Re: UPDATE: libsndfile

Thanks for the fix, and sorry for the delay. On Apr 23 14:40:04, b...@comstyle.com wrote: > A bug fix from upstream.. > gsm610: Fix signed integer overflow On each of current/{amd64, arm64, armv7} it builds, runs, and does not break this: sox -c 1 -b 8 -r 8000 -n file.wav synth 5 sin

Re: UPDATE: libsndfile

This is OK sthen@ Jan please let us know if you are not able to review, so we don't need to wait around :) On 2022/04/23 14:40, Brad Smith wrote: > A bug fix from upstream.. > > gsm610: Fix signed integer overflow > > > Index: Makefile >

Re: UPDATE: libsndfile 1.1.0beta2

I have committed this. Jan, do you want to stay listed as maintainer? On 2022/03/29 08:46, Stuart Henderson wrote: > CC'ing MAINTAINER, any comments? > > On 2022/03/28 23:54, Brad Smith wrote: > > On Thu, Mar 17, 2022 at 01:40:12AM -0400, Brad Smith wrote: > > > Here is an update to

Re: UPDATE: libsndfile 1.1.0beta2

CC'ing MAINTAINER, any comments? On 2022/03/28 23:54, Brad Smith wrote: > On Thu, Mar 17, 2022 at 01:40:12AM -0400, Brad Smith wrote: > > Here is an update to libsndfile 1.1.0beta2, plus two other fixes since the > > release. > > > > There are more security related bug fixes that have gone in

Re: UPDATE: libsndfile 1.0.31

ping. On 2/19/2021 8:48 PM, Brad Smith wrote: Here is an update to libsndfile 1.0.31. Index: Makefile === RCS file: /home/cvs/ports/audio/libsndfile/Makefile,v retrieving revision 1.35 diff -u -p -u -p -r1.35 Makefile ---

UPDATE: libsndfile 1.0.31

Here is an update to libsndfile 1.0.31. Index: Makefile === RCS file: /home/cvs/ports/audio/libsndfile/Makefile,v retrieving revision 1.35 diff -u -p -u -p -r1.35 Makefile --- Makefile13 Feb 2021 06:31:07 - 1.35 +++

UPDATE: libsndfile

Some further fixes for libsndfile.. - Improve handling of SMPL chunks in WAV files. - Fix use of uninitialized value in endswap_int64_t_array. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25366 Index: Makefile === RCS

Re: UPDATE: libsndfile 1.0.30 - CVE

ping. On 12/25/2020 1:02 AM, Brad Smith wrote: On Sat, Oct 31, 2020 at 01:26:50AM -0400, Brad Smith wrote: Here is an update to libsndfile 1.0.30. CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832. Here is an updated diff with..

Re: UPDATE: libsndfile 1.0.30 - CVE

On Sat, Oct 31, 2020 at 01:26:50AM -0400, Brad Smith wrote: > Here is an update to libsndfile 1.0.30. > > CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, > CVE-2018-19662, > CVE-2018-19758 and CVE-2019-3832. Here is an updated diff with.. - updated HOMEPAGE Some fixes for .. -

Re: UPDATE: libsndfile 1.0.30 - CVE

On 11/11/2020 2:38 PM, Jan Stary wrote: On Oct 31 01:26:50, b...@comstyle.com wrote: Here is an update to libsndfile 1.0.30. Thanks for the diff, and sorry for the delay. (Real life interferes quite a bit around here.) The port as updated by this diff basically works; please see comments

Re: UPDATE: libsndfile 1.0.30 - CVE

> > +MODULES= devel/cmake > > AFAIU, it still supports the autoconf build. > Is there any specific reason you are switching to cmake? > It seem to pull in a number of py3-* build dependencies, > including stuff like py3-babel and py3-imagesize and ninja ... > > Much as I hate the autotools, it

Re: UPDATE: libsndfile 1.0.30 - CVE

On Oct 31 01:26:50, b...@comstyle.com wrote: > Here is an update to libsndfile 1.0.30. Thanks for the diff, and sorry for the delay. (Real life interferes quite a bit around here.) The port as updated by this diff basically works; please see comments inline. Jan > Index: Makefile >

Re: UPDATE: libsndfile 1.0.30 - CVE

ping. On 10/31/2020 1:26 AM, Brad Smith wrote: Here is an update to libsndfile 1.0.30. CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832. Index: Makefile === RCS

UPDATE: libsndfile 1.0.30 - CVE

Here is an update to libsndfile 1.0.30. CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832. Index: Makefile === RCS file: /cvs/ports/audio/libsndfile/Makefile,v

Re: update libsndfile to 1.0.28

On Sun, Mar 18 2018, Jan Stary wrote: > On Mar 13 13:08:09, j...@wxcvbn.org wrote: >> On Sun, Mar 11 2018, Jan Stary wrote: >> > This updates libsndfile to 1.0.28, the latest release. >> > Sorry for being so late; thanks to naddy@ for the nudge. >> > >> > * Add

Re: update libsndfile to 1.0.28

On Mar 13 13:08:09, j...@wxcvbn.org wrote: > On Sun, Mar 11 2018, Jan Stary wrote: > > This updates libsndfile to 1.0.28, the latest release. > > Sorry for being so late; thanks to naddy@ for the nudge. > > > > * Add explicit ./configure --options (in --help order) > > Not ok with

Re: update libsndfile to 1.0.28

On Mar 13 21:58:50, s...@spacehopper.org wrote: > On 2018/03/11 20:53, Jan Stary wrote: > > On Mar 11 13:57:13, h...@stare.cz wrote: > > > Tested on current amd64, macppc and armv7; please test everywhere. > > > > sox works fine happy with the new version > > > > Jan > > > > Lots of

Re: update libsndfile to 1.0.28

On 2018/03/13 16:16, Jan Stary wrote: > > Do you really want tests on alpha or landisk before this is > > committed? ;) > > Yes. Ha. In that case you will have *plenty* of time to test all the dependent ports :-)

Re: update libsndfile to 1.0.28

On 2018/03/11 20:53, Jan Stary wrote: > On Mar 11 13:57:13, h...@stare.cz wrote: > > Tested on current amd64, macppc and armv7; please test everywhere. > > sox works fine happy with the new version > > Jan > Lots of functions removed and the direct dependencies chain to a lot more things

Re: update libsndfile to 1.0.28

On Mar 11 13:57:13, h...@stare.cz wrote: > Tested on current amd64, macppc and armv7; please test everywhere. sox works fine happy with the new version Jan

Re: update libsndfile to 1.0.27

Jan Stary writes: > ping Committed, thanks. > On Sep 29 11:42:40, h...@stare.cz wrote: >> The diff below updates audio/libsndfile to version 1.0.27. >> The changes as summarized upstream: >> >> > * Fix an SF_INFO seekable flag regression introduced in 1.0.26. >> > * Fix

Re: update libsndfile to 1.0.27

ping On Sep 29 11:42:40, h...@stare.cz wrote: > The diff below updates audio/libsndfile to version 1.0.27. > The changes as summarized upstream: > > > * Fix an SF_INFO seekable flag regression introduced in 1.0.26. > > * Fix potential infinite loops on malformed input files. > > * Add

update libsndfile to 1.0.27

The diff below updates audio/libsndfile to version 1.0.27. The changes as summarized upstream: > * Fix an SF_INFO seekable flag regression introduced in 1.0.26. > * Fix potential infinite loops on malformed input files. > * Add string metadata read/write for CAF and RF64. > * Add handling

Re: update libsndfile to 1.0.26

On Nov 24 23:16:21, h...@stare.cz wrote: > This updates audio/libsndfile to the new release. > > * CVE-2014-9756 fixed upstream, drop the patch > * share/doc/libsndfile/pkgconfig.html removed > * man1/sndfile-salvage.1 added > > Also, upstream has accepted a complete rewrite of the manpages >

Re: update libsndfile to 1.0.26

On 2015/12/10 10:39, Jan Stary wrote: > On Nov 24 23:16:21, h...@stare.cz wrote: > > This updates audio/libsndfile to the new release. > > > > * CVE-2014-9756 fixed upstream, drop the patch > > * share/doc/libsndfile/pkgconfig.html removed > > * man1/sndfile-salvage.1 added > > > > Also,

Re: update libsndfile to 1.0.26

On 2015/11/25 08:27, Jan Stary wrote: > On Nov 24 23:16:21, h...@stare.cz wrote: > > Tested on amd64, i386 and armv7. > > Please re-test everywhere. > > Also, I only tested the sndfile-* binaries and audio/sox > - please test your favourite audio applications using sndfile, too. > > Jan >

Re: update libsndfile to 1.0.26

On 2015/11/25 10:29, Stuart Henderson wrote: > On 2015/11/25 08:27, Jan Stary wrote: > > On Nov 24 23:16:21, h...@stare.cz wrote: > > > Tested on amd64, i386 and armv7. > > > Please re-test everywhere. > > > > Also, I only tested the sndfile-* binaries and audio/sox > > - please test your

Re: update libsndfile to 1.0.26

On Nov 25 10:54:43, st...@openbsd.org wrote: > There are a number of test failures on macppc, though they occur in > the existing version too so I don't think they should block the update > but might be worth talking to upstream about. Thanks, I will dig up my old MacMini and look into this.

update libsndfile to 1.0.26

This updates audio/libsndfile to the new release. * CVE-2014-9756 fixed upstream, drop the patch * share/doc/libsndfile/pkgconfig.html removed * man1/sndfile-salvage.1 added Also, upstream has accepted a complete rewrite of the manpages into mdoc(7). Thanks to schwarze and jmc for the guidance.

Re: update libsndfile to 1.0.26

On Nov 24 23:16:21, h...@stare.cz wrote: > Tested on amd64, i386 and armv7. > Please re-test everywhere. Also, I only tested the sndfile-* binaries and audio/sox - please test your favourite audio applications using sndfile, too. Jan

Re: update libsndfile to 1.0.26

Looks like the newest heap based overflow vulnerability is also patched with this. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7805 POC: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/ Thanks. I hope I didn't bother you too much, (and erik the developer). I will

Re: update libsndfile to 1.0.26

On Nov 25 05:47:53, mich...@codesand.org wrote: > Looks like the newest heap based overflow vulnerability is also > patched with this. > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7805 > POC: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/ Yes; I forgot to

[UPDATE] libsndfile-1.0.24 (Was: audio/libsndfile without FLAC, Ogg and Vorbis)

On Tue, 12 Apr 2011, Christian Weisgerber wrote: David Coppa dco...@gmail.com wrote: Does anybody remember why audio/libsndfile is built using --disable-external-libs ? IIRC, we wanted to avoid the dependencies to keep things small and simple. The following diff updates libsndfile to