![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / audio / faad2
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
faad2: update to 2.11.0. 2.11.0: [ Eugène Filin ] * Fix incorrect variable initialization [ Eugene Kliuchnikov ] * CI/CD, build, etc - setup GitHub workflows; test build under MSVC, OSX, MSYS2, Linux - add CMake build system - additionally add Bazel build - remove automake and MSVC project files - add fuzzers that cover almost all decoder code - setup fuzzing for various builds: (no-)FIXED_POINT / (no-)DRM - remove dead code - address differes compilers warnings - move version to distingished place that different build systems can read * "Safe" bugs "Safe" means that it is unlikely to be exploited; those affect the decoded result for (most likely) extreme inputs. Some fixes are useful only for "FIXED_POINT" build, since it has more restrictions on intermediate values. - "negative range" in estimate_current_envelope - integer overflow in channel downmixing - integer overflow in estimate_envelope - integer overflows caused by "practical infinite" gain - integer overflows in HF adjustment code - several "left shift of negative value" - priming RNG to avoid using values that does not look random at all - do not drop the first frame of output; other decoders don't do this - touching uninitialized values in lt_update_state - touching uninitialized values in bit-reader buffers * "Almost Safe" bugs "Almost safe" means that those are unlinkly to be exploited; if those surface depends on build options / environment. - division by zero in HF (noise?) generator and scale factor adjustment - division by zero gen_rand_vector * "Unsafe" bugs "Unsafe" means that those can cause crash, or could somehow else be exploited. - CLI: accessing unallocated memory in mp4info (corrupted / zero-samples input) (CVE-2023-38857) - CLI: out-of-bounds when parsing mp4 header - CLI: crash because of wrong mp4 frame offset calculation (CVE-2023-38857) - error handling rvlc_decode_scale_factors (CPU bomb?) - null pointer dereference (in DRM + PS build) - index-out-of-bounds / stack-buffer-overflow in decode_sce_lfe (for streams with PCE) - stack-buffer-overflow in pns_decode - null pointer derefernce (when channels change their type in the middle of the stream) - infinite loop on currupted stream - add practial limits for scale factors; otherwise calculated NaN/Inf values could confuse further logic, resulting in access-out-of-bounds - check sf_index in window_grouping_info to avoid access-out-of-bounds - clamp bs_pointer values to avoid access-out-of-bounds - infinite loop in fill_element - sanitize input values in ps_mix_phase to avoid access-out-of-bounds - fix internal decoder buffer size calculation to avoid heap-out-of-bounds - calculate channel length multiplier even if main channel is already allocated to avoid heap-out-of-bounds - reserve enough slots for channels in decode_sce_lfe to avoid heap-out-of-bounds [ David Korczynski ] * Fuzzing integration with oss-fuzz [ Steveice10 ] * Add define option to disable SBR/PS support * Fix coefficient table selection in tns_decode_coef
Set BUILDLINK_ABI_DEPENDS correctly (with +=, not ?=) It turns out there were a lot of these.
Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
Bump API and ABI depends versions as API changed between 2.0 and 2.6 meaning that things like vlc will not compile
Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
Aligned the last line of the buildlink3.mk files with the first line, so that they look nicer.
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Recursive revision bump / recommended bump for gettext ABI change.
This change addresses PR#31443 Copy config.h to faad2-config.h. Modify systems.h to refer to faad2-config.h, and install faad2-config.h. This situation is discussed here: http://lists.gnu.org/archive/html/automake/2000-10/msg00114.html Remove the undef of PACKAGE and VERSION, and add a 3rd non-empty argument to AM_INIT_AUTOMAKE. This situation is discussed here: http://lists.gnu.org/archive/html/automake/2000-10/msg00108.html Modify the condition from HAVE_GLIB_H to __G_LIB_H__, which was easier because faad2 doesn't depend on glib. Bump pkgrevision.
This change addresses PR#31443 Install header files in include/faad2 Install include/faad2/config.h Add include/faad2 to search path in buildlink3.mk Since software depending on mp4.h won't be able to build without this change, bump PKGREVISION and update BUILDLINK_DEPENDS.faad2 in buildlink3.mk
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Update to 2.0. There are many changes, but the main user-visible improvement is support for decoding AAC HE files (as generated by iTunes).
Reorder location and setting of BUILDLINK_PACKAGES to match template buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
Convert to buildlink3.mk. Newer libtool demands autoconf-2.50+, so update dependency.