Next | Query returned 85 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2020-01-20 22:54:03 by Nia Alarie | Files touched by this commit (46)
Log message:
*: Remove esound support from pkgsrc

Enlightened Sound Daemon was one of the earlier solutions to the old
"multiple programs can't open /dev/audio at once" problem that was once
a thing we had to worry about.

Eventually, it was adopted as part of GNOME. GNOME lost interest in it
about a decade ago and dropped it in favour of PulseAudio, newer
applications are generally uninterested in supporting it. Last release
was in 2008 and support for newer OS APIs is pretty nonexistent.

Several years ago the original website disappeared.

https://en.wikipedia.org/wiki/Enlightened_Sound_Daemon
https://tracker.debian.org/news/999428/ … -unstable/
   2019-10-31 15:06:17 by Nia Alarie | Files touched by this commit (3) | Package updated
Log message:
mpg123: Update to 1.25.13

This is a bugfix release solely for bug 280 in the parser:

    libmpg123
        Reset the flag for having a frame to decode before trying to parse a new \ 
one. This prevents very unkind behaviour (crashes) when combinging mpg123_scan() \ 
with decoding later on for damaged streams that have a mixture of different MPEG \ 
versions.
   2019-08-31 16:24:19 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
mpg123: Update to 1.25.12

libmpg123:

    Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames \ 
(oss-fuzz-bug 15975). The earlier fix around the same location needed one \ 
thought more. Actually, another though was needed, oss-fuzz-bug 16009 documents \ 
the incomplete fix.
    Fix an invalid write of one zero byte for empty ID3v2 frames that demand \ 
de-unsyncing (oss-fuzz-bug 16050).
    Correct preprocessor syntax in mangle.h, no #error in a #define line. (bug \ 
273, thanks to nmlgc).
   2019-07-27 17:14:40 by Nia Alarie | Files touched by this commit (3) | Package updated
Log message:
mpg123: Update to 1.25.11

libmpg123:
* Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
* Fix out-of-bounds read for RVA2 frames with non-delimited identifier. \ 
(oss-fuzz-bug 15852)
* Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)
* Fix undefined parsing of APE header for skipping. Also prevent endless loop on \ 
premature end of supposed APE header. (oss-fuzz-bug 15864)
* Fix some syntax to make pedantic compiler happy.

The serious bugs trigger Denial of Service either via the nasty endless
loop in supposed APE tags or by crashes if the invalid reads hit a
diagnostic by the OS or, more likely, a security mechanism like the
sanitizer instrumentation that enabled finding the bugs.

I do not have CVE numbers for these bugs.
I rather fix the bugs than name them. Just update, will you?
   2018-07-14 19:12:56 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
mpg123: fix mpg123-pulse build failure on NetBSD/i386 8.0_RC2.

Fixes PR pkg/53433 by disabling x86 asm that causes text relocations
in libmpg123.so.  Ok'ed by martin@.
Bump PKGREVISION.
   2018-05-23 00:50:25 by Jared D. McNeill | Files touched by this commit (2)
Log message:
Enable NEON optimizations on ARM64. Bump pkg revision.
   2018-04-13 10:20:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
mpg123: updated to 1.25.10

There briefly was a 1.25.9 release which was superseeded by 1.25.10 before a \ 
public announcement. Both amount to these fixes:
libout123: Fix error messages beginning from OUT123_ARG_ERROR (bug 261).
mpg123: Fix --icy-interval handling to work with stream from stdin. (curl | \ 
mpg123 --icy-interval=n -)
libmpg123: Fix another invalid read and segfault on damaged (fuzzed) files with \ 
part2_3_length == 0 (set maxband=1, pulled from upcoming 1.26.0).
   2017-12-14 12:42:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
mpg123: updated to 1.25.8

1.25.8
------
- mpg123:
-- Also disable cursor/video games for empty TERM (not just unset and dumb).
- libmpg123:
-- Accept changing mode extension bits when looking for next header for
   detecting free-format streams (bug 257).
-- Fix compute_bpf() for free format streams (needed to estimate track
   length and working fuzzy seeking in absence of an Info tag).
   2017-10-24 20:02:50 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
mpg123: updated to 1.25.7

1.25.7
------
- mpg123:
-- Do not play with cursor and inverse video for progress bar
   when TERM=dumb.
-- Fix parsing of host port for numerical IPv6 addresses (just did
   not work before, only for textual host names).
- libmpg123:
-- Proper fix for the xrpnt overflow problems by correctly
   initialising certain tables for MPEG 2.x layer III. The checks that
   catch the resulting overflow are still in place, but likely superfluous
   now. Note that this means certain valid files would have been misdecoded
   before, if anyone actually produced them. Thanks to Robert Hegemann for
   the fix!
-- Silently handle granules with part2_3_length == 0, but
   scalefac_compress != 0 (ignore the latter).
   2017-09-08 10:50:23 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated mpg123 to 1.25.5.

1.25.5
------
- Avoid another buffer read overflow in the ID3 parser on 32 bit platforms
  (bug 254).

1.25.4
------
- Better configure checks for i?86-apple-darwin (bug 253).
- libmpg123:
-- Prevent harmless call to memcpy(NULL, NULL, 0).
-- More early checking of ID3v2 encoding values to avoid bogus text being
   stored.

1.25.3
------
- libmpg123:
-- Better checks for xrpnt overflow in III_dequantize_sample() before each
   use, avoiding false positives and catching cases that were rendered
   harmless by alignment-enlarged buffers.

Next | Query returned 85 messages, browsing 1 to 10 | Previous