Takashi Iwai
d1ae3d83a0
- Update to version 1.3.6: * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes - Build documents with doxygen, and many tex stuff; this requires to disable parallel builds partially - Move COPYING to license directory - Drop obsoleted patches: vorbis-fix-linking.patch 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch libvorbis-CVE-2018-5146.patch OBS-URL: https://build.opensuse.org/request/show/588024 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libvorbis?expand=0&rev=56
520 lines
18 KiB
Plaintext
520 lines
18 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Mar 16 22:12:35 CET 2018 - tiwai@suse.de
|
|
|
|
- Update to version 1.3.6:
|
|
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
|
|
* Fix CVE-2017-14632 - free() on unitialized data
|
|
* Fix CVE-2017-14633 - out-of-bounds read
|
|
* Fix bitrate metadata parsing.
|
|
* Fix out-of-bounds read in codebook parsing.
|
|
* Fix residue vector size in Vorbis I spec.
|
|
* Appveyor support
|
|
* Travis CI support
|
|
* Add secondary CMake build system.
|
|
* Build system fixes
|
|
- Build documents with doxygen, and many tex stuff;
|
|
this requires to disable parallel builds partially
|
|
- Move COPYING to license directory
|
|
- Drop obsoleted patches:
|
|
vorbis-fix-linking.patch
|
|
0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
|
|
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
|
|
libvorbis-CVE-2018-5146.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 16 20:02:45 CET 2018 - tiwai@suse.de
|
|
|
|
- Fix VUL-0: libvorbis: Out of bounds memory write while processing
|
|
Vorbis audio data (CVE-2018-5146, bsc#1085687):
|
|
libvorbis-CVE-2018-5146.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 19 14:32:18 CET 2017 - tiwai@suse.de
|
|
|
|
- Fix VUL-0: out-of-bounds array read vulnerability exists in
|
|
function mapping0_forward() (CVE-2017-14633, bsc#1059811):
|
|
0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
|
|
- Fix VUL-0: Remote Code Execution upon freeing uninitialized
|
|
memory in function vorbis_analysis_headerout(CVE-2017-14632,
|
|
bsc#1059809):
|
|
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 29 12:14:08 UTC 2016 - aloisio@gmx.com
|
|
|
|
- Added 32bit libvorbis-devel in baselibs.conf
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 6 15:23:26 UTC 2015 - mpluskal@suse.com
|
|
|
|
- Cleanup spec file with spec-cleaner
|
|
- Update to 1.3.5
|
|
* Tolerate single-entry codebooks.
|
|
* Fix decoder crash with invalid input.
|
|
* Fix encoder crash with non-positive sample rates.
|
|
* Fix issues in vorbisfile's seek bisection code.
|
|
* Spec errata.
|
|
* Reject multiple headers of the same type.
|
|
* Various build fixes and code cleanup.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 18 14:36:27 CEST 2014 - fcrozat@suse.com
|
|
|
|
- Fix obsoletes and provides in baselibs.conf.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 23 19:43:16 UTC 2014 - andreas.stieger@gmx.de
|
|
|
|
- Xiph libvorbis 1.3.4
|
|
* reduced static data size in libvorbisenc
|
|
* associated minor changes required to libvorbis and libvorbisfile
|
|
* minor build fixes and build system updates
|
|
* no functional changes over the previous 1.3.3 release
|
|
- removed libvorbis-pkgconfig.patch, in upstream
|
|
- updated vorbis-fix-linking.patch for context changes
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 16 06:46:59 UTC 2013 - mmeister@suse.com
|
|
|
|
- Added url as source.
|
|
Please see http://en.opensuse.org/SourceUrls
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 2 12:59:01 UTC 2013 - seife+obs@b1-systems.com
|
|
|
|
- fix build with automake-1.13.1
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 20 15:42:24 UTC 2012 - ftake@geeko.jp
|
|
|
|
- updated to 1.3.3
|
|
* vorbis: additional proofing against invalid/malicious
|
|
streams in decode (see SVN for details).
|
|
* vorbis: fix a memory leak in vorbis_commentheader_out().
|
|
* updates, corrections and clarifications in the Vorbis I
|
|
specification document
|
|
* build warning fixes
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 21 14:32:38 CET 2012 - tiwai@suse.de
|
|
|
|
- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
|
|
(bnc#747912)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 25 11:09:50 UTC 2011 - idonmez@suse.com
|
|
|
|
- -O20 optimization level doesn't exist, use -O3
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 25 21:08:52 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
- open files with O_CLOEXEC, in order to avoid fd leaks
|
|
when calling applications fork() ..execve()...
|
|
This patch does not cover the executable tools since
|
|
it is not critical for them.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 22 10:21:04 UTC 2011 - coolo@suse.com
|
|
|
|
- add libtool as buildrequire to avoid implicit dependency
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 29 19:00:55 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
- Fix build with no-add-needed
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 5 22:56:15 CEST 2011 - dmueller@suse.de
|
|
|
|
- fix provides/obsoletes in baselibs
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 9 22:14:53 UTC 2010 - davejplater@gmail.com
|
|
|
|
- Split libvorbisenc2 and libvorbisfile3 from libvorbis0
|
|
- Removed services.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 8 15:52:05 UTC 2010 - coolo@novell.com
|
|
|
|
- fix the package split
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 8 04:23:34 UTC 2010 - reddwarf@opensuse.org
|
|
|
|
- updated to version 1.3.2
|
|
* vorbis: additional proofing against invalid/malicious
|
|
streams in floor, residue, and bos/eos packet trimming
|
|
code (see SVN for details).
|
|
* vorbis: Added programming documentation tree for the
|
|
low-level calls
|
|
* vorbisfile: Correct handling of serial numbers array
|
|
element [0] on non-seekable streams
|
|
* vorbisenc: Back out an [old] AoTuV HF weighting that was
|
|
first enabled in 1.3.0; there are a few samples where I
|
|
really don't like the effect it causes.
|
|
* vorbis: return correct timestamp for granule positions
|
|
with high bit set.
|
|
* vorbisfile: the [undocumented] half-rate decode api made no
|
|
attempt to keep the pcm offset tracking consistent in seeks.
|
|
Fix and add a testing mode to seeking_example.c to torture
|
|
test seeking in halfrate mode. Also remove requirement that
|
|
halfrate mode only work with seekable files.
|
|
* vorbisfile: Fix a chaining bug in raw_seeks where seeking
|
|
out of the current link would fail due to not
|
|
reinitializing the decode machinery.
|
|
* vorbisfile: improve seeking strategy. Reduces the
|
|
necessary number of seek callbacks in an open or seek
|
|
operation by well over 2/3.
|
|
- updated to version 1.3.1
|
|
* tweak + minor arithmetic fix in floor1 fit
|
|
* revert noise norm to conservative 1.2.3 behavior pending
|
|
more listening testing
|
|
- updated to versio 1.3.0
|
|
* Optimized surround support for 5.1 encoding at 44.1/48kHz
|
|
* Added encoder control call to disable channel coupling
|
|
* Correct an overflow bug in very low-bitrate encoding on 32 bit
|
|
machines that caused inflated bitrates
|
|
* Numerous API hardening, leak and build fixes
|
|
* Correct bug in 22kHz compand setup that could cause a crash
|
|
* Correct bug in 16kHz codebooks that could cause unstable pure
|
|
tones at high bitrates
|
|
- run spec-cleaner
|
|
- removed libvorbis-automake-fix.diff, libvorbis-doc-fixes.diff,
|
|
libvorbis-r16326-CVE-2009-3379.diff and
|
|
libvorbis-r16597-CVE-2009-3379.diff (upstream fixed)
|
|
- follow library packaging policy
|
|
- run make check
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de
|
|
|
|
- VUL-0: libvorbis: memory corruption while parsing ogg files
|
|
(bnc#608192, CVE-2009-3379)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de
|
|
|
|
- add baselibs.conf as a source
|
|
- enable parallel building
|
|
- package documentation as noarch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 11 10:56:23 CET 2009 - tiwai@suse.de
|
|
|
|
- updated to version 1.2.3:
|
|
* correct a vorbisfile bug that prevented proper playback of
|
|
Vorbis files where all audio in a logical stream is in a
|
|
single page
|
|
* Additional decode setup hardening against malicious streams
|
|
* Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who
|
|
wish to avoid avoid unused symbol warnings from the static
|
|
callbacks defined in vorbisfile.h
|
|
|
|
- updated to version 1.2.2:
|
|
* define VENDOR and ENCODER strings
|
|
* seek correctly in files bigger than 2 GB (Windows)
|
|
* fix regression from CVE-2008-1420; 1.0b1 files work again
|
|
* mark all tables as constant to reduce memory occupation
|
|
* additional decoder hardening against malicious streams
|
|
* substantially reduce amount of seeking performed by Vorbisfile
|
|
* Multichannel decode bugfix
|
|
* build system updates
|
|
* minor specification clarifications/fixes
|
|
|
|
- dropped aotuv patch temporarily
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 23 15:28:13 CEST 2009 - tiwai@suse.de
|
|
|
|
- updated to aoTuV patch version beta5.7:
|
|
* including security fixes
|
|
* improved encoding speed of low bitrate mode
|
|
* reduced distrotion by clipping at low sampling frequency
|
|
* fixed noise control part of impulse block
|
|
* tuning of each part was redone
|
|
* expanded noise control of the impulse block
|
|
* fixed pre-echo reduction code
|
|
* noise normalization reviewed
|
|
* detailed tuning done again
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 22 09:47:22 CEST 2009 - coolo@novell.com
|
|
|
|
- fix build with automake 1.11
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
|
|
|
|
- obsolete old -XXbit packages (bnc#437293)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 20 16:48:52 CET 2008 - pth@suse.de
|
|
|
|
- Fix the test in libvorbis-m4.dif and adapt libvorbis-lib64.dif.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 14 16:41:31 CEST 2008 - tiwai@suse.de
|
|
|
|
- VUL-0: Multiple vulnerabilities in libogg and libvorbis
|
|
(bnc#372246)
|
|
* CVE-2008-1419 vorbis: zero-dim codebooks can cause crash,
|
|
infinite loop or heap overflow
|
|
* CVE-2008-1420 vorbis: integer overflow in partvals computation
|
|
* CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 28 12:56:34 CEST 2008 - tiwai@suse.de
|
|
|
|
- fixed dependency in *.pc files (bnc#384153)
|
|
- removed old run_ldconfig
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
|
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 2 12:22:21 CEST 2007 - tiwai@suse.de
|
|
|
|
- updated to version 1.2.0:
|
|
* new ov_fopen() convenience call that avoids the common
|
|
stdio conflicts with ov_open() and MSVC runtimes.
|
|
* libvorbisfile now handles multiplexed streams
|
|
* improve robustness to corrupt input streams
|
|
* fix a minor encoder bug
|
|
* updated RTP draft
|
|
* build system updates
|
|
* minor corrections to the specification
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 27 12:56:43 CEST 2007 - tiwai@suse.de
|
|
|
|
- fix the documentation link (#293784)
|
|
- split documentation to doc subpackage
|
|
- remove -fno-strict-aliasing gcc option
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 9 10:48:33 CEST 2007 - tiwai@suse.de
|
|
|
|
- fix array boundary conditional flaw in mapping (#287124,
|
|
CVE-2007-3106)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 23 18:06:06 CEST 2007 - tiwai@suse.de
|
|
|
|
- use aoTuV beta5 patch:
|
|
* The action of noise normalization has been improved.
|
|
* The threshold of a stereo mode change was calculated
|
|
dynamically.
|
|
* Noise control of an impulse block was changed (quality 0-10
|
|
/ 32-48kHz). And pre-echo decreased slightly.
|
|
* Tuning of each part was redone according to above-mentioned
|
|
changed part and additional part.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 16 15:07:19 CEST 2007 - tiwai@suse.de
|
|
|
|
- follow library packaging policy
|
|
* move docs to devel package
|
|
* remove static library
|
|
- remove obsolete m4 files
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:37:47 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 11 16:46:46 CET 2006 - tiwai@suse.de
|
|
|
|
- compile with -fstack-protector.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 2 16:03:48 CET 2005 - tiwai@suse.de
|
|
|
|
- updated to version 1.1.2.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 18 12:25:20 CEST 2005 - tiwai@suse.de
|
|
|
|
- updated to version 1.1.1.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Sep 4 06:45:34 CEST 2005 - aj@suse.de
|
|
|
|
- Build with -fno-strict-aliasing (#115135).
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 7 16:20:14 CEST 2005 - tiwai@suse.de
|
|
|
|
- remove -fsigned-char (#93878).
|
|
- fixed Requires of devel subpackage.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 20 20:56:55 CEST 2005 - tiwai@suse.de
|
|
|
|
- updated to aoTuV beta4.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 19 15:42:01 CET 2005 - tiwai@suse.de
|
|
|
|
- fixed compile warnings with gcc-4.0.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 24 17:32:19 CET 2004 - tiwai@suse.de
|
|
|
|
- updated to libvorbis version 1.1.0.
|
|
- updated to aoTuV beta3.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 5 13:03:24 CEST 2004 - tiwai@suse.de
|
|
|
|
- applied aoTuV patch to improve the encoding quality.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 16 12:54:41 CEST 2004 - tiwai@suse.de
|
|
|
|
- fixed the type-punning.
|
|
- disabled the removal of $RPM_BUILD_ROOT in %install.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 21 18:45:51 CET 2004 - tiwai@suse.de
|
|
|
|
- fixed quoting in m4 files.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 9 17:47:41 CET 2004 - adrian@suse.de
|
|
|
|
- add %run_ldconfig to %postun
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 9 17:01:18 CET 2004 - tiwai@suse.de
|
|
|
|
- updated to version 1.0.1.
|
|
removed obsolete patches.
|
|
- added pkgconfig to neededforbuild.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 1 18:04:02 CET 2003 - adrian@suse.de
|
|
|
|
- let libvorbis-devel require libogg-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 17 17:24:33 CET 2003 - tiwai@suse.de
|
|
|
|
- fixed m4 macro (bug #21267).
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 9 18:17:59 CET 2003 - kukuk@suse.de
|
|
|
|
- Add *.la files to -devel filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 4 18:14:02 CET 2002 - tiwai@suse.de
|
|
|
|
- fixed the undefined weak links.
|
|
- renamed m4.dif and lib64.dif with libvorbis- prefix to avoid
|
|
filename conflictions.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 19 15:41:52 CEST 2002 - tiwai@suse.de
|
|
|
|
- don't add -I/usr/include to VORBIS_VFLAGS.
|
|
- fix test for prefix.
|
|
- move devel documents under %{_docdir}/libvorbis-devel.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 12 13:40:58 CEST 2002 - tiwai@suse.de
|
|
|
|
- added Requires %{name} = %{version} to devel package.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 23 16:49:20 CEST 2002 - tiwai@suse.de
|
|
|
|
- fixed m4 file for lib64.
|
|
- provides the backward compatible m4 file.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 22 10:46:19 CEST 2002 - tiwai@suse.de
|
|
|
|
- updated to version 1.0.
|
|
- clean up the spec file.
|
|
- added %run_ldconfig.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 12 13:20:32 CEST 2002 - meissner@suse.de
|
|
|
|
- rm acinclude.m4 so we don't have the problematic ogg.m4 (which contains
|
|
/lib hardcoded).
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 18 11:57:17 CEST 2002 - kukuk@suse.de
|
|
|
|
- Remove additional optimization, default is better
|
|
- Add --libdir to configure to build on x86_64
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 7 11:21:43 CET 2002 - tiwai@suse.de
|
|
|
|
- fixed build on s390x.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 4 11:54:44 CET 2002 - tiwai@suse.de
|
|
|
|
- updated to RC3.
|
|
sync with cvs 2002.01.04.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 4 11:24:07 CET 2001 - tiwai@suse.de
|
|
|
|
- sync with cvs 2001.12.04.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 24 17:50:32 CEST 2001 - tiwai@suse.de
|
|
|
|
- sync with cvs 20011024.
|
|
+ fixed/updated documents
|
|
+ tuned up parameters
|
|
+ bugfixes on 64bit arch.
|
|
- removed Requires to libogg.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 20 16:45:55 CEST 2001 - schwab@suse.de
|
|
|
|
- Fix use of qsort.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 13 16:57:27 CEST 2001 - tiwai@suse.de
|
|
|
|
- updated to 1.0rc2 from cvs 20010813.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 7 11:26:12 CEST 2001 - tiwai@suse.de
|
|
|
|
- fixed build with the recent libtool.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 3 08:52:17 MEST 2001 - bk@suse.de
|
|
|
|
- make use of RPM_OPT_FLAGS
|
|
- include the include/vorbis dir into the file list(+rpm-macroized)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 12 15:22:00 CET 2001 - tiwai@suse.de
|
|
|
|
- corrected copyright in spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 26 17:10:04 CET 2001 - tiwai@suse.de
|
|
|
|
- Updated to 1.0beta4.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 31 12:29:54 CET 2001 - tiwai@suse.de
|
|
|
|
- Initial version: 1.0beta3.
|
|
|