head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.8 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.6 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.4 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.2 pkgsrc-2011Q2-base:1.6 pkgsrc-2010Q1:1.5.0.6 pkgsrc-2010Q1-base:1.5 pkgsrc-2009Q4:1.5.0.4 pkgsrc-2009Q4-base:1.5 pkgsrc-2009Q3:1.5.0.2 pkgsrc-2009Q2:1.3.0.14 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.12 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.10 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.8 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.6 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.4 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.2 pkgsrc-2008Q1:1.2.0.36 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.34 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.32 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.30 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.28 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.26 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.24 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.22 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2 netbsd-1-5-PATCH001:1.1; locks; strict; comment @# @; 1.6 date 2010.04.23.21.45.19; author wiz; state dead; branches; next 1.5; 1.5 date 2009.12.02.12.41.25; author wiz; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2009.07.17.20.28.21; author wiz; state dead; branches; next 1.3; 1.3 date 2008.05.14.16.36.18; author drochner; state Exp; branches 1.3.14.1; next 1.2; 1.2 date 2001.08.08.09.55.29; author lukem; state dead; branches 1.2.36.1; next 1.1; 1.1 date 2001.04.04.07.08.29; author tron; state Exp; branches; next ; 1.5.2.1 date 2009.12.02.12.41.25; author tron; state dead; branches; next 1.5.2.2; 1.5.2.2 date 2009.12.03.10.16.10; author tron; state Exp; branches; next ; 1.3.14.1 date 2009.08.23.10.33.57; author tron; state dead; branches; next ; 1.2.36.1 date 2008.05.22.13.54.10; author ghen; state Exp; branches; next ; desc @@ 1.6 log @Update to 1.3.1: libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)" * tweak + minor arithmetic fix in floor1 fit * revert noise norm to conservative 1.2.3 behavior pending more listening testing libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot * Optimized surround support for 5.1 encoding at 44.1/48kHz * Added encoder control call to disable channel coupling * Correct an overflow bug in very low-bitrate encoding on 32 bit machines that caused inflated bitrates * Numerous API hardening, leak and build fixes * Correct bug in 22kHz compand setup that could cause a crash * Correct bug in 16kHz codebooks that could cause unstable pure tones at high bitrates @ text @$NetBSD: patch-ab,v 1.5 2009/12/02 12:41:25 wiz Exp $ SVN 16326. --- lib/backends.h.orig 2009-07-09 09:12:08.000000000 +0000 +++ lib/backends.h @@@@ -111,7 +111,7 @@@@ typedef struct vorbis_info_residue0{ int partitions; /* possible codebooks for a partition */ int groupbook; /* huffbook for partitioning */ int secondstages[64]; /* expanded out to pointers in lookup */ - int booklist[256]; /* list of second stage books */ + int booklist[512]; /* list of second stage books */ const float classmetric1[64]; const float classmetric2[64]; @ 1.5 log @Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.5.2.1 log @file patch-ab was added on branch pkgsrc-2009Q3 on 2009-12-03 10:16:10 +0000 @ text @d1 15 @ 1.5.2.2 log @Pullup ticket #2943 - requested by wiz libvorbis: security patch Revisions pulled up: - audio/libvorbis/Makefile 1.49 - audio/libvorbis/distinfo 1.18 - audio/libvorbis/patches/patch-aa 1.5 - audio/libvorbis/patches/patch-ab 1.5 --- Module Name: pkgsrc Committed By: wiz Date: Wed Dec 2 12:41:25 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile distinfo Added Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab Log Message: Apply some possible security fixes from upstream SVN. Glanced from links in mozilla advisory http://www.mozilla.org/security/announce/2009/mfsa2009-63.html and Fedora Core patches for 1.2.0. Bump PKGREVISION. @ text @a0 15 $NetBSD$ SVN 16326. --- lib/backends.h.orig 2009-07-09 09:12:08.000000000 +0000 +++ lib/backends.h @@@@ -111,7 +111,7 @@@@ typedef struct vorbis_info_residue0{ int partitions; /* possible codebooks for a partition */ int groupbook; /* huffbook for partitioning */ int secondstages[64]; /* expanded out to pointers in lookup */ - int booklist[256]; /* list of second stage books */ + int booklist[512]; /* list of second stage books */ const float classmetric1[64]; const float classmetric2[64]; @ 1.4 log @Update to 1.2.3. Set LICENSE. Two of the patches were from upstream CVS, the other two are not needed any longer because the configure script was improved. libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" * Improved robustness with corrupt streams. * New ov_read_filter() vorbisfile call allows filtering decoded audio as floats before converting to integer samples. * Fix an encoder bug with multichannel streams. * Replaced RTP payload format draft with RFC 5215. * Bare bones self test under 'make check'. * Fix a problem encoding some streams between 14 and 28 kHz. * Fix a numerical instability in the edge extrapolation filter. * Build system improvements. * Specification correction. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2008/05/14 16:36:18 drochner Exp $ d3 10 a12 5 --- ./lib/codebook.c.orig 2008-05-14 18:17:20.000000000 +0200 +++ ./lib/codebook.c @@@@ -159,6 +159,8 @@@@ int vorbis_staticbook_unpack(oggpack_buf s->entries=oggpack_read(opb,24); if(s->entries==-1)goto _eofout; d14 2 a15 14 + if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout; + /* codeword ordering.... length ordered or unordered? */ switch((int)oggpack_read(opb,1)){ case 0: @@@@ -225,7 +227,7 @@@@ int vorbis_staticbook_unpack(oggpack_buf int quantvals=0; switch(s->maptype){ case 1: - quantvals=_book_maptype1_quantvals(s); + quantvals=(s->dim==0?0:_book_maptype1_quantvals(s)); break; case 2: quantvals=s->entries*s->dim; @ 1.3 log @pull some patches from upstream CVS to fix integer overflows / buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423), bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.3.14.1 log @Pullup ticket #2871 - requested by wiz libvorbis: security update Revisions pulled up: - audio/libvorbis/Makefile 1.48 - audio/libvorbis/PLIST 1.10 - audio/libvorbis/distinfo 1.17 - audio/libvorbis/patches/patch-aa delete - audio/libvorbis/patches/patch-ab delete - audio/libvorbis/patches/patch-ac delete - audio/libvorbis/patches/patch-ad delete --- Module Name: pkgsrc Committed By: wiz Date: Fri Jul 17 20:28:21 UTC 2009 Modified Files: pkgsrc/audio/libvorbis: Makefile PLIST distinfo Removed Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab patch-ac patch-ad Log Message: Update to 1.2.3. Set LICENSE. Two of the patches were from upstream CVS, the other two are not needed any longer because the configure script was improved. libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" * Improved robustness with corrupt streams. * New ov_read_filter() vorbisfile call allows filtering decoded audio as floats before converting to integer samples. * Fix an encoder bug with multichannel streams. * Replaced RTP payload format draft with RFC 5215. * Bare bones self test under 'make check'. * Fix a problem encoding some streams between 14 and 28 kHz. * Fix a numerical instability in the edge extrapolation filter. * Build system improvements. * Specification correction. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2008/05/14 16:36:18 drochner Exp $ @ 1.2 log @update libvorbis from 1.0beta4 -> 1.0rc1, including removing a bunch of patches which are now in the mainline code @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.1 2001/04/04 07:08:29 tron Exp $ d3 5 a7 3 --- configure.in.orig Fri Mar 30 02:02:35 2001 +++ configure.in Fri Mar 30 02:10:16 2001 @@@@ -162,6 +162,7 @@@@ dnl ------------------------------------ d9 14 a22 6 AC_FUNC_ALLOCA AC_FUNC_MEMCMP +AC_CHECK_FUNCS(sqrtf) dnl -------------------------------------------------- dnl Do substitutions @ 1.2.36.1 log @Pullup ticket 2393 - requested by drochner security fixes for libvorbis - pkgsrc/audio/libvorbis/Makefile 1.47 - pkgsrc/audio/libvorbis/distinfo 1.15 - pkgsrc/audio/libvorbis/patches/patch-aa 1.3 - pkgsrc/audio/libvorbis/patches/patch-ab 1.3 Module Name: pkgsrc Committed By: drochner Date: Wed May 14 16:36:18 UTC 2008 Modified Files: pkgsrc/audio/libvorbis: Makefile distinfo Added Files: pkgsrc/audio/libvorbis/patches: patch-aa patch-ab Log Message: pull some patches from upstream CVS to fix integer overflows / buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423), bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 5 --- ./lib/codebook.c.orig 2008-05-14 18:17:20.000000000 +0200 +++ ./lib/codebook.c @@@@ -159,6 +159,8 @@@@ int vorbis_staticbook_unpack(oggpack_buf s->entries=oggpack_read(opb,24); if(s->entries==-1)goto _eofout; d7 6 a12 14 + if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout; + /* codeword ordering.... length ordered or unordered? */ switch((int)oggpack_read(opb,1)){ case 0: @@@@ -225,7 +227,7 @@@@ int vorbis_staticbook_unpack(oggpack_buf int quantvals=0; switch(s->maptype){ case 1: - quantvals=_book_maptype1_quantvals(s); + quantvals=(s->dim==0?0:_book_maptype1_quantvals(s)); break; case 2: quantvals=s->entries*s->dim; @ 1.1 log @Make this package work under Solaris. The patches were contributed by Christian Weisgerber in private e-mail. @ text @d1 1 a1 1 $NetBSD$ @