oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to
cause a denial of service (crash) via a crafted AIFF file.
Bump pkgrevision.
Problems found with existing distfiles:
/pub/pkgsrc/distfiles/amp-0.7.6.tgz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-32000-1.0.8.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-48000-1.0.8.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-32000-1.0.22.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-48000-1.0.22.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-16000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-8000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.13.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.13.tar.gz
/pub/pkgsrc/distfiles/kid3-3.3.0.tar.gz
/pub/pkgsrc/distfiles/libdca-0.0.5.tar.bz2
/pub/pkgsrc/distfiles/mp3to.gz
/pub/pkgsrc/distfiles/squeezeboxserver-7.5.1-noCPAN.tgz
No changes made to these file.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* Implement corrected channel mappings for all input and playback file types
* Correct an possible infinite loop in WAV input reading code when header is
corrupt
* Implement disable_coupling option for oggenc
* Fix Ctrl-C lockup bug in ogg123
* ogg123 playback in sorted order
* Add WAVEFORMATEXTENSIBLE support
* More translations
* Add '-' as stdin/out filename in vcut
* Add -lnetwork check for socket in configure
* Remove 'extra' F parameter from ogg123 remote output
vorbis-tools 1.2.0 -- 2008-02-21
* FLAC support now relies on libFLAC
* Support for large files
* Fixed acinclude.m4 to properly support --no switches
* ogg123: added remote control support
* ogg123: fixed a bug in esd when pressing CTRL + C
* ogg123: fixed a type mismatch in option parsing for 64 bit systems
* ogg123: configuration no longer hardcoded to /etc
* oggdec: limited support for chained Ogg bitstreams
* ogg123: compiles with older versions of libcurl
* oggdec: support decoding of multiple files into a single one
* oggenc: -k, switch for Skeleton bitstream encoding
* oggenc: fixed issues with Skeleton on big endian systems
* oggenc: proper 5.1 channel mapping support
* oggenc: FLAC module does not confuse every Ogg file as its own
* oggenc: compiles with older versions of libvorbis
* ogginfo: recognizes Skeleton, Dirac, FLAC and Kate bitstreams
* vcut: solved issues described in ticket #1313
* vorbiscomment: support for creation of long comments
* vorbiscomment: support for multiplexed Vorbis
* Several minor bug fixes
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
Thise release includes some bug and documentation fixes, but no new
encoder modes. However, oggenc from this release now properly supports
the new CBR engine introduced in libvorbis 1.1.0 but the 1.1.1 release
of both libraries is required for things to work properly. Not that
there was never a 1.1.0 release of vorbis-tools because of this issue.
The ogginfo tool also now recognizes and reports information from Ogg
Theora files.
