Changelog for
flac-debugsource-1.3.2-3.8.1.x86_64.rpm :
* Wed Dec 16 2020 tiwaiAATTsuse.de- Fix memory leak (CVE-2020-0487 bsc#1180112): stream_decoder.c-Fix-a-memory-leak.patch
* Wed Dec 16 2020 tiwaiAATTsuse.de- Fix out-of-bounds access (CVE-2020-0499 bsc#1180099): libFLAC-bitreader.c-Fix-out-of-bounds-read.patch
* Fri Apr 27 2018 tiwaiAATTsuse.de- Fix memory leak in read_metadata_vorbiscomment_() function (CVE-2017-6888, bsc#1091045): flac-CVE-2017-6888.patch
* Sun Jan 01 2017 aloisioAATTgmx.com- Update to version 1.3.2
* Fix undefined behaviour using GCC/Clang UBSAN (erikd).
* General hardening via fuzz testing with AFL (erikd and others).
* General code improvements (lvqcl, erikd and others).
* Add FLAC in MP4 specification docs (Ralph Giles).
* Fix some cppcheck warnings (erikd).
* Assume all currently used OSes support SSE2. flac:
* Fix potential infinite loop on flac-to-flac conversion (erikd).
* Add WAVEFORMATEXTENSIBLE to WAV (as needed) when decoding (lvqcl).
* Only write vorbis-comments if they are non-empty.
* Error out if decoding RAW with bits != (8|16|24). metaflac:
* Add --scan-replay-gain option. libraries:
* CPU detection cleanup and fixes (Julian Calaby, erikd and lvqcl).
* Fix two stream decoder bugs (Max Kellermann).
* Fix a NULL dereference bug (on a malformed file).
* Changed the LPC order guess for a slight compression improvement, particularly for classical music (Martijn van Beurden).
* Improved encoding speed on older Intel CPUs.
* Fixed a seeking bug when decoding certain files (Miroslav Lichvar).
* Put an upper bound (32768) on the number of seek points.
* Fix potential memory leaks.
* Support 64bit brword/bwword allowing FLAC__BYTES_PER_WORD to be set to 8 (disabled by default).
* Fix an out-of-bounds heap read.- Refreshed flac-cflags.patch
* Sat Sep 10 2016 tchvatalAATTsuse.com- Drop patch that should be upstreamed first, otherwise we will have to keep it ofrever:
* flac-ocloexec.patch- Drop wrong patch:
* flac-fix-pkgconfig.patch + If using this change you get assert.h include overriden in your project by the one from FLAC/ which is not what upstream desired If packages fail to build they should fix their include
* Sat Mar 21 2015 mpluskalAATTsuse.com- Build documentation as noarch
* Fri Mar 20 2015 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Update url- Remove no longer needed patches
* flac-fix-CVE-2014-8962.patch
* flac-fix-CVE-2014-9028.patch
* 0001-getopt_long-not-broken-here.patch- Remove following as benefit of using openssl is small
* 0001-Allow-use-of-openSSL.patch- Add flac-cflags.patch- Use doxygen to build documentation- Split documentation to separate package- Update to 1.3.1
* Improved decoding efficiency of all bit depths but especially so for 24 bits for IA32 architecture (lvqcl and Miroslav Lichvar).
* Faster encoding using SSE and AVX (lvqcl).
* Fixed bartlett, bartlett_hann and triangle functions.
* New apodization functions partial_tukey and punchout_tukey for improved compression (Martijn van Beurden).
* Retuned compression presets to incorporate new apodization functions (Martijn van Beurden).
* Fix -Wcast-align warnings on armhf architecture (Erik de Castro Lopo).
* Help output documentation improvements.
* I/O buffering improvements on Windows to reduce disk fragmentation when writing files.
* Only write vorbis-comments if they are non-empty.
* Fix symbol visibility in XMMS plugin.
* Many fixes and improvements across all the build systems.
* Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962 (heap read overflow)
* Wed Nov 26 2014 tiwaiAATTsuse.de- A couple of security fixes:
* flac-fix-CVE-2014-8962.patch: arbitrary code execution by a stack overflow (CVE-2014-8962, bnc#906831)
* flac-fix-CVE-2014-9028.patch: Heap overflow via specially crafted .flac files (CVE-2014-9028, bnc#907016)
* Mon Jul 01 2013 jengelhAATTinai.de- Update to final upstream release 1.3.0
* No user-visible changes- More robust make install call
* Sun May 26 2013 crrodriguezAATTopensuse.org- Update to flac 1.3.0pre4 (packaged as 1.2.99_git
* to avoid messing with RPM versioning)
* Mostly non-linux related bugfixes plus autotools fixes - flac-openssl.patch --> 0001-Allow-use-of-openSSL.patch - remove flac-1.2.1-automake1_13.patch, fixed in upstream. - add 0001-getopt_long-not-broken-here.patch, FLAC bundles GNU-compatible getopt_long for broken OS, but we do have a functional version in libc already.
* Mon Apr 22 2013 cfarrellAATTsuse.com- license update: BSD-3-Clause and GPL-2.0+ and GFDL-1.2 Numerous GPL-2.0+ licensed files;documtation is GFDL-1.2
* Thu Feb 28 2013 seife+obsAATTb1-systems.com- add flac-1.2.1-automake1_13.patch, fix build with automake-1.13.1
* Tue Dec 18 2012 idonmezAATTsuse.com- Add flac-fix-pkgconfig.patch to fix includedir in the pkgconfig files.
* Sun Dec 09 2012 crrodriguezAATTopensuse.org- add xz buildrequires for old distros.
* Sat Dec 08 2012 crrodriguezAATTopensuse.org- Update to current git
* patches deleted: - flac-1.2.1-asm.patch - flac-1.2.1-bitreader.patch - flac-gcc43-fixes.diff - flac-gcc47.patch - flac-leaks.patch - flac-no-xmms.diff - flac-visibility.patch - flac-printf-format-fix.diff All Upstreamed either by us or other distros.- Add flac-openssl.patch, do crypto with openssl (not wanted upstream)- Restore make check
* Tue Sep 04 2012 schwabAATTlinux-m68k.org- Don\'t ignore $(AM_CFLAGS).- Remove ppc patch.
* Tue Mar 13 2012 dimstarAATTopensuse.org- Add flac-gcc47.patch: Replacing strcpy without \'lenght limitation\' with strncpy, limited to 4 chars. This is safe, as we check the length already to be sure it is 4 chars, yet do not suffer from the problem that strcpy wants to add a \'\\0\' char in plus to the target string.
* Thu Mar 08 2012 dvaleevAATTsuse.com- don\'t use fvisibility=hidden on ppc. As it can\'t find symbols afterwards
* Fri Jan 27 2012 crrodriguezAATTopensuse.org- Fix some memory and resources leak.- Link shared libraries with -Bsymbolic-functions- annotate relevant functions with proper attributes to allow the compiler generate better code (attribute hot. alloc_size)
* Tue Jan 24 2012 crrodriguezAATTopensuse.org- Support symbol visibility features- Disable test suite, nothing wrong with it, it just takes too long to run and uses private/hidden symbols to test flac\'s internals.
* Sun Nov 20 2011 crrodriguezAATTopensuse.org- Use O_CLOEXEC in all library code.
* Sat Oct 01 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Wed Sep 28 2011 crrodriguezAATTopensuse.org- Build with --enable-sse, this only disables runtime checking if the
*OS
* supports SSE, which registers a SIGILL signal handler then tries to execute SSE code... it still tests the running
*CPU
* though.
* Sun Sep 18 2011 jengelhAATTmedozas.de- Apply packaging guidelines (remove redundant/obsolete tags/sections from specfile, etc.)- Add flac-devel to baselibs
* Sat Aug 06 2011 crrodriguezAATTopensuse.org- Do not build with -fno-strict-aliasing since is no longer required.- Impoer two patches from redhat, one speeds up decoding and the other enables the working ASM optimizations.
* Wed Dec 08 2010 cristian.rodriguezAATTopensuse.org- run make check, but only the basic test suite, complete one takes hours.
* Wed Dec 16 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0