Version 0.8.9.0:
OOB Write and Read fixes + a number of divide by zero fixes.
(ABC, PAT, AMF, MDL, PSM, XM, IT, MMCMP, MID)
There were some patches 2010-2016 which were recorded here.
Problems found with existing distfiles:
/pub/pkgsrc/distfiles/amp-0.7.6.tgz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-32000-1.0.8.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-48000-1.0.8.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-32000-1.0.22.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-48000-1.0.22.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-16000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-8000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.13.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.13.tar.gz
/pub/pkgsrc/distfiles/kid3-3.3.0.tar.gz
/pub/pkgsrc/distfiles/libdca-0.0.5.tar.bz2
/pub/pkgsrc/distfiles/mp3to.gz
/pub/pkgsrc/distfiles/squeezeboxserver-7.5.1-noCPAN.tgz
No changes made to these file.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
10 March 2014: libmodplug 0.8.8.5
A very long time between the last release (although some
occasional activity occured in git)
The code is now in both the sourceforge git tree (as a full
project), as well as github (only libmodplug): Here.
Some security patches: CVE-2013-4233, CVE-2013-4234, as well
as many fixes suggested by static analyzers: clang build-scan,
and coverity.
A few patches to ease compilation in windows environments,
including a CMakeLists file.
Upstream changes:
* Improve timidity.cfg parsing capability
* Add source command capability in timidity.cfg (useful for debian default)
* Fix integer overflow in WAV reader (SA45131/A)
* Fix S3M stack overflow possibility (SA45131/B)
* Bound seeking and reading in PAT files
* Fix AMS/AMSv2 and DSM too large by one (SA45131/C)
* Use structure in XM decoding (development related)
* Use bmpvalues in Octamed files when calcuting default tempo (Francis Russel)
Fixes SA45131.
While here, set LICENSE=public-domain.
* 2 April 2011: libmodplug 0.8.8.2
* Improve compatibility with MSVC 2010
* Improve PTM playback (Fix byteswapping)
* Improve S3M support (ignore corrupted data)
* Improve AMF support (bounds checking)
* See git checkins for more information
* 27 May 2010: libmodplug 0.8.8.1
* Add check to make sure Stereo Separation/MixChannels cannot be 0.
* Increment soname due to structure change (addition of new config options)
* 5 April 2010: libmodplug 0.8.8
* Fix 32 to 32 bit "downsampling" on 64bit platforms.
* Fix usage of bigendian in include files
* Fix PSM files on bigendian computers
* Allow configuration of Stereo Separation and MaxMixChannels
* Fix possible problem with misaligned data structure when converting to int32
(load_669)
(Developer only) update to new automake/autoconf.
27 April 2009: libmodplug 0.8.7
Fixed a bug in the AMF decoder, patches from several downstream sources
including: Fix delete method in AMF, MDL (Fixing Novel Bug #443444)
Fixed instrument name size (possible buffer overflow)
Fixed 24/32 bit conversion routine (bit shifting bug)
Use tables.h in mod+s3m, Better MingW32 support.
20 April 2009: libmodplug 0.8.6
Release to fix integer boundary condition exploit, more clean up of code
14 April 2009: libmodplug 0.8.5 [ tar.gz ]
Release to improve cross platform support (Windows, Mac OS X),
Bugs in ABC detection, small cleanups
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
0.8.4:
A long overdue release, which adds support for .ABC and .MID files,
as well as security patch [CVE-2006-4192], and a few small cleanups.
0.8:
This new release contains endianess fixes, and changes that other
projects (which make use of this library) have deemed necessary
for the libraries use. Due to the long time since the previous
release, there may have been more contributers than is listed.
since they always need a C compiler, even when the source code is
completely in C++.
For some other packages, stated in the comment that a C compiler is
really not needed.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".