![[BACK]](/icons/back.gif){kind=icon}
Up to [NetBSD + pkgsrc-wip] / pkgsrc / audio / libvorbis
Request diff between arbitrary revisions - Display revisions graphically
Keyword substitution: kv
Default branch: MAIN
update to 1.3.3 integrates the fix for CVE-2012-0444
Pullup ticket #3684 - requested by drochner
audio/libvorbis: security patch
Revisions pulled up:
- audio/libvorbis/Makefile 1.52
- audio/libvorbis/distinfo 1.21
- audio/libvorbis/patches/patch-CVE-2012-0444 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Feb 17 12:23:24 UTC 2012
Modified Files:
pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
pkgsrc/audio/libvorbis/patches: patch-CVE-2012-0444
Log Message:
add patch from upstream to fix possible memory corruption by
malicious Ogg Vorbis files
bump PKGREV
add patch from upstream to fix possible memory corruption by malicious Ogg Vorbis files bump PKGREV
Changes 1.3.2: * vorbis: additional proofing against invalid/malicious streams in floor, residue, and bos/eos packet trimming code (see SVN for details). * vorbis: Added programming documentation tree for the low-level calls * vorbisfile: Correct handling of serial numbers array element [0] on non-seekable streams * vorbisenc: Back out an [old] AoTuV HF weighting that was first enabled in 1.3.0; there are a few samples where I really don't like the effect it causes. * vorbis: return correct timestamp for granule positions with high bit set. * vorbisfile: the [undocumented] half-rate decode api made no attempt to keep the pcm offset tracking consistent in seeks. Fix and add a testing mode to seeking_example.c to torture test seeking in halfrate mode. Also remove requirement that halfrate mode only work with seekable files. * vorbisfile: Fix a chaining bug in raw_seeks where seeking out of the current link would fail due to not reinitializing the decode machinery. * vorbisfile: improve seeking strategy. Reduces the necessary number of seek callbacks in an open or seek operation by well over 2/3.
Update to 1.3.1: libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)" * tweak + minor arithmetic fix in floor1 fit * revert noise norm to conservative 1.2.3 behavior pending more listening testing libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot * Optimized surround support for 5.1 encoding at 44.1/48kHz * Added encoder control call to disable channel coupling * Correct an overflow bug in very low-bitrate encoding on 32 bit machines that caused inflated bitrates * Numerous API hardening, leak and build fixes * Correct bug in 22kHz compand setup that could cause a crash * Correct bug in 16kHz codebooks that could cause unstable pure tones at high bitrates
Pullup ticket #2943 - requested by wiz libvorbis: security patch Revisions pulled up: - audio/libvorbis/Makefile 1.49 - audio/libvorbis/distinfo 1.18 - audio/libvorbis/patches/patch-aa 1.5 - audio/libvorbis/patches/patch-ab 1.5 --- Module Name: pkgsrc Committed By: wiz Date: Wed Dec 2 12:41:25 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile distinfo Added Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab Log Message: Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION.
Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION.
Pullup ticket #2871 - requested by wiz libvorbis: security update Revisions pulled up: - audio/libvorbis/Makefile 1.48 - audio/libvorbis/PLIST 1.10 - audio/libvorbis/distinfo 1.17 - audio/libvorbis/patches/patch-aa delete - audio/libvorbis/patches/patch-ab delete - audio/libvorbis/patches/patch-ac delete - audio/libvorbis/patches/patch-ad delete --- Module Name: pkgsrc Committed By: wiz Date: Fri Jul 17 20:28:21 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile PLIST distinfo Removed Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab patch-ac patch-ad Log Message: Update to 1.2.3. Set LICENSE. Two of the patches were from upstream CVS, the other two are not needed any longer because the configure script was improved. libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" * Improved robustness with corrupt streams. * New ov_read_filter() vorbisfile call allows filtering decoded audio as floats before converting to integer samples. * Fix an encoder bug with multichannel streams. * Replaced RTP payload format draft with RFC 5215. * Bare bones self test under 'make check'. * Fix a problem encoding some streams between 14 and 28 kHz. * Fix a numerical instability in the edge extrapolation filter. * Build system improvements. * Specification correction.
Update to 1.2.3. Set LICENSE. Two of the patches were from upstream CVS, the other two are not needed any longer because the configure script was improved. libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" * Improved robustness with corrupt streams. * New ov_read_filter() vorbisfile call allows filtering decoded audio as floats before converting to integer samples. * Fix an encoder bug with multichannel streams. * Replaced RTP payload format draft with RFC 5215. * Bare bones self test under 'make check'. * Fix a problem encoding some streams between 14 and 28 kHz. * Fix a numerical instability in the edge extrapolation filter. * Build system improvements. * Specification correction.
PR 37177: Raymond Meyer: gcc no longer supports -mv8 on Solaris. Build fix; no version bump.
Pullup ticket 2393 - requested by drochner
security fixes for libvorbis
- pkgsrc/audio/libvorbis/Makefile 1.47
- pkgsrc/audio/libvorbis/distinfo 1.15
- pkgsrc/audio/libvorbis/patches/patch-aa 1.3
- pkgsrc/audio/libvorbis/patches/patch-ab 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 14 16:36:18 UTC 2008
Modified Files:
pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
pkgsrc/audio/libvorbis/patches: patch-aa patch-ab
Log Message:
pull some patches from upstream CVS to fix integer overflows /
buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423),
bump PKGREVISION
pull some patches from upstream CVS to fix integer overflows / buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423), bump PKGREVISION
Update to 1.2.0: libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622" * new ov_fopen() convenience call that avoids the common stdio conflicts with ov_open() and MSVC runtimes. * libvorbisfile now handles multiplexed streams * improve robustness to corrupt input streams * fix a minor encoder bug * updated RTP draft * build system updates * minor corrections to the specification
Update to 1.1.2: libvorbis 1.1.2 (2005-11-27) -- "Xiph.Org libVorbis I 20050304" * fix a serious encoder bug with gcc 4 optimized builds * documentation and spec fixes * updated VS2003 and XCode builds * new draft RTP encapsulation spec
Update to 1.1.1. This releases includes some bug and documentation fixes, but no new encoder modes.
Add RMD160 digests to the SHA1 ones.
Update to 1.1.0: libvorbis 1.1.0 (2004-09-22) -- "Xiph.Org libVorbis I 20040629" * merges tuning improvements from Aoyumi's aoTuV with fixups * new managed bitrate (CBR) mode support * new vorbis_encoder_ctl() interface * extensive documentation updates * application/ogg mimetype is now official * autotools cleanup from Thomas Vander Stichele * SymbianOS build support from Colin Ward at CSIRO * various bugfixes * various packaging improvements Package change: install documentation in share/doc instead of share/doc/html.
Update to 1.0.1:
* Corrects errors in the Vorbis specification documentation.
* Specification converted to DocBook format.
* Added timebase conversion call to libvorbis.
* Fixes ov_time_tell() bug for non-seekable streams.
* Various decoding fixes.
* Addition of ov_crosslap() which allows smooth transitions between
two vorbis segments.
* Numerous seeking fixes and optimizations.
* Fixed bugs affecting decode of one-audio-page samples.
* Added ov_halfrate() which allows a "free" conversion from the
source sample rate to half of the source rate.
* Improved handling of quiet signals in low bitrate modes
Merge changes in packages from the buildlink2 branch that have buildlink2.mk files back into the main trunk. This provides sufficient buildlink2 infrastructure to start merging other packages from the buildlink2 branch that have already been converted to use the buildlink2 framework.
Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files.
Update to libvorbis 1.0.
Update from 1.0.0.6 (1.0 rc2) to 1.0.0.7 (1.0 rc3). No real notable changes.
update from libvorbis-1.0rc1 to libvorbis-1.0rc2. changes: * Powerful channel coupling system takes advantage of similarities between channels to reduce bitrate. * Additional encoding modes give more flexibility in bitrate selection. 64,80,96,128,160,192,256,350 stereo; 32,48,64,80,112,140 mono modes. * Only 44.1KHz/48KHz is officially supported in this release. Lower sample rates will work, but with much lower quality. * Cascaded encoding makes libvorbis ready for future bitrate reduction tools. * Decode engine bugfix ensures better compatibility with future Vorbis codecs.
update libvorbis from 1.0beta4 -> 1.0rc1, including removing a bunch of patches which are now in the mainline code
Install html documentation in share/doc/html instead of share/doc. By Dieter Baron.
Move to sha1 digests, and add distfile sizes.
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo