ALP-pool/libid3tag
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
libid3tag/libid3tag.changes

160 lines
5.5 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Mon May 9 17:01:41 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
- Update to 0.16.2
* Fix null pointer dereference in id3_ucs4_length
(boo#1081962, CVE-2017-11550)
- Drop id3_ucs4_length-sanity-check.patch. Merged upstream.
-------------------------------------------------------------------
Fri Apr 8 13:46:43 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net>
- Add id3_ucs4_length-sanity-check.patch as Patch0.
The patch helps to avoid a segfault in programs using this library,
such as minidlna and potentially others; for details see
<https://github.com/tenacityteam/libid3tag/pull/7> and
<https://github.com/tenacityteam/libid3tag/issues/6>
-------------------------------------------------------------------
Thu Dec 9 19:22:27 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 0.16.1 from maintained fork by the Tenacity Audio Editor
* Merge various outstanding patches
* Upstream pkg-config file
* Use cmake for build and install cmake files
- Drop merged fixes
* fix-build-with-gperf-3.1.diff
* libid3tag-0.15.1b-mb.diff
* libid3tag-automake-fix.dif
* libid3tag-gperf.dif
* libid3tag-noweak.dif
* libid3tag-optflags.patch
* libid3tag-unknown-encoding.patch
* libid3tag-utf16.patch
* libid3tag-visibility.patch
-------------------------------------------------------------------
Wed Feb 21 10:59:28 UTC 2018 - kbabioch@suse.com
- Added libid3tag-utf16.patch: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (CVE-2004-2779 bsc#1081959 CVE-2017-11551
bsc#1081961)
- Added libid3tag-unknown-encoding.patch: Fixed the handling of unknown
encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962
CVE-2008-2109 bsc#387731)
- Removed libid3tag-0.15.1b-fix_overflow.patch, since it is handled
differently by libid3tag-utf16.patch already.
-------------------------------------------------------------------
Wed Oct 11 08:15:53 UTC 2017 - lnussel@suse.de
- dont BuildRequire zypper to avoid unecessary dependency chain.
Check for %suse_version instead.
-------------------------------------------------------------------
Thu May 11 09:35:46 UTC 2017 - alarrosa@suse.com
- Add BuildRequires: zypper and use it to check for gperf version so
the package builds with all versions of gperf (boo#1027205)
-------------------------------------------------------------------
Wed May 10 18:52:12 UTC 2017 - alarrosa@suse.com
- Add fix-build-with-gperf-3.1.diff to fix build with gperf 3.1
which now uses size_t instead of unsigned int for the len parameter
of the hash/lookup function (boo#1027205)
-------------------------------------------------------------------
Tue Jun 16 12:18:10 UTC 2015 - mpluskal@suse.com
- Use url for source
- Add baselibs.conf as source
- Cleanup spec file with spec-cleaner
-------------------------------------------------------------------
Fri Nov 23 19:06:26 UTC 2012 - jengelh@inai.de
- Remove redundant tags/sections from specfile
- Parallel build with %_smp_mflags
- Employ shared library naming
- Have makeinstall succeed on non-SUSE
-------------------------------------------------------------------
Thu Nov 22 18:26:13 UTC 2012 - crrodriguez@opensuse.org
- libid3tag-visibility.patch: Hide all symbols that are not
part of the public API.
- spec file: DO not inject bogus dependencies into the
system via pkgconfig files.
-------------------------------------------------------------------
Sat Nov 19 20:32:46 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Tue Apr 12 17:13:49 UTC 2011 - toddrme2178@gmail.com
- Added 32bit compatibility libraries
- Added BuildRequires: pkg-config (fixes RPMLINT warning)
-------------------------------------------------------------------
Thu May 8 16:21:29 CEST 2008 - tiwai@suse.de
- VUL-0: libid3tag overflow (CVE-2008-2109, bnc#387731)
- don't install static and *.la files
- clean up spec file
-------------------------------------------------------------------
Thu Mar 29 08:26:34 CEST 2007 - meissner@suse.de
- zlib-devel to buildrequires
-------------------------------------------------------------------
Tue Oct 31 10:29:01 CET 2006 - meissner@suse.de
- fixed configure.ac to accept more than 1 -O/-f option, added
requires
-------------------------------------------------------------------
Wed Jan 25 21:37:29 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jan 11 16:47:50 CET 2006 - tiwai@suse.de
- compile with -fstack-protector.
-------------------------------------------------------------------
Mon Jul 5 22:38:34 CEST 2004 - hvogel@suse.de
- add pgkconfig file
-------------------------------------------------------------------
Thu Feb 26 12:45:36 CET 2004 - tiwai@suse.de
- updated to version 0.15.1b.
- fixed memory allocation check.
- fixed for autoreconf.
-------------------------------------------------------------------
Tue Jan 13 20:18:23 CET 2004 - tiwai@suse.de
- build as non-root.
-------------------------------------------------------------------
Mon Aug 11 16:38:43 CEST 2003 - tiwai@suse.de
- fixed the handling of v2 tag.
-------------------------------------------------------------------
Thu Jul 3 16:57:50 CEST 2003 - tiwai@suse.de
- split from mad: version 0.15.0b.
Reference in New Issue View Git Blame Copy Permalink