pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/faad2 faad2: Update to 2.9.0
details: https://anonhg.NetBSD.org/pkgsrc/rev/147eb360d8b7
branches: trunk
changeset: 401283:147eb360d8b7
user: nia <nia%pkgsrc.org@localhost>
date: Sat Sep 14 13:34:06 2019 +0000
description:
faad2: Update to 2.9.0
Changes:
[ Krzysztof Nikiel ]
Build system fixes and code clean-up
[ LoRd_MuldeR ]
Fix compiler warnings and code indentation
Fix compilation with GCC <= 4.7.3
MSVC solution file clean-up
[ Cameron Cawley ]
Fix compilation with GCC 4.7.4
Fix compilation with MinGW
[ Michael Fink ]
MSVC 2017 project file update
[ Hugo Lefeuvre ]
Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
CVE-2019-6956: ps_dec: sanitize iid_index before mixing
CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauz?e-Luyssen ]
CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
[ Filip Ros?en ]
Prevent crash on SCE followed by CPE
[ Gianfranco Costamagna ]
Fix linking with GCC 9 and "-Wl,--as-needed"
[ Fabian Greffrath ]
Enable the frontend to be built reproducibly
diffstat:
audio/faad2/Makefile | 19 +----
audio/faad2/PLIST | 5 +-
audio/faad2/distinfo | 18 ++---
audio/faad2/patches/patch-CVE-2018-20194 | 59 --------------------
audio/faad2/patches/patch-CVE-2018-20362 | 63 ----------------------
audio/faad2/patches/patch-common_mp4ff_Makefile.am | 20 ------
audio/faad2/patches/patch-frontend_Makefile.am | 15 +----
audio/faad2/patches/patch-frontend_mp4read.c | 15 ++--
audio/faad2/patches/patch-libfaad_bits.c | 21 -------
9 files changed, 23 insertions(+), 212 deletions(-)
diffs (truncated from 322 to 300 lines):
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/Makefile
--- a/audio/faad2/Makefile Sat Sep 14 13:22:56 2019 +0000
+++ b/audio/faad2/Makefile Sat Sep 14 13:34:06 2019 +0000
@@ -1,13 +1,13 @@
-# $NetBSD: Makefile,v 1.53 2019/07/11 09:03:35 nia Exp $
+# $NetBSD: Makefile,v 1.54 2019/09/14 13:34:06 nia Exp $
# IMPORTANT: Do not forget to update audio/xmms-faad
-DISTNAME= faad2-2.8.8
-PKGREVISION= 1
+DISTNAME= faad2-2.9.0
CATEGORIES= audio
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=faac/}
+MASTER_SITES= ${MASTER_SITE_GITHUB:=knik0/}
+GITHUB_TAG= 2_9_0
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE= https://www.audiocoding.com/
+HOMEPAGE= https://github.com/knik0/faad2
COMMENT= AAC decoding library
LICENSE= gnu-gpl-v2
@@ -17,18 +17,9 @@
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --includedir=${PREFIX}/include/faad2
-# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624
-GCC_REQD+= 4.8
-
LIBS+= -lm
CPPFLAGS.SunOS+= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE=1
-SUBST_CLASSES+= pkgver
-SUBST_STAGE.pkgver= pre-configure
-SUBST_MESSAGE.pkgver= Setting PACKAGE_VERSION in neaacdec.h
-SUBST_FILES.pkgver= include/neaacdec.h
-SUBST_SED.pkgver= -e 's,PACKAGE_VERSION,"${PKGVERSION_NOREV}",'
-
post-extract:
${MV} ${WRKSRC}/frontend/faad.man ${WRKSRC}/frontend/faad.1
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/PLIST
--- a/audio/faad2/PLIST Sat Sep 14 13:22:56 2019 +0000
+++ b/audio/faad2/PLIST Sat Sep 14 13:34:06 2019 +0000
@@ -1,10 +1,7 @@
-@comment $NetBSD: PLIST,v 1.15 2017/07/23 16:09:17 adam Exp $
+@comment $NetBSD: PLIST,v 1.16 2019/09/14 13:34:06 nia Exp $
bin/faad
include/faad2/faad.h
-include/faad2/mp4ff.h
-include/faad2/mp4ffint.h
include/faad2/neaacdec.h
lib/libfaad.la
lib/libfaad_drm.la
-lib/libmp4ff.la
man/man1/faad.1
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/distinfo
--- a/audio/faad2/distinfo Sat Sep 14 13:22:56 2019 +0000
+++ b/audio/faad2/distinfo Sat Sep 14 13:34:06 2019 +0000
@@ -1,18 +1,14 @@
-$NetBSD: distinfo,v 1.27 2019/07/11 09:03:35 nia Exp $
+$NetBSD: distinfo,v 1.28 2019/09/14 13:34:06 nia Exp $
-SHA1 (faad2-2.8.8.tar.gz) = 0d49c516d4a83c39053a9bd214fddba72cbc34ad
-RMD160 (faad2-2.8.8.tar.gz) = b69349ee69c869ba070f28c58418749d53898985
-SHA512 (faad2-2.8.8.tar.gz) = 3275d292b2a9fe984842962f4d81202894bddd17033f7cd6df95466554cc968dfcbf2890ae8b1df37da0cd25d645cca0a687f07e39b9fc37dd004fd5956a82af
-Size (faad2-2.8.8.tar.gz) = 1069044 bytes
-SHA1 (patch-CVE-2018-20194) = fefaa2cde9cdaff71cfe8e82e9d0e4b791bca015
-SHA1 (patch-CVE-2018-20362) = 00a8cf72f824a3c98d7f20d80542192634a84518
-SHA1 (patch-common_mp4ff_Makefile.am) = a662e6fd841420110c02f85923d022919135be82
+SHA1 (faad2-2.9.0.tar.gz) = 0c39dd1362288f372211cdbc053748569a9cb2ea
+RMD160 (faad2-2.9.0.tar.gz) = 6a6576fb640daba2cb4754ade1d2b8834b8766e5
+SHA512 (faad2-2.9.0.tar.gz) = 1756b2672f9e438a56b11160ddc77fc721d85860eaa325a3ff01b51a2524baf4c1c61068a97cbc4e99d47e7643f10e1d6afb997eede3295b44551fe4661fb5dc
+Size (faad2-2.9.0.tar.gz) = 802390 bytes
SHA1 (patch-configure.ac) = ed9d4e9d611d27d4add86884996a8e7fc001bc90
-SHA1 (patch-frontend_Makefile.am) = ab3369e67fb5f2842076fb698819936473440de9
+SHA1 (patch-frontend_Makefile.am) = 32c8bede5773b2cb97777951b1a18366b4e10e3d
SHA1 (patch-frontend_getopt.c) = 3eaf3e8318887eca49e354696cad1bd2c5bf5504
-SHA1 (patch-frontend_mp4read.c) = 235d69a310bb2cb52cf62479e9254c1d3eb9cef9
+SHA1 (patch-frontend_mp4read.c) = a72c20b69428809caf328850fd70a13ba5c82d41
SHA1 (patch-libfaad_Makefile.am) = 4d3b92f54d998bd577641f49e88d0c8bc38f963c
-SHA1 (patch-libfaad_bits.c) = bc21ea92f62a7facbf70df3fe85b852e625efc1c
SHA1 (patch-libfaad_common.h) = 60eccd8aebeb085760d6866f83ff5a613197918f
SHA1 (patch-plugins_xmms_src_Makefile.am) = 4ba1dfefe1e351830ee990c711af6ac46db42c14
SHA1 (patch-plugins_xmms_src_libmp4.c) = 7c6cd667999aab36efc9d713cf967c01b01916bf
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/patches/patch-CVE-2018-20194
--- a/audio/faad2/patches/patch-CVE-2018-20194 Sat Sep 14 13:22:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-$NetBSD: patch-CVE-2018-20194,v 1.1 2019/07/11 09:03:35 nia Exp $
-
-user passed f_table_lim contains frequency band borders. Frequency
-bands are groups of consecutive QMF channels. This means that their
-bounds, as provided by f_table_lim, should never exceed MAX_M (maximum
-number of QMF channels). c.f. ISO/IEC 14496-3:2001
-
-FAAD2 does not verify this, leading to security issues when
-processing files defining f_table_lim with values > MAX_M.
-
-This patch sanitizes the values of f_table_lim so that they can be safely
-used as index for Q_M_lim and G_lim arrays.
-
-Fixes CVE-2018-20194.
-
-Upstream commit:
-https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3.patch
-
---- libfaad/sbr_hfadj.c.orig 2017-07-06 19:16:40.000000000 +0000
-+++ libfaad/sbr_hfadj.c
-@@ -485,6 +485,12 @@ static void calculate_gain(sbr_info *sbr
- ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
- ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
-
-+ if (ml1 > MAX_M)
-+ ml1 = MAX_M;
-+
-+ if (ml2 > MAX_M)
-+ ml2 = MAX_M;
-+
-
- /* calculate the accumulated E_orig and E_curr over the limiter band */
- for (m = ml1; m < ml2; m++)
-@@ -949,6 +955,12 @@ static void calculate_gain(sbr_info *sbr
- ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
- ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
-
-+ if (ml1 > MAX_M)
-+ ml1 = MAX_M;
-+
-+ if (ml2 > MAX_M)
-+ ml2 = MAX_M;
-+
-
- /* calculate the accumulated E_orig and E_curr over the limiter band */
- for (m = ml1; m < ml2; m++)
-@@ -1193,6 +1205,12 @@ static void calculate_gain(sbr_info *sbr
- ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k];
- ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1];
-
-+ if (ml1 > MAX_M)
-+ ml1 = MAX_M;
-+
-+ if (ml2 > MAX_M)
-+ ml2 = MAX_M;
-+
-
- /* calculate the accumulated E_orig and E_curr over the limiter band */
- for (m = ml1; m < ml2; m++)
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/patches/patch-CVE-2018-20362
--- a/audio/faad2/patches/patch-CVE-2018-20362 Sat Sep 14 13:22:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-$NetBSD: patch-CVE-2018-20362,v 1.1 2019/07/11 09:03:35 nia Exp $
-
-Implicit channel mapping reconfiguration is explicitely forbidden by
-ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such
-files and reject them. FAAD2 does not perform any kind of checks
-regarding this.
-
-This leads to security vulnerabilities when processing crafted AAC
-files performing such reconfigurations.
-
-Add checks to decode_sce_lfe and decode_cpe to make sure such
-inconsistencies are detected as early as possible.
-
-These checks first read hDecoder->frame: if this is not the first
-frame then we make sure that the syntax element at the same position
-in the previous frame also had element_id id_syn_ele. If not, return
-21 as this is a fatal file structure issue.
-
-This patch addresses CVE-2018-20362 and possibly other related issues.
-
-Upstream commit:
-https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14.patch
-
-Buffer overflow fix, no CVE, upstream commit:
-https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174.patch
-
---- libfaad/syntax.c.orig 2017-10-30 17:44:16.000000000 +0000
-+++ libfaad/syntax.c
-@@ -344,6 +344,12 @@ static void decode_sce_lfe(NeAACDecStruc
- can become 2 when some form of Parametric Stereo coding is used
- */
-
-+ if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
-+ /* element inconsistency */
-+ hInfo->error = 21;
-+ return;
-+ }
-+
- /* save the syntax element id */
- hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
-
-@@ -395,6 +401,12 @@ static void decode_cpe(NeAACDecStruct *h
- return;
- }
-
-+ if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
-+ /* element inconsistency */
-+ hInfo->error = 21;
-+ return;
-+ }
-+
- /* save the syntax element id */
- hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
-
-@@ -2292,6 +2304,8 @@ static uint8_t excluded_channels(bitfile
- while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
- DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1)
- {
-+ if (i >= MAX_CHANNELS - num_excl_chan - 7)
-+ return n;
- for (i = num_excl_chan; i < num_excl_chan+7; i++)
- {
- drc->exclude_mask[i] = faad_get1bit(ld
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/patches/patch-common_mp4ff_Makefile.am
--- a/audio/faad2/patches/patch-common_mp4ff_Makefile.am Sat Sep 14 13:22:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-common_mp4ff_Makefile.am,v 1.1 2017/07/23 16:09:17 adam Exp $
-
-Install libmp4ff; needed for audio/xmms-faad.
-
---- common/mp4ff/Makefile.am.orig 2017-07-17 12:04:02.000000000 +0000
-+++ common/mp4ff/Makefile.am
-@@ -1,7 +1,8 @@
--noinst_LIBRARIES = libmp4ff.a
--noinst_HEADERS = mp4ff.h mp4ffint.h
-+lib_LTLIBRARIES = libmp4ff.la
-+include_HEADERS = mp4ff.h mp4ffint.h
-
--libmp4ff_a_CFLAGS = -DUSE_TAGGING=1
-+libmp4ff_la_CFLAGS = -DUSE_TAGGING=1
-
--libmp4ff_a_SOURCES = mp4ff.c mp4atom.c mp4meta.c mp4sample.c mp4util.c \
-- mp4tagupdate.c mp4ff.h mp4ffint.h
-+libmp4ff_la_SOURCES = mp4ff.c mp4atom.c mp4meta.c mp4sample.c mp4util.c \
-+ mp4tagupdate.c
-+libmp4ff_la_INCLUDES= mp4ff.h mp4ffint.h
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/patches/patch-frontend_Makefile.am
--- a/audio/faad2/patches/patch-frontend_Makefile.am Sat Sep 14 13:22:56 2019 +0000
+++ b/audio/faad2/patches/patch-frontend_Makefile.am Sat Sep 14 13:34:06 2019 +0000
@@ -1,20 +1,11 @@
-$NetBSD: patch-frontend_Makefile.am,v 1.3 2019/06/05 06:07:27 nia Exp $
-
-Use correct sources.
+$NetBSD: patch-frontend_Makefile.am,v 1.4 2019/09/14 13:34:06 nia Exp $
---- frontend/Makefile.am.orig 2017-12-17 19:51:26.000000000 +0000
+--- frontend/Makefile.am.orig 2019-09-09 10:28:33.000000000 +0000
+++ frontend/Makefile.am
-@@ -1,10 +1,11 @@
+@@ -1,5 +1,5 @@
bin_PROGRAMS = faad
-dist_man1_MANS = faad.man
+dist_man1_MANS = faad.1
AM_CPPFLAGS = -I$(top_srcdir)/include
- faad_LDADD = $(top_builddir)/libfaad/libfaad.la
-
--faad_SOURCES = mp4read.c audio.c main.c audio.h mp4read.h unicode_support.c unicode_support.h
-+faad_SOURCES = mp4read.c audio.c main.c unicode_support.c
-+faad_INCLUDES = audio.h mp4read.h unicode_support.h
-
- EXTRA_faad_SOURCES = getopt.c
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/patches/patch-frontend_mp4read.c
--- a/audio/faad2/patches/patch-frontend_mp4read.c Sat Sep 14 13:22:56 2019 +0000
+++ b/audio/faad2/patches/patch-frontend_mp4read.c Sat Sep 14 13:34:06 2019 +0000
@@ -1,20 +1,19 @@
-$NetBSD: patch-frontend_mp4read.c,v 1.2 2019/06/05 06:07:27 nia Exp $
+$NetBSD: patch-frontend_mp4read.c,v 1.3 2019/09/14 13:34:06 nia Exp $
-Do not re-define bswap32() and bswap16().
+Avoid conflicting with NetBSD libc.
---- frontend/mp4read.c.orig 2017-12-17 11:18:43.000000000 +0000
+--- frontend/mp4read.c.orig 2019-09-09 10:28:33.000000000 +0000
+++ frontend/mp4read.c
-@@ -46,6 +46,8 @@ mp4config_t mp4config = { 0 };
+@@ -46,6 +46,7 @@ mp4config_t mp4config = { 0 };
static FILE *g_fin = NULL;
-+#include "config.h"
-+#ifndef HAVE_SYS_ENDIAN_H
++#ifndef __NetBSD__
static inline uint32_t bswap32(const uint32_t u32)
{
#ifndef WORDS_BIGENDIAN
-@@ -71,6 +73,7 @@ static inline uint16_t bswap16(const uin
- return u16;
+@@ -75,6 +76,7 @@ static inline uint16_t bswap16(const uin
+ return u16;
#endif
}
+#endif
diff -r ea2c9e781020 -r 147eb360d8b7 audio/faad2/patches/patch-libfaad_bits.c
--- a/audio/faad2/patches/patch-libfaad_bits.c Sat Sep 14 13:22:56 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
Home |
Main Index |
Thread Index |
Old Index