On 12/4/2022 4:57 PM, Brad Smith wrote:
On 12/4/2022 3:00 PM, Stuart Henderson wrote:
On 2022/12/03 23:42, Brad Smith wrote:
Here is an update to faad 2.10.1.
The previous update diffs for faad floating around had a lib dep on
multimedia/libmp4v2, is that not needed?
Ya, I noticed that. I don't see what the purpose of enabling it is. I
looked around
at 8 other OS's, FreeBSD, NetBSD and some Linux OS's and none of them
have
it enabled. FreeBSD used to many moons ago and has since removed enabling
it.
I have some recollection of the update breaking some other port, but
I forget the details. and maybe that's been fixed elsewhere by now..
I copied a workaround from the FreeBSD port as part of the
post-install target,
but decided to go in the other direction. Only the one header is
necessary for
the libquicktime test.
BTW, with the 2.9.0 release..
[ Hugo Lefeuvre ]
* Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
* CVE-2019-6956: ps_dec: sanitize iid_index before mixing
* CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
* CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
* CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
* CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauzée-Luyssen ]
* CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
