SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libsndfile-devel-1.0.28-104.1.x86_64.rpm :
Tue Dec 4 13:00:00 2018 tiwaiAATTsuse.de
- Fix segfault in wav conversion due to the invalid loop count
(CVE-2018-19758, bsc#1117954):
libsndfile-wav-loop-count-fix.patch

Fri Jul 6 14:00:00 2018 tiwaiAATTsuse.de
- Fix buffer overflow in sndfile-deinterleave, which isn\'t really a
security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
CVE-2018-19432):
sndfile-deinterlace-channels-check.patch

Fri Jun 8 14:00:00 2018 tiwaiAATTsuse.de
- Use license file tag

Fri Jun 8 14:00:00 2018 tiwaiAATTsuse.de
- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
bsc#1071777):
libsndfile-CVE-2017-17456-alaw-range-check.patch
- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
bsc#1071767):
libsndfile-CVE-2017-17457-ulaw-range-check.patch

Tue Dec 19 13:00:00 2017 tiwaiAATTsuse.de
- Fix VUL-0: divide-by-zero error exists in the function
double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
- Tentative fix for VUL-0: out of bounds read in the function
d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
VUL-0: out of bounds read in the function d2ulaw_array() in
ulaw.c (CVE-2017-14246, bsc#1059913):
0031-sfe_copy_data_fp-check-value-of-max-variable.patch

Tue Aug 8 14:00:00 2017 tiwaiAATTsuse.de
- Fix Heap-based Buffer Overflow in the psf_binheader_writef
(CVE-2017-12562, bsc#1052476):
0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch

Tue Jun 13 14:00:00 2017 tiwaiAATTsuse.de
- Fix out-of-bounds read memory access in the aiff_read_chanmap()
(CVE-2017-6892, bsc#1043978):
0010-src-aiff.c-Fix-a-buffer-read-overflow.patch

Tue May 2 14:00:00 2017 tiwaiAATTsuse.de
- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
bsc#1036943):
0001-FLAC-Fix-a-buffer-read-overrun.patch
0002-src-flac.c-Fix-a-buffer-read-overflow.patch

Mon Apr 10 14:00:00 2017 tiwaiAATTsuse.de
- Update to version 1.0.27:

* Fix a seek regression in 1.0.26

* Add metadata read/write for CAF and RF64

* FIx PAF endian-ness issue
- Update to version 1.0.28

* Fix buffer overruns in FLAC and ID3 handling code
(CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)

* Reduce default header memory requirements

* Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch

Tue May 10 14:00:00 2016 tom.mbrtAATTgooglemail.com
- Fix spec file to enable builds on non opensuse OS

Mon Nov 23 13:00:00 2015 tiwaiAATTsuse.de
- Update to version 1.0.26:

* Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.

* Add ALAC/CAF support. Minor bug fixes and improvements.
- Refreshed patches:
sndfile-ocloexec.patch
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Removed obsoleted patches:
libsndfile-example-fix.diff
libsndfile-fix-header-read-CVE-2015-7805.patch
libsndfile-paf-zero-division-fix.diff
libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch

Wed Nov 4 13:00:00 2015 tiwaiAATTsuse.de
- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
libsndfile-fix-header-read-CVE-2015-7805.patch
- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro

Wed Nov 4 13:00:00 2015 tiwaiAATTsuse.de
- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch

Sat Mar 21 13:00:00 2015 mpluskalAATTsuse.com
- Cleanup spec file with spec-cleaner
- Add gpg signature
- Remove old ppc provides/obsoletes

Wed Jan 7 13:00:00 2015 tiwaiAATTsuse.de
- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork()
(CVE-2014-9496, bnc#911796): backported upstream fix patches
sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch

Mon Apr 15 14:00:00 2013 mmeisterAATTsuse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls

Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to avoid implicit dependency

Thu Nov 24 13:00:00 2011 tiwaiAATTsuse.de
- add missing provides/obsoletes for libsndfile -> libsndfile1
rename (bnc#732565)

Thu Nov 24 13:00:00 2011 crrodriguezAATTopensuse.org
- use O_CLOEXEC in library code.

Tue Nov 22 13:00:00 2011 cooloAATTsuse.com
- fix devel dependency

Mon Nov 21 13:00:00 2011 jengelhAATTmedozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)

Wed Aug 24 14:00:00 2011 crrodriguezAATTopensuse.org
- Enable speex support
- run make check

Fri Jul 29 14:00:00 2011 tiwaiAATTsuse.de
- Fix zero-division in PAF parser (bnc#708988)

Thu Jul 28 14:00:00 2011 crrodriguezAATTopensuse.org
- Remove -fno-strict-aliasing from cflags, no longer needed
- disable automake silent rules.

Mon Jul 18 14:00:00 2011 tiwaiAATTsuse.de
- updated to version 1.0.25:
Fix for Secunia Advisory SA45125 (CVE-2011-2696, bnc#705681)
Minor bug fixes and improvements

Wed Mar 23 13:00:00 2011 oliver.bengsAATTopensuse.org
- Update to version 1.0.24
- Upstream changes :

* WAV files are now written with an 18 byte u-law and A-law fmt chunk

* A document on virtual I/O functionality was added

* Two new methods were added in sndfile.hh

* A fix was made for a non-zero SSND offset values on AIFF

* Minor bug fixes and improvements were done

Mon Oct 11 14:00:00 2010 oliver.bengsAATTopensuse.org
- Update to version 1.0.23
- Upstream changes :

* configure.ac src/version-metadata.rc.in src/Makefile.am
Add version string resources to the windows DLL.

* doc/api.html
Update to add missing SF_FORMAT_
* values. Closed Debian bug #545257.

* NEWS README configure.ac doc/
*.html
Updates for 1.0.23 release.

* Other minor bug fixes

Fri Oct 8 14:00:00 2010 davejplaterAATTgmail.com
- Update to version 1.0.22
- Upstream changes :

* Bunch of minor bug fixes.

Mon Aug 16 14:00:00 2010 tiwaiAATTsuse.de
- updated to version 1.0.21:

* Bunch of minor bug fixes.

* including VUL-1 divide-by-zero fix (bnc#631379)

Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- enable parallel building

Tue Jun 2 14:00:00 2009 dmuellerAATTsuse.de
- explicitely enable sqlite support to avoid random flipping

Fri May 15 14:00:00 2009 tiwaiAATTsuse.de
- updated to version 1.0.20:

* Fix for potential heap overflow
- enable ogg/vorbis support

Fri Apr 24 14:00:00 2009 tiwaiAATTsuse.de
- built progs subpackage from an individual spec file to cut the
circular dependency with jack.

Wed Mar 4 13:00:00 2009 tiwaiAATTsuse.de
- updated to version 1.0.19:

* Fix for CVE-2009-0186 (bnc#481769 - VUL-0: libsndfile CAF
Processing Integer Overflow Vulnerability)

* Huge number of minor fixes as a result of static analysis
- remove INSTALL file from filelist


  
ICM