Next | Query returned 86 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:

   2017-09-08 10:50:23 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated mpg123 to 1.25.5.

- Avoid another buffer read overflow in the ID3 parser on 32 bit platforms
  (bug 254).

- Better configure checks for i?86-apple-darwin (bug 253).
- libmpg123:
-- Prevent harmless call to memcpy(NULL, NULL, 0).
-- More early checking of ID3v2 encoding values to avoid bogus text being

- libmpg123:
-- Better checks for xrpnt overflow in III_dequantize_sample() before each
   use, avoiding false positives and catching cases that were rendered
   harmless by alignment-enlarged buffers.
   2017-07-14 07:46:47 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
mpg123: update to 1.25.2


- libmpg123:
-- Extend pow tables for layer III to properly handle files with i-stereo and
   5-bit scalefactors. Never observed them for real, just as fuzzed input to
   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
   calling remote denial of service. While the accesses are out of bounds for
   the pow tables, they still are safely within libmpg123's memory (other
   static tables). Just wrong values are used for computation, no actual crash
   unless you use something like GCC's AddressSanitizer, nor any information
-- Avoid left-shifts of negative integers in layer I decoding.

1.25.1: Hot Fuzz
- libmpg123:
-- Avoid memset(NULL, 0, 0) to calm down the paranoid.
-- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
   offset from the frame flag bytes (unnoticed in practice for a long
   time). Fuzzers are in the house again. This one got CVE-2017-10683.
-- Avoid a mostly harmless conditional jump depending on uninitialised
   fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
-- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
   never right in theory). Code might be a bit faster now, even.
   Thanks to Agostino Sarubbo for reporting.

1.25.0: MP3 now patent-free worldwide!
- Silence test for artsc-config if it is not there.
- Make sure -static-libgcc from LDFLAGS gets through libtool,
  fixing 32 bit Windows builds (depend on libgcc DLL otherwise).
- Fix build with non-GNU make by using plain rm -f instead of silly $(RM)
  in libout123/modules makefile fragment.
- Make build work on iOS, including coreaudio backend.
- libmpg123:
-- Finally provide position-independent code for x86 with assembly
   optimisations.The textrels are gone thanks to Won Kyu Park and Taihei Momma.
-- Clarify some license language in files descending from the original MMX
-- Fix return value overflow check for MPG123_BUFFERFILL.
-- Introduced mpg123_getformat2() to enable the FORMAT command
   for the generic control not stealing MPG123_NEW_FORMAT from the main
   playback loop. The sequence LOADPAUSED-FORMAT-PAUSE (play) is supposed
   to work now.
-- Enable aarch64 optimisations on *BSD by default, too. You can always
   override that stupid OS whitelist using --with-optimization, anyway.
-- Use of the i486 decoder is now discouraged more prominently, in configure
- out123: Fix stupid crash with verbose mode and tone generation (print
  the string if the pointer is non-null, not if it is null).
- libout123: More consistent error messages for dynamic and legacy
  (built-in) modules. Namely, you get a hint how if you choose a different
  module than the built-in ones for a static libout123.
   2017-04-16 10:12:27 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
- Avoid repeating genre in metadata printout for specifications like
  (144)Thrash Metal.
- In remote control mode, only enforce --quiet if no verbosity was required.
- Prevent --loop and --shuffle or --random from messing with the remote
  control LOADLIST command (printout of the list would loop without reason).
- Fix the mpg123 command (esp. our provided binaries on Windows) to now find
  modules again relative to the executable directory, not the current working
  directory. This was a regression in 1.23 and might be security-relevant if
  you called mpg123 in working directories with untrusted content.
  Note that mpg123 1.23 looked for modules relative to the current working
  directory only if the installation prefix for modules did not exist.
  So, usage on an intact installation (with /usr/lib/mpg123 or the like) was
  safe. Nevertheless this new version fixes the search to be relative to the
  binary path as it was with 1.22 and before.
- At least consistent behaviour of playlist code in the face of looping.
  Looping is about individual tracks, always. They are looped also in random
  mode. Jumping (prev/next keys) is between tracks and resets the loop counter.
  The display of currently playing track in the playlist is fixed for random
  and looped play now (bug 198).
- Looping is now mentioned for a to-be-repeated track with --verbose.
- Move some compiler nagging from --enable-debug to --enable-nagging, fix up
  some new build failures by adding some pesky feature test macros.
- Try not to pollute the terminal buffer with old progress bars in inverse
  video. Only the currently live one shall be seen. That one is pretty. The
  others are not.
- Using plain dlopen()/LoadLibrary() for opening modules instead of libltdl.
  This also means that --with-module-suffix is gone in configure.
- Windows builds only work when Unicode support is there (older than Windows
  2000/XP will definitely not work anymore).
- The out123 tool now features tone generation, with a mix of differing
  wave patterns. Makes sense to be able to test the audio output by itself,
  and it's fun. See --wave-freq and related parameters.
- libmpg123 version 43:
-- Add flags MPG123_NO_PEEK_END and MPG123_FORCE_SEEKABLE, as suggested
   by Bent Bisballe Nyeng.
-- Build fix for MSVC (consistent definition of ssize_t, spotted by manx,
   bug 243).
-- Build fix for --with-cpu=ppc_nofpu (thanks to Michael Kostylev, bug 244).
-- Add asm optimized MSVC++ Win32|x64 and UWP|x64 builds
-- Remove old, broken MSVC++ builds
- libout123 version 2:
-- Added OUT123_BINDIR.
-- New search order for output plugin directory: MPG123_MODDIR, or (relative
   to executable directory OUT123_BINDIR) ../lib/mpg123, plugins
   libout123/modules/.libs, libout123/modules, ../libout123/modules/.libs,
   ../libout123/modules, and at last the installation prefix $libdir/mpg213/.
   This shall ensure that a build inside a source tree does not try to use old
   modules from the system prefix. The normal libtool wrapper deals with the
   shared libout123 or libmpg123 only, not modules.
   Note that if you set MPG123_MODDIR to a non-existing directory, no modules
   will be found (earlier versions fell back to other choices).
-- The OUT123_NAME parameter is now copied by out123_param_from(), as is
   the newly added OUT123_BINDIR.
-- Coreaudio: Use AudioComponents API on OSX >= 10.6 (thanks to Michael Weiser).
-- Coreaudio: Fix behaviour of out123_drop(), not killing the output anymore
   without re-opening the device (bug 236, thanks to Taihei for the fix).
   2016-12-23 14:50:03 by Sebastian Wiedenroth | Files touched by this commit (1)
Log message:
use c99 to fix build on SunOS
   2016-12-18 23:58:35 by Adam Ciarcinski | Files touched by this commit (9)
Log message:
Changes 1.23.8:
- Fix long-standing bad memory read (via integer underflow) in ID3 parser
  for crafted ID3v2 tags with tiny size information
   2015-11-04 18:41:21 by Alistair G. Crooks | Files touched by this commit (78)
Log message:
Remove duplicate SHA512 digests that crept in.
   2015-11-03 02:12:56 by Alistair G. Crooks | Files touched by this commit (409)
Log message:
Add SHA512 digests for distfiles for audio category

Problems found with existing distfiles:
No changes made to these file.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-10-18 17:07:06 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.22.4:
- Fix stupid regression introduced with a bugfix in 1.14.1 to make
  free format streams work again. It took 3 years for someone to notice.
  I added a regression test for that now!
   2015-07-20 19:30:33 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
Changes 1.22.2
- Fix buffering for funny sample formats (namely, 24 bit), that do not
  fit nicely into 32768 bytes. Effect was a nasty endless loop where
  mpg123 needs to be externally killed.

Changes 1.22.1
- Fix mpg123-id3dump when writing images with funny (manipulated) MIME type.
  Stupid mistake in length computation of the fallback file extension caused
  junk from memory being appended to the filename if the pointer size
  is less than 64 bit. For 64 bit pointers (or longer) it was correct by
- Fix pedantic build by cleaning up out123 source, also now really showing
  the encoding list in --longhelp instead of possibly, again, writing junk
  from memory in there.
- Not linking libmpg123 against libltdl anymore (bug 215).
- Update MSVC++ ports a bit to make them work again.
   2014-11-20 14:07:12 by Makoto Fujiwara | Files touched by this commit (4) | Package updated
Log message:
Based on PR pkg/49405
  Update mpg123*  from 1.19.0 to 1.21.0
  Add comment to patch-ad
Tks wiz@ and obache@ for review.x
- Use LL as shortcut for LOADLIST remote command, L is taken already (bug 210).
- Less namespace pollution (MPG123_EXPORT in header instead of EXPORT, bug 212).

- Make feed reader more efficient when skipping junk by early
  discarding of data from buffers to avoid re-parsing.

- Added NEON optimized decoder for AArch64 (ARM 64bit environment)
- enabled for --with-cpu=neon64 (NEON only) or --with-cpu=aarch64
  (runtime switch between neon and generic_fpu, like arm_fpu)
- compatible with aarch64-linux-gnu toolchains (from Ubuntu, debian) and Xcode 5
- Added new binary out123 only with the audio output part of mpg123.
  This is a precursor to separating out said code into a simple audio
  output library. It also allows plugging in some processing in a pipe
  before feeding to output.
- Prevent opendir(NULL) for unknown module directory when listing modules.
- some build fixes, among those fixing mpg123-id3dump on Windows

Next | Query returned 86 messages, browsing 11 to 20 | Previous