Just in case some bozo makes a chained stream with 272,389 links
 with 16 samples in each (coded at 16 Mbps, including overheads).
This avoids quadratic behavior for simple straight-through
 playback: we no longer do a linear search on each chain boundary
 or each call to op_pcm_tell().
N seeks with M chains still requires O(N*log(M)) work.

No code changes.

As of version 1.0.2, OpenSSL can finally do automatic hostname
 validation for us.
Their implementation is likely to have received much better review
 than ours, and there are other good reasons to prefer it, so use it
 when we can.

RFC 6125 says that if the host is an IP address, a subjectAltName of
 type iPAddress must (no 2119 caps) be present and must be used.
We would still fall back to checking the Common Name if no
 subjectAltName was present.

https://marc.info/?l=openssl-dev&m=139617145216047&w=2 interprets
 RFC 6125 to say that if the host is a DNS name, but the certificate
 only contains a subjectAltName of type iPAddress, then we should
 still fall back to checking the Common Name.
We would only check the Common Name if there was no subjectAltName
 of any type.

Restructure the hostname validation to check IP addresses up-front
 and fall back to checking the Common Name in the proper cases.

sezero authored 8 years ago and Timothy B. Terriberry committed 8 years ago

If, e.g. using a differently configured config_types.h with a long
vs. int conflict in the int32 typedef, this would have resulted in
a build failure.

Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>

eroen authored 8 years ago and Timothy B. Terriberry committed 8 years ago

This fixes a build failure from undefined references to ASN1_STRING_data in
libopusurl.so.

ASN1_STRING_data is deprecated in openssl-1.1.0. The new ASN1_STRING_get0_data
is identical, except the returned string may not be modified, which we don't
do anyway.

Also include missing asn1.h header to silence compiler warnings.

X-Gentoo-Bug: 592456
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=592456

The fedora docker images ship without the necessary metadata
to reconstruct rpm packages from installed data, so attempting
to download delta rpm packages when updating the system just
wastes time and bandwidth.

Commit d0c82543 broke builds
with --enable-assertions with error: 'tag_len' undeclared.

Fixing the simple typo in the symbol reference resolves the issue.

The file in the parent directory was renamed; change the
reference in the Makefile as well.

Latest stable release.

Build against latest stable upstream release.

Different distributions of doxygen have different default
values of HAVE_DOT setting, so we need to pick a specific
setting to avoid 'missing dot' warnings on some platforms.

Doxygen uses it to generate inclusion graphs for our various
header files, which is somewhat useful, but not essential.
We therefore enable dot if it's present (usually through
the parent graphviz package) but disable it if it's not
available, silencing the warning, but not giving uniform
results.

Chocobo1 authored 8 years ago and Timothy B. Terriberry committed 8 years ago

Adopt markdown format

Some of these pointed to real potential overflows (given arbitrary
 inputs by the calling application).
I was sad about stripping const qualifiers from the struct addrinfo
 pointers, but MSVC seems to erroneously think that an array of
 pointers to constant data is itself a pointer to constant data (or
 maybe that it is not compatible with a const void *?), and
 converting the memmove()s to for loops triggered an erroneous
 warning about out-of-bounds array accesses in gcc (but on only one
 of the two identical loops).

The dependency isn't needed in this case, and it speeds up
the test considerably.

Signed-off-by: Ralph Giles <giles@thaumas.net>

Using a custom config.h isn't enough, since additional libs have to
be available whether OP_ENABLE_HTTP is defined or not.

Don't bother compiling OpenSSL in Appveyor in this one.

Signed-off-by: Ralph Giles <giles@thaumas.net>

Signed-off-by: Ralph Giles <giles@thaumas.net>

Stable branch used because master is on 1.1.x which doesn't work.

Signed-off-by: Ralph Giles <giles@thaumas.net>

Signed-off-by: Ralph Giles <giles@thaumas.net>

Signed-off-by: Ralph Giles <giles@thaumas.net>

Signed-off-by: Ralph Giles <giles@thaumas.net>

Signed-off-by: Ralph Giles <giles@thaumas.net>

It seems we have to run this on ubuntu trusty images to satisfy
the libopus-dev dependency, which currently requires sudo
(I think as proxy to trigger a non-docker image?) and is
therefore slower than vanilla container builds.

No public API changes.

The API and ABI is not backwards-compatible.
This is based on the prerelease version 1.1.0-pre5.
It should continue to work with older versions of OpenSSL.

Thanks to Ron Lee and the Debian project for reporting the build
 errors and testing the patch.

If the parsing fails before all comments are filled in, we will
 attempt to free any binary metadata at the position one past the
 last comment, which will be uninitialized.
Introduced in commit 0221ca95.

According to the API, you can pass in a NULL OpusTags object to
 simply check if the comment packet is valid, without storing the
 parsed results.
However, the additions to store binary metadata in commit
 0221ca95 did not check for this.

Fixes Coverity CID 149873.

In 0221ca95 the allocation result went from being stored
 directly in "_tags->user_comments[ncomments]" to being stored in
 the temporary "comment".
However, the NULL check for allocation failure was not updated to
 match.
This meant this function would almost always fail, unless you had
 added binary metadata first.

Fixes Coverity CID 149874.

This bug appears to have been present since the original code
 import.
This was a "clever" rearrangement of the control flow from the
 _fetch_and_process_packet() in vorbisfile to use a do ... while(0)
 instead of a "while(1)".
However, this also makes "continue" equivalent to "break": it does
 not actually go back to the top of the loop, because the loop
 condition is false.

This bug was harmless, because ogg_stream_pagein() then refuses to
 ingest a page with the wrong serialno, but we can simplify things
 by fixing it.
The "not strictly necessary" loop is now completely unnecessary.
The extra checks that existed in vorbisfile have all been moved to
 later in the main loop, so we can just continue that one directly,
 with no wasted work, instead of embedding a smaller loop inside.

Fixes Coverity CID 149875.

In the non-seekable case, we'll undercount some bytes at the start
 of a new link.
Still thinking about the best way to address this, but leaving a
 comment so I don't forget.