Changelog for
libsndfile-devel-1.0.28-116.1.x86_64.rpm :
* Tue Dec 04 2018 tiwaiAATTsuse.de- Fix segfault in wav conversion due to the invalid loop count (CVE-2018-19758, bsc#1117954): libsndfile-wav-loop-count-fix.patch
* Fri Jul 06 2018 tiwaiAATTsuse.de- Fix buffer overflow in sndfile-deinterleave, which isn\'t really a security issue (bsc#1100167, CVE-2018-13139, bsc#1116993, CVE-2018-19432): sndfile-deinterlace-channels-check.patch
* Fri Jun 08 2018 tiwaiAATTsuse.de- Use license file tag
* Fri Jun 08 2018 tiwaiAATTsuse.de- Fix potential overflow in d2alaw_array() (CVE-2017-17456, bsc#1071777): libsndfile-CVE-2017-17456-alaw-range-check.patch- Fix potential overflow in d2ulaw_array() (CVE-2017-17457, bsc#1071767): libsndfile-CVE-2017-17457-ulaw-range-check.patch
* Tue Dec 19 2017 tiwaiAATTsuse.de- Fix VUL-0: divide-by-zero error exists in the function double64_init() in double64.c (CVE-2017-14634, bsc#1059911): 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch- Tentative fix for VUL-0: out of bounds read in the function d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and VUL-0: out of bounds read in the function d2ulaw_array() in ulaw.c (CVE-2017-14246, bsc#1059913): 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
* Tue Aug 08 2017 tiwaiAATTsuse.de- Fix Heap-based Buffer Overflow in the psf_binheader_writef (CVE-2017-12562, bsc#1052476): 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
* Tue Jun 13 2017 tiwaiAATTsuse.de- Fix out-of-bounds read memory access in the aiff_read_chanmap() (CVE-2017-6892, bsc#1043978): 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
* Tue May 02 2017 tiwaiAATTsuse.de- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363 CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946 bsc#1036943): 0001-FLAC-Fix-a-buffer-read-overrun.patch 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
* Mon Apr 10 2017 tiwaiAATTsuse.de- Update to version 1.0.27:
* Fix a seek regression in 1.0.26
* Add metadata read/write for CAF and RF64
* FIx PAF endian-ness issue- Update to version 1.0.28
* Fix buffer overruns in FLAC and ID3 handling code (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
* Reduce default header memory requirements
* Fix detection of Large File Support for 32 bit systems.- Obsoleted patch: libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
* Tue May 10 2016 tom.mbrtAATTgooglemail.com- Fix spec file to enable builds on non opensuse OS
* Mon Nov 23 2015 tiwaiAATTsuse.de- Update to version 1.0.26:
* Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
* Add ALAC/CAF support. Minor bug fixes and improvements.- Refreshed patches: sndfile-ocloexec.patch libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch- Removed obsoleted patches: libsndfile-example-fix.diff libsndfile-fix-header-read-CVE-2015-7805.patch libsndfile-paf-zero-division-fix.diff libsndfile-src-common.c-Fix-a-header-parsing-bug.patch libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
* Wed Nov 04 2015 tiwaiAATTsuse.de- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516) libsndfile-src-common.c-Fix-a-header-parsing-bug.patch libsndfile-fix-header-read-CVE-2015-7805.patch- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519) libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
* Wed Nov 04 2015 tiwaiAATTsuse.de- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521): libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
* Sat Mar 21 2015 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Add gpg signature- Remove old ppc provides/obsoletes
* Wed Jan 07 2015 tiwaiAATTsuse.de- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream fix patches sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
* Mon Apr 15 2013 mmeisterAATTsuse.com- Added url as source. Please see http://en.opensuse.org/SourceUrls
* Fri Dec 02 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Thu Nov 24 2011 tiwaiAATTsuse.de- add missing provides/obsoletes for libsndfile -> libsndfile1 rename (bnc#732565)
* Thu Nov 24 2011 crrodriguezAATTopensuse.org- use O_CLOEXEC in library code.
* Tue Nov 22 2011 cooloAATTsuse.com- fix devel dependency
* Mon Nov 21 2011 jengelhAATTmedozas.de- Remove redundant/unwanted tags/section (cf. specfile guidelines)
* Wed Aug 24 2011 crrodriguezAATTopensuse.org- Enable speex support- run make check
* Fri Jul 29 2011 tiwaiAATTsuse.de- Fix zero-division in PAF parser (bnc#708988)
* Thu Jul 28 2011 crrodriguezAATTopensuse.org- Remove -fno-strict-aliasing from cflags, no longer needed- disable automake silent rules.
* Mon Jul 18 2011 tiwaiAATTsuse.de- updated to version 1.0.25: Fix for Secunia Advisory SA45125 (CVE-2011-2696, bnc#705681) Minor bug fixes and improvements
* Wed Mar 23 2011 oliver.bengsAATTopensuse.org- Update to version 1.0.24- Upstream changes :
* WAV files are now written with an 18 byte u-law and A-law fmt chunk
* A document on virtual I/O functionality was added
* Two new methods were added in sndfile.hh
* A fix was made for a non-zero SSND offset values on AIFF
* Minor bug fixes and improvements were done
* Mon Oct 11 2010 oliver.bengsAATTopensuse.org- Update to version 1.0.23- Upstream changes :
* configure.ac src/version-metadata.rc.in src/Makefile.am Add version string resources to the windows DLL.
* doc/api.html Update to add missing SF_FORMAT_
* values. Closed Debian bug #545257.
* NEWS README configure.ac doc/
*.html Updates for 1.0.23 release.
* Other minor bug fixes
* Fri Oct 08 2010 davejplaterAATTgmail.com- Update to version 1.0.22- Upstream changes :
* Bunch of minor bug fixes.
* Mon Aug 16 2010 tiwaiAATTsuse.de- updated to version 1.0.21:
* Bunch of minor bug fixes.
* including VUL-1 divide-by-zero fix (bnc#631379)
* Wed Dec 16 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- enable parallel building
* Tue Jun 02 2009 dmuellerAATTsuse.de- explicitely enable sqlite support to avoid random flipping
* Fri May 15 2009 tiwaiAATTsuse.de- updated to version 1.0.20:
* Fix for potential heap overflow- enable ogg/vorbis support
* Fri Apr 24 2009 tiwaiAATTsuse.de- built progs subpackage from an individual spec file to cut the circular dependency with jack.
* Wed Mar 04 2009 tiwaiAATTsuse.de- updated to version 1.0.19:
* Fix for CVE-2009-0186 (bnc#481769 - VUL-0: libsndfile CAF Processing Integer Overflow Vulnerability)
* Huge number of minor fixes as a result of static analysis- remove INSTALL file from filelist
* Mon Feb 09 2009 tiwaiAATTsuse.de- updated to version 1.0.18
* Add Ogg/Vorbis support (disabled right now due to vorbis version mismatch; SVN version is required)
* Remove captive FLAC library.
* Many new features and bug fixes.
* Generate Win32 and Win64 pre-compiled binaries.- Dropped libsndfile-octave subpackage (as octave itself is dropped from FACTORY)
* Wed Jan 07 2009 olhAATTsuse.de- obsolete old -XXbit packages (bnc#437293)
* Tue Oct 14 2008 meissnerAATTsuse.de- prototype for memset
* Tue May 06 2008 tiwaiAATTsuse.de- fix missing initializations in demo programs (bnc#351128)
* Tue Apr 15 2008 schwabAATTsuse.de- Fix configure script.
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Mon Mar 10 2008 crrodriguezAATTsuse.de- remove explicit-lib-dependencies- fix -devel package dependencies
* Thu Sep 20 2007 tiwaiAATTsuse.de- VUL-0: Heap-based buffer overflow in flac.c (#326070, CVE-2007-4974)
* Mon Apr 16 2007 tiwaiAATTsuse.de- Move docs and manpages to appropriate sub-packages (#264820)- Remove static library (#264820)
* Mon Apr 16 2007 schwabAATTsuse.de- Fix quoting in autoconf macros.
* Fri Apr 13 2007 tiwaiAATTsuse.de- fix FLAC-1.1.4 support.
* Fri Sep 01 2006 tiwaiAATTsuse.de- updated to version 1.0.17:
* Add C++ wrapper sndfile.hh. Minor bug fixes and cleanups.
* Tue Jul 04 2006 tiwaiAATTsuse.de- fix the build -- removed invalidly overridden HAVE_DECL_S_IRGRP definition in configure.ac.
* Mon May 29 2006 tiwaiAATTsuse.de- added flac-devel to requires of devel sub package.
* Mon May 15 2006 tiwaiAATTsuse.de- updated to version 1.0.16.
* more format supports
* code cleanups
* fix memleaks
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Fri Sep 30 2005 tiwaiAATTsuse.de- updated to version 1.0.12.- split example programs to progs sub-package.- added -fno-strict-aliasing.
* Wed Nov 17 2004 tiwaiAATTsuse.de- updated to version 1.0.11.
* Fri Sep 03 2004 tiwaiAATTsuse.de- removed python from neededforbuild.
* Thu Aug 05 2004 tiwaiAATTsuse.de- updated to version 1.0.10.
* Thu Feb 26 2004 tiwaiAATTsuse.de- updated to version 1.0.7.
* Sat Jan 10 2004 adrianAATTsuse.de- add %run_ldconfig
* Mon Sep 15 2003 kukukAATTsuse.de- Set x bit on directories
* Fri Jun 20 2003 roAATTsuse.de- added directories to filelist
* Fri Jun 06 2003 tiwaiAATTsuse.de- updated to version 1.0.5.
* Tue May 13 2003 pthomasAATTsuse.de- Put Octave interface files into an own subpackage.
* Thu Feb 13 2003 pthomasAATTsuse.de- Compile with all usefull warnings and fix all places where the compiler warned.- Fix configure to use $libdir instead of $prefix/lib for reporting.
* Tue Feb 04 2003 tiwaiAATTsuse.de- updated to version 1.0.4.
* Fri Jan 17 2003 tiwaiAATTsuse.de- added %run_ldconfig to %post.
* Thu Jan 16 2003 tiwaiAATTsuse.de- updated to version 1.0.3.- added
*.la to devel package.
* Mon Nov 25 2002 tiwaiAATTsuse.de- updated to version 1.0.2.
* Fri Sep 20 2002 tiwaiAATTsuse.de- updated to version 1.0.1.
* Mon Aug 19 2002 tiwaiAATTsuse.de- updated to version 1.0.0 final.
* Fri Aug 02 2002 tiwaiAATTsuse.de- updated to version 1.0.0rc3.
* Tue Jun 25 2002 tiwaiAATTsuse.de- updated to version 1.0.0rc2.
* Fri Apr 12 2002 tiwaiAATTsuse.de- set %__libdir.- use make install as default instead of install-strip.
* Thu Feb 07 2002 tiwaiAATTsuse.de- fixed build on s390x.
* Fri Dec 07 2001 tiwaiAATTsuse.de- fixed group tag (System -> System Environment)
* Thu Dec 06 2001 tiwaiAATTsuse.de- removed binaries from alsa-devel examples directory.
* Wed Nov 21 2001 tiwaiAATTsuse.de- updated to ver.0.0.27.
* Wed Oct 17 2001 tiwaiAATTsuse.de- updated to ver.0.0.26. + Added sf_command () interface. + Added support for IRCAM files. + Minor bug fixes.
* Tue Aug 28 2001 tiwaiAATTsuse.de- updated to ver.0.0.24. + Added support for 32 bit floating point AIFC files, little endian AIFC files and 16, 24 and 32 bit Sphere NIST files. + Massive refactoring of internal code. + Added read and write handling of PEAK chunks on AIFF and WAV files. + Added read support for REX files (Propellerheads Reason). + Added sf_read_float () and sf_write_float () interfaces. + Minor bug fixes.- changed group tag to System/Libraries
* Fri Aug 03 2001 tiwaiAATTsuse.de- fixed compile on s390.
* Thu Jun 07 2001 tiwaiAATTsuse.de- fixed compile with the latest libtool & autoconf.
* Tue Apr 03 2001 kukukAATTsuse.de- move
*.so files into devel package- Remove kernel_header requires- Fix glibc-devel dependencies
* Wed Dec 13 2000 tiwaiAATTsuse.de- fixed compile on ia64.
* Thu Nov 02 2000 roAATTsuse.de- changed Group to Development/Libraries (old group did not exist)
* Thu Nov 02 2000 tiwaiAATTsuse.de- Updated to 0.0.22.- Changed for long package-name support (libsnd -> libsndfile, libsndd -> libsndfile-devel).
* Tue Sep 26 2000 tiwaiAATTsuse.de- changed to bzip2.- added suse_update_config.
* Wed Sep 06 2000 tiwaiAATTsuse.de- Initial version: 0.0.21.