head 1.15; access; symbols pkgsrc-2023Q4:1.15.0.2 pkgsrc-2023Q4-base:1.15 pkgsrc-2023Q3:1.14.0.92 pkgsrc-2023Q3-base:1.14 pkgsrc-2023Q2:1.14.0.90 pkgsrc-2023Q2-base:1.14 pkgsrc-2023Q1:1.14.0.88 pkgsrc-2023Q1-base:1.14 pkgsrc-2022Q4:1.14.0.86 pkgsrc-2022Q4-base:1.14 pkgsrc-2022Q3:1.14.0.84 pkgsrc-2022Q3-base:1.14 pkgsrc-2022Q2:1.14.0.82 pkgsrc-2022Q2-base:1.14 pkgsrc-2022Q1:1.14.0.80 pkgsrc-2022Q1-base:1.14 pkgsrc-2021Q4:1.14.0.78 pkgsrc-2021Q4-base:1.14 pkgsrc-2021Q3:1.14.0.76 pkgsrc-2021Q3-base:1.14 pkgsrc-2021Q2:1.14.0.74 pkgsrc-2021Q2-base:1.14 pkgsrc-2021Q1:1.14.0.72 pkgsrc-2021Q1-base:1.14 pkgsrc-2020Q4:1.14.0.70 pkgsrc-2020Q4-base:1.14 pkgsrc-2020Q3:1.14.0.68 pkgsrc-2020Q3-base:1.14 pkgsrc-2020Q2:1.14.0.64 pkgsrc-2020Q2-base:1.14 pkgsrc-2020Q1:1.14.0.44 pkgsrc-2020Q1-base:1.14 pkgsrc-2019Q4:1.14.0.66 pkgsrc-2019Q4-base:1.14 pkgsrc-2019Q3:1.14.0.62 pkgsrc-2019Q3-base:1.14 pkgsrc-2019Q2:1.14.0.60 pkgsrc-2019Q2-base:1.14 pkgsrc-2019Q1:1.14.0.58 pkgsrc-2019Q1-base:1.14 pkgsrc-2018Q4:1.14.0.56 pkgsrc-2018Q4-base:1.14 pkgsrc-2018Q3:1.14.0.54 pkgsrc-2018Q3-base:1.14 pkgsrc-2018Q2:1.14.0.52 pkgsrc-2018Q2-base:1.14 pkgsrc-2018Q1:1.14.0.50 pkgsrc-2018Q1-base:1.14 pkgsrc-2017Q4:1.14.0.48 pkgsrc-2017Q4-base:1.14 pkgsrc-2017Q3:1.14.0.46 pkgsrc-2017Q3-base:1.14 pkgsrc-2017Q2:1.14.0.42 pkgsrc-2017Q2-base:1.14 pkgsrc-2017Q1:1.14.0.40 pkgsrc-2017Q1-base:1.14 pkgsrc-2016Q4:1.14.0.38 pkgsrc-2016Q4-base:1.14 pkgsrc-2016Q3:1.14.0.36 pkgsrc-2016Q3-base:1.14 pkgsrc-2016Q2:1.14.0.34 pkgsrc-2016Q2-base:1.14 pkgsrc-2016Q1:1.14.0.32 pkgsrc-2016Q1-base:1.14 pkgsrc-2015Q4:1.14.0.30 pkgsrc-2015Q4-base:1.14 pkgsrc-2015Q3:1.14.0.28 pkgsrc-2015Q3-base:1.14 pkgsrc-2015Q2:1.14.0.26 pkgsrc-2015Q2-base:1.14 pkgsrc-2015Q1:1.14.0.24 pkgsrc-2015Q1-base:1.14 pkgsrc-2014Q4:1.14.0.22 pkgsrc-2014Q4-base:1.14 pkgsrc-2014Q3:1.14.0.20 pkgsrc-2014Q3-base:1.14 pkgsrc-2014Q2:1.14.0.18 pkgsrc-2014Q2-base:1.14 pkgsrc-2014Q1:1.14.0.16 pkgsrc-2014Q1-base:1.14 pkgsrc-2013Q4:1.14.0.14 pkgsrc-2013Q4-base:1.14 pkgsrc-2013Q3:1.14.0.12 pkgsrc-2013Q3-base:1.14 pkgsrc-2013Q2:1.14.0.10 pkgsrc-2013Q2-base:1.14 pkgsrc-2013Q1:1.14.0.8 pkgsrc-2013Q1-base:1.14 pkgsrc-2012Q4:1.14.0.6 pkgsrc-2012Q4-base:1.14 pkgsrc-2012Q3:1.14.0.4 pkgsrc-2012Q3-base:1.14 pkgsrc-2012Q2:1.14.0.2 pkgsrc-2012Q2-base:1.14 pkgsrc-2012Q1:1.13.0.26 pkgsrc-2012Q1-base:1.13 pkgsrc-2011Q4:1.13.0.24 pkgsrc-2011Q4-base:1.13 pkgsrc-2011Q3:1.13.0.22 pkgsrc-2011Q3-base:1.13 pkgsrc-2011Q2:1.13.0.20 pkgsrc-2011Q2-base:1.13 pkgsrc-2011Q1:1.13.0.18 pkgsrc-2011Q1-base:1.13 pkgsrc-2010Q4:1.13.0.16 pkgsrc-2010Q4-base:1.13 pkgsrc-2010Q3:1.13.0.14 pkgsrc-2010Q3-base:1.13 pkgsrc-2010Q2:1.13.0.12 pkgsrc-2010Q2-base:1.13 pkgsrc-2010Q1:1.13.0.10 pkgsrc-2010Q1-base:1.13 pkgsrc-2009Q4:1.13.0.8 pkgsrc-2009Q4-base:1.13 pkgsrc-2009Q3:1.13.0.6 pkgsrc-2009Q3-base:1.13 pkgsrc-2009Q2:1.13.0.4 pkgsrc-2009Q2-base:1.13 pkgsrc-2009Q1:1.13.0.2 pkgsrc-2009Q1-base:1.13 pkgsrc-2008Q4:1.12.0.12 pkgsrc-2008Q4-base:1.12 pkgsrc-2008Q3:1.12.0.10 pkgsrc-2008Q3-base:1.12 cube-native-xorg:1.12.0.8 cube-native-xorg-base:1.12 pkgsrc-2008Q2:1.12.0.6 pkgsrc-2008Q2-base:1.12 cwrapper:1.12.0.4 pkgsrc-2008Q1:1.12.0.2 pkgsrc-2008Q1-base:1.12 pkgsrc-2007Q4:1.11.0.12 pkgsrc-2007Q4-base:1.11 pkgsrc-2007Q3:1.11.0.10 pkgsrc-2007Q3-base:1.11 pkgsrc-2007Q2:1.11.0.8 pkgsrc-2007Q2-base:1.11 pkgsrc-2007Q1:1.11.0.6 pkgsrc-2007Q1-base:1.11 pkgsrc-2006Q4:1.11.0.4 pkgsrc-2006Q4-base:1.11 pkgsrc-2006Q3:1.11.0.2 pkgsrc-2006Q3-base:1.11 pkgsrc-2006Q2:1.9.0.2 pkgsrc-2006Q2-base:1.9 pkgsrc-2006Q1:1.7.0.2 pkgsrc-2006Q1-base:1.7 pkgsrc-2005Q4:1.6.0.2 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.4.0.8 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.6 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.4 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.4.0.2 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.3.0.4 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.2 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.2.0.2 pkgsrc-2004Q1-base:1.2; locks; strict; comment @# @; 1.15 date 2023.11.13.15.22.45; author wiz; state Exp; branches; next 1.14; commitid Jse6pLZJaXc2IsME; 1.14 date 2012.05.07.01.53.13; author dholland; state Exp; branches; next 1.13; 1.13 date 2009.03.20.19.23.53; author joerg; state Exp; branches; next 1.12; 1.12 date 2008.02.25.16.12.34; author sborrill; state Exp; branches; next 1.11; 1.11 date 2006.07.08.23.10.35; author jlam; state Exp; branches; next 1.10; 1.10 date 2006.07.08.22.38.59; author jlam; state Exp; branches; next 1.9; 1.9 date 2006.04.12.10.27.00; author rillig; state Exp; branches; next 1.8; 1.8 date 2006.04.06.06.21.34; author reed; state Exp; branches; next 1.7; 1.7 date 2006.02.05.23.08.06; author joerg; state Exp; branches; next 1.6; 1.6 date 2005.10.09.03.23.11; author ben; state Exp; branches; next 1.5; 1.5 date 2005.10.06.13.13.28; author ben; state Exp; branches; next 1.4; 1.4 date 2004.10.03.00.13.05; author tv; state Exp; branches; next 1.3; 1.3 date 2004.03.28.20.16.09; author mycroft; state Exp; branches; next 1.2; 1.2 date 2004.03.05.19.25.06; author jlam; state Exp; branches; next 1.1; 1.1 date 2004.02.17.20.21.38; author wiz; state Exp; branches; next ; desc @@ 1.15 log @faad2: update to 2.11.0. 2.11.0: [ Eugène Filin ] * Fix incorrect variable initialization [ Eugene Kliuchnikov ] * CI/CD, build, etc - setup GitHub workflows; test build under MSVC, OSX, MSYS2, Linux - add CMake build system - additionally add Bazel build - remove automake and MSVC project files - add fuzzers that cover almost all decoder code - setup fuzzing for various builds: (no-)FIXED_POINT / (no-)DRM - remove dead code - address differes compilers warnings - move version to distingished place that different build systems can read * "Safe" bugs "Safe" means that it is unlikely to be exploited; those affect the decoded result for (most likely) extreme inputs. Some fixes are useful only for "FIXED_POINT" build, since it has more restrictions on intermediate values. - "negative range" in estimate_current_envelope - integer overflow in channel downmixing - integer overflow in estimate_envelope - integer overflows caused by "practical infinite" gain - integer overflows in HF adjustment code - several "left shift of negative value" - priming RNG to avoid using values that does not look random at all - do not drop the first frame of output; other decoders don't do this - touching uninitialized values in lt_update_state - touching uninitialized values in bit-reader buffers * "Almost Safe" bugs "Almost safe" means that those are unlinkly to be exploited; if those surface depends on build options / environment. - division by zero in HF (noise?) generator and scale factor adjustment - division by zero gen_rand_vector * "Unsafe" bugs "Unsafe" means that those can cause crash, or could somehow else be exploited. - CLI: accessing unallocated memory in mp4info (corrupted / zero-samples input) (CVE-2023-38857) - CLI: out-of-bounds when parsing mp4 header - CLI: crash because of wrong mp4 frame offset calculation (CVE-2023-38857) - error handling rvlc_decode_scale_factors (CPU bomb?) - null pointer dereference (in DRM + PS build) - index-out-of-bounds / stack-buffer-overflow in decode_sce_lfe (for streams with PCE) - stack-buffer-overflow in pns_decode - null pointer derefernce (when channels change their type in the middle of the stream) - infinite loop on currupted stream - add practial limits for scale factors; otherwise calculated NaN/Inf values could confuse further logic, resulting in access-out-of-bounds - check sf_index in window_grouping_info to avoid access-out-of-bounds - clamp bs_pointer values to avoid access-out-of-bounds - infinite loop in fill_element - sanitize input values in ps_mix_phase to avoid access-out-of-bounds - fix internal decoder buffer size calculation to avoid heap-out-of-bounds - calculate channel length multiplier even if main channel is already allocated to avoid heap-out-of-bounds - reserve enough slots for channels in decode_sce_lfe to avoid heap-out-of-bounds [ David Korczynski ] * Fuzzing integration with oss-fuzz [ Steveice10 ] * Add define option to disable SBR/PS support * Fix coefficient table selection in tns_decode_coef @ text @# $NetBSD: buildlink3.mk,v 1.14 2012/05/07 01:53:13 dholland Exp $ BUILDLINK_TREE+= faad2 .if !defined(FAAD2_BUILDLINK3_MK) FAAD2_BUILDLINK3_MK:= BUILDLINK_API_DEPENDS.faad2+= faad2>=2.6.1 BUILDLINK_ABI_DEPENDS.faad2+= faad2>=2.11.0 BUILDLINK_PKGSRCDIR.faad2?= ../../audio/faad2 .endif # FAAD2_BUILDLINK3_MK BUILDLINK_TREE+= -faad2 @ 1.14 log @Set BUILDLINK_ABI_DEPENDS correctly (with +=, not ?=) It turns out there were a lot of these. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.13 2009/03/20 19:23:53 joerg Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.faad2+= faad2>=2.6.1 a10 1 BUILDLINK_INCDIRS.faad2?= include/faad2 @ 1.13 log @Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.12 2008/02/25 16:12:34 sborrill Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.faad2?= faad2>=2.6.1 @ 1.12 log @Bump API and ABI depends versions as API changed between 2.0 and 2.6 meaning that things like vlc will not compile @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.11 2006/07/08 23:10:35 jlam Exp $ d3 1 a3 2 BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ FAAD2_BUILDLINK3_MK:= ${FAAD2_BUILDLINK3_MK}+ d5 2 a6 3 .if !empty(BUILDLINK_DEPTH:M+) BUILDLINK_DEPENDS+= faad2 .endif a7 5 BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Nfaad2} BUILDLINK_PACKAGES+= faad2 BUILDLINK_ORDER:= ${BUILDLINK_ORDER} ${BUILDLINK_DEPTH}faad2 .if !empty(FAAD2_BUILDLINK3_MK:M+) d12 1 a12 1 .endif # FAAD2_BUILDLINK3_MK d14 1 a14 1 BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} @ 1.11 log @Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.10 2006/07/08 22:38:59 jlam Exp $ d15 2 a16 2 BUILDLINK_API_DEPENDS.faad2+= faad2>=2.0nb3 BUILDLINK_ABI_DEPENDS.faad2?= faad2>=2.0nb5 @ 1.10 log @Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.9 2006/04/12 10:27:00 rillig Exp $ d12 1 a12 1 BUILDLINK_ORDER+= faad2 @ 1.9 log @Aligned the last line of the buildlink3.mk files with the first line, so that they look nicer. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.8 2006/04/06 06:21:34 reed Exp $ d12 1 @ 1.8 log @Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day). @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.7 2006/02/05 23:08:06 joerg Exp $ d20 1 a20 1 BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} @ 1.7 log @Recursive revision bump / recommended bump for gettext ABI change. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.6 2005/10/09 03:23:11 ben Exp $ d14 2 a15 2 BUILDLINK_DEPENDS.faad2+= faad2>=2.0nb3 BUILDLINK_RECOMMENDED.faad2?= faad2>=2.0nb5 @ 1.6 log @This change addresses PR#31443 Copy config.h to faad2-config.h. Modify systems.h to refer to faad2-config.h, and install faad2-config.h. This situation is discussed here: http://lists.gnu.org/archive/html/automake/2000-10/msg00114.html Remove the undef of PACKAGE and VERSION, and add a 3rd non-empty argument to AM_INIT_AUTOMAKE. This situation is discussed here: http://lists.gnu.org/archive/html/automake/2000-10/msg00108.html Modify the condition from HAVE_GLIB_H to __G_LIB_H__, which was easier because faad2 doesn't depend on glib. Bump pkgrevision. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.5 2005/10/06 13:13:28 ben Exp $ d15 1 @ 1.5 log @This change addresses PR#31443 Install header files in include/faad2 Install include/faad2/config.h Add include/faad2 to search path in buildlink3.mk Since software depending on mp4.h won't be able to build without this change, bump PKGREVISION and update BUILDLINK_DEPENDS.faad2 in buildlink3.mk @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.4 2004/10/03 00:13:05 tv Exp $ d14 1 a14 1 BUILDLINK_DEPENDS.faad2+= faad2>=2.0nb2 @ 1.4 log @Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.3 2004/03/28 20:16:09 mycroft Exp $ d14 1 a14 2 BUILDLINK_DEPENDS.faad2+= faad2>=2.0 BUILDLINK_RECOMMENDED.faad2+= faad2>=2.0nb1 d16 1 @ 1.3 log @Update to 2.0. There are many changes, but the main user-visible improvement is support for decoding AAC HE files (as generated by iTunes). @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.2 2004/03/05 19:25:06 jlam Exp $ d15 1 @ 1.2 log @Reorder location and setting of BUILDLINK_PACKAGES to match template buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.1 2004/02/17 20:21:38 wiz Exp $ d14 1 a14 1 BUILDLINK_DEPENDS.faad2+= faad2>=1.1 @ 1.1 log @Convert to buildlink3.mk. Newer libtool demands autoconf-2.50+, so update dependency. @ text @d1 1 a1 4 # $NetBSD$ # # This Makefile fragment is included by packages that use faad2. # d10 3 d14 3 a16 5 BUILDLINK_PACKAGES+= faad2 BUILDLINK_DEPENDS.faad2+= faad2>=1.1 BUILDLINK_PKGSRCDIR.faad2?= ../../audio/faad2 .endif # FAAD2_BUILDLINK3_MK @