a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
- <li>Australia <a href="ftp://ftp6.mplayerhq.hu/pub/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2">FTP</a></li>
-</ul>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="arpiton">2004.03.26, Friday :: Leaving MPlayer</a>
- <br><span class="poster">posted by A'rpi</span>
-</h2>
-
-<p>
-I (A'rpi) already left MPlayer G1 a year ago, when 0.90 was released.
-This is not YAML (Yet Another Mplayer Leaving :)), I left G1 dev
-to work on MPlayer G2. Now I'm leaving the whole MPlayer project,
-including G2 development and all the rest, except for MPHQ server
-administration (for technical reasons). I did not read mplayer
-lists (any) since months (except for a few mails pointed to me),
-and I lost the rest of my interest towards MPlayer development.
-</p>
-
-<p>
-About G2, my primary reason of giving up on it was the dual
-licensing issues, discussed recently on the g2-dev list.
-My opinion about GPL was proven again, ie. it doesn't protect us
-against code stealing (see the KiSS issue for example), while
-it keeps project sponsors and companies away. I wanted to make
-G2 to be usable by any program as the standard linux media lib/API,
-but GPL is too strict for this, and all other license options
-were immediately refused by all other (potential) G2 developers.
-Of course G2 can be written as free GPL software (free as RMS:)) too,
-but it will took long, and I have no interest to participate.
-</p>
-
-<p>
-What's now with me? I'm back to some of my old projects, like AMC,
-and I've started a new project about heuristic email virus scanning,
-called <a href="http://mplayerhq.hu/~arpi/pymavis">pymavis</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="poncsotilos">2004.03.10, Wednesday :: Radio interview with Pontscho</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-The hungarian <a href="http://tilos.hu">Tilos Radio</a>'s
-<b>Speedlight</b> program has made a live interview with
-Zoltán Ponekker (Pontscho), one of the MPlayer founders who has
-developed significant parts of MPlayer, most notably the GUI
-(Graphical User Interface).
-</p>
-
-<p>
-Download the interview here (Hungarian):
-<a href="http://mplayerhq.hu/~gabucino/tilos/1800.mp3">1. part</a> |
-<a href="http://mplayerhq.hu/~gabucino/tilos/1830.mp3">2. part</a> |
-<a href="http://mplayerhq.hu/~gabucino/tilos/1900.mp3">3. part</a> |
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="softonicAward2003">2004.03.06, Saturday :: Softonic Multimedia Award Won</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.softonic.com/premios/premios2003_linux.html">
-<img src="../images/softonic2003.png" alt="Softonic Award 2003" width="70" height="70"></a>
-</p>
-
-<p>
-Thanks to our fellow users, we've won another award, this time it is
-<a href="http://www.softonic.com">Softonic's</a> <i>"Mejor Reproductor
-de Vídeo"</i> trophy.
-</p>
-
-<p>
-Thanks for the support!
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="scsi">2004.01.26, Monday :: MPlayerHQ server update: moved to SCSI disks</a>
- <br><span class="poster">posted by Arpi</span>
-</h2>
-
-<p>
-Thanks to the great donations by Charlie (Adaptec 29160 controller)
-and Lupin III (2 x 36GB 10krpm disks), we could finally move OS and
-data (mailing lists, cvs, web etc) to SCSI base,
-hopefully solving the continous stability issues we had with those
-old IBM IDE disks since December. It should also improve speed and
-reaction time of the server.
-</p>
-
-<p>
-Anyway we still have a small problem: the disks have 80-pin (SCA)
-connectors, and the 80-to-68pin converters I could buy here
-don't work in LVD mode, thus limiting bandwith to 40Mb/sec (SE mode).
-It should be enough for our current needs, but if you have 2 pieces of
-spare LVD-capable 80/68 converters, don't hesitate to donate! :)
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="HUPAward2003">2004.01.19, Monday :: HUP Reader's Choice Awards 2003</a>
- <br><span class="poster">posted by Alex</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.hup.hu/modules.php?name=News&file=article&sid=4977">
-<img src="../images/hup2003.png" alt="HUP Reader's Choice Awards 2003" width="100" height="110"></a>
-</p>
-
-<p>
-2003 seems to be the year of MPlayer. Yet another award we got!
-</p>
-
-<p>
-The Hungarian Unix Portal - the biggest Hungarian free software site -
-promoted it's first Reader's Choice Awards in November 2003. Members
-could vote starting on 19th November 2003 until the 20th December 2003.
-</p>
-
-<p>
-For the people, who don't speak Hungarian, here are the results:
-</p>
-
-<ol>
- <li>MPlayer (<b>96%</b>)</li>
- <li>xine (<b>2%</b>)</li>
- <li>VideoLan and avifile - head to head</li>
-</ol>
-
-<p>
-The Hungarian speaking minority could visit the portal:
-<a href="http://www.hup.hu/modules.php?name=News&file=article&sid=4977">article</a>
-about the winners.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="LqAward2003">2004.01.18, Sunday :: LinuxQuestions.org Members Choice Award</a>
- <br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.linuxquestions.org/questions/showthread.php?s=&threadid=116684">
-<img src="../images/LQ-2003MCA-MultimediaApp.png" alt="2003 LinuxQuestions.org Members Choice Award" width="169" height="147"></a>
-</p>
-
-<p>
-<a href="http://www.linuxquestions.org/">LinuxQuestions.org</a> has
-finished voting for its LinuxQuestions.org Members Choice Award and
-MPlayer has been voted
-<a href="http://www.linuxquestions.org/questions/showthread.php?s=&threadid=116684">Multimedia application of the Year</a>.
-</p>
-
-<p>
-MPlayer received 44.61% of the votes, beating
-<a href="http://www.xmms.org">XMMS</a> with 27.90% and
-<a href="http://www.xinehq.de">xine</a> with 17.40%.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="ext2sux">2004.01.15, Thursday :: Mailing lists problem</a>
- <br><span class="poster">posted by Arpi</span>
-</h2>
-
-<p>
-Thanks to the serie of IDE HDD crashes we've got in past weeks,
-some of the mailman config/user databases got corrupted.
-</p>
-
-<p>
-Especially the <b>MPlayer-G2-dev</b> list, which is uncorrectable, so
-I've re-created the list today, and subscribed everyone again, at
-least who subscribed until Aug 15 this year. I have no info
-about member (un)subscribes past that date, as I've disabled the
-notification. Please verify your membership and settings!
-</p>
-
-<p>
-Since the <b>MPlayer-users</b> list also got somehow corrupted,
-several people reported that they either stop receiving mail
-or begin to receive them again despite of their are no longer
-member (they've already unsubscribed). Anyway this list has
-over 1500 members, many of them with broken (bouncing) addresses.
-</p>
-
-<h3>Update:</h3>
-
-<p>
-So, to clean things up, I've created an mplayer-newusers list, but
-Attila Kinali suggested a better method: send a mail asking everyone
-at mplayer-users to subscribe again, mass unsubscribe everyone,
-and then re-create the list.<br>
-So, you have to subscribe again, even if you were already subscribed:
-<a href="http://www.mplayerhq.hu/mailman/listinfo/mplayer-users/">
-SUBSCRIBE</a>.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="kiss05">2004.01.10, Saturday :: Radio interview: KiSS VS MPlayer</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-The Danish National Radio (<a href="http://dr.dk">http://dr.dk</a>) has
-made an interview with me (as MPlayer representative), and
-<a href="http://www.kiss-technology.com">KiSS Technology</a>'s
-managing director
-<a href="mailto:peter.wilmar.christensen at kiss-technology.com">Peter Wilmar Christensen</a>.
-</p>
-
-<p>
-It is going to be broadcasted tonight at 20:35, but it is also
-downloadable from the Internet right now:
-</p>
-
-<ul>
- <li><a href="rtsp://real01.dr.dk/p1/harddisk/040108_kiss-vs-mplayer.rm">streaming</a></li>
- <li><a href="http://mplayerhq.hu/~gabucino/mp-kiss-gabu.rm">downloadable file</a></li>
-</ul>
-
-<p>
-A written article is <a href="http://www.dr.dk/videnskab/harddisken/artikler/2004/kiss-vs-mplayer.asp">also available</a>,
-in Danish.
-</p>
-
-<p>
-We have made a rough english translation of the session (thanks to
-Anders Rune Jensen). <b>Our commentaries can be found at the bottom</b>.
-</p>
-
-<dl>
-<dt>Speaker:</dt>
-<dd>The development of <a href="http://www.mplayerhq.hu">MPlayer</a> was
- started by a little group of Hungarian programmers 3 years ago.</dd>
-
-<dt>Speaker:</dt>
-<dd>We needed a program that could play media files under Linux
-and were so unsatisfied with the existing choices that we started making
-a better alternative - said Gabucino, the spokesperson for the
-<a href="http://www.mplayerhq.hu">MPlayer</a> programmers.</dd>
-
-<dt>Speaker:</dt>
-<dd><a href="http://www.mplayerhq.hu">MPlayer</a> has reached a wide recognition in the Open Source
-community. Gabucino emphasizes the program's stability and ability to
-play many different movie formats as some of the obvious advantages.</dd>
-
-<dt>Speaker:</dt>
-<dd>The trouble with <a href="http://www.kiss-technology.com">KiSS technology</a> started recently when one of
-the MPlayer developers was shopping for a new DVD player
-and went for a product by the Danish company. For fun the programmer
-started looking at the software in the Danish DVD player, the so
-called firmware, and compared it with MPlayer's own code. There were
-enough similarities to take a closer look at the case and make the
-<a href="http://www.mplayerhq.hu">MPlayer</a> team angry - Gabucino said.</dd>
-
-<dt>Speaker:</dt>
-<dd>The specific part of the code in which the similarities are found
-is the one controlling the subtitles when playing movies.
-The reality is that the code doesn't contain anything really brilliant. On
-the contrary, it's very simple. So Gabucino is puzzled why anyone would
-even bother using the code instead of writing it themselves. He
-suggests that it could be laziness on the programmer's side.</dd>
-
-<dt>Speaker:</dt>
-<dd>I think it's actually a very normal thing that programmers
-borrow Open Source code because they are too lazy to write it
-themselves. There have been some cases prior to this which have
-caused quite a lot of trouble. I think there are hundreds of
-examples like this that we just don't hear about - Gabucino said.</dd>
-
-<dt>Speaker:</dt>
-<dd>The <a href="http://www.mplayerhq.hu">MPlayer</a> team has published the accusation of the code
-theft on their website and has tried to document it by listing the
-strings in the code which are identical in the two pieces of software.
-According to Gabucino, there are so many similarities that it's
-unthinkable that this might be a coincidence.</dd>
-
-<dt>Speaker:</dt>
-<dd>Normally this type of code is different depending on who
-implemented it, so, when there are so many identical strings, it's
-obvious that we're dealing with theft, the Hungarians believe.</dd>
-
-<dt>Speaker:</dt>
-<dd>GPL or General Public License which <a href="http://www.mplayerhq.hu">MPlayer</a> is licensed under
-is a very widely used Open Source license, which gives the users
-certain rights and certain duties. Long story short, it is okay to take
-the code from <a href="http://www.mplayerhq.hu">MPlayer</a> and develop it further, as long as the result is
-given back to the community. In this specific example Gabucino and the
-other Hungarians therefore demand that <a href="http://www.kiss-technology.com">KiSS Technology</a> should release
-the software used in its DVD players. And makes it clear that it is
-not a matter of getting some money from the Danish company, but a
-matter of fulfilling the requirements of the GPL and releasing the
-software.</dd>
-
-<dt>Speaker:</dt>
-<dd><a href="http://www.kiss-technology.com">KiSS Technology</a> at first didn't react to the Hungarians'
-inquiry, but after the story began to get large publicity in the
-different net-medias and forums the company began to investigate
-the case this week. There are two main questions: whether
-code from <a href="http://www.mplayerhq.hu">MPlayer</a> really is inside the KiSS software and
-how the licenses of Open Source software should be
-interpreted and applied. Apart from being accused of taking code
-from <a href="http://www.mplayerhq.hu">MPlayer</a>, <a href="http://www.kiss-technology.com">KiSS Technology</a> has also been accused of using other
-Open Source software, but managing director Peter Wilmar Christensen
-denies all accusations with small requisitions. The DVD player from
-<a href="http://www.kiss-technology.com">KiSS</a> uses a modified version of Linux as its operating system and
-that part of the software has been released in accordance with the
-licenses. But <a href="http://www.kiss-technology.com">KiSS</a> proclaims that the programs used in the machines on
-top of the operating system, which enables them to play video and
-music files are the company's own and therefore are not required to be
-released, the managing director Peter Christensen explains.</dd>
-
-<dt>Peter:</dt>
-<dd>I would say that the is no truth to the accusations. In large
-there has been some interest regarding our applications recently and
-around GPL, which is the software used in the Open Source community
-which requires you to publish the source code if you use it. And there
-has been some interest in some of the programs used on our DVD
-players. Something called libmad and libjpg and than this Hungarian
-company <a href="http://www.mplayerhq.hu">MPlayer</a>. On our DVD players we run Linux which is licensed
-under the GPL, we have on our webpage published the operating system
-so that people can download the improved version of Linux that we use.
-The application layer on top of Linux is proprietary and is not based
-on any GPL code. We doesn't use <a href="http://www.mplayerhq.hu">MPlayer</a>, we use our own player, a
-player like we know from Real Player, Microsoft Media Player is the
-application used to display movies. It is a fundamental thing for our
-player, because it's what we are known for, being able to play a wide
-range of different formats.</dd>
-
-<dt>Speaker:</dt>
-<dd>The documentation the Hungarians has presented on their
-website is parts from your code. By simply comparing the strings line
-for line and concludes that they are so identical that this can be no
-coincidence. What is your comment on this?</dd>
-
-<dt>Peter:</dt>
-<dd>We are currently investigating exactly that specific part, how
-that can be and if it's really true what they say. Currently we have
-not investigated it enough to be sure whether or not they are right or
-wrong in their accusations. What is important is that we do not use
-their application (<i>Of course, only the subtitle reader! - Gabucino</i>). Should there be cases where the code is very much
-alike, we have to look at how that could have happened. But we doubt
-that there is any truth to the accusations. There are a lot of things
-that could have happened, one could imagine that code from our
-community has spread to other communities included the Open Source and
-code originating from our player could accordingly be a part of
-<a href="http://www.mplayerhq.hu">MPlayer</a>, if in fact there are any similarities. It can be hard to
-tell how those similarities have supposedly appeared. What is important is that
-we do not use their application. If there are a few identical lines
-then one might ask themselves how that has happened. But it could have just
-as well come from one side as from the other. In any case, we are under no
-circumstances of the opinion that we have borrowed code.</dd>
-
-<dt>Speaker:</dt>
-<dd>Whoever made the code for subtitles in the Hungarian software
-and in the Danish DVD players can be thought of as a minor issue in
-today's world. But what is important is the matter of principles in
-this specific issue and what private companies can allow themselves
-when they use Open Source and on the other hand what the Open Source
-community can expect from the companies. Because of the current case,
-managing director Peter Wilmar Christensen has had a closer look
-at the GPL license and evaluated its legal status.</dd>
-
-<dt>Peter:</dt>
-<dd>We have confirmed what we already knew, that when using code
-licensed under the GPL then we have to publish any derivative work.
-This means that the legal foundation is very thin and there is no
-place in the world that I know of where the GPL has been tested in
-court. So from a business perspective I would say that the license is
-relatively weak. This doesn't change the fundamental spirit in the
-Open Source community which I think - all in all - is positive.
-But it is clear that as a commercial company living off selling its
-product, can not and will not release its proprietary code. It is naturally
-so that one should not use GPL code in proprietary systems.</dd>
-
-<dt>Speaker:</dt>
-<dd>According to Gabucino, the Hungarian software
-developers of <a href="http://www.mplayerhq.hu">MPlayer</a> are glad that
-their accusation against the Danish company has reached the media. </dd>
-
-<dt>Speaker:</dt>
-<dd>As he said, there are no big economical options for
-dragging the case to court. Instead they hope that the Open Source
-community will put so much pressure on KiSS Techonology that they
-will be forced to release all its software.</dd>
-
-<dt>Speaker:</dt>
-<dd>But that is completely out of the question, said the managing
-director Peter Wilmar Christensen, even though he is very keen on
-staying good friends with the Open Source community.</dd>
-
-<dt>Peter:</dt>
-<dd>We don't have any intentions of working against or in another
-way make enemies with the people in this community. We try to tell
-what we use and what guidelines we follow. Have we made any error,
-such as making incorrect descriptions in our manuals then we will of
-course fix those things. It is not so that we in any way want
-confrontation, but we have to make a clear statement that our
-software will not be released as Open Source.</dd>
-
-<dt>Speaker:</dt>
-<dd>What is your conclusion of this case, what will it be after
-this?</dd>
-
-<dt>Peter:</dt>
-<dd>The conclusion will be that the licenses in this area are a good
-description of how one ought to operate within this community. They're
-more of a tool to describe how to operate than a set of rules that can
-be used in court. And I think that the Open Source circles uses far
-too much energy on hunting down private companies like us for
-instance, because it's so obvious that one as a private company simply
-can't release your source code. We appreciate the Linux community very
-much and see it as a good thing for the industry. Generally that there
-is an alternative to the Microsoft community. But we think that the
-community should respect the companies who use Linux and not hunt
-them because I don't think that's beneficial for anyone.</dd>
-</dl>
-
-<p>
-<i>END OF TRANSLATION</i>
-</p>
-
-<p>
-<b>Gabucino's comments</b>: I find it quite disgusting to read so much
-plain lies. It's obvious how companies like KiSS or SCO treat
-open source. Let's read these particular sentences again:
-</p>
-
-<dl>
-<dt>Peter:</dt>
-<dd><i>...There are a lot of things
-that could have happened, one could imagine that code from our
-community has spread to other communities included the Open Source and
-code originating from our player could accordingly be a part of
-<a href="http://www.mplayerhq.hu">MPlayer</a>, if in fact there are any similarities. It can be hard to
-tell how those similarities have supposedly started. What is important is that
-we do not use their application. If there are a few identical lines
-then one might ask themselves how that has happened.</i></dd>
-</dl>
-
-<p>
-It's quite clear that they've never read our News section, because we
-hurried to state they've even stolen <b><i>our own</i></b> subtitle
-file format MPsub (<a href="../../DOCS/HTML/en/subosd.html#mpsub">see our
-specifications</a>).
-</p>
-
-<p>
-Its idea was mine, then I asked <i>laaz</i> if he would be so kind as
-to implement it in MPlayer. Then in 2001 October 12 at 13:51:58 he
-commited the support, as can be
-<a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/subreader.c.diff?r1=1.27&r2=1.28">seen here</a>.
-The format was never spotted in the wild.
-</p>
-
-<p>
-Several things can be concluded:
-</p>
-
-<ol>
- <li><a href="mailto:peter.wilmar.christensen at kiss-technology.com">Mr. Christensen</a>
- never took the time to read our announcements.</li>
- <li><a href="mailto:peter.wilmar.christensen at kiss-technology.com">Mr. Christensen</a>
- suggest they've implemented our subtitle format <i>way before we did it
- ourselves</i>. The KiSS firmwares are all made in 2003, which is - as far
- as I know - a way later year than 2001.</li>
- <li><a href="mailto:peter.wilmar.christensen at kiss-technology.com">Mr. Christensen</a>
- doesn't have the slightest clue about what software his company is using.</li>
- <li>KiSS Technology has strange interpretation problems with
- some sentences, like
- <i>"...We don't have any intentions of working against, or in
- another way make enemies with the people in this (Open
- Source) community."</i></li>
-</ol>
-
-<p>
-Actually we can picture a quite nice representation of their viewpoint,
-especially after seeing their unwillingness to start a conversation
-with us in E-Mail. <a href="http://www.kiss-technology.com">KiSS Technology</a>'s views are:
-</p>
-
-<ol>
- <li><i>"...making our source open to public is out of
- question"</i></li>
- <li>Pressing Microsoft (or Bush)-style PR, like repeating
- their own lies, emphasized again and again: <i>"What is
- important is that we do not use their application."</i></li>
- <li>Spreading <b>FUD</b>: <i>"It can be hard to tell how
- those similarities have supposedly started."</i> Ever heard of
- version control systems?</li>
- <li>Holding good communiqe with the Open Source community:
- <i>"If there are a few identical lines then one might ask
- themselves how that has happened. But it could have just as well
- come from one side as from the other..."</i> The pitful aspect of
- this is that it implies a totally ignorant viewpoint, like
- 'our sources are ours, it's completely obfuscated, but yes,
- our claims are the truth, yours are plain lies'</li>
-</ol>
-
-<p>
-How come companies like KiSS cant'be punished by Law?
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="kiss04">2004.01.07, Wednesday :: Update on KiSS Technology</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-The binaries in KiSS Technology's newer firmwares doesn't seem to
-contain our strings <i>at the first sight</i>.
-First we though they are encrypted, or obfuscated in some other way,
-like an executable packer. Actually these new files are simply
-compressed with gzip. Decompressing them is very simple:
-</p>
-
-<p>
-<code>dd if=fileplayer.bin bs=64 skip=1 | gunzip > fileplayer.bin.decomp</code>
-</p>
-
-<p>
-The strings are still there. Nothing has changed.
-</p>
-
-<p>
-Downloads:
-</p>
-
-<ul>
- <li><a href="http://www.kiss-technology.com/files/firmware/KiSS_DP-1000_FW2.8.0_PAL.zip">a new firmware</a></li>
-</ul>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="kiss03">2004.01.03, Saturday :: Another stolen software in KiSS firmware</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-It has been brought to my attention, that the now famous <i>KiSS
-Technology</i> - already <a href="#kiss01">in violation of the GNU
-General Public License</a> - has been confirmed stealing another
-program which is also completely under the GPL license.
-</p>
-
-<p>
-The software in question is the high-quality MPEG audio codec,
-<a href="http://www.underbit.com/products/mad/">MAD</a> (libmad).
-This codec is used by a lot of other audio players, like
-<a href="http://mpg321.sourceforge.net/">mpg321</a>, a command line
-MP3 player found in most Linux distributions - including Debian.
-</p>
-
-<p>
-The strings from the KiSS firmware (matching
-<a href="ftp://ftp.mars.org/pub/mpeg/libmad-0.15.0b.tar.gz">libmad sources</a>),
-can be <a href="http://mplayerhq.hu/~gabucino/kiss/libmad.str">viewed</a> -
-but you can also check it for yourself, it's really easy.
-</p>
-
-<p>
-And if you do: don't be surprised when you run into <b>more</b> strings -
-which match <a href="http://www.ijg.org">libjpeg</a>'s.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="kiss02">2004.01.03, Saturday :: KiSS Tech comment</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-Before I get another 10 mails about this: the <code>GPL.ZIP</code> file
-which they offer for download on their site contains <i>only the Linux
-kernel and busybox sources</i>, not MPlayer's!
-</p>
-
-<p>
-Thanks.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
- <a name="kiss01">2004.01.02, Friday :: Another GPL violation: KiSS Technology</a>
- <br><span class="poster">posted by Gabucino</span>
-</h2>
-
-<p>
-Basically <a href="http://www.kiss-technology.com">KiSS Technology</a>
-is specialized in particular kinds of media hardware, namely DVD and
-MPEG-4 players,
-set-top-boxes, <a href="http://www.kiss-technology.com/?p=profile&v=company">and such.</a>
-</p>
-
-<p>
-There is nothing wrong with that.
-</p>
-
-<p>
-However, if a careless user initiates a string search in one of their
-firmwares:
-</p>
-
-<p>
-<code>
-$ strings KiSS_DP-508_FW2.7.4_PAL.iso | grep -A 3 -B 6 MPSub<br>
-Microdvd<br>
-Subrip<br>
-Subviewer<br>
-Sami<br>
-Vplayer<br>
-<b>Unknown</b><br>
-<b>MPSub</b><br>
-Subviewer 2.0<br>
-Subrip 0.9<br>
-Jacosub<br>
-</code>
-</p>
-
-<p>
-Running the same command on the MPlayer binary:
-</p>
-
-<p>
-<code>
-$ strings /usr/bin/mplayer | grep -B 8 mpsub -A 4<br>
-<...><br>
-L>microdvd<br>
-subrip<br>
-subviewer<br>
-sami<br>
-vplayer<br>
-dunnowhat<br>
-mpsub<br>
-subviewer 2.0<br>
-subrip 0.9<br>
-jacosub<br>
-<...><br>
-</code>
-</p>
-
-<p>
-You can also check the <a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/subreader.h?rev=1.29&content-type=text/x-cvsweb-markup"><code>subreader.h</code></a>
-or the <a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/subreader.c?rev=1.126&content-type=text/x-cvsweb-markup"><code>subreader.c</code></a>
-files in MPlayer sources.
-</p>
-
-<p>
-As you can see, the KiSS firmware contains the subtitle formats in
-the very same order as we do. The thing that really catches the eye is
-the <b>MPSub</b> format, which is our own subtitle format, which hasn't
-been used anywhere else so far.
-</p>
-
-<p>
-Another nice nit is the <i>"dunnowhat"</i> AKA <i>"unknown"</i>
-subtitle format, whose name remains unknown for us - thus the naming.
-It's the same in KiSS' files.
-</p>
-
-<p>
-This of course is hardly enough for a proof. What really makes it
-a one hundred percent stealing is quite obvious: the sscanf() calls
-which contains the patterns of the subtitle formats known to the subtitle
-parser, in order to identify the chosen subtitle file.
-</p>
-
-<p>
-Let's take an easy example:
-</p>
-
-<pre><code>
-$ strings fileplayer.bin
-<...>
-<SAMI>
-%d:%d:%d.%d %d:%d:%d.%d
-@%d @%d
-%d:%d:%d:
-%d:%d:%d
-Dialogue: Marked
-%d,%d,"%c
-FORMAT=%d
-FORMAT=TIM%c
--->>
-<...>
-</code></pre>
-
-<pre><code>
-$ strings subreader.o
-<...>
-<SAMI>
-%d:%d:%d.%d %d:%d:%d.%d
-@%d @%d
-%d:%d:%d:
-%d:%d:%d
-Dialogue: Marked
-Dialogue:
-%d,%d,"%c
-FORMAT=%d
-FORMAT=TIM%c
--->>
-<...>
-</code></pre>
-
-<p>
-These are the patterns we use to identify a SAMI subtitle file.
-We have one more pattern in our parser, which was commited on
-2003 July 20, in effect of supporting a new subtitle format,
-called "ASS". KiSS Tech's files are missing this one, so they must
-have lifted our code before that date.
-</p>
-
-<p>
-Let's see another:
-</p>
-
-<p>
-<code>
-$ strings fileplayer.bin<br>
-<...><br>
-<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d.%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d:%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
-<...><br>
-</code>
-</p>
-
-<p>
-<code>
-$ strings subreader.o<br>
-<...><br>
-<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d.%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d:%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
-<%*[tT]ime %*[bB]egin="%d:%d.%d" %*[Ee]nd="%d:%d.%d"%*[^<]<clear/>%n<br>
-<...><br>
-</code>
-</p>
-
-<p>
-These are the patterns we use to identify an RT subtitle file.
-</p>
-
-<p>
-<b>Every single one</b> of their patterns match ours! This is not
-coincidence. This is stealing GPL code into a proprietary
-product! KiSS Technology failed to answer our inquiry for their
-source files (which they are obligated to provide), so this news
-entry is posted.
-</p>
-
-<p>
-Downloads:
-</p>
-
-<ul>
- <li><a href="http://www.kiss-technology.com/files/firmware/KiSS_DP-508_FW2.7.4_PAL.zip">KiSS firmware</a></li>
- <li><a href="http://mplayerhq.hu/~gabucino/kiss/kiss-fileplayer.bin.str">KiSS fileplayer strings</a></li>
- <li><a href="http://mplayerhq.hu/~gabucino/kiss/mplayer-subreader.o.str">MPlayer subreader strings</a></li>
-</ul>
-
-</div>
-
<!-- content end -->
More information about the MPlayer-DOCS
mailing list