SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libvorbisfile3-1.3.7-5.1.x86_64.rpm :

* Fri Mar 01 2024 pgajdosAATTsuse.com- Use %patch -P N instead of deprecated %patchN.
* Thu May 04 2023 Dominique Leuenberger - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS.
* Mon Mar 13 2023 Martin Pluskal - Build AVX2 enabled hwcaps library for x86_64-v3- Small spec file cleanup
* Wed Jun 15 2022 Callum Farmer - Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error
* Fri Jul 10 2020 Martin Hauke - Update to version 1.3.7
* Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read encoding very low sample rates
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add OSS-Fuzz support.
* Build system and integration updates.- Drop not longer needed patches (fixed by upstream):
* vorbis-CVE-2017-14160.patch
* vorbis-CVE-2018-10392.patch
* vorbis-CVE-2018-10393.patch- Add source verification
* Tue Jun 05 2018 tiwaiAATTsuse.de- Replace vorbis-CVE-2017-14160.patch with the upstream fix (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch- Fix the validation of channels in mapping0_forward() (CVE-2018-10392, bsc#1091070): vorbis-CVE-2018-10392.patch
* Thu May 03 2018 tiwaiAATTsuse.de- Fix out-of-bounds access inside bark_noise_hybridmp function (CVE-2017-14160, bsc#1059812): downstream fix: vorbis-CVE-2017-14160.patch- Fix stack-basedbuffer over-read in bark_noise_hybridm (CVE-2018-10393, bsc#1091072): downstream fix: vorbis-CVE-2018-10393.patch
* Sat Mar 17 2018 tiwaiAATTsuse.de- Split libvorbis-doc subpackage to a separate spec file for reducing the dependencies
* Fri Mar 16 2018 tiwaiAATTsuse.de- Update to version 1.3.6:
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes- Build documents with doxygen, and many tex stuff; this requires to disable parallel builds partially- Move COPYING to license directory- Drop obsoleted patches: vorbis-fix-linking.patch 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch libvorbis-CVE-2018-5146.patch
* Fri Mar 16 2018 tiwaiAATTsuse.de- Fix VUL-0: libvorbis: Out of bounds memory write while processing Vorbis audio data (CVE-2018-5146, bsc#1085687): libvorbis-CVE-2018-5146.patch
 
ICM