SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 
Changelog for libvorbis0-1.3.6-72.1.x86_64.rpm :
Tue Jun 5 14:00:00 2018 tiwaiAATTsuse.de
- Replace vorbis-CVE-2017-14160.patch with the upstream fix
(commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch
- Fix the validation of channels in mapping0_forward()
(CVE-2018-10392, bsc#1091070):
vorbis-CVE-2018-10392.patch

Thu May 3 14:00:00 2018 tiwaiAATTsuse.de
- Fix out-of-bounds access inside bark_noise_hybridmp function
(CVE-2017-14160, bsc#1059812):
downstream fix: vorbis-CVE-2017-14160.patch
- Fix stack-basedbuffer over-read in bark_noise_hybridm
(CVE-2018-10393, bsc#1091072):
downstream fix: vorbis-CVE-2018-10393.patch

Sat Mar 17 13:00:00 2018 tiwaiAATTsuse.de
- Split libvorbis-doc subpackage to a separate spec file for
reducing the dependencies

Fri Mar 16 13:00:00 2018 tiwaiAATTsuse.de
- Update to version 1.3.6:

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.

* Fix CVE-2017-14632 - free() on unitialized data

* Fix CVE-2017-14633 - out-of-bounds read

* Fix bitrate metadata parsing.

* Fix out-of-bounds read in codebook parsing.

* Fix residue vector size in Vorbis I spec.

* Appveyor support

* Travis CI support

* Add secondary CMake build system.

* Build system fixes
- Build documents with doxygen, and many tex stuff;
this requires to disable parallel builds partially
- Move COPYING to license directory
- Drop obsoleted patches:
vorbis-fix-linking.patch
0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
libvorbis-CVE-2018-5146.patch

Fri Mar 16 13:00:00 2018 tiwaiAATTsuse.de
- Fix VUL-0: libvorbis: Out of bounds memory write while processing
Vorbis audio data (CVE-2018-5146, bsc#1085687):
libvorbis-CVE-2018-5146.patch

Tue Dec 19 13:00:00 2017 tiwaiAATTsuse.de
- Fix VUL-0: out-of-bounds array read vulnerability exists in
function mapping0_forward() (CVE-2017-14633, bsc#1059811):
0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
- Fix VUL-0: Remote Code Execution upon freeing uninitialized
memory in function vorbis_analysis_headerout(CVE-2017-14632,
bsc#1059809):
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch

Tue Nov 29 13:00:00 2016 aloisioAATTgmx.com
- Added 32bit libvorbis-devel in baselibs.conf

Fri Mar 6 13:00:00 2015 mpluskalAATTsuse.com
- Cleanup spec file with spec-cleaner
- Update to 1.3.5

* Tolerate single-entry codebooks.

* Fix decoder crash with invalid input.

* Fix encoder crash with non-positive sample rates.

* Fix issues in vorbisfile\'s seek bisection code.

* Spec errata.

* Reject multiple headers of the same type.

* Various build fixes and code cleanup.

Mon Aug 18 14:00:00 2014 fcrozatAATTsuse.com
- Fix obsoletes and provides in baselibs.conf.

Sun Feb 23 13:00:00 2014 andreas.stiegerAATTgmx.de
- Xiph libvorbis 1.3.4

* reduced static data size in libvorbisenc

* associated minor changes required to libvorbis and libvorbisfile

* minor build fixes and build system updates

* no functional changes over the previous 1.3.3 release
- removed libvorbis-pkgconfig.patch, in upstream
- updated vorbis-fix-linking.patch for context changes

Tue Apr 16 14:00:00 2013 mmeisterAATTsuse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls

Sat Mar 2 13:00:00 2013 seife+obsAATTb1-systems.com
- fix build with automake-1.13.1

Wed Jun 20 14:00:00 2012 ftakeAATTgeeko.jp
- updated to 1.3.3

* vorbis: additional proofing against invalid/malicious
streams in decode (see SVN for details).

* vorbis: fix a memory leak in vorbis_commentheader_out().

* updates, corrections and clarifications in the Vorbis I
specification document

* build warning fixes

Tue Feb 21 13:00:00 2012 tiwaiAATTsuse.de
- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
(bnc#747912)

Sun Dec 25 13:00:00 2011 idonmezAATTsuse.com
- -O20 optimization level doesn\'t exist, use -O3

Fri Nov 25 13:00:00 2011 crrodriguezAATTopensuse.org
- open files with O_CLOEXEC, in order to avoid fd leaks
when calling applications fork() ..execve()...
This patch does not cover the executable tools since
it is not critical for them.

Tue Nov 22 13:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to avoid implicit dependency

Mon Aug 29 14:00:00 2011 crrodriguezAATTopensuse.org
- Fix build with no-add-needed

Thu May 5 14:00:00 2011 dmuellerAATTsuse.de
- fix provides/obsoletes in baselibs

Fri Dec 10 13:00:00 2010 davejplaterAATTgmail.com
- Split libvorbisenc2 and libvorbisfile3 from libvorbis0
- Removed services.

Wed Dec 8 13:00:00 2010 cooloAATTnovell.com
- fix the package split

Wed Dec 8 13:00:00 2010 reddwarfAATTopensuse.org
- updated to version 1.3.2

* vorbis: additional proofing against invalid/malicious
streams in floor, residue, and bos/eos packet trimming
code (see SVN for details).

* vorbis: Added programming documentation tree for the
low-level calls

* vorbisfile: Correct handling of serial numbers array
element [0] on non-seekable streams

* vorbisenc: Back out an [old] AoTuV HF weighting that was
first enabled in 1.3.0; there are a few samples where I
really don\'t like the effect it causes.

* vorbis: return correct timestamp for granule positions
with high bit set.

* vorbisfile: the [undocumented] half-rate decode api made no
attempt to keep the pcm offset tracking consistent in seeks.
Fix and add a testing mode to seeking_example.c to torture
test seeking in halfrate mode. Also remove requirement that
halfrate mode only work with seekable files.

* vorbisfile: Fix a chaining bug in raw_seeks where seeking
out of the current link would fail due to not
reinitializing the decode machinery.

* vorbisfile: improve seeking strategy. Reduces the
necessary number of seek callbacks in an open or seek
operation by well over 2/3.
- updated to version 1.3.1

* tweak + minor arithmetic fix in floor1 fit

* revert noise norm to conservative 1.2.3 behavior pending
more listening testing
- updated to versio 1.3.0

* Optimized surround support for 5.1 encoding at 44.1/48kHz

* Added encoder control call to disable channel coupling

* Correct an overflow bug in very low-bitrate encoding on 32 bit
machines that caused inflated bitrates

* Numerous API hardening, leak and build fixes

* Correct bug in 22kHz compand setup that could cause a crash

* Correct bug in 16kHz codebooks that could cause unstable pure
tones at high bitrates
- run spec-cleaner
- removed libvorbis-automake-fix.diff, libvorbis-doc-fixes.diff,
libvorbis-r16326-CVE-2009-3379.diff and
libvorbis-r16597-CVE-2009-3379.diff (upstream fixed)
- follow library packaging policy
- run make check

Wed May 26 14:00:00 2010 tiwaiAATTsuse.de
- VUL-0: libvorbis: memory corruption while parsing ogg files
(bnc#608192, CVE-2009-3379)

Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- enable parallel building
- package documentation as noarch

Wed Nov 11 13:00:00 2009 tiwaiAATTsuse.de
- updated to version 1.2.3:

* correct a vorbisfile bug that prevented proper playback of
Vorbis files where all audio in a logical stream is in a
single page

* Additional decode setup hardening against malicious streams

* Add \'OV_EXCLUDE_STATIC_CALLBACKS\' define for developers who
wish to avoid avoid unused symbol warnings from the static
callbacks defined in vorbisfile.h
- updated to version 1.2.2:

* define VENDOR and ENCODER strings

* seek correctly in files bigger than 2 GB (Windows)

* fix regression from CVE-2008-1420; 1.0b1 files work again

* mark all tables as constant to reduce memory occupation

* additional decoder hardening against malicious streams

* substantially reduce amount of seeking performed by Vorbisfile

* Multichannel decode bugfix

* build system updates

* minor specification clarifications/fixes
- dropped aotuv patch temporarily

Thu Jul 23 14:00:00 2009 tiwaiAATTsuse.de
- updated to aoTuV patch version beta5.7:

* including security fixes

* improved encoding speed of low bitrate mode

* reduced distrotion by clipping at low sampling frequency

* fixed noise control part of impulse block

* tuning of each part was redone

* expanded noise control of the impulse block

* fixed pre-echo reduction code

* noise normalization reviewed

* detailed tuning done again

Mon Jun 22 14:00:00 2009 cooloAATTnovell.com
- fix build with automake 1.11