head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.8 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.6 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.4 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.2 pkgsrc-2011Q2-base:1.6 pkgsrc-2010Q1:1.5.0.6 pkgsrc-2010Q1-base:1.5 pkgsrc-2009Q4:1.5.0.4 pkgsrc-2009Q4-base:1.5 pkgsrc-2009Q3:1.5.0.2 pkgsrc-2009Q2:1.3.0.14 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.12 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.10 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.8 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.6 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.4 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.2 pkgsrc-2008Q1:1.2.0.36 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.34 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.32 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.30 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.28 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.26 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.24 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.22 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2 netbsd-1-5-PATCH001:1.1; locks; strict; comment @# @; 1.6 date 2010.04.23.21.45.19; author wiz; state dead; branches; next 1.5; 1.5 date 2009.12.02.12.41.25; author wiz; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2009.07.17.20.28.21; author wiz; state dead; branches; next 1.3; 1.3 date 2008.05.14.16.36.18; author drochner; state Exp; branches 1.3.14.1; next 1.2; 1.2 date 2001.08.08.09.55.28; author lukem; state dead; branches 1.2.36.1; next 1.1; 1.1 date 2001.03.21.15.47.28; author wiz; state Exp; branches; next ; 1.5.2.1 date 2009.12.02.12.41.25; author tron; state dead; branches; next 1.5.2.2; 1.5.2.2 date 2009.12.03.10.16.10; author tron; state Exp; branches; next ; 1.3.14.1 date 2009.08.23.10.33.57; author tron; state dead; branches; next ; 1.2.36.1 date 2008.05.22.13.54.10; author ghen; state Exp; branches; next ; desc @@ 1.6 log @Update to 1.3.1: libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)" * tweak + minor arithmetic fix in floor1 fit * revert noise norm to conservative 1.2.3 behavior pending more listening testing libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot * Optimized surround support for 5.1 encoding at 44.1/48kHz * Added encoder control call to disable channel coupling * Correct an overflow bug in very low-bitrate encoding on 32 bit machines that caused inflated bitrates * Numerous API hardening, leak and build fixes * Correct bug in 22kHz compand setup that could cause a crash * Correct bug in 16kHz codebooks that could cause unstable pure tones at high bitrates @ text @$NetBSD: patch-aa,v 1.5 2009/12/02 12:41:25 wiz Exp $ SVN r16957 --- lib/codebook.c.orig 2009-07-09 09:12:08.000000000 +0000 +++ lib/codebook.c @@@@ -198,6 +198,7 @@@@ int vorbis_staticbook_unpack(oggpack_buf for(i=0;ientries;){ long num=oggpack_read(opb,_ilog(s->entries-i)); if(num==-1)goto _eofout; + if(length>32)goto _errout; for(j=0;jentries;j++,i++) s->lengthlist[i]=length; length++; @ 1.5 log @Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.5.2.1 log @file patch-aa was added on branch pkgsrc-2009Q3 on 2009-12-03 10:16:10 +0000 @ text @d1 14 @ 1.5.2.2 log @Pullup ticket #2943 - requested by wiz libvorbis: security patch Revisions pulled up: - audio/libvorbis/Makefile 1.49 - audio/libvorbis/distinfo 1.18 - audio/libvorbis/patches/patch-aa 1.5 - audio/libvorbis/patches/patch-ab 1.5 --- Module Name: pkgsrc Committed By: wiz Date: Wed Dec 2 12:41:25 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile distinfo Added Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab Log Message: Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION. @ text @a0 14 $NetBSD$ SVN r16957 --- lib/codebook.c.orig 2009-07-09 09:12:08.000000000 +0000 +++ lib/codebook.c @@@@ -198,6 +198,7 @@@@ int vorbis_staticbook_unpack(oggpack_buf for(i=0;ientries;){ long num=oggpack_read(opb,_ilog(s->entries-i)); if(num==-1)goto _eofout; + if(length>32)goto _errout; for(j=0;jentries;j++,i++) s->lengthlist[i]=length; length++; @ 1.4 log @Update to 1.2.3. Set LICENSE. Two of the patches were from upstream CVS, the other two are not needed any longer because the configure script was improved. libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" * Improved robustness with corrupt streams. * New ov_read_filter() vorbisfile call allows filtering decoded audio as floats before converting to integer samples. * Fix an encoder bug with multichannel streams. * Replaced RTP payload format draft with RFC 5215. * Bare bones self test under 'make check'. * Fix a problem encoding some streams between 14 and 28 kHz. * Fix a numerical instability in the edge extrapolation filter. * Build system improvements. * Specification correction. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.3 2008/05/14 16:36:18 drochner Exp $ d3 12 a14 32 --- ./lib/res0.c.orig 2007-07-24 02:09:47.000000000 +0200 +++ ./lib/res0.c @@@@ -223,6 +223,20 @@@@ vorbis_info_residue *res0_unpack(vorbis_ for(j=0;jbooklist[j]>=ci->books)goto errout; + /* verify the phrasebook is not specifying an impossible or + inconsistent partitioning scheme. */ + { + int entries = ci->book_param[info->groupbook]->entries; + int dim = ci->book_param[info->groupbook]->dim; + int partvals = 1; + while(dim>0){ + partvals *= info->partitions; + if(partvals > entries) goto errout; + dim--; + } + if(partvals != entries) goto errout; + } + return(info); errout: res0_free_info(info); @@@@ -263,7 +277,7 @@@@ vorbis_look_residue *res0_look(vorbis_ds } } - look->partvals=rint(pow((float)look->parts,(float)dim)); + look->partvals=look->phrasebook->entries; look->stages=maxstage; look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap)); for(j=0;jpartvals;j++){ @ 1.3 log @pull some patches from upstream CVS to fix integer overflows / buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423), bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.3.14.1 log @Pullup ticket #2871 - requested by wiz libvorbis: security update Revisions pulled up: - audio/libvorbis/Makefile 1.48 - audio/libvorbis/PLIST 1.10 - audio/libvorbis/distinfo 1.17 - audio/libvorbis/patches/patch-aa delete - audio/libvorbis/patches/patch-ab delete - audio/libvorbis/patches/patch-ac delete - audio/libvorbis/patches/patch-ad delete --- Module Name: pkgsrc Committed By: wiz Date: Fri Jul 17 20:28:21 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile PLIST distinfo Removed Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab patch-ac patch-ad Log Message: Update to 1.2.3. Set LICENSE. Two of the patches were from upstream CVS, the other two are not needed any longer because the configure script was improved. libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" * Improved robustness with corrupt streams. * New ov_read_filter() vorbisfile call allows filtering decoded audio as floats before converting to integer samples. * Fix an encoder bug with multichannel streams. * Replaced RTP payload format draft with RFC 5215. * Bare bones self test under 'make check'. * Fix a problem encoding some streams between 14 and 28 kHz. * Fix a numerical instability in the edge extrapolation filter. * Build system improvements. * Specification correction. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.3 2008/05/14 16:36:18 drochner Exp $ @ 1.2 log @update libvorbis from 1.0beta4 -> 1.0rc1, including removing a bunch of patches which are now in the mainline code @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1 2001/03/21 15:47:28 wiz Exp $ d3 5 a7 4 --- lib/psy.c.orig Mon Feb 26 05:37:59 2001 +++ lib/psy.c @@@@ -191,7 +191,7 @@@@ p->total_octave_lines=maxoc-p->firstoc+1; d9 26 a34 6 p->ath=_ogg_malloc(n*sizeof(float)); - p->octave=_ogg_malloc(n*sizeof(int)); + p->octave=_ogg_malloc(n*sizeof(long)); p->bark=_ogg_malloc(n*sizeof(float)); p->vi=vi; p->n=n; @ 1.2.36.1 log @Pullup ticket 2393 - requested by drochner security fixes for libvorbis - pkgsrc/audio/libvorbis/Makefile 1.47 - pkgsrc/audio/libvorbis/distinfo 1.15 - pkgsrc/audio/libvorbis/patches/patch-aa 1.3 - pkgsrc/audio/libvorbis/patches/patch-ab 1.3 Module Name: pkgsrc Committed By: drochner Date: Wed May 14 16:36:18 UTC 2008 Modified Files: pkgsrc/audio/libvorbis: Makefile distinfo Added Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab Log Message: pull some patches from upstream CVS to fix integer overflows / buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423), bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 5 --- ./lib/res0.c.orig 2007-07-24 02:09:47.000000000 +0200 +++ ./lib/res0.c @@@@ -223,6 +223,20 @@@@ vorbis_info_residue *res0_unpack(vorbis_ for(j=0;jbooklist[j]>=ci->books)goto errout; d8 6 a13 26 + /* verify the phrasebook is not specifying an impossible or + inconsistent partitioning scheme. */ + { + int entries = ci->book_param[info->groupbook]->entries; + int dim = ci->book_param[info->groupbook]->dim; + int partvals = 1; + while(dim>0){ + partvals *= info->partitions; + if(partvals > entries) goto errout; + dim--; + } + if(partvals != entries) goto errout; + } + return(info); errout: res0_free_info(info); @@@@ -263,7 +277,7 @@@@ vorbis_look_residue *res0_look(vorbis_ds } } - look->partvals=rint(pow((float)look->parts,(float)dim)); + look->partvals=look->phrasebook->entries; look->stages=maxstage; look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap)); for(j=0;jpartvals;j++){ @ 1.1 log @Add a patch forwarded from the Xiphophorus CVS repository by Christian Weisgerber: Fixes encoder core dumps on 64-bit architectures. @ text @d1 1 a1 1 $NetBSD$ @