Commit graph

90 commits

Author SHA1 Message Date
adam
db7bd0983f libvorbis: updated to 1.3.7
libvorbis 1.3.7
* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Update Visual Studio projects for ogg library filename change.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add gitlab CI support.
* Add OSS-Fuzz support.
* Build system and integration updates.
2020-07-06 15:32:47 +00:00
snj
effdc9b92c audio/libvorbis: Fix CVE-2017-14160, CVE-2018-10392, and CVE-2018-10393.
Bump PKGREVISION to 1.
2018-08-06 13:25:38 +00:00
maya
108f499e29 libvorbis: add test target. 2018-03-16 20:37:10 +00:00
maya
256af02bf5 libvorbis: update to 1.3.6. security fix.
libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes
2018-03-16 20:23:53 +00:00
rillig
17e39f419d Fix indentation in buildlink3.mk files.
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
2018-01-07 13:03:53 +00:00
wiz
a1e4174a9c Follow some http redirects. 2017-08-16 20:21:03 +00:00
agc
b734eb2ebf Add SHA512 digests for distfiles for audio category
Problems found with existing distfiles:
	/pub/pkgsrc/distfiles/amp-0.7.6.tgz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-32000-1.0.8.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-48000-1.0.8.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-32000-1.0.22.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-48000-1.0.22.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-16000-1.0.12.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.12.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.12.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-8000-1.0.12.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.13.tar.gz
	/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.13.tar.gz
	/pub/pkgsrc/distfiles/kid3-3.3.0.tar.gz
	/pub/pkgsrc/distfiles/libdca-0.0.5.tar.bz2
	/pub/pkgsrc/distfiles/mp3to.gz
	/pub/pkgsrc/distfiles/squeezeboxserver-7.5.1-noCPAN.tgz
No changes made to these file.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 01:12:23 +00:00
wiz
57a46e73ef Update to 1.3.5:
libvorbis 1.3.5 (unreleased) -- "Xiph.Org libVorbis I 20150105 ()"

* Tolerate single-entry codebooks.
* Fix decoder crash with invalid input.
* Fix encoder crash with non-positive sample rates.
# Fix issues in vorbisfile's seek bisection code.
* Spec errata.
* Reject multiple headers of the same type.
* Various build fixes and code cleanup.
2015-03-09 08:14:23 +00:00
wiz
cda18437be Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
wiz
5ecd10ddd5 Update to 1.3.4:
Xiph.Org is pleased to announce a full release of libvorbis 1.3.4.
The primary feature of this release is reduced static data size in
libvorbisenc, as well as associated minor changes required to
libvorbis and libvorbisfile. The release also contains minor build
fixes and build system updates. There are no functional changes
over the previous 1.3.3 release.
2014-01-27 20:17:01 +00:00
asau
2fead99d50 "user-destdir" is default these days 2012-09-11 23:59:21 +00:00
wiz
e59fff7958 Reset maintainer, do not use it much any longer. 2012-03-05 13:15:06 +00:00
drochner
bf7ee332a5 update to 1.3.3
integrates the fix for CVE-2012-0444
2012-02-21 13:05:57 +00:00
drochner
1010b98970 add patch from upstream to fix possible memory corruption by
malicious Ogg Vorbis files
bump PKGREV
2012-02-17 12:23:24 +00:00
adam
15a004be96 Changes 1.3.2:
* vorbis: additional proofing against invalid/malicious
  streams in floor, residue, and bos/eos packet trimming
  code (see SVN for details).
* vorbis: Added programming documentation tree for the
  low-level calls
* vorbisfile: Correct handling of serial numbers array
  element [0] on non-seekable streams
* vorbisenc: Back out an [old] AoTuV HF weighting that was
  first enabled in 1.3.0; there are a few samples where I
  really don't like the effect it causes.
* vorbis: return correct timestamp for granule positions
  with high bit set.
* vorbisfile: the [undocumented] half-rate decode api made no
  attempt to keep the pcm offset tracking consistent in seeks.
  Fix and add a testing mode to seeking_example.c to torture
  test seeking in halfrate mode.  Also remove requirement that
  halfrate mode only work with seekable files.
* vorbisfile:  Fix a chaining bug in raw_seeks where seeking
  out of the current link would fail due to not
  reinitializing the decode machinery.
* vorbisfile: improve seeking strategy. Reduces the
  necessary number of seek callbacks in an open or seek
  operation by well over 2/3.
2010-11-09 13:12:11 +00:00
wiz
f299d8f8e4 Update to 1.3.1:
libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)"

 * tweak + minor arithmetic fix in floor1 fit
 * revert noise norm to conservative 1.2.3 behavior pending
   more listening testing

libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot

 * Optimized surround support for 5.1 encoding at 44.1/48kHz
 * Added encoder control call to disable channel coupling
 * Correct an overflow bug in very low-bitrate encoding on 32 bit
   machines that caused inflated bitrates
 * Numerous API hardening, leak and build fixes
 * Correct bug in 22kHz compand setup that could cause a crash
 * Correct bug in 16kHz codebooks that could cause unstable pure
   tones at high bitrates
2010-04-23 21:45:19 +00:00
wiz
d023b33cd9 Apply some possible security fixes from upstream SVN.
Glanced from links in mozilla advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
and Fedora Core patches for 1.2.0.

Bump PKGREVISION.
2009-12-02 12:41:25 +00:00
wiz
9f2f62939b Update to 1.2.3. Set LICENSE.
Two of the patches were from upstream CVS, the other two are not needed
any longer because the configure script was improved.

libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709"

 * correct a vorbisfile bug that prevented proper playback of
   Vorbis files where all audio in a logical stream is in a
   single page
 * Additional decode setup hardening against malicious streams
 * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who
   wish to avoid avoid unused symbol warnings from the static
   callbacks defined in vorbisfile.h

libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624"

 * define VENDOR and ENCODER strings
 * seek correctly in files bigger than 2 GB (Windows)
 * fix regression from CVE-2008-1420; 1.0b1 files work again
 * mark all tables as constant to reduce memory occupation
 * additional decoder hardening against malicious streams
 * substantially reduce amount of seeking performed by Vorbisfile
 * Multichannel decode bugfix
 * build system updates
 * minor specification clarifications/fixes

libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501"

 * Improved robustness with corrupt streams.
 * New ov_read_filter() vorbisfile call allows filtering decoded
   audio as floats before converting to integer samples.
 * Fix an encoder bug with multichannel streams.
 * Replaced RTP payload format draft with RFC 5215.
 * Bare bones self test under 'make check'.
 * Fix a problem encoding some streams between 14 and 28 kHz.
 * Fix a numerical instability in the edge extrapolation filter.
 * Build system improvements.
 * Specification correction.
2009-07-17 20:28:21 +00:00
joerg
e209761d06 Remove @dirrm entries from PLISTs 2009-06-14 17:28:16 +00:00
dholland
dd566c6fb5 PR 37177: Raymond Meyer: gcc no longer supports -mv8 on Solaris.
Build fix; no version bump.
2009-05-18 04:42:44 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
drochner
ef8ece7326 pull some patches from upstream CVS to fix integer overflows /
buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423),
bump PKGREVISION
2008-05-14 16:36:18 +00:00
wiz
6f7addf524 Update to 1.2.0:
libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622"

 * new ov_fopen() convenience call that avoids the common
   stdio conflicts with ov_open() and MSVC runtimes.
 * libvorbisfile now handles multiplexed streams
 * improve robustness to corrupt input streams
 * fix a minor encoder bug
 * updated RTP draft
 * build system updates
 * minor corrections to the specification
2007-07-28 07:58:48 +00:00
joerg
7f279c69f3 DESTDIR support. 2006-11-02 17:59:37 +00:00
wiz
6f9bd56547 Update MASTER_SITES and HOMEPAGE, from Sergey Svishchev. 2006-10-04 20:44:18 +00:00
jlam
c16221a4db Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.

For example, "make show-buildlink3" in fonts/Xft2 displays:

	zlib
	fontconfig
	    iconv
	    zlib
	    freetype2
	    expat
	freetype2
	Xrender
	    renderproto
2006-07-08 23:10:35 +00:00
jlam
9430e49307 Track information in a new variable BUILDLINK_ORDER that informs us
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
2006-07-08 22:38:58 +00:00
wiz
18cedddf4b Take maintainership. 2006-06-15 13:34:27 +00:00
lukem
eb5046567d Reset MAINTAINER; I don't have the time nor inclination to maintain
these any more.
2006-04-22 07:32:24 +00:00
rillig
96fc47c14f Aligned the last line of the buildlink3.mk files with the first line, so
that they look nicer.
2006-04-12 10:26:59 +00:00
reed
5abef9be14 Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).
2006-04-06 06:21:32 +00:00
wiz
707a6d861c Update to 1.1.2:
libvorbis 1.1.2 (2005-11-27) -- "Xiph.Org libVorbis I 20050304"

 * fix a serious encoder bug with gcc 4 optimized builds
 * documentation and spec fixes
 * updated VS2003 and XCode builds
 * new draft RTP encapsulation spec
2005-12-07 17:50:37 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
wiz
584fa3b4b3 Update to 1.1.1.
This releases includes some bug and documentation fixes, but no new
encoder modes.
2005-10-15 18:14:03 +00:00
grant
f090d9cc71 bump PKGREVISION for wrapper -fast -xnolibmopt fix. this was the only
package which used -fast which was actually building.
2005-08-20 11:36:05 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
agc
71c8259803 Add RMD160 digests to the SHA1 ones. 2005-02-23 20:39:42 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
wiz
67313fece1 Update to 1.1.0:
libvorbis 1.1.0 (2004-09-22) -- "Xiph.Org libVorbis I 20040629"

* merges tuning improvements from Aoyumi's aoTuV with fixups
* new managed bitrate (CBR) mode support
* new vorbis_encoder_ctl() interface
* extensive documentation updates
* application/ogg mimetype is now official
* autotools cleanup from Thomas Vander Stichele
* SymbianOS build support from Colin Ward at CSIRO
* various bugfixes
* various packaging improvements

Package change:
install documentation in share/doc instead of share/doc/html.
2004-09-24 13:04:40 +00:00
jlam
1a280185e1 Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:

	lib/libfoo.a
	lib/libfoo.la
	lib/libfoo.so
	lib/libfoo.so.0
	lib/libfoo.so.0.1

one simply needs:

	lib/libfoo.la

and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.

Also make LIBTOOLIZE_PLIST default to "yes".
2004-09-22 08:09:14 +00:00
minskim
101b04ee11 Enable pkgviews installation. Patches provided by Joachim Kuebart on
tech-pkg@.
2004-05-31 16:47:47 +00:00
snj
8fb85c556b No longer used. 2004-04-26 05:57:43 +00:00
salo
9ba8196a22 Follow libogg into multimedia/. 2004-04-12 23:15:01 +00:00
snj
22a13aecec Fix build with gcc2 on sparc64. 2004-03-22 22:25:59 +00:00
jlam
7db11b582a Fix serious bug where BUILDLINK_PACKAGES wasn't being ordered properly
by moving the inclusion of buildlink3.mk files outside of the protected
region.  This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.

BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list.  This ordering property is used to check for builtin
packages in the correct order.  The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end.  However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
2004-03-18 09:12:08 +00:00
jlam
9ff0e10340 Reorder location and setting of BUILDLINK_PACKAGES to match template
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
2004-03-05 19:25:06 +00:00
jlam
9ba6c58fe1 bl3ify 2004-02-14 18:48:49 +00:00
jmmv
ab17dd00b3 PKGCONFIG_OVERRIDE is relative to WRKSRC. 2004-02-14 18:26:26 +00:00
jlam
ec993afa1a LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}.  Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
2004-02-14 17:21:32 +00:00
jlam
3ac2d4b8aa In the new compiler selection framework, GCC_REQD is appended to, not
overridden.
2004-02-01 01:43:28 +00:00