------------------------------------------------------------------- Thu May 4 11:06:48 UTC 2023 - Dominique Leuenberger - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ------------------------------------------------------------------- Mon Mar 13 08:28:53 UTC 2023 - Martin Pluskal - Build AVX2 enabled hwcaps library for x86_64-v3 - Small spec file cleanup ------------------------------------------------------------------- Wed Jun 15 13:55:43 UTC 2022 - Callum Farmer - Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error ------------------------------------------------------------------- Fri Jul 10 10:14:43 UTC 2020 - Martin Hauke - Update to version 1.3.7 * Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read encoding very low sample rates * Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates. * Fix handling invalid bytes per sample arguments. * Fix handling invalid channel count arguments. * Fix invalid free on seek failure. * Fix negative shift reading blocksize. * Fix accepting unreasonable float32 values. * Fix tag comparison depending on locale. * Fix unnecessarily linking libm. * Fix memory leak in test_sharedbook. * Distribute CMake build files with the source package. * Remove unnecessary configure --target switch. * Add OSS-Fuzz support. * Build system and integration updates. - Drop not longer needed patches (fixed by upstream): * vorbis-CVE-2017-14160.patch * vorbis-CVE-2018-10392.patch * vorbis-CVE-2018-10393.patch - Add source verification ------------------------------------------------------------------- Tue Jun 5 11:37:54 CEST 2018 - tiwai@suse.de - Replace vorbis-CVE-2017-14160.patch with the upstream fix (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch - Fix the validation of channels in mapping0_forward() (CVE-2018-10392, bsc#1091070): vorbis-CVE-2018-10392.patch ------------------------------------------------------------------- Thu May 3 15:56:28 CEST 2018 - tiwai@suse.de - Fix out-of-bounds access inside bark_noise_hybridmp function (CVE-2017-14160, bsc#1059812): downstream fix: vorbis-CVE-2017-14160.patch - Fix stack-basedbuffer over-read in bark_noise_hybridm (CVE-2018-10393, bsc#1091072): downstream fix: vorbis-CVE-2018-10393.patch ------------------------------------------------------------------- Sat Mar 17 14:54:44 CET 2018 - tiwai@suse.de - Split libvorbis-doc subpackage to a separate spec file for reducing the dependencies ------------------------------------------------------------------- Fri Mar 16 22:12:35 CET 2018 - tiwai@suse.de - Update to version 1.3.6: * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes - Build documents with doxygen, and many tex stuff; this requires to disable parallel builds partially - Move COPYING to license directory - Drop obsoleted patches: vorbis-fix-linking.patch 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch libvorbis-CVE-2018-5146.patch ------------------------------------------------------------------- Fri Mar 16 20:02:45 CET 2018 - tiwai@suse.de - Fix VUL-0: libvorbis: Out of bounds memory write while processing Vorbis audio data (CVE-2018-5146, bsc#1085687): libvorbis-CVE-2018-5146.patch ------------------------------------------------------------------- Tue Dec 19 14:32:18 CET 2017 - tiwai@suse.de - Fix VUL-0: out-of-bounds array read vulnerability exists in function mapping0_forward() (CVE-2017-14633, bsc#1059811): 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch - Fix VUL-0: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(CVE-2017-14632, bsc#1059809): 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch ------------------------------------------------------------------- Tue Nov 29 12:14:08 UTC 2016 - aloisio@gmx.com - Added 32bit libvorbis-devel in baselibs.conf ------------------------------------------------------------------- Fri Mar 6 15:23:26 UTC 2015 - mpluskal@suse.com - Cleanup spec file with spec-cleaner - Update to 1.3.5 * Tolerate single-entry codebooks. * Fix decoder crash with invalid input. * Fix encoder crash with non-positive sample rates. * Fix issues in vorbisfile's seek bisection code. * Spec errata. * Reject multiple headers of the same type. * Various build fixes and code cleanup. ------------------------------------------------------------------- Mon Aug 18 14:36:27 CEST 2014 - fcrozat@suse.com - Fix obsoletes and provides in baselibs.conf. ------------------------------------------------------------------- Sun Feb 23 19:43:16 UTC 2014 - andreas.stieger@gmx.de - Xiph libvorbis 1.3.4 * reduced static data size in libvorbisenc * associated minor changes required to libvorbis and libvorbisfile * minor build fixes and build system updates * no functional changes over the previous 1.3.3 release - removed libvorbis-pkgconfig.patch, in upstream - updated vorbis-fix-linking.patch for context changes ------------------------------------------------------------------- Tue Apr 16 06:46:59 UTC 2013 - mmeister@suse.com - Added url as source. Please see http://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Sat Mar 2 12:59:01 UTC 2013 - seife+obs@b1-systems.com - fix build with automake-1.13.1 ------------------------------------------------------------------- Wed Jun 20 15:42:24 UTC 2012 - ftake@geeko.jp - updated to 1.3.3 * vorbis: additional proofing against invalid/malicious streams in decode (see SVN for details). * vorbis: fix a memory leak in vorbis_commentheader_out(). * updates, corrections and clarifications in the Vorbis I specification document * build warning fixes ------------------------------------------------------------------- Tue Feb 21 14:32:38 CET 2012 - tiwai@suse.de - VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow (bnc#747912) ------------------------------------------------------------------- Sun Dec 25 11:09:50 UTC 2011 - idonmez@suse.com - -O20 optimization level doesn't exist, use -O3 ------------------------------------------------------------------- Fri Nov 25 21:08:52 UTC 2011 - crrodriguez@opensuse.org - open files with O_CLOEXEC, in order to avoid fd leaks when calling applications fork() ..execve()... This patch does not cover the executable tools since it is not critical for them. ------------------------------------------------------------------- Tue Nov 22 10:21:04 UTC 2011 - coolo@suse.com - add libtool as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Mon Aug 29 19:00:55 UTC 2011 - crrodriguez@opensuse.org - Fix build with no-add-needed ------------------------------------------------------------------- Thu May 5 22:56:15 CEST 2011 - dmueller@suse.de - fix provides/obsoletes in baselibs ------------------------------------------------------------------- Thu Dec 9 22:14:53 UTC 2010 - davejplater@gmail.com - Split libvorbisenc2 and libvorbisfile3 from libvorbis0 - Removed services. ------------------------------------------------------------------- Wed Dec 8 15:52:05 UTC 2010 - coolo@novell.com - fix the package split ------------------------------------------------------------------- Wed Dec 8 04:23:34 UTC 2010 - reddwarf@opensuse.org - updated to version 1.3.2 * vorbis: additional proofing against invalid/malicious streams in floor, residue, and bos/eos packet trimming code (see SVN for details). * vorbis: Added programming documentation tree for the low-level calls * vorbisfile: Correct handling of serial numbers array element [0] on non-seekable streams * vorbisenc: Back out an [old] AoTuV HF weighting that was first enabled in 1.3.0; there are a few samples where I really don't like the effect it causes. * vorbis: return correct timestamp for granule positions with high bit set. * vorbisfile: the [undocumented] half-rate decode api made no attempt to keep the pcm offset tracking consistent in seeks. Fix and add a testing mode to seeking_example.c to torture test seeking in halfrate mode. Also remove requirement that halfrate mode only work with seekable files. * vorbisfile: Fix a chaining bug in raw_seeks where seeking out of the current link would fail due to not reinitializing the decode machinery. * vorbisfile: improve seeking strategy. Reduces the necessary number of seek callbacks in an open or seek operation by well over 2/3. - updated to version 1.3.1 * tweak + minor arithmetic fix in floor1 fit * revert noise norm to conservative 1.2.3 behavior pending more listening testing - updated to versio 1.3.0 * Optimized surround support for 5.1 encoding at 44.1/48kHz * Added encoder control call to disable channel coupling * Correct an overflow bug in very low-bitrate encoding on 32 bit machines that caused inflated bitrates * Numerous API hardening, leak and build fixes * Correct bug in 22kHz compand setup that could cause a crash * Correct bug in 16kHz codebooks that could cause unstable pure tones at high bitrates - run spec-cleaner - removed libvorbis-automake-fix.diff, libvorbis-doc-fixes.diff, libvorbis-r16326-CVE-2009-3379.diff and libvorbis-r16597-CVE-2009-3379.diff (upstream fixed) - follow library packaging policy - run make check ------------------------------------------------------------------- Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de - VUL-0: libvorbis: memory corruption while parsing ogg files (bnc#608192, CVE-2009-3379) ------------------------------------------------------------------- Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de - add baselibs.conf as a source - enable parallel building - package documentation as noarch ------------------------------------------------------------------- Wed Nov 11 10:56:23 CET 2009 - tiwai@suse.de - updated to version 1.2.3: * correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page * Additional decode setup hardening against malicious streams * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h - updated to version 1.2.2: * define VENDOR and ENCODER strings * seek correctly in files bigger than 2 GB (Windows) * fix regression from CVE-2008-1420; 1.0b1 files work again * mark all tables as constant to reduce memory occupation * additional decoder hardening against malicious streams * substantially reduce amount of seeking performed by Vorbisfile * Multichannel decode bugfix * build system updates * minor specification clarifications/fixes - dropped aotuv patch temporarily ------------------------------------------------------------------- Thu Jul 23 15:28:13 CEST 2009 - tiwai@suse.de - updated to aoTuV patch version beta5.7: * including security fixes * improved encoding speed of low bitrate mode * reduced distrotion by clipping at low sampling frequency * fixed noise control part of impulse block * tuning of each part was redone * expanded noise control of the impulse block * fixed pre-echo reduction code * noise normalization reviewed * detailed tuning done again ------------------------------------------------------------------- Mon Jun 22 09:47:22 CEST 2009 - coolo@novell.com - fix build with automake 1.11 ------------------------------------------------------------------- Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Thu Nov 20 16:48:52 CET 2008 - pth@suse.de - Fix the test in libvorbis-m4.dif and adapt libvorbis-lib64.dif. ------------------------------------------------------------------- Wed May 14 16:41:31 CEST 2008 - tiwai@suse.de - VUL-0: Multiple vulnerabilities in libogg and libvorbis (bnc#372246) * CVE-2008-1419 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow * CVE-2008-1420 vorbis: integer overflow in partvals computation * CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks ------------------------------------------------------------------- Mon Apr 28 12:56:34 CEST 2008 - tiwai@suse.de - fixed dependency in *.pc files (bnc#384153) - removed old run_ldconfig ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Aug 2 12:22:21 CEST 2007 - tiwai@suse.de - updated to version 1.2.0: * new ov_fopen() convenience call that avoids the common stdio conflicts with ov_open() and MSVC runtimes. * libvorbisfile now handles multiplexed streams * improve robustness to corrupt input streams * fix a minor encoder bug * updated RTP draft * build system updates * minor corrections to the specification ------------------------------------------------------------------- Fri Jul 27 12:56:43 CEST 2007 - tiwai@suse.de - fix the documentation link (#293784) - split documentation to doc subpackage - remove -fno-strict-aliasing gcc option ------------------------------------------------------------------- Mon Jul 9 10:48:33 CEST 2007 - tiwai@suse.de - fix array boundary conditional flaw in mapping (#287124, CVE-2007-3106) ------------------------------------------------------------------- Mon Apr 23 18:06:06 CEST 2007 - tiwai@suse.de - use aoTuV beta5 patch: * The action of noise normalization has been improved. * The threshold of a stereo mode change was calculated dynamically. * Noise control of an impulse block was changed (quality 0-10 / 32-48kHz). And pre-echo decreased slightly. * Tuning of each part was redone according to above-mentioned changed part and additional part. ------------------------------------------------------------------- Mon Apr 16 15:07:19 CEST 2007 - tiwai@suse.de - follow library packaging policy * move docs to devel package * remove static library - remove obsolete m4 files ------------------------------------------------------------------- Wed Jan 25 21:37:47 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Wed Jan 11 16:46:46 CET 2006 - tiwai@suse.de - compile with -fstack-protector. ------------------------------------------------------------------- Fri Dec 2 16:03:48 CET 2005 - tiwai@suse.de - updated to version 1.1.2. ------------------------------------------------------------------- Tue Oct 18 12:25:20 CEST 2005 - tiwai@suse.de - updated to version 1.1.1. ------------------------------------------------------------------- Sun Sep 4 06:45:34 CEST 2005 - aj@suse.de - Build with -fno-strict-aliasing (#115135). ------------------------------------------------------------------- Thu Jul 7 16:20:14 CEST 2005 - tiwai@suse.de - remove -fsigned-char (#93878). - fixed Requires of devel subpackage. ------------------------------------------------------------------- Mon Jun 20 20:56:55 CEST 2005 - tiwai@suse.de - updated to aoTuV beta4. ------------------------------------------------------------------- Wed Jan 19 15:42:01 CET 2005 - tiwai@suse.de - fixed compile warnings with gcc-4.0. ------------------------------------------------------------------- Wed Nov 24 17:32:19 CET 2004 - tiwai@suse.de - updated to libvorbis version 1.1.0. - updated to aoTuV beta3. ------------------------------------------------------------------- Thu Aug 5 13:03:24 CEST 2004 - tiwai@suse.de - applied aoTuV patch to improve the encoding quality. ------------------------------------------------------------------- Fri Apr 16 12:54:41 CEST 2004 - tiwai@suse.de - fixed the type-punning. - disabled the removal of $RPM_BUILD_ROOT in %install. ------------------------------------------------------------------- Wed Jan 21 18:45:51 CET 2004 - tiwai@suse.de - fixed quoting in m4 files. ------------------------------------------------------------------- Fri Jan 9 17:47:41 CET 2004 - adrian@suse.de - add %run_ldconfig to %postun ------------------------------------------------------------------- Fri Jan 9 17:01:18 CET 2004 - tiwai@suse.de - updated to version 1.0.1. removed obsolete patches. - added pkgconfig to neededforbuild. ------------------------------------------------------------------- Sat Mar 1 18:04:02 CET 2003 - adrian@suse.de - let libvorbis-devel require libogg-devel ------------------------------------------------------------------- Fri Jan 17 17:24:33 CET 2003 - tiwai@suse.de - fixed m4 macro (bug #21267). ------------------------------------------------------------------- Thu Jan 9 18:17:59 CET 2003 - kukuk@suse.de - Add *.la files to -devel filelist ------------------------------------------------------------------- Wed Dec 4 18:14:02 CET 2002 - tiwai@suse.de - fixed the undefined weak links. - renamed m4.dif and lib64.dif with libvorbis- prefix to avoid filename conflictions. ------------------------------------------------------------------- Thu Sep 19 15:41:52 CEST 2002 - tiwai@suse.de - don't add -I/usr/include to VORBIS_VFLAGS. - fix test for prefix. - move devel documents under %{_docdir}/libvorbis-devel. ------------------------------------------------------------------- Mon Aug 12 13:40:58 CEST 2002 - tiwai@suse.de - added Requires %{name} = %{version} to devel package. ------------------------------------------------------------------- Tue Jul 23 16:49:20 CEST 2002 - tiwai@suse.de - fixed m4 file for lib64. - provides the backward compatible m4 file. ------------------------------------------------------------------- Mon Jul 22 10:46:19 CEST 2002 - tiwai@suse.de - updated to version 1.0. - clean up the spec file. - added %run_ldconfig. ------------------------------------------------------------------- Wed Jun 12 13:20:32 CEST 2002 - meissner@suse.de - rm acinclude.m4 so we don't have the problematic ogg.m4 (which contains /lib hardcoded). ------------------------------------------------------------------- Thu Apr 18 11:57:17 CEST 2002 - kukuk@suse.de - Remove additional optimization, default is better - Add --libdir to configure to build on x86_64 ------------------------------------------------------------------- Thu Feb 7 11:21:43 CET 2002 - tiwai@suse.de - fixed build on s390x. ------------------------------------------------------------------- Fri Jan 4 11:54:44 CET 2002 - tiwai@suse.de - updated to RC3. sync with cvs 2002.01.04. ------------------------------------------------------------------- Tue Dec 4 11:24:07 CET 2001 - tiwai@suse.de - sync with cvs 2001.12.04. ------------------------------------------------------------------- Wed Oct 24 17:50:32 CEST 2001 - tiwai@suse.de - sync with cvs 20011024. + fixed/updated documents + tuned up parameters + bugfixes on 64bit arch. - removed Requires to libogg. ------------------------------------------------------------------- Sat Oct 20 16:45:55 CEST 2001 - schwab@suse.de - Fix use of qsort. ------------------------------------------------------------------- Mon Aug 13 16:57:27 CEST 2001 - tiwai@suse.de - updated to 1.0rc2 from cvs 20010813. ------------------------------------------------------------------- Thu Jun 7 11:26:12 CEST 2001 - tiwai@suse.de - fixed build with the recent libtool. ------------------------------------------------------------------- Tue Apr 3 08:52:17 MEST 2001 - bk@suse.de - make use of RPM_OPT_FLAGS - include the include/vorbis dir into the file list(+rpm-macroized) ------------------------------------------------------------------- Mon Mar 12 15:22:00 CET 2001 - tiwai@suse.de - corrected copyright in spec file. ------------------------------------------------------------------- Mon Feb 26 17:10:04 CET 2001 - tiwai@suse.de - Updated to 1.0beta4. ------------------------------------------------------------------- Wed Jan 31 12:29:54 CET 2001 - tiwai@suse.de - Initial version: 1.0beta3.