|
|
|
|
Changelog for libsndfile1-1.2.2-lp155.144.1.x86_64.rpm :
* Fri Oct 20 2023 Takashi Iwai - Update to 1.2.1: * Various bug fixes (issue #908, #907, #934, #950, #930)- Update to 1.2.2: * Fixed invalid regex in src/create_symbols_file.py * Fixed passing null pointer to printf %s in tests- Fix signed integers overflows in au_read_header() (bsc#1213451, CVE-2022-33065): libsndfile-CVE-2022-33065.patch * Mon Apr 24 2023 Dominique Leuenberger - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. * Tue Feb 21 2023 Paolo Stivanin - update to 1.2.0: * Searching for LAME dependency with CMake build system (issue #821). * CMake build from Autotools tarball (issue #816). * Build on UWP platform (issue #824). * Fix signed integer overflow (issue #785). * Skipping large wav chunks on stdin (PR #819). * Tue Mar 29 2022 Dirk Müller - update to 1.1.0: * Added MPEG Encode/Decode Support * New fuzzer for OSS-Fuzz, thanks AATTDavidKorczynski. Fixed: * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375). * Stack overflow in guess_file_type() * Abort in fuzzer, thanks AATTbobsayshilol, credit to OSS-Fuzz * Infinite loop in svx_read_header(), thanks AATTbobsayshilol, credit to OSS-Fuzz * GCC and Clang pedantic warnings, thanks AATTbobsayshilol. * Normalisation issue when scaling floating point data to int in replace_read_f2i(), thanks AATTbobsayshilol, (issue #702). * Missing samples when doing a partial read of Ogg file from index till the end of file, thanks AATTarthurt (issue #643). * sndfile-salvage: Handle files > 4 GB on Windows OS * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz * Integer overflow in psf_log_printf(), credit to OSS-Fuzz * ABI version incompatibility between Autotools and CMake build on Apple platforms. * Heap buffer overflow in wavlike_ima_decode_block() * Heap buffer overflow in msadpcm_decode_block() * Heap buffer overflow in psf_binheader_readf() * Index out of bounds in psf_nms_adpcm_decode_block() * Heap buffer overflow in flac_buffer_copy() * Heap buffer overflow in copyPredictorTo24() * Uninitialized variable in psf_binheader_readf()- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch, libsndfile-CVE-2021-4156.patch (obsolete) * Mon Jan 03 2022 tiwaiAATTsuse.de- Fix heap buffer overflow in flac_buffer_copy (CVE-2021-4156, bsc#1194006): libsndfile-CVE-2021-4156.patch * Fri Jul 23 2021 tiwaiAATTsuse.de- Fix heap buffer overflow vulnerability in msadpcm_decode_block (CVE-2021-3246, bsc#1188540): ms_adpcm-Fix-and-extend-size-checks.patch * Wed Mar 17 2021 Dominique Leuenberger - BuildRequire python3-base instead of the full python3 package: manages to break a build cycle, is cheaper, and still sufficient. * Sun Mar 14 2021 Dirk Müller - update to 1.0.31: * documentation fixes and updates * Change CMake\'s project name from sndfile to libsndfile as it should be. * Fix memory leak in wav_read_smpl_chunk() function, credit to OSS-Fuzz. * Fix aiff_read_header() memory leak(), credit to OSS-Fuzz. * Fix leak in wav_read_header(), credit to OSS-Fuzz. * Fix leak in wavlike_read_cart_chunk(), credit to OSS-Fuzz. * Fix memory leak in wav_read_acid_chunk(), credit to OSS-Fuzz. * Fix memory leak in aiff_read_basc_chunk(), credit to OSS-Fuzz. * Fix memory leak in wavlike_read_peak_chunk(), credit to OSS-Fuzz. * Fix memory leak in aiff_read_header(), credit to OSS-Fuzz. * Fix use of uninitialized value in exif_subchunk_parse(), credit to OSS-Fuzz. * Fix use of uninitialized value in endswap_int64_t_array(), credit to * OSS-Fuzz. * Fix up the fuzzer so that it can\'t under or overseek, * thanks to Max Dymond cmeister2AATTgmail.com. * Fix Autotools configure on macOS, thanks to AATTtmcguire and AATTnwh. * Exclude repository-configuration from git-archive, thanks to AATTumlaeute. * Use version-script when compiling with clang on Unix with Autotools, thanks * to AATTtstellar. * Improve handling of SMPL chunks in WAV files, thanks to AATTzodf0055980.- update to 1.0.30: * Move sndfile.h.in from src/ to include/ directory. * Huge documentation update. * Fix opus test failures on BE platforms * Fix bug when sf_open_fd() function sometimes leaves filehandle open, even if close_desc parameter is TRUE, thanks to AATTumläute. * Fix infinite loops on some pathological SD2 files * Switch to GitHub Actions for continuous integration. * Add OSS-Fuzz tests to GitHub Actions workflow * Fix memory leak in wavlike_read_bext_chunk() function, credit to OSS-Fuzz. * Fix undefined behavior in avr-read_header() function, credit to OSS-Fuzz.- update to 1.0.29: * Fixes for: CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832. * Add BWF v2 loudness parameters. * Wave64: Permit and skip arbitrary chunks prior to the data chunk. * Fix ASAN crash in wavlike_ima_seek(). * Fix IMA-ADPCM encoding for AIFF files. * sndfile-convert: Handle gsm, vox and opus extensions the same way. * Add SFC_SET_OGG_PAGE_LATENCY_MS command to get Ogg page latency for Ogg Opus files. * Fix parsing of some SD2 files. * Documentation updates. * Minor bug fixes and improvements.- drop libsndfile-CVE-2017-17456-alaw-range-check.patch libsndfile-CVE-2017-17457-ulaw-range-check.patch libsndfile-wav-loop-count-fix.patch 0001-FLAC-Fix-a-buffer-read-overrun.patch 0002-src-flac.c-Fix-a-buffer-read-overflow.patch 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch 0031-sfe_copy_data_fp-check-value-of-max-variable.patch: upstream * Tue Dec 03 2019 Stefan Brüns - Remove build dependencies for progs subpackage from library: * alsa-devel, only needed for the examples * sqlite3-devel, only needed for the regression test- Only build library, pass --disable-full-suite to configure * Tue Dec 04 2018 tiwaiAATTsuse.de- Fix segfault in wav conversion due to the invalid loop count (CVE-2018-19758, bsc#1117954): libsndfile-wav-loop-count-fix.patch * Fri Jul 06 2018 tiwaiAATTsuse.de- Fix buffer overflow in sndfile-deinterleave, which isn\'t really a security issue (bsc#1100167, CVE-2018-13139, bsc#1116993, CVE-2018-19432): sndfile-deinterlace-channels-check.patch * Fri Jun 08 2018 tiwaiAATTsuse.de- Use license file tag * Fri Jun 08 2018 tiwaiAATTsuse.de- Fix potential overflow in d2alaw_array() (CVE-2017-17456, bsc#1071777): libsndfile-CVE-2017-17456-alaw-range-check.patch- Fix potential overflow in d2ulaw_array() (CVE-2017-17457, bsc#1071767): libsndfile-CVE-2017-17457-ulaw-range-check.patch * Tue Dec 19 2017 tiwaiAATTsuse.de- Fix VUL-0: divide-by-zero error exists in the function double64_init() in double64.c (CVE-2017-14634, bsc#1059911): 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch- Tentative fix for VUL-0: out of bounds read in the function d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and VUL-0: out of bounds read in the function d2ulaw_array() in ulaw.c (CVE-2017-14246, bsc#1059913): 0031-sfe_copy_data_fp-check-value-of-max-variable.patch * Tue Aug 08 2017 tiwaiAATTsuse.de- Fix Heap-based Buffer Overflow in the psf_binheader_writef (CVE-2017-12562, bsc#1052476): 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch * Tue Jun 13 2017 tiwaiAATTsuse.de- Fix out-of-bounds read memory access in the aiff_read_chanmap() (CVE-2017-6892, bsc#1043978): 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch * Tue May 02 2017 tiwaiAATTsuse.de- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363 CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946 bsc#1036943): 0001-FLAC-Fix-a-buffer-read-overrun.patch 0002-src-flac.c-Fix-a-buffer-read-overflow.patch * Mon Apr 10 2017 tiwaiAATTsuse.de- Update to version 1.0.27: * Fix a seek regression in 1.0.26 * Add metadata read/write for CAF and RF64 * FIx PAF endian-ness issue- Update to version 1.0.28 * Fix buffer overruns in FLAC and ID3 handling code (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053) * Reduce default header memory requirements * Fix detection of Large File Support for 32 bit systems.- Obsoleted patch: libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch * Tue May 10 2016 tom.mbrtAATTgooglemail.com- Fix spec file to enable builds on non opensuse OS * Mon Nov 23 2015 tiwaiAATTsuse.de- Update to version 1.0.26: * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805. * Add ALAC/CAF support. Minor bug fixes and improvements.- Refreshed patches: sndfile-ocloexec.patch libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch- Removed obsoleted patches: libsndfile-example-fix.diff libsndfile-fix-header-read-CVE-2015-7805.patch libsndfile-paf-zero-division-fix.diff libsndfile-src-common.c-Fix-a-header-parsing-bug.patch libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch * Wed Nov 04 2015 tiwaiAATTsuse.de- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516) libsndfile-src-common.c-Fix-a-header-parsing-bug.patch libsndfile-fix-header-read-CVE-2015-7805.patch- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519) libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro * Wed Nov 04 2015 tiwaiAATTsuse.de- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521): libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch * Sat Mar 21 2015 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Add gpg signature- Remove old ppc provides/obsoletes * Wed Jan 07 2015 tiwaiAATTsuse.de- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream fix patches sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
|
|
|