diff options
author | nia <nia@pkgsrc.org> | 2019-09-14 13:34:06 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2019-09-14 13:34:06 +0000 |
commit | fb664cbe48b901de55060b27f8da54292a7f9f9d (patch) | |
tree | a006a35b92bab23e4354ab47b85c7c2d5645ffa4 /audio | |
parent | c518d6ada900e913982d1c935a1244d15378675e (diff) | |
download | pkgsrc-fb664cbe48b901de55060b27f8da54292a7f9f9d.tar.gz |
faad2: Update to 2.9.0
Changes:
[ Krzysztof Nikiel ]
Build system fixes and code clean-up
[ LoRd_MuldeR ]
Fix compiler warnings and code indentation
Fix compilation with GCC <= 4.7.3
MSVC solution file clean-up
[ Cameron Cawley ]
Fix compilation with GCC 4.7.4
Fix compilation with MinGW
[ Michael Fink ]
MSVC 2017 project file update
[ Hugo Lefeuvre ]
Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
CVE-2019-6956: ps_dec: sanitize iid_index before mixing
CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauzée-Luyssen ]
CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
[ Filip Roséen ]
Prevent crash on SCE followed by CPE
[ Gianfranco Costamagna ]
Fix linking with GCC 9 and "-Wl,--as-needed"
[ Fabian Greffrath ]
Enable the frontend to be built reproducibly
Diffstat (limited to 'audio')
-rw-r--r-- | audio/faad2/Makefile | 19 | ||||
-rw-r--r-- | audio/faad2/PLIST | 5 | ||||
-rw-r--r-- | audio/faad2/distinfo | 18 | ||||
-rw-r--r-- | audio/faad2/patches/patch-CVE-2018-20194 | 59 | ||||
-rw-r--r-- | audio/faad2/patches/patch-CVE-2018-20362 | 63 | ||||
-rw-r--r-- | audio/faad2/patches/patch-common_mp4ff_Makefile.am | 20 | ||||
-rw-r--r-- | audio/faad2/patches/patch-frontend_Makefile.am | 15 | ||||
-rw-r--r-- | audio/faad2/patches/patch-frontend_mp4read.c | 15 | ||||
-rw-r--r-- | audio/faad2/patches/patch-libfaad_bits.c | 21 |
9 files changed, 23 insertions, 212 deletions
diff --git a/audio/faad2/Makefile b/audio/faad2/Makefile index 4429bdeb854..38f72183691 100644 --- a/audio/faad2/Makefile +++ b/audio/faad2/Makefile @@ -1,13 +1,13 @@ -# $NetBSD: Makefile,v 1.53 2019/07/11 09:03:35 nia Exp $ +# $NetBSD: Makefile,v 1.54 2019/09/14 13:34:06 nia Exp $ # IMPORTANT: Do not forget to update audio/xmms-faad -DISTNAME= faad2-2.8.8 -PKGREVISION= 1 +DISTNAME= faad2-2.9.0 CATEGORIES= audio -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=faac/} +MASTER_SITES= ${MASTER_SITE_GITHUB:=knik0/} +GITHUB_TAG= 2_9_0 MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= https://www.audiocoding.com/ +HOMEPAGE= https://github.com/knik0/faad2 COMMENT= AAC decoding library LICENSE= gnu-gpl-v2 @@ -17,18 +17,9 @@ USE_TOOLS+= autoconf automake autoreconf gmake GNU_CONFIGURE= yes CONFIGURE_ARGS+= --includedir=${PREFIX}/include/faad2 -# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624 -GCC_REQD+= 4.8 - LIBS+= -lm CPPFLAGS.SunOS+= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE=1 -SUBST_CLASSES+= pkgver -SUBST_STAGE.pkgver= pre-configure -SUBST_MESSAGE.pkgver= Setting PACKAGE_VERSION in neaacdec.h -SUBST_FILES.pkgver= include/neaacdec.h -SUBST_SED.pkgver= -e 's,PACKAGE_VERSION,"${PKGVERSION_NOREV}",' - post-extract: ${MV} ${WRKSRC}/frontend/faad.man ${WRKSRC}/frontend/faad.1 diff --git a/audio/faad2/PLIST b/audio/faad2/PLIST index 5745f17ee13..c9ffefa0d03 100644 --- a/audio/faad2/PLIST +++ b/audio/faad2/PLIST @@ -1,10 +1,7 @@ -@comment $NetBSD: PLIST,v 1.15 2017/07/23 16:09:17 adam Exp $ +@comment $NetBSD: PLIST,v 1.16 2019/09/14 13:34:06 nia Exp $ bin/faad include/faad2/faad.h -include/faad2/mp4ff.h -include/faad2/mp4ffint.h include/faad2/neaacdec.h lib/libfaad.la lib/libfaad_drm.la -lib/libmp4ff.la man/man1/faad.1 diff --git a/audio/faad2/distinfo b/audio/faad2/distinfo index e9f3da7d7eb..f53f3640e6e 100644 --- a/audio/faad2/distinfo +++ b/audio/faad2/distinfo @@ -1,18 +1,14 @@ -$NetBSD: distinfo,v 1.27 2019/07/11 09:03:35 nia Exp $ +$NetBSD: distinfo,v 1.28 2019/09/14 13:34:06 nia Exp $ -SHA1 (faad2-2.8.8.tar.gz) = 0d49c516d4a83c39053a9bd214fddba72cbc34ad -RMD160 (faad2-2.8.8.tar.gz) = b69349ee69c869ba070f28c58418749d53898985 -SHA512 (faad2-2.8.8.tar.gz) = 3275d292b2a9fe984842962f4d81202894bddd17033f7cd6df95466554cc968dfcbf2890ae8b1df37da0cd25d645cca0a687f07e39b9fc37dd004fd5956a82af -Size (faad2-2.8.8.tar.gz) = 1069044 bytes -SHA1 (patch-CVE-2018-20194) = fefaa2cde9cdaff71cfe8e82e9d0e4b791bca015 -SHA1 (patch-CVE-2018-20362) = 00a8cf72f824a3c98d7f20d80542192634a84518 -SHA1 (patch-common_mp4ff_Makefile.am) = a662e6fd841420110c02f85923d022919135be82 +SHA1 (faad2-2.9.0.tar.gz) = 0c39dd1362288f372211cdbc053748569a9cb2ea +RMD160 (faad2-2.9.0.tar.gz) = 6a6576fb640daba2cb4754ade1d2b8834b8766e5 +SHA512 (faad2-2.9.0.tar.gz) = 1756b2672f9e438a56b11160ddc77fc721d85860eaa325a3ff01b51a2524baf4c1c61068a97cbc4e99d47e7643f10e1d6afb997eede3295b44551fe4661fb5dc +Size (faad2-2.9.0.tar.gz) = 802390 bytes SHA1 (patch-configure.ac) = ed9d4e9d611d27d4add86884996a8e7fc001bc90 -SHA1 (patch-frontend_Makefile.am) = ab3369e67fb5f2842076fb698819936473440de9 +SHA1 (patch-frontend_Makefile.am) = 32c8bede5773b2cb97777951b1a18366b4e10e3d SHA1 (patch-frontend_getopt.c) = 3eaf3e8318887eca49e354696cad1bd2c5bf5504 -SHA1 (patch-frontend_mp4read.c) = 235d69a310bb2cb52cf62479e9254c1d3eb9cef9 +SHA1 (patch-frontend_mp4read.c) = a72c20b69428809caf328850fd70a13ba5c82d41 SHA1 (patch-libfaad_Makefile.am) = 4d3b92f54d998bd577641f49e88d0c8bc38f963c -SHA1 (patch-libfaad_bits.c) = bc21ea92f62a7facbf70df3fe85b852e625efc1c SHA1 (patch-libfaad_common.h) = 60eccd8aebeb085760d6866f83ff5a613197918f SHA1 (patch-plugins_xmms_src_Makefile.am) = 4ba1dfefe1e351830ee990c711af6ac46db42c14 SHA1 (patch-plugins_xmms_src_libmp4.c) = 7c6cd667999aab36efc9d713cf967c01b01916bf diff --git a/audio/faad2/patches/patch-CVE-2018-20194 b/audio/faad2/patches/patch-CVE-2018-20194 deleted file mode 100644 index 04f2c4116d5..00000000000 --- a/audio/faad2/patches/patch-CVE-2018-20194 +++ /dev/null @@ -1,59 +0,0 @@ -$NetBSD: patch-CVE-2018-20194,v 1.1 2019/07/11 09:03:35 nia Exp $ - -user passed f_table_lim contains frequency band borders. Frequency -bands are groups of consecutive QMF channels. This means that their -bounds, as provided by f_table_lim, should never exceed MAX_M (maximum -number of QMF channels). c.f. ISO/IEC 14496-3:2001 - -FAAD2 does not verify this, leading to security issues when -processing files defining f_table_lim with values > MAX_M. - -This patch sanitizes the values of f_table_lim so that they can be safely -used as index for Q_M_lim and G_lim arrays. - -Fixes CVE-2018-20194. - -Upstream commit: -https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3.patch - ---- libfaad/sbr_hfadj.c.orig 2017-07-06 19:16:40.000000000 +0000 -+++ libfaad/sbr_hfadj.c -@@ -485,6 +485,12 @@ static void calculate_gain(sbr_info *sbr - ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k]; - ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1]; - -+ if (ml1 > MAX_M) -+ ml1 = MAX_M; -+ -+ if (ml2 > MAX_M) -+ ml2 = MAX_M; -+ - - /* calculate the accumulated E_orig and E_curr over the limiter band */ - for (m = ml1; m < ml2; m++) -@@ -949,6 +955,12 @@ static void calculate_gain(sbr_info *sbr - ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k]; - ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1]; - -+ if (ml1 > MAX_M) -+ ml1 = MAX_M; -+ -+ if (ml2 > MAX_M) -+ ml2 = MAX_M; -+ - - /* calculate the accumulated E_orig and E_curr over the limiter band */ - for (m = ml1; m < ml2; m++) -@@ -1193,6 +1205,12 @@ static void calculate_gain(sbr_info *sbr - ml1 = sbr->f_table_lim[sbr->bs_limiter_bands][k]; - ml2 = sbr->f_table_lim[sbr->bs_limiter_bands][k+1]; - -+ if (ml1 > MAX_M) -+ ml1 = MAX_M; -+ -+ if (ml2 > MAX_M) -+ ml2 = MAX_M; -+ - - /* calculate the accumulated E_orig and E_curr over the limiter band */ - for (m = ml1; m < ml2; m++) diff --git a/audio/faad2/patches/patch-CVE-2018-20362 b/audio/faad2/patches/patch-CVE-2018-20362 deleted file mode 100644 index 4a2548a75bb..00000000000 --- a/audio/faad2/patches/patch-CVE-2018-20362 +++ /dev/null @@ -1,63 +0,0 @@ -$NetBSD: patch-CVE-2018-20362,v 1.1 2019/07/11 09:03:35 nia Exp $ - -Implicit channel mapping reconfiguration is explicitely forbidden by -ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such -files and reject them. FAAD2 does not perform any kind of checks -regarding this. - -This leads to security vulnerabilities when processing crafted AAC -files performing such reconfigurations. - -Add checks to decode_sce_lfe and decode_cpe to make sure such -inconsistencies are detected as early as possible. - -These checks first read hDecoder->frame: if this is not the first -frame then we make sure that the syntax element at the same position -in the previous frame also had element_id id_syn_ele. If not, return -21 as this is a fatal file structure issue. - -This patch addresses CVE-2018-20362 and possibly other related issues. - -Upstream commit: -https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14.patch - -Buffer overflow fix, no CVE, upstream commit: -https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174.patch - ---- libfaad/syntax.c.orig 2017-10-30 17:44:16.000000000 +0000 -+++ libfaad/syntax.c -@@ -344,6 +344,12 @@ static void decode_sce_lfe(NeAACDecStruc - can become 2 when some form of Parametric Stereo coding is used - */ - -+ if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) { -+ /* element inconsistency */ -+ hInfo->error = 21; -+ return; -+ } -+ - /* save the syntax element id */ - hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele; - -@@ -395,6 +401,12 @@ static void decode_cpe(NeAACDecStruct *h - return; - } - -+ if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) { -+ /* element inconsistency */ -+ hInfo->error = 21; -+ return; -+ } -+ - /* save the syntax element id */ - hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele; - -@@ -2292,6 +2304,8 @@ static uint8_t excluded_channels(bitfile - while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld - DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1) - { -+ if (i >= MAX_CHANNELS - num_excl_chan - 7) -+ return n; - for (i = num_excl_chan; i < num_excl_chan+7; i++) - { - drc->exclude_mask[i] = faad_get1bit(ld diff --git a/audio/faad2/patches/patch-common_mp4ff_Makefile.am b/audio/faad2/patches/patch-common_mp4ff_Makefile.am deleted file mode 100644 index a90b6d15521..00000000000 --- a/audio/faad2/patches/patch-common_mp4ff_Makefile.am +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-common_mp4ff_Makefile.am,v 1.1 2017/07/23 16:09:17 adam Exp $ - -Install libmp4ff; needed for audio/xmms-faad. - ---- common/mp4ff/Makefile.am.orig 2017-07-17 12:04:02.000000000 +0000 -+++ common/mp4ff/Makefile.am -@@ -1,7 +1,8 @@ --noinst_LIBRARIES = libmp4ff.a --noinst_HEADERS = mp4ff.h mp4ffint.h -+lib_LTLIBRARIES = libmp4ff.la -+include_HEADERS = mp4ff.h mp4ffint.h - --libmp4ff_a_CFLAGS = -DUSE_TAGGING=1 -+libmp4ff_la_CFLAGS = -DUSE_TAGGING=1 - --libmp4ff_a_SOURCES = mp4ff.c mp4atom.c mp4meta.c mp4sample.c mp4util.c \ -- mp4tagupdate.c mp4ff.h mp4ffint.h -+libmp4ff_la_SOURCES = mp4ff.c mp4atom.c mp4meta.c mp4sample.c mp4util.c \ -+ mp4tagupdate.c -+libmp4ff_la_INCLUDES= mp4ff.h mp4ffint.h diff --git a/audio/faad2/patches/patch-frontend_Makefile.am b/audio/faad2/patches/patch-frontend_Makefile.am index 293342cb760..ee1c8c123b7 100644 --- a/audio/faad2/patches/patch-frontend_Makefile.am +++ b/audio/faad2/patches/patch-frontend_Makefile.am @@ -1,20 +1,11 @@ -$NetBSD: patch-frontend_Makefile.am,v 1.3 2019/06/05 06:07:27 nia Exp $ +$NetBSD: patch-frontend_Makefile.am,v 1.4 2019/09/14 13:34:06 nia Exp $ -Use correct sources. - ---- frontend/Makefile.am.orig 2017-12-17 19:51:26.000000000 +0000 +--- frontend/Makefile.am.orig 2019-09-09 10:28:33.000000000 +0000 +++ frontend/Makefile.am -@@ -1,10 +1,11 @@ +@@ -1,5 +1,5 @@ bin_PROGRAMS = faad -dist_man1_MANS = faad.man +dist_man1_MANS = faad.1 AM_CPPFLAGS = -I$(top_srcdir)/include - faad_LDADD = $(top_builddir)/libfaad/libfaad.la - --faad_SOURCES = mp4read.c audio.c main.c audio.h mp4read.h unicode_support.c unicode_support.h -+faad_SOURCES = mp4read.c audio.c main.c unicode_support.c -+faad_INCLUDES = audio.h mp4read.h unicode_support.h - - EXTRA_faad_SOURCES = getopt.c diff --git a/audio/faad2/patches/patch-frontend_mp4read.c b/audio/faad2/patches/patch-frontend_mp4read.c index 297fcc54aad..af9e8971691 100644 --- a/audio/faad2/patches/patch-frontend_mp4read.c +++ b/audio/faad2/patches/patch-frontend_mp4read.c @@ -1,20 +1,19 @@ -$NetBSD: patch-frontend_mp4read.c,v 1.2 2019/06/05 06:07:27 nia Exp $ +$NetBSD: patch-frontend_mp4read.c,v 1.3 2019/09/14 13:34:06 nia Exp $ -Do not re-define bswap32() and bswap16(). +Avoid conflicting with NetBSD libc. ---- frontend/mp4read.c.orig 2017-12-17 11:18:43.000000000 +0000 +--- frontend/mp4read.c.orig 2019-09-09 10:28:33.000000000 +0000 +++ frontend/mp4read.c -@@ -46,6 +46,8 @@ mp4config_t mp4config = { 0 }; +@@ -46,6 +46,7 @@ mp4config_t mp4config = { 0 }; static FILE *g_fin = NULL; -+#include "config.h" -+#ifndef HAVE_SYS_ENDIAN_H ++#ifndef __NetBSD__ static inline uint32_t bswap32(const uint32_t u32) { #ifndef WORDS_BIGENDIAN -@@ -71,6 +73,7 @@ static inline uint16_t bswap16(const uin - return u16; +@@ -75,6 +76,7 @@ static inline uint16_t bswap16(const uin + return u16; #endif } +#endif diff --git a/audio/faad2/patches/patch-libfaad_bits.c b/audio/faad2/patches/patch-libfaad_bits.c deleted file mode 100644 index b0c6dae1d58..00000000000 --- a/audio/faad2/patches/patch-libfaad_bits.c +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-libfaad_bits.c,v 1.1 2019/07/11 09:03:35 nia Exp $ - -Fix a potential buffer overflow. - -Upstream commit: -https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174.patch - ---- libfaad/bits.c.orig 2017-07-06 19:16:40.000000000 +0000 -+++ libfaad/bits.c -@@ -167,7 +167,10 @@ void faad_resetbits(bitfile *ld, int bit - int words = bits >> 5; - int remainder = bits & 0x1F; - -- ld->bytes_left = ld->buffer_size - words*4; -+ if (ld->buffer_size < words * 4) -+ ld->bytes_left = 0; -+ else -+ ld->bytes_left = ld->buffer_size - words*4; - - if (ld->bytes_left >= 4) - { |