File libvorbis.changes of Package libvorbis.7657

-------------------------------------------------------------------
Tue Jun  5 11:37:54 CEST 2018 - tiwai@suse.de

- Replace vorbis-CVE-2017-14160.patch with the upstream fix
  (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch
- Fix the validation of channels in mapping0_forward()
  (CVE-2018-10392, bsc#1091070):
  vorbis-CVE-2018-10392.patch

-------------------------------------------------------------------
Thu May  3 15:56:28 CEST 2018 - tiwai@suse.de

- Fix out-of-bounds access inside bark_noise_hybridmp function
  (CVE-2017-14160, bsc#1059812):
  downstream fix: vorbis-CVE-2017-14160.patch
- Fix stack-basedbuffer over-read in bark_noise_hybridm
  (CVE-2018-10393, bsc#1091072):
  downstream fix: vorbis-CVE-2018-10393.patch
  
-------------------------------------------------------------------
Sat Mar 17 14:54:44 CET 2018 - tiwai@suse.de

- Split libvorbis-doc subpackage to a separate spec file for
  reducing the dependencies

-------------------------------------------------------------------
Fri Mar 16 22:12:35 CET 2018 - tiwai@suse.de

- Update to version 1.3.6:
  * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
  * Fix CVE-2017-14632 - free() on unitialized data
  * Fix CVE-2017-14633 - out-of-bounds read
  * Fix bitrate metadata parsing.
  * Fix out-of-bounds read in codebook parsing.
  * Fix residue vector size in Vorbis I spec.
  * Appveyor support
  * Travis CI support
  * Add secondary CMake build system.
  * Build system fixes
- Build documents with doxygen, and many tex stuff;
  this requires to disable parallel builds partially
- Move COPYING to license directory
- Drop obsoleted patches:
  vorbis-fix-linking.patch
  0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
  0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
  libvorbis-CVE-2018-5146.patch

-------------------------------------------------------------------
Fri Mar 16 20:02:45 CET 2018 - tiwai@suse.de

- Fix VUL-0: libvorbis: Out of bounds memory write while processing
  Vorbis audio data (CVE-2018-5146, bsc#1085687):
  libvorbis-CVE-2018-5146.patch

-------------------------------------------------------------------
Tue Dec 19 14:32:18 CET 2017 - tiwai@suse.de

- Fix VUL-0: out-of-bounds array read vulnerability exists in
  function mapping0_forward() (CVE-2017-14633, bsc#1059811):
  0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
- Fix VUL-0: Remote Code Execution upon freeing uninitialized
  memory in function vorbis_analysis_headerout(CVE-2017-14632,
  bsc#1059809):
  0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch

-------------------------------------------------------------------
Tue Nov 29 12:14:08 UTC 2016 - aloisio@gmx.com

- Added 32bit libvorbis-devel in baselibs.conf

-------------------------------------------------------------------
Fri Mar  6 15:23:26 UTC 2015 - mpluskal@suse.com

- Cleanup spec file with spec-cleaner
- Update to 1.3.5
  * Tolerate single-entry codebooks.
  * Fix decoder crash with invalid input.
  * Fix encoder crash with non-positive sample rates.
  * Fix issues in vorbisfile's seek bisection code.
  * Spec errata.
  * Reject multiple headers of the same type.
  * Various build fixes and code cleanup.

-------------------------------------------------------------------
Mon Aug 18 14:36:27 CEST 2014 - fcrozat@suse.com

- Fix obsoletes and provides in baselibs.conf.

-------------------------------------------------------------------
Sun Feb 23 19:43:16 UTC 2014 - andreas.stieger@gmx.de

- Xiph libvorbis 1.3.4
  * reduced static data size in libvorbisenc
  * associated minor changes required to libvorbis and libvorbisfile
  * minor build fixes and build system updates
  * no functional changes over the previous 1.3.3 release
- removed libvorbis-pkgconfig.patch, in upstream
- updated vorbis-fix-linking.patch for context changes

-------------------------------------------------------------------
Tue Apr 16 06:46:59 UTC 2013 - mmeister@suse.com

- Added url as source.
  Please see http://en.opensuse.org/SourceUrls

-------------------------------------------------------------------
Sat Mar  2 12:59:01 UTC 2013 - seife+obs@b1-systems.com

- fix build with automake-1.13.1

-------------------------------------------------------------------
Wed Jun 20 15:42:24 UTC 2012 - ftake@geeko.jp

- updated to 1.3.3
 * vorbis: additional proofing against invalid/malicious 
   streams in decode (see SVN for details).  
 * vorbis: fix a memory leak in vorbis_commentheader_out().
 * updates, corrections and clarifications in the Vorbis I
   specification document
 * build warning fixes

-------------------------------------------------------------------
Tue Feb 21 14:32:38 CET 2012 - tiwai@suse.de

- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
  (bnc#747912)

-------------------------------------------------------------------
Sun Dec 25 11:09:50 UTC 2011 - idonmez@suse.com

- -O20 optimization level doesn't exist, use -O3 

-------------------------------------------------------------------
Fri Nov 25 21:08:52 UTC 2011 - crrodriguez@opensuse.org

- open files with O_CLOEXEC, in order to avoid fd leaks 
  when calling applications fork() ..execve()...
  This patch does not cover the executable tools since
  it is not critical for them.

-------------------------------------------------------------------
Tue Nov 22 10:21:04 UTC 2011 - coolo@suse.com

- add libtool as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Mon Aug 29 19:00:55 UTC 2011 - crrodriguez@opensuse.org

- Fix build with no-add-needed 

-------------------------------------------------------------------
Thu May  5 22:56:15 CEST 2011 - dmueller@suse.de

- fix provides/obsoletes in baselibs

-------------------------------------------------------------------
Thu Dec  9 22:14:53 UTC 2010 - davejplater@gmail.com

- Split libvorbisenc2 and libvorbisfile3 from libvorbis0
- Removed services.

-------------------------------------------------------------------
Wed Dec  8 15:52:05 UTC 2010 - coolo@novell.com

- fix the package split

-------------------------------------------------------------------
Wed Dec  8 04:23:34 UTC 2010 - reddwarf@opensuse.org

- updated to version 1.3.2
 * vorbis: additional proofing against invalid/malicious 
   streams in floor, residue, and bos/eos packet trimming 
   code (see SVN for details). 
 * vorbis: Added programming documentation tree for the 
   low-level calls
 * vorbisfile: Correct handling of serial numbers array 
   element [0] on non-seekable streams
 * vorbisenc: Back out an [old] AoTuV HF weighting that was 
   first enabled in 1.3.0; there are a few samples where I 
   really don't like the effect it causes.
 * vorbis: return correct timestamp for granule positions 
   with high bit set.
 * vorbisfile: the [undocumented] half-rate decode api made no 
   attempt to keep the pcm offset tracking consistent in seeks. 
   Fix and add a testing mode to seeking_example.c to torture 
   test seeking in halfrate mode.  Also remove requirement that 
   halfrate mode only work with seekable files.
 * vorbisfile:  Fix a chaining bug in raw_seeks where seeking 
   out of the current link would fail due to not 
   reinitializing the decode machinery.  
 * vorbisfile: improve seeking strategy. Reduces the 
   necessary number of seek callbacks in an open or seek 
   operation by well over 2/3.
- updated to version 1.3.1
 * tweak + minor arithmetic fix in floor1 fit
 * revert noise norm to conservative 1.2.3 behavior pending 
   more listening testing
- updated to versio 1.3.0
 * Optimized surround support for 5.1 encoding at 44.1/48kHz
 * Added encoder control call to disable channel coupling
 * Correct an overflow bug in very low-bitrate encoding on 32 bit 
   machines that caused inflated bitrates
 * Numerous API hardening, leak and build fixes 
 * Correct bug in 22kHz compand setup that could cause a crash
 * Correct bug in 16kHz codebooks that could cause unstable pure 
   tones at high bitrates
- run spec-cleaner
- removed libvorbis-automake-fix.diff, libvorbis-doc-fixes.diff,
  libvorbis-r16326-CVE-2009-3379.diff and
  libvorbis-r16597-CVE-2009-3379.diff (upstream fixed)
- follow library packaging policy
- run make check

-------------------------------------------------------------------
Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de

- VUL-0: libvorbis: memory corruption while parsing ogg files
  (bnc#608192, CVE-2009-3379)

-------------------------------------------------------------------
Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de

- add baselibs.conf as a source
- enable parallel building
- package documentation as noarch

-------------------------------------------------------------------
Wed Nov 11 10:56:23 CET 2009 - tiwai@suse.de

- updated to version 1.2.3:
 * correct a vorbisfile bug that prevented proper playback of
   Vorbis files where all audio in a logical stream is in a
   single page
 * Additional decode setup hardening against malicious streams
 * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who 
   wish to avoid avoid unused symbol warnings from the static
   callbacks defined in vorbisfile.h

- updated to version 1.2.2:
 * define VENDOR and ENCODER strings
 * seek correctly in files bigger than 2 GB (Windows)
 * fix regression from CVE-2008-1420; 1.0b1 files work again
 * mark all tables as constant to reduce memory occupation
 * additional decoder hardening against malicious streams
 * substantially reduce amount of seeking performed by Vorbisfile
 * Multichannel decode bugfix 
 * build system updates
 * minor specification clarifications/fixes

- dropped aotuv patch temporarily

-------------------------------------------------------------------
Thu Jul 23 15:28:13 CEST 2009 - tiwai@suse.de

- updated to aoTuV patch version beta5.7:
  * including security fixes
  * improved encoding speed of low bitrate mode
  * reduced distrotion by clipping at low sampling frequency
  * fixed noise control part of impulse block
  * tuning of each part was redone
  * expanded noise control of the impulse block
  * fixed pre-echo reduction code
  * noise normalization reviewed
  * detailed tuning done again

-------------------------------------------------------------------
Mon Jun 22 09:47:22 CEST 2009 - coolo@novell.com

- fix build with automake 1.11

-------------------------------------------------------------------
Wed Jan  7 12:34:56 CET 2009 - olh@suse.de

- obsolete old -XXbit packages (bnc#437293)

-------------------------------------------------------------------
Thu Nov 20 16:48:52 CET 2008 - pth@suse.de

- Fix the test in libvorbis-m4.dif and adapt libvorbis-lib64.dif.

-------------------------------------------------------------------
Wed May 14 16:41:31 CEST 2008 - tiwai@suse.de

- VUL-0: Multiple vulnerabilities in libogg and libvorbis
  (bnc#372246)
  * CVE-2008-1419 vorbis: zero-dim codebooks can cause crash,
    infinite loop or heap overflow
  * CVE-2008-1420 vorbis: integer overflow in partvals computation
  * CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks

-------------------------------------------------------------------
Mon Apr 28 12:56:34 CEST 2008 - tiwai@suse.de

- fixed dependency in *.pc files (bnc#384153)
- removed old run_ldconfig

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

-------------------------------------------------------------------
Thu Aug  2 12:22:21 CEST 2007 - tiwai@suse.de

- updated to version 1.2.0:
  * new ov_fopen() convenience call that avoids the common
   stdio conflicts with ov_open() and MSVC runtimes.
 * libvorbisfile now handles multiplexed streams
 * improve robustness to corrupt input streams
 * fix a minor encoder bug
 * updated RTP draft
 * build system updates
 * minor corrections to the specification

-------------------------------------------------------------------
Fri Jul 27 12:56:43 CEST 2007 - tiwai@suse.de

- fix the documentation link (#293784)
- split documentation to doc subpackage
- remove -fno-strict-aliasing gcc option

-------------------------------------------------------------------
Mon Jul  9 10:48:33 CEST 2007 - tiwai@suse.de

- fix array boundary conditional flaw in mapping (#287124,
  CVE-2007-3106)

-------------------------------------------------------------------
Mon Apr 23 18:06:06 CEST 2007 - tiwai@suse.de

- use aoTuV beta5 patch:
  * The action of noise normalization has been improved.
  * The threshold of a stereo mode change was calculated
    dynamically.
  * Noise control of an impulse block was changed (quality 0-10
    / 32-48kHz). And pre-echo decreased slightly.
  * Tuning of each part was redone according to above-mentioned
    changed part and additional part.

-------------------------------------------------------------------
Mon Apr 16 15:07:19 CEST 2007 - tiwai@suse.de

- follow library packaging policy
  * move docs to devel package
  * remove static library
- remove obsolete m4 files

-------------------------------------------------------------------
Wed Jan 25 21:37:47 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Wed Jan 11 16:46:46 CET 2006 - tiwai@suse.de

- compile with -fstack-protector.

-------------------------------------------------------------------
Fri Dec  2 16:03:48 CET 2005 - tiwai@suse.de

- updated to version 1.1.2.

-------------------------------------------------------------------
Tue Oct 18 12:25:20 CEST 2005 - tiwai@suse.de

- updated to version 1.1.1.

-------------------------------------------------------------------
Sun Sep  4 06:45:34 CEST 2005 - aj@suse.de

- Build with -fno-strict-aliasing (#115135).

-------------------------------------------------------------------
Thu Jul  7 16:20:14 CEST 2005 - tiwai@suse.de

- remove -fsigned-char (#93878).
- fixed Requires of devel subpackage.

-------------------------------------------------------------------
Mon Jun 20 20:56:55 CEST 2005 - tiwai@suse.de

- updated to aoTuV beta4.

-------------------------------------------------------------------
Wed Jan 19 15:42:01 CET 2005 - tiwai@suse.de

- fixed compile warnings with gcc-4.0.

-------------------------------------------------------------------
Wed Nov 24 17:32:19 CET 2004 - tiwai@suse.de

- updated to libvorbis version 1.1.0.
- updated to aoTuV beta3.

-------------------------------------------------------------------
Thu Aug  5 13:03:24 CEST 2004 - tiwai@suse.de

- applied aoTuV patch to improve the encoding quality.

-------------------------------------------------------------------
Fri Apr 16 12:54:41 CEST 2004 - tiwai@suse.de

- fixed the type-punning.
- disabled the removal of $RPM_BUILD_ROOT in %install.

-------------------------------------------------------------------
Wed Jan 21 18:45:51 CET 2004 - tiwai@suse.de

- fixed quoting in m4 files. 

-------------------------------------------------------------------
Fri Jan  9 17:47:41 CET 2004 - adrian@suse.de

- add %run_ldconfig to %postun

-------------------------------------------------------------------
Fri Jan  9 17:01:18 CET 2004 - tiwai@suse.de

- updated to version 1.0.1.
  removed obsolete patches.
- added pkgconfig to neededforbuild.

-------------------------------------------------------------------
Sat Mar  1 18:04:02 CET 2003 - adrian@suse.de

- let libvorbis-devel require libogg-devel

-------------------------------------------------------------------
Fri Jan 17 17:24:33 CET 2003 - tiwai@suse.de

- fixed m4 macro (bug #21267).

-------------------------------------------------------------------
Thu Jan  9 18:17:59 CET 2003 - kukuk@suse.de

- Add *.la files to -devel filelist

-------------------------------------------------------------------
Wed Dec  4 18:14:02 CET 2002 - tiwai@suse.de

- fixed the undefined weak links.
- renamed m4.dif and lib64.dif with libvorbis- prefix to avoid
  filename conflictions.

-------------------------------------------------------------------
Thu Sep 19 15:41:52 CEST 2002 - tiwai@suse.de

- don't add -I/usr/include to VORBIS_VFLAGS.
- fix test for prefix.
- move devel documents under %{_docdir}/libvorbis-devel.

-------------------------------------------------------------------
Mon Aug 12 13:40:58 CEST 2002 - tiwai@suse.de

- added Requires %{name} = %{version} to devel package.

-------------------------------------------------------------------
Tue Jul 23 16:49:20 CEST 2002 - tiwai@suse.de

- fixed m4 file for lib64.
- provides the backward compatible m4 file.

-------------------------------------------------------------------
Mon Jul 22 10:46:19 CEST 2002 - tiwai@suse.de

- updated to version 1.0.
- clean up the spec file.
- added %run_ldconfig.

-------------------------------------------------------------------
Wed Jun 12 13:20:32 CEST 2002 - meissner@suse.de

- rm acinclude.m4 so we don't have the problematic ogg.m4 (which contains
  /lib hardcoded).

-------------------------------------------------------------------
Thu Apr 18 11:57:17 CEST 2002 - kukuk@suse.de

- Remove additional optimization, default is better
- Add --libdir to configure to build on x86_64

-------------------------------------------------------------------
Thu Feb  7 11:21:43 CET 2002 - tiwai@suse.de

- fixed build on s390x.

-------------------------------------------------------------------
Fri Jan  4 11:54:44 CET 2002 - tiwai@suse.de

- updated to RC3.
  sync with cvs 2002.01.04.

-------------------------------------------------------------------
Tue Dec  4 11:24:07 CET 2001 - tiwai@suse.de

- sync with cvs 2001.12.04.

-------------------------------------------------------------------
Wed Oct 24 17:50:32 CEST 2001 - tiwai@suse.de

- sync with cvs 20011024.
  + fixed/updated documents
  + tuned up parameters
  + bugfixes on 64bit arch.
- removed Requires to libogg.

-------------------------------------------------------------------
Sat Oct 20 16:45:55 CEST 2001 - schwab@suse.de

- Fix use of qsort.

-------------------------------------------------------------------
Mon Aug 13 16:57:27 CEST 2001 - tiwai@suse.de

- updated to 1.0rc2 from cvs 20010813.

-------------------------------------------------------------------
Thu Jun  7 11:26:12 CEST 2001 - tiwai@suse.de

- fixed build with the recent libtool.

-------------------------------------------------------------------
Tue Apr  3 08:52:17 MEST 2001 - bk@suse.de

- make use of RPM_OPT_FLAGS
- include the include/vorbis dir into the file list(+rpm-macroized)

-------------------------------------------------------------------
Mon Mar 12 15:22:00 CET 2001 - tiwai@suse.de

- corrected copyright in spec file.

-------------------------------------------------------------------
Mon Feb 26 17:10:04 CET 2001 - tiwai@suse.de

- Updated to 1.0beta4.

-------------------------------------------------------------------
Wed Jan 31 12:29:54 CET 2001 - tiwai@suse.de

- Initial version: 1.0beta3.
openSUSE Build Service is sponsored by