On 12/4/2022 4:57 PM, Brad Smith wrote:
> On 12/4/2022 3:00 PM, Stuart Henderson wrote:
>> On 2022/12/03 23:42, Brad Smith wrote:
>>> Here is an update to faad 2.10.1.
>> The previous update diffs for faad floating around had a lib dep on
>> multimedia/libmp4v2, is that not needed?
>
> Ya, I noticed that. I don't see what the purpose of enabling it is. I
> looked around
> at 8 other OS's, FreeBSD, NetBSD and some Linux OS's and none of them
> have
> it enabled. FreeBSD used to many moons ago and has since removed enabling
> it.
>
>> I have some recollection of the update breaking some other port, but
>> I forget the details. and maybe that's been fixed elsewhere by now..
>
> I copied a workaround from the FreeBSD port as part of the
> post-install target,
> but decided to go in the other direction. Only the one header is
> necessary for
> the libquicktime test.
BTW, with the 2.9.0 release..
[ Hugo Lefeuvre ]
* Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
* CVE-2019-6956: ps_dec: sanitize iid_index before mixing
* CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
* CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
* CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
* CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauzée-Luyssen ]
* CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
No comments:
Post a Comment