--- - branch: MAIN date: Mon Nov 13 15:22:46 UTC 2023 files: - new: '1.60' old: '1.59' path: pkgsrc/audio/faad2/Makefile pathrev: pkgsrc/audio/faad2/Makefile@1.60 type: modified - new: '1.18' old: '1.17' path: pkgsrc/audio/faad2/PLIST pathrev: pkgsrc/audio/faad2/PLIST@1.18 type: modified - new: '1.15' old: '1.14' path: pkgsrc/audio/faad2/buildlink3.mk pathrev: pkgsrc/audio/faad2/buildlink3.mk@1.15 type: modified - new: '1.36' old: '1.35' path: pkgsrc/audio/faad2/distinfo pathrev: pkgsrc/audio/faad2/distinfo@1.36 type: modified - new: '1.1' old: '0' path: pkgsrc/audio/faad2/patches/patch-CMakeLists.txt pathrev: pkgsrc/audio/faad2/patches/patch-CMakeLists.txt@1.1 type: added - new: '0' old: '1.1' path: pkgsrc/audio/faad2/patches/patch-configure.ac pathrev: pkgsrc/audio/faad2/patches/patch-configure.ac@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/audio/faad2/patches/patch-libfaad_common.h pathrev: pkgsrc/audio/faad2/patches/patch-libfaad_common.h@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/audio/faad2/patches/patch-plugins_xmms_src_Makefile.am pathrev: pkgsrc/audio/faad2/patches/patch-plugins_xmms_src_Makefile.am@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/audio/faad2/patches/patch-plugins_xmms_src_libmp4.c pathrev: pkgsrc/audio/faad2/patches/patch-plugins_xmms_src_libmp4.c@0 type: deleted - new: '0' old: '1.4' path: pkgsrc/audio/faad2/patches/patch-frontend_Makefile.am pathrev: pkgsrc/audio/faad2/patches/patch-frontend_Makefile.am@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/audio/faad2/patches/patch-frontend_getopt.c pathrev: pkgsrc/audio/faad2/patches/patch-frontend_getopt.c@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/audio/faad2/patches/patch-frontend_mp4read.c pathrev: pkgsrc/audio/faad2/patches/patch-frontend_mp4read.c@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/audio/faad2/patches/patch-libfaad_Makefile.am pathrev: pkgsrc/audio/faad2/patches/patch-libfaad_Makefile.am@0 type: deleted id: 20231113T152246Z.50f987700381c5b626efb88b0c2a56954b0ba509 log: "faad2: update to 2.11.0.\n\n2.11.0:\n\t[ Eug竪ne Filin ]\n\t* Fix incorrect variable initialization\n\n\t[ Eugene Kliuchnikov ]\n\t* CI/CD, build, etc\n\n\t \ - setup GitHub workflows; test build under MSVC, OSX, MSYS2, Linux\n\t - add CMake build system\n\t - additionally add Bazel build\n\t - remove automake and MSVC project files\n\t - add fuzzers that cover almost all decoder code\n\t \ - setup fuzzing for various builds: (no-)FIXED_POINT / (no-)DRM\n\t - remove dead code\n\t - address differes compilers warnings\n\t - move version to distingished place that different build systems can read\n\n\t* \"Safe\" bugs\n\n\t \ \"Safe\" means that it is unlikely to be exploited; those affect the decoded\n\t \ result for (most likely) extreme inputs. Some fixes are useful only for\n\t \ \"FIXED_POINT\" build, since it has more restrictions on intermediate values.\n\n\t \ - \"negative range\" in estimate_current_envelope\n\t - integer overflow in channel downmixing\n\t - integer overflow in estimate_envelope\n\t - integer overflows caused by \"practical infinite\" gain\n\t - integer overflows in HF adjustment code\n\t - several \"left shift of negative value\"\n\t - priming RNG to avoid using values that does not look random at all\n\t - do not drop the first frame of output; other decoders don't do this\n\t - touching uninitialized values in lt_update_state\n\t - touching uninitialized values in bit-reader buffers\n\n\t* \"Almost Safe\" bugs\n\n\t \"Almost safe\" means that those are unlinkly to be exploited; if those surface\n\t depends on build options / environment.\n\n\t \ - division by zero in HF (noise?) generator and scale factor adjustment\n\t \ - division by zero gen_rand_vector\n\n\t* \"Unsafe\" bugs\n\n\t \"Unsafe\" means that those can cause crash, or could somehow else be exploited.\n\n\t - CLI: accessing unallocated memory in mp4info (corrupted / zero-samples input) (CVE-2023-38857)\n\t - CLI: out-of-bounds when parsing mp4 header\n\t - CLI: crash because of wrong mp4 frame offset calculation (CVE-2023-38857)\n\t - error handling rvlc_decode_scale_factors (CPU bomb?)\n\t - null pointer dereference (in DRM + PS build)\n\t - index-out-of-bounds / stack-buffer-overflow in decode_sce_lfe\n\t\t (for streams with PCE)\n\t - stack-buffer-overflow in pns_decode\n\t - null pointer derefernce (when channels change their type in the middle\n\t\t of the stream)\n\t - infinite loop on currupted stream\n\t - add practial limits for scale factors; otherwise calculated NaN/Inf values\n\t\t could confuse further logic, resulting in access-out-of-bounds\n\t - check sf_index in window_grouping_info to avoid access-out-of-bounds\n\t - clamp bs_pointer values to avoid access-out-of-bounds\n\t \ - infinite loop in fill_element\n\t - sanitize input values in ps_mix_phase to avoid access-out-of-bounds\n\t - fix internal decoder buffer size calculation to avoid heap-out-of-bounds\n\t - calculate channel length multiplier even if main channel is already allocated\n\t\t to avoid heap-out-of-bounds\n\t - reserve enough slots for channels in decode_sce_lfe\n\t\t to avoid heap-out-of-bounds\n\n\t[ David Korczynski ]\n\t* Fuzzing integration with oss-fuzz\n\n\t[ Steveice10 ]\n\t* Add define option to disable SBR/PS support\n\t* Fix coefficient table selection in tns_decode_coef\n" module: pkgsrc subject: 'CVS commit: pkgsrc/audio/faad2' unixtime: '1699888966' user: wiz