libvorbis (1.3.7-1) unstable; urgency=medium
* Team upload
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
* Bump Standards-Version to 4.4.1
[ Petter Reinholdtsen ]
* Include upstream status in all patches.
[ Balint Reczey ]
* debian/gitlab-ci.yml: Add minimal Salsa CI configuration
[ Olivier Tilloy ]
* Change autopkgtest dependency on pysycache-i18n (Closes: #963082)
[ Dennis Braun ]
* New upstream version 1.3.7
* Update patchset
* Add me as uploader
* Bump dh-compat to 13
* Bump S-V to 4.5.0
* Set RRR: no
* Update copyright years
[ Sebastian Ramacher ]
* Do not install .la files (Closes: #955786)
Thanks to Pino Toscano
* Make autopkgtests cross-test-friendly (Closes: #946478)
Thanks to Steve Langasek
-- Sebastian Ramacher <sramacher@debian.org> Sun, 27 Sep 2020 16:13:53 +0200
libvorbis (1.3.6-2) unstable; urgency=medium
* Team upload
[ Ondřej Nový ]
* d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/control: Set Vcs-* to salsa.debian.org
[ Florian Schlichting ]
* Set Maintainer address to Debian Multimedia Maintainers (closes: #899590)
* Cherry-pick two patches from upstream git (closes: #876780):
+ 0003-CVE-2017-14160-fix-bounds-check-on-very-low-sample-r.patch
(this is also CVE-2018-10393)
+ 0004-Sanity-check-number-of-channels-in-setup.patch (CVE-2018-10392)
* Use secure URIs for xiph.org
* Update d/copyright to copyright-format 1.0
* Bump dh compat to level 12
* Enable all hardening build flags
* Add Build-Depends-Package field to symbols files
* Declare compliance with Debian Policy 4.3.0
* Drop debian/source.lintian-overrides, it is apparently unused
* Make lintian happy: "I" is a number here
* Update debian/tests/test-examples, the examples are no longer gzipped at
this compat level
* Add 0005-vorbisenc-detect-if-new-template-is-null.patch from upstream git
to fix the autopkgtest (closes: #772877)
-- Florian Schlichting <fsfs@debian.org> Mon, 25 Feb 2019 22:02:32 +0100
libvorbis (1.3.6-1) unstable; urgency=medium
* Add more used CPE strings to d/upstream/metadata.
* Fix typo in patch description. Thanks lintian.
* Updated Standards-Version from 3.9.8 to 4.1.3.
* Changed debhelper compat level from 9 to 10.
* Remove no longer needed Testsuite header from d/control.
* Drop binary package libvorbis-dbg. Use automatically generated dbgsym
package instead.
* New upstream version 1.3.6.
- Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
- Fixes CVE-2017-14632 - free() on uninitialized data
- Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
- Removed obsolete patches
CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
-- Petter Reinholdtsen <pere@debian.org> Thu, 22 Mar 2018 08:22:56 +0100
libvorbis (1.3.5-4.2) unstable; urgency=medium
* Non-maintainer upload.
* Prevent out-of-bounds write in codebook decoding (CVE-2018-5146)
(Closes: #893130)
-- Salvatore Bonaccorso <carnil@debian.org> Fri, 16 Mar 2018 22:26:37 +0100
libvorbis (1.3.5-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Cherry-pick upstream patches for CVE-2017-14632 and CVE-2017-14633
(Closes: #876778, 876779)
-- Guido Günther <agx@sigxcpu.org> Wed, 20 Dec 2017 17:31:19 +0100
libvorbis (1.3.5-4) unstable; urgency=low
* Changed Standards-Version from 3.9.6 to 3.9.8.
* Added CPE id in d/upstream/metadata for future reference.
* Adjusted d/tests/test-coupling-segfault to print bug number and
upstream URL.
-- Petter Reinholdtsen <pere@debian.org> Thu, 22 Dec 2016 17:28:24 +0000
libvorbis (1.3.5-3) unstable; urgency=medium
* Replace Peter Samuelson with Ralph Giles as uploader. Thank you
Peter for all past work.
* Fix autopkgtest script by redirecting stderr to log file.
* Add new autopkgtest script test-coupling-segfault to detect if
bug #772877 is present.
-- Petter Reinholdtsen <pere@debian.org> Thu, 11 Feb 2016 20:08:19 +0100
libvorbis (1.3.5-2) unstable; urgency=medium
* Add build-essential to the list of autopkgtest dependencies to get gcc.
-- Petter Reinholdtsen <pere@debian.org> Sun, 07 Feb 2016 10:26:56 +0000
libvorbis (1.3.5-1) unstable; urgency=low
[ Martin Steghöfer ]
* New upstream version 1.3.5. (Closes: #798960)
[ Petter Reinholdtsen ]
* Added simple autopkgtest script running the examples.
-- Petter Reinholdtsen <pere@debian.org> Sat, 06 Feb 2016 13:17:12 +0000
libvorbis (1.3.4-3) unstable; urgency=low
[ Martin Steghöfer ]
* Fix crash on corrupt input file (invalid mode index). (Closes: #774516)
* Take into account error codes returned from
"vorbis_packet_blocksize" in "_initial_pcmoffset" (follow-up
problem related to #774516). Thanks to Timothy B. Terriberry
* Fix segmentation fault on two subsequent seeks to 0. (Closes: #782831)
[ Petter Reinholdtsen ]
* Add debian/gbp.conf to enforce the user of pristine-tar.
-- Petter Reinholdtsen <pere@debian.org> Tue, 22 Sep 2015 14:30:24 +0200
libvorbis (1.3.4-2) unstable; urgency=low
[ Martin Steghöfer ]
* Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613)
-- Petter Reinholdtsen <pere@debian.org> Mon, 03 Nov 2014 09:08:25 +0100
libvorbis (1.3.4-1) unstable; urgency=medium
[ Martin Steghöfer ]
* New upstream version 1.3.4. (Closes: #739722)
* Rebased patches and dropped cve-2012-0444 patch that is included
in new upstream.
* Removed lintian override for tag
"using-first-person-in-description". Lintian has improved and
doesn't report this false positive any longer.
* Upgrade Standards-Version to 3.9.6. No changes necessary.
* Clean-up: Removed references to the old libvorbis0 package, it
hasn't been in any release for ages.
-- Petter Reinholdtsen <pere@debian.org> Fri, 24 Oct 2014 20:13:09 +0200
libvorbis (1.3.2-2) unstable; urgency=medium
[ Martin Steghöfer ]
* Format patches for gbp-pq.
* Updated VCS meta information to list git repository.
[ Petter Reinholdtsen ]
* Drop John Francesco Ferlito and add me and Martin Steghöfer as
uploaders.
* Updated standards-version from 3.9.1 to 3.9.6.
[ Martin Steghöfer ]
* Fix lintian warning
"description-synopsis-starts-with-article". Make sure the synopsis
of the package description meets the formula "The package [name]
provides {a,an,the,some} [synopsis]."
* Override lintian tag "license-problem-non-free-RFC-BCP78" for RFC
5215 - it has a dual license.
* Fix lintian warning "wrong-name-for-upstream-changelog" by using
"dh_installchangelogs" instead of "dh_installdocs" for the
upstream changelog.
-- Petter Reinholdtsen <pere@debian.org> Fri, 24 Oct 2014 07:08:55 +0200
libvorbis (1.3.2-1.5) unstable; urgency=low
* Non-maintainer upload to fix crash and hang bug.
* Switch to debian source format 3.0 (quilt).
* Add Homepage link in debian/control.
* Avoid floating point exception when dividing by zero when
bytespersample is zero (Closes: #635906). Patch from Daniel Exner.
* Fix hang with loading Ogg Theora files when seeking to PCM 0 by
backporting r19159 of upstream SVN, authored by Chris Montgomery
(Closes: #762571). Patch from Martin Steghöfer.
-- Petter Reinholdtsen <pere@debian.org> Tue, 14 Oct 2014 09:32:30 +0200
libvorbis (1.3.2-1.4) unstable; urgency=low
* Non-maintainer upload.
* Build-Depends on dh-autoreconf and use it in rules for
config.{guess,sub} (Closes: #744722)
-- Manuel A. Fernandez Montecelo <mafm@debian.org> Wed, 21 May 2014 23:47:10 +0100
libvorbis (1.3.2-1.3) unstable; urgency=low
* Non-maintainer upload to fix release goals
* Convert to Multi-Arch, closes: #637578 (Thanks, Steve Langasek)
* Remove .la file dependencies, closes: #633339
-- Riku Voipio <riku.voipio@linaro.org> Mon, 07 May 2012 14:53:26 +0300
libvorbis (1.3.2-1.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2012-0444: buffer overflow in floor1.c.
-- Michael Gilbert <mgilbert@debian.org> Tue, 17 Apr 2012 22:37:49 -0400
libvorbis (1.3.2-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix FTBFS with ld --no-add-needed (Closes: #604797).
patch made by Matthias Klose <doko@ubuntu.com>.
-- HIGUCHI Daisuke (VDR dai) <dai@debian.org> Mon, 09 Jan 2012 02:58:52 +0900
libvorbis (1.3.2-1) unstable; urgency=low
* New upstream release (Closes: #613489)
- ov_fopen should have const qualifier for char *path (Closes: #547223)
* debian/control
- Bumped standards version to 3.9.1
* debian/rules
- Add --with-pic (Closes: #603195)
* debian/docs
- CHANGELOG was renamed to CHANGES
* Added debian/source/format 1.0
-- John Francesco Ferlito <johnf@inodes.org> Tue, 15 Feb 2011 23:32:40 +1100
libvorbis (1.3.1-1) unstable; urgency=low
* New upstream release.
- Please package new upstream version 1.3.1. (Closes: #575676)
- libvorbis: additional CVE-2009-3379 security fixes. (Closes: #573562)
- libvorbis0a: Incorrect encoding on powerpc. (Closes: #549899)
- FTBFS with binutils-gold. (Closes: #555383)
* debian/compat
- Moved to version 7
* debian/control
- Added ${misc:Depends}.
- Bumped dependency on debhelper to 7.0.50~.
- Added strict version depends on libvorbis0a to libvorbisenc2 and
libvorbisfile3.
* Added debian/docs
* Simplified debian/*.install
* Updated debian/libvorbis0a.symbols
* Moved to debhelper 7 style dh rules
-- John Francesco Ferlito <johnf@inodes.org> Fri, 26 Mar 2010 19:10:35 +1100
libvorbis (1.2.3-3) unstable; urgency=low
* debian/copyright
- Add details for doc/rfc5215.txt (Closes: #550687).
* Add a -dbg package (Closes: #516661).
-- John Francesco Ferlito <johnf@inodes.org> Tue, 13 Oct 2009 09:46:51 +1100
libvorbis (1.2.3-2) unstable; urgency=low
* Add back in changes from dfsg-5 and dfsg-6.
* Remove CVE-2009-2663.patch
-- John Francesco Ferlito <johnf@inodes.org> Wed, 30 Sep 2009 09:28:22 +1000
libvorbis (1.2.3-1) unstable; urgency=low
* New upstream release (Closes: #543549, #249695) (LP: #418059).
- Remove upstream-r14811_huffman_sanity_checks.diff
- Remove CVE-2008-1420.patch
- Remove CVE-2008-1423+CVE-2008-1419.patch
* Draft RFCs have been replaced with RFC5215 which is DFSG compliant due to
clause 11. SO there is no more need for a dfsg binary.
* Update .symbol files.
* Update debian/control
+ Add version dependency on debhelper.
+ Bump to Standards-Version 3.8.3.
+ Add John Francesco Ferlito to Uploaders.
+ Remove Adeodato Simó from Uploaders.
+ Remove duplicate Section headers.
+ Update short descriptions.
* Remove quilt as there are currently no patches.
* Register HTML documentation with doc-base.
* Add lintian override for package-name-doesnt-match-sonames.
-- John Francesco Ferlito <johnf@inodes.org> Tue, 29 Sep 2009 20:42:57 +1000
libvorbis (1.2.0.dfsg-6) unstable; urgency=high
* Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
file to corrupt memory. (Closes: #540958)
* patches/CVE-2008-1420.patch: fix a regression playing files generated
by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421)
-- Peter Samuelson <peter@p12n.org> Mon, 10 Aug 2009 23:11:11 -0500
libvorbis (1.2.0.dfsg-5) unstable; urgency=low
* New maintainer.
* Standards-Version: 3.8.1.
* gcc -fno-finite-math-only on armel, to work around a gcc bug
(fixed upstream in gcc 4.3 and 4.4). (Closes: #515949)
* Fix watch file to unmangle .dfsg in version, thanks Lintian.
* Distinguish the short descriptions of the different lib packages, and
other tweaks to debian/control. Thanks Lintian. (Closes: #432688)
-- Peter Samuelson <peter@p12n.org> Thu, 28 May 2009 21:56:02 -0500
libvorbis (1.2.0.dfsg-4) unstable; urgency=low
* Add upstream-r14811_huffman_sanity_checks.diff. closes: #482039.
* Bump to Standards-Version 3.8.0.
* Remove myself from Uploaders.
-- Clint Adams <schizo@debian.org> Tue, 10 Jun 2008 12:06:58 -0400
libvorbis (1.2.0.dfsg-3.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
OGG files (Closes: #482518)
Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419
-- Steffen Joeris <white@debian.org> Mon, 26 May 2008 12:48:06 +0000
libvorbis (1.2.0.dfsg-3) unstable; urgency=low
* Use dpkg-gensymbols, with symbol files obtained from Mole (stripping
debian revision and .dfsg suffix).
* Install upstream CHANGES file as changelog.gz. (Closes: #302037)
* Bump debian/compat to 5, and Standards-Version to 3.7.3 (no changes
needed).
* Use quilt.make in debian/rules.
-- Adeodato Simó <dato@net.com.org.es> Thu, 27 Dec 2007 14:33:45 +0100
libvorbis (1.2.0.dfsg-2) unstable; urgency=high
* Bump shlibs for libvorbis0a due to new vorbis_synthesis_idheader header.
(Closes: #436083)
-- Adeodato Simó <dato@net.com.org.es> Tue, 14 Aug 2007 20:55:54 +0200
libvorbis (1.2.0.dfsg-1) unstable; urgency=low
[ Adeodato Simó ]
* Use ${binary:Version} instead of ${Source-Version}.
[ Clint Adams ]
* New upstream release.
- Remove upstream_r13198-fix_segfault_in_ov_time_seek.diff .
- Fixes: CVE-2007-4029, CVE-2007-4065, CVE-2007-4066
* Bump shlibs for libvorbisfile3 to >= 1.2.0 due to new ov_fopen
function.
-- Clint Adams <schizo@debian.org> Fri, 27 Jul 2007 02:57:44 -0400
libvorbis (1.1.2.dfsg-2) unstable; urgency=low
* Bump to Standards-Version 3.7.2.
* Add upstream_r13198-fix_segfault_in_ov_time_seek.diff. closes: #281995.
-- Clint Adams <schizo@debian.org> Fri, 29 Jun 2007 09:46:12 -0400
libvorbis (1.1.2.dfsg-1.2) unstable; urgency=high
* Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048
-- Joey Hess <joeyh@debian.org> Tue, 24 Oct 2006 19:55:19 -0400
libvorbis (1.1.2.dfsg-1.1) unstable; urgency=low
* NMU
* Remove draft RFC files, as they are not under a free license.
Closes: #390660
* Repackage the source package without these files.
* Add README.Source documenting how the upstream source is repackaged.
* Modify dh_makeshlibs call to avoid generating a shlibs file that has
an unncessarily tight versioned dependency on this new pseudo-version
of libvorbis.
-- Joey Hess <joeyh@debian.org> Sun, 15 Oct 2006 17:21:37 -0400
libvorbis (1.1.2-1) unstable; urgency=low
* Switch maintenance to the Debian Xiph.org Maintainers (alioth/pkg-xiph).
* New upstream release packaged. (Closes: #327586)
* Move HTML documentation from /usr/share/doc/libvorbis-dev itself to an
html/ subdirectory of it.
* Update debian/control:
+ drop unnecessary build-dependency on devscripts.
+ drop version restriction on debhelper and libogg-dev build-dependencies,
since they're already satisfied with stable.
* Overhaul debian/rules, and switch to quilt for patch management.
* Add debian/compat file, instead of exporting DH_COMPAT.
* Update download URL in debian/copyright.
* Add debian/watch file.
* Bumped Standards-Version to 3.6.2 (no changes required).
-- Adeodato Simó <dato@net.com.org.es> Thu, 26 Jan 2006 01:35:39 +0100
libvorbis (1.1.0-1) unstable; urgency=low
* New upstream.
-- Christopher L Cheney <ccheney@debian.org> Thu, 17 Mar 2005 21:30:00 -0600
libvorbis (1.0.1-1) unstable; urgency=low
* New upstream.
* Improved descriptions. (Closes: #166649)
* Updated DEB_BUILD_OPTIONS support. (Closes: #188464)
-- Christopher L Cheney <ccheney@debian.org> Tue, 9 Dec 2003 01:00:00 -0600
libvorbis (1.0.0-3) unstable; urgency=low
* Add libvorbis0 conflict to libvorbis0a.
-- Christopher L Cheney <ccheney@debian.org> Wed, 12 Mar 2003 17:00:00 -0600
libvorbis (1.0.0-2) unstable; urgency=low
* Rename libvorbis0 -> libvorbis0a to keep packages from upgrading to it
by mistake. (Closes: #156227, #156365, #161961, #171548, #172466,
#172469, #178756)
* GNU config automated update: config.sub (20020621 to 20030103),
config.guess (20020529 to 20030110)
-- Christopher L Cheney <ccheney@debian.org> Sat, 8 Mar 2003 13:00:00 -0600
libvorbis (1.0.0-1) unstable; urgency=low
* New upstream.
* Split libvorbis package into libvorbis libvorbisenc libvorbisfile due to
shared object major versions going out of sync.
-- Christopher L Cheney <ccheney@debian.org> Fri, 19 Jul 2002 09:00:00 -0500
libvorbis (1.0rc3-1) unstable; urgency=low
* New upstream. (Closes: #121995, #123472)
* added autotools target (config.* updater) to rules
-- Christopher L Cheney <ccheney@debian.org> Mon, 24 Dec 2001 11:00:00 -0600
libvorbis (1.0rc2-1) unstable; urgency=low
* New upstream.
-- Christopher L Cheney <ccheney@debian.org> Sun, 12 Aug 2001 22:00:00 -0500
libvorbis (1.0rc1-1) unstable; urgency=low
* New upstream. (Closes: #84977, #95330)
* Upstream says lame at fault. See bug details. (Closes: #98010)
* Fixed versioned depends.
* Changed clean method to distclean.
-- Christopher L Cheney <ccheney@debian.org> Sun, 17 Jun 2001 20:00:00 -0500
libvorbis (1.0beta4-1) unstable; urgency=low
* New upstream.
* Appears to be fixed, can't reproduce bug (closes: #78848)
-- Christopher L Cheney <ccheney@debian.org> Mon, 26 Feb 2001 08:00:00 -0600
libvorbis (1.0beta3-3) unstable; urgency=low
* Fixed Build-Depends libogg-dev version dependency.
* Fixed Sections.
* Updated to Standards-Version to 3.5.1.0
-- Christopher L Cheney <ccheney@debian.org> Sat, 17 Feb 2001 18:14:53 -0600
libvorbis (1.0beta3-2) unstable; urgency=low
* Added dependency for libogg-dev (closes: #78262)
* Added dependency for libogg-dev (closes: #81432)
* Corrected development library package name (closes: #82464)
-- Christopher L Cheney <ccheney@debian.org> Sat, 3 Feb 2001 13:29:30 -0600
libvorbis (1.0beta3-1) unstable; urgency=low
* New Maintainer.
* Upstream source was reorganized.
* Package split according to the upstream reorganization.
-- Christopher L Cheney <ccheney@debian.org> Tue, 31 Oct 2000 15:08:22 -0600
vorbis (1.0beta2-1) unstable; urgency=low
* New upstream version. Closes: #67326, #68416
* Changed xmms-vorbis to Architechture: any. Closes: #67395
* Added Build-deps. Closes: #66628
* Moved vorbize to vorbis-tools along with oggenc and vorbiscomment
-- Michael Beattie <mjb@debian.org> Wed, 9 Aug 2000 00:30:15 +1200
vorbis (1.0beta1-1) unstable; urgency=low
* First Beta, Ready for debian release.
-- Michael Beattie <mickyb@es.co.nz> Fri, 30 Jun 2000 19:26:59 +1200
vorbis (0.0-1) unstable; urgency=low
* Initial Release.
* Initial package, not placed in archive.
-- Michael Beattie <mickyb@es.co.nz> Mon, 26 Jun 2000 18:59:56 +1200
Generated by dwww version 1.15 on Sat May 18 12:49:06 CEST 2024.