SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libvorbis0-1.3.7-3.12.x86_64.rpm :

* Thu May 04 2023 dimstarAATTopensuse.org- Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS.
* Mon Mar 13 2023 mpluskalAATTsuse.com- Build AVX2 enabled hwcaps library for x86_64-v3- Small spec file cleanup
* Wed Jun 15 2022 gmbr3AATTopensuse.org- Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error
* Fri Jul 10 2020 mardnhAATTgmx.de- Update to version 1.3.7
* Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read encoding very low sample rates
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add OSS-Fuzz support.
* Build system and integration updates.- Drop not longer needed patches (fixed by upstream):
* vorbis-CVE-2017-14160.patch
* vorbis-CVE-2018-10392.patch
* vorbis-CVE-2018-10393.patch- Add source verification
* Tue Jun 05 2018 tiwaiAATTsuse.de- Replace vorbis-CVE-2017-14160.patch with the upstream fix (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch- Fix the validation of channels in mapping0_forward() (CVE-2018-10392, bsc#1091070): vorbis-CVE-2018-10392.patch
* Thu May 03 2018 tiwaiAATTsuse.de- Fix out-of-bounds access inside bark_noise_hybridmp function (CVE-2017-14160, bsc#1059812): downstream fix: vorbis-CVE-2017-14160.patch- Fix stack-basedbuffer over-read in bark_noise_hybridm (CVE-2018-10393, bsc#1091072): downstream fix: vorbis-CVE-2018-10393.patch
* Sat Mar 17 2018 tiwaiAATTsuse.de- Split libvorbis-doc subpackage to a separate spec file for reducing the dependencies
* Fri Mar 16 2018 tiwaiAATTsuse.de- Update to version 1.3.6:
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes- Build documents with doxygen, and many tex stuff; this requires to disable parallel builds partially- Move COPYING to license directory- Drop obsoleted patches: vorbis-fix-linking.patch 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch libvorbis-CVE-2018-5146.patch
* Fri Mar 16 2018 tiwaiAATTsuse.de- Fix VUL-0: libvorbis: Out of bounds memory write while processing Vorbis audio data (CVE-2018-5146, bsc#1085687): libvorbis-CVE-2018-5146.patch
* Tue Dec 19 2017 tiwaiAATTsuse.de- Fix VUL-0: out-of-bounds array read vulnerability exists in function mapping0_forward() (CVE-2017-14633, bsc#1059811): 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch- Fix VUL-0: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(CVE-2017-14632, bsc#1059809): 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
* Tue Nov 29 2016 aloisioAATTgmx.com- Added 32bit libvorbis-devel in baselibs.conf
* Fri Mar 06 2015 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Update to 1.3.5
* Tolerate single-entry codebooks.
* Fix decoder crash with invalid input.
* Fix encoder crash with non-positive sample rates.
* Fix issues in vorbisfile\'s seek bisection code.
* Spec errata.
* Reject multiple headers of the same type.
* Various build fixes and code cleanup.
* Mon Aug 18 2014 fcrozatAATTsuse.com- Fix obsoletes and provides in baselibs.conf.
* Sun Feb 23 2014 andreas.stiegerAATTgmx.de- Xiph libvorbis 1.3.4
* reduced static data size in libvorbisenc
* associated minor changes required to libvorbis and libvorbisfile
* minor build fixes and build system updates
* no functional changes over the previous 1.3.3 release- removed libvorbis-pkgconfig.patch, in upstream- updated vorbis-fix-linking.patch for context changes
* Tue Apr 16 2013 mmeisterAATTsuse.com- Added url as source. Please see http://en.opensuse.org/SourceUrls
* Sat Mar 02 2013 seife+obsAATTb1-systems.com- fix build with automake-1.13.1
* Wed Jun 20 2012 ftakeAATTgeeko.jp- updated to 1.3.3
* vorbis: additional proofing against invalid/malicious streams in decode (see SVN for details).
* vorbis: fix a memory leak in vorbis_commentheader_out().
* updates, corrections and clarifications in the Vorbis I specification document
* build warning fixes
* Tue Feb 21 2012 tiwaiAATTsuse.de- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow (bnc#747912)
* Sun Dec 25 2011 idonmezAATTsuse.com- -O20 optimization level doesn\'t exist, use -O3
* Fri Nov 25 2011 crrodriguezAATTopensuse.org- open files with O_CLOEXEC, in order to avoid fd leaks when calling applications fork() ..execve()... This patch does not cover the executable tools since it is not critical for them.
* Tue Nov 22 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Mon Aug 29 2011 crrodriguezAATTopensuse.org- Fix build with no-add-needed
* Thu May 05 2011 dmuellerAATTsuse.de- fix provides/obsoletes in baselibs
* Thu Dec 09 2010 davejplaterAATTgmail.com- Split libvorbisenc2 and libvorbisfile3 from libvorbis0- Removed services.
* Wed Dec 08 2010 cooloAATTnovell.com- fix the package split
* Wed Dec 08 2010 reddwarfAATTopensuse.org- updated to version 1.3.2
* vorbis: additional proofing against invalid/malicious streams in floor, residue, and bos/eos packet trimming code (see SVN for details).
* vorbis: Added programming documentation tree for the low-level calls
* vorbisfile: Correct handling of serial numbers array element [0] on non-seekable streams
* vorbisenc: Back out an [old] AoTuV HF weighting that was first enabled in 1.3.0; there are a few samples where I really don\'t like the effect it causes.
* vorbis: return correct timestamp for granule positions with high bit set.
* vorbisfile: the [undocumented] half-rate decode api made no attempt to keep the pcm offset tracking consistent in seeks. Fix and add a testing mode to seeking_example.c to torture test seeking in halfrate mode. Also remove requirement that halfrate mode only work with seekable files.
* vorbisfile: Fix a chaining bug in raw_seeks where seeking out of the current link would fail due to not reinitializing the decode machinery.
* vorbisfile: improve seeking strategy. Reduces the necessary number of seek callbacks in an open or seek operation by well over 2/3.- updated to version 1.3.1
* tweak + minor arithmetic fix in floor1 fit
* revert noise norm to conservative 1.2.3 behavior pending more listening testing- updated to versio 1.3.0
* Optimized surround support for 5.1 encoding at 44.1/48kHz
* Added encoder control call to disable channel coupling
* Correct an overflow bug in very low-bitrate encoding on 32 bit machines that caused inflated bitrates
* Numerous API hardening, leak and build fixes
* Correct bug in 22kHz compand setup that could cause a crash
* Correct bug in 16kHz codebooks that could cause unstable pure tones at high bitrates- run spec-cleaner- removed libvorbis-automake-fix.diff, libvorbis-doc-fixes.diff, libvorbis-r16326-CVE-2009-3379.diff and libvorbis-r16597-CVE-2009-3379.diff (upstream fixed)- follow library packaging policy- run make check
* Wed May 26 2010 tiwaiAATTsuse.de- VUL-0: libvorbis: memory corruption while parsing ogg files (bnc#608192, CVE-2009-3379)
* Wed Dec 16 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- enable parallel building- package documentation as noarch
* Wed Nov 11 2009 tiwaiAATTsuse.de- updated to version 1.2.3:
* correct a vorbisfile bug that prevented proper playback of Vorbis files where all audio in a logical stream is in a single page
* Additional decode setup hardening against malicious streams
* Add \'OV_EXCLUDE_STATIC_CALLBACKS\' define for developers who wish to avoid avoid unused symbol warnings from the static callbacks defined in vorbisfile.h- updated to version 1.2.2:
* define VENDOR and ENCODER strings
* seek correctly in files bigger than 2 GB (Windows)
* fix regression from CVE-2008-1420; 1.0b1 files work again
* mark all tables as constant to reduce memory occupation
* additional decoder hardening against malicious streams
* substantially reduce amount of seeking performed by Vorbisfile
* Multichannel decode bugfix
* build system updates
* minor specification clarifications/fixes- dropped aotuv patch temporarily
* Thu Jul 23 2009 tiwaiAATTsuse.de- updated to aoTuV patch version beta5.7:
* including security fixes
* improved encoding speed of low bitrate mode
* reduced distrotion by clipping at low sampling frequency
* fixed noise control part of impulse block
* tuning of each part was redone
* expanded noise control of the impulse block
* fixed pre-echo reduction code
* noise normalization reviewed
* detailed tuning done again
* Mon Jun 22 2009 cooloAATTnovell.com- fix build with automake 1.11
* Wed Jan 07 2009 olhAATTsuse.de- obsolete old -XXbit packages (bnc#437293)
* Thu Nov 20 2008 pthAATTsuse.de- Fix the test in libvorbis-m4.dif and adapt libvorbis-lib64.dif.
* Wed May 14 2008 tiwaiAATTsuse.de- VUL-0: Multiple vulnerabilities in libogg and libvorbis (bnc#372246)
* CVE-2008-1419 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
* CVE-2008-1420 vorbis: integer overflow in partvals computation
* CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
* Mon Apr 28 2008 tiwaiAATTsuse.de- fixed dependency in
*.pc files (bnc#384153)- removed old run_ldconfig
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Thu Aug 02 2007 tiwaiAATTsuse.de- updated to version 1.2.0:
* new ov_fopen() convenience call that avoids the common stdio conflicts with ov_open() and MSVC runtimes.
* libvorbisfile now handles multiplexed streams
* improve robustness to corrupt input streams
* fix a minor encoder bug
* updated RTP draft
* build system updates
* minor corrections to the specification
* Fri Jul 27 2007 tiwaiAATTsuse.de- fix the documentation link (#293784)- split documentation to doc subpackage- remove -fno-strict-aliasing gcc option
* Mon Jul 09 2007 tiwaiAATTsuse.de- fix array boundary conditional flaw in mapping (#287124, CVE-2007-3106)
* Mon Apr 23 2007 tiwaiAATTsuse.de- use aoTuV beta5 patch:
* The action of noise normalization has been improved.
* The threshold of a stereo mode change was calculated dynamically.
* Noise control of an impulse block was changed (quality 0-10 / 32-48kHz). And pre-echo decreased slightly.
* Tuning of each part was redone according to above-mentioned changed part and additional part.
* Mon Apr 16 2007 tiwaiAATTsuse.de- follow library packaging policy
* move docs to devel package
* remove static library- remove obsolete m4 files
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Wed Jan 11 2006 tiwaiAATTsuse.de- compile with -fstack-protector.
* Fri Dec 02 2005 tiwaiAATTsuse.de- updated to version 1.1.2.
* Tue Oct 18 2005 tiwaiAATTsuse.de- updated to version 1.1.1.
* Sun Sep 04 2005 ajAATTsuse.de- Build with -fno-strict-aliasing (#115135).
* Thu Jul 07 2005 tiwaiAATTsuse.de- remove -fsigned-char (#93878).- fixed Requires of devel subpackage.
* Mon Jun 20 2005 tiwaiAATTsuse.de- updated to aoTuV beta4.
* Wed Jan 19 2005 tiwaiAATTsuse.de- fixed compile warnings with gcc-4.0.
* Wed Nov 24 2004 tiwaiAATTsuse.de- updated to libvorbis version 1.1.0.- updated to aoTuV beta3.
* Thu Aug 05 2004 tiwaiAATTsuse.de- applied aoTuV patch to improve the encoding quality.
* Fri Apr 16 2004 tiwaiAATTsuse.de- fixed the type-punning.- disabled the removal of $RPM_BUILD_ROOT in %install.
* Wed Jan 21 2004 tiwaiAATTsuse.de- fixed quoting in m4 files.
* Fri Jan 09 2004 adrianAATTsuse.de- add %run_ldconfig to %postun
* Fri Jan 09 2004 tiwaiAATTsuse.de- updated to version 1.0.1. removed obsolete patches.- added pkgconfig to neededforbuild.
* Sat Mar 01 2003 adrianAATTsuse.de- let libvorbis-devel require libogg-devel
* Fri Jan 17 2003 tiwaiAATTsuse.de- fixed m4 macro (bug #21267).
* Thu Jan 09 2003 kukukAATTsuse.de- Add
*.la files to -devel filelist
* Wed Dec 04 2002 tiwaiAATTsuse.de- fixed the undefined weak links.- renamed m4.dif and lib64.dif with libvorbis- prefix to avoid filename conflictions.
* Thu Sep 19 2002 tiwaiAATTsuse.de- don\'t add -I/usr/include to VORBIS_VFLAGS.- fix test for prefix.- move devel documents under %{_docdir}/libvorbis-devel.
* Mon Aug 12 2002 tiwaiAATTsuse.de- added Requires %{name} = %{version} to devel package.
* Tue Jul 23 2002 tiwaiAATTsuse.de- fixed m4 file for lib64.- provides the backward compatible m4 file.
* Mon Jul 22 2002 tiwaiAATTsuse.de- updated to version 1.0.- clean up the spec file.- added %run_ldconfig.
* Wed Jun 12 2002 meissnerAATTsuse.de- rm acinclude.m4 so we don\'t have the problematic ogg.m4 (which contains /lib hardcoded).
* Thu Apr 18 2002 kukukAATTsuse.de- Remove additional optimization, default is better- Add --libdir to configure to build on x86_64
* Thu Feb 07 2002 tiwaiAATTsuse.de- fixed build on s390x.
* Fri Jan 04 2002 tiwaiAATTsuse.de- updated to RC3. sync with cvs 2002.01.04.
* Tue Dec 04 2001 tiwaiAATTsuse.de- sync with cvs 2001.12.04.
* Wed Oct 24 2001 tiwaiAATTsuse.de- sync with cvs 20011024. + fixed/updated documents + tuned up parameters + bugfixes on 64bit arch.- removed Requires to libogg.
* Sat Oct 20 2001 schwabAATTsuse.de- Fix use of qsort.
* Mon Aug 13 2001 tiwaiAATTsuse.de- updated to 1.0rc2 from cvs 20010813.
* Thu Jun 07 2001 tiwaiAATTsuse.de- fixed build with the recent libtool.
* Tue Apr 03 2001 bkAATTsuse.de- make use of RPM_OPT_FLAGS- include the include/vorbis dir into the file list(+rpm-macroized)
* Mon Mar 12 2001 tiwaiAATTsuse.de- corrected copyright in spec file.
* Mon Feb 26 2001 tiwaiAATTsuse.de- Updated to 1.0beta4.
* Wed Jan 31 2001 tiwaiAATTsuse.de- Initial version: 1.0beta3.
  
ICM