pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/mpg123 mpg123: update to 1.25.2



details:   https://anonhg.NetBSD.org/pkgsrc/rev/46f4a7020ce9
branches:  trunk
changeset: 365330:46f4a7020ce9
user:      maya <maya%pkgsrc.org@localhost>
date:      Fri Jul 14 05:46:46 2017 +0000

description:
mpg123: update to 1.25.2

1.25.2
------

- libmpg123:
-- Extend pow tables for layer III to properly handle files with i-stereo and
   5-bit scalefactors. Never observed them for real, just as fuzzed input to
   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
   calling remote denial of service. While the accesses are out of bounds for
   the pow tables, they still are safely within libmpg123's memory (other
   static tables). Just wrong values are used for computation, no actual crash
   unless you use something like GCC's AddressSanitizer, nor any information
   disclosure.
-- Avoid left-shifts of negative integers in layer I decoding.

1.25.1: Hot Fuzz
-------
- libmpg123:
-- Avoid memset(NULL, 0, 0) to calm down the paranoid.
-- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
   offset from the frame flag bytes (unnoticed in practice for a long
   time). Fuzzers are in the house again. This one got CVE-2017-10683.
-- Avoid a mostly harmless conditional jump depending on uninitialised
   fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
-- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
   never right in theory). Code might be a bit faster now, even.
   Thanks to Agostino Sarubbo for reporting.

1.25.0: MP3 now patent-free worldwide!
-------
- Silence test for artsc-config if it is not there.
- Make sure -static-libgcc from LDFLAGS gets through libtool,
  fixing 32 bit Windows builds (depend on libgcc DLL otherwise).
- Fix build with non-GNU make by using plain rm -f instead of silly $(RM)
  in libout123/modules makefile fragment.
- Make build work on iOS, including coreaudio backend.
- libmpg123:
-- Finally provide position-independent code for x86 with assembly
   optimisations.The textrels are gone thanks to Won Kyu Park and Taihei Momma.
-- Clarify some license language in files descending from the original MMX
   optimisation.
-- Fix return value overflow check for MPG123_BUFFERFILL.
-- Introduced mpg123_getformat2() to enable the FORMAT command
   for the generic control not stealing MPG123_NEW_FORMAT from the main
   playback loop. The sequence LOADPAUSED-FORMAT-PAUSE (play) is supposed
   to work now.
-- Enable aarch64 optimisations on *BSD by default, too. You can always
   override that stupid OS whitelist using --with-optimization, anyway.
-- Use of the i486 decoder is now discouraged more prominently, in configure
   output.
- out123: Fix stupid crash with verbose mode and tone generation (print
  the string if the pointer is non-null, not if it is null).
- libout123: More consistent error messages for dynamic and legacy
  (built-in) modules. Namely, you get a hint how if you choose a different
  module than the built-in ones for a static libout123.

diffstat:

 audio/mpg123/Makefile.common           |   4 ++--
 audio/mpg123/distinfo                  |  12 ++++++------
 audio/mpg123/patches/patch-Makefile.in |  13 +++++++------
 3 files changed, 15 insertions(+), 14 deletions(-)

diffs (68 lines):

diff -r 432da1663592 -r 46f4a7020ce9 audio/mpg123/Makefile.common
--- a/audio/mpg123/Makefile.common      Fri Jul 14 05:32:03 2017 +0000
+++ b/audio/mpg123/Makefile.common      Fri Jul 14 05:46:46 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.43 2017/04/16 08:12:27 adam Exp $
+# $NetBSD: Makefile.common,v 1.44 2017/07/14 05:46:46 maya Exp $
 #
 # used by audio/mpg123-arts/Makefile
 # used by audio/mpg123-esound/Makefile
@@ -7,7 +7,7 @@
 # used by audio/mpg123-pulse/Makefile
 # used by audio/mpg123-sun/Makefile
 
-DISTNAME=      mpg123-1.24.0
+DISTNAME=      mpg123-1.25.2
 PKGNAME?=      ${DISTNAME:C/[[:alnum:]]*/&-${MPG123_MODULE}/}
 CATEGORIES=    audio
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=mpg123/}
diff -r 432da1663592 -r 46f4a7020ce9 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Fri Jul 14 05:32:03 2017 +0000
+++ b/audio/mpg123/distinfo     Fri Jul 14 05:46:46 2017 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.43 2017/04/16 08:12:27 adam Exp $
+$NetBSD: distinfo,v 1.44 2017/07/14 05:46:46 maya Exp $
 
-SHA1 (mpg123-1.24.0.tar.bz2) = 49028ec5907966ad66ee673d38ef8771895c1f9b
-RMD160 (mpg123-1.24.0.tar.bz2) = bb1ccf072748bbdaa9b5a2e91731449c79ae7df5
-SHA512 (mpg123-1.24.0.tar.bz2) = e7c0d7a103daf496e75a6aa6aca861cfc0ad391f242335990c2360305e567039d24ca3b37a35f79b75749055e255f4692b8b43d2fec332b119223b00e12b0cb7
-Size (mpg123-1.24.0.tar.bz2) = 912049 bytes
-SHA1 (patch-Makefile.in) = 0fb183cf29d700d12d45b4cdfef2449668ef18cd
+SHA1 (mpg123-1.25.2.tar.bz2) = efdcd085c8ef7de422e5cd34c861b8302e1cc35a
+RMD160 (mpg123-1.25.2.tar.bz2) = fe79cbca7e21de36cc2bb50d83ae4e5992876968
+SHA512 (mpg123-1.25.2.tar.bz2) = 1b063a7a497d6f643b43a0e0db0e1a8951bf110cabf8f3dc63d7ed1b8e47ef4a42649622a5e4efb582479beacd7d3872b4f061716a5f6970b3f5bed7ef4f3fe9
+Size (mpg123-1.25.2.tar.bz2) = 918024 bytes
+SHA1 (patch-Makefile.in) = e1b529e9468994e25c2567df7e64a2905b0cf529
 SHA1 (patch-aa) = 4b2761219dd8fb92079d7f96872e56beb702696a
 SHA1 (patch-ad) = f07b637c3fc1d3ea0426013fc25bca8e3aecba56
 SHA1 (patch-af) = ba9ccddda15f0e711675b1bbad72b082b34b15f5
diff -r 432da1663592 -r 46f4a7020ce9 audio/mpg123/patches/patch-Makefile.in
--- a/audio/mpg123/patches/patch-Makefile.in    Fri Jul 14 05:32:03 2017 +0000
+++ b/audio/mpg123/patches/patch-Makefile.in    Fri Jul 14 05:46:46 2017 +0000
@@ -1,19 +1,20 @@
-$NetBSD: patch-Makefile.in,v 1.1 2017/04/16 08:12:27 adam Exp $
+$NetBSD: patch-Makefile.in,v 1.2 2017/07/14 05:46:47 maya Exp $
 
 Keep .la files for PLISTs.
 
---- Makefile.in.orig   2017-04-16 06:26:06.000000000 +0000
+--- Makefile.in.orig   2017-07-11 09:37:31.000000000 +0000
 +++ Makefile.in
-@@ -4072,12 +4072,6 @@ uninstall-man: uninstall-man1
+@@ -4072,13 +4072,6 @@ uninstall-man: uninstall-man1
  @USE_YASM_FOR_AVX_TRUE@       @echo "pic_object='`basename $<`'" >>$@
  @USE_YASM_FOR_AVX_TRUE@       @echo "non_pic_object='`basename $<`'" >>$@
  
 -# Get rid of .la files, at least _after_ install.
 -@HAVE_MODULES_TRUE@install-exec-hook:
--@HAVE_MODULES_TRUE@   cd $(DESTDIR)$(pkglibdir) && $(RM) @output_modules_la@
+-@HAVE_MODULES_TRUE@   cd $(DESTDIR)$(pkglibdir) && rm -f @output_modules_la@
 -# The above breaks uninstall of module .so files?
 -@HAVE_MODULES_TRUE@uninstall-hook:
--@HAVE_MODULES_TRUE@   for m in @output_modules_la@; do eval $$(grep dlname= src/libout123/modules/$$m) && $(RM) $(DESTDIR)$(pkglibdir)/$$dlname; done
- 
+-@HAVE_MODULES_TRUE@   for m in @output_modules_la@; do eval $$(grep dlname= src/libout123/modules/$$m) && rm -f $(DESTDIR)$(pkglibdir)/$$dlname; done
+-
  # Tell versions [3.59,3.63) of GNU make to not export all variables.
  # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT:



Home | Main Index | Thread Index | Old Index