libvorbis (1.3.7-1) unstable; urgency=medium * Team upload [ Ondřej Nový ] * Use debhelper-compat instead of debian/compat * Bump Standards-Version to 4.4.1 [ Petter Reinholdtsen ] * Include upstream status in all patches. [ Balint Reczey ] * debian/gitlab-ci.yml: Add minimal Salsa CI configuration [ Olivier Tilloy ] * Change autopkgtest dependency on pysycache-i18n (Closes: #963082) [ Dennis Braun ] * New upstream version 1.3.7 * Update patchset * Add me as uploader * Bump dh-compat to 13 * Bump S-V to 4.5.0 * Set RRR: no * Update copyright years [ Sebastian Ramacher ] * Do not install .la files (Closes: #955786) Thanks to Pino Toscano * Make autopkgtests cross-test-friendly (Closes: #946478) Thanks to Steve Langasek -- Sebastian Ramacher Sun, 27 Sep 2020 16:13:53 +0200 libvorbis (1.3.6-2) unstable; urgency=medium * Team upload [ Ondřej Nový ] * d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP * d/changelog: Remove trailing whitespaces * d/control: Remove trailing whitespaces * d/control: Set Vcs-* to salsa.debian.org [ Florian Schlichting ] * Set Maintainer address to Debian Multimedia Maintainers (closes: #899590) * Cherry-pick two patches from upstream git (closes: #876780): + 0003-CVE-2017-14160-fix-bounds-check-on-very-low-sample-r.patch (this is also CVE-2018-10393) + 0004-Sanity-check-number-of-channels-in-setup.patch (CVE-2018-10392) * Use secure URIs for xiph.org * Update d/copyright to copyright-format 1.0 * Bump dh compat to level 12 * Enable all hardening build flags * Add Build-Depends-Package field to symbols files * Declare compliance with Debian Policy 4.3.0 * Drop debian/source.lintian-overrides, it is apparently unused * Make lintian happy: "I" is a number here * Update debian/tests/test-examples, the examples are no longer gzipped at this compat level * Add 0005-vorbisenc-detect-if-new-template-is-null.patch from upstream git to fix the autopkgtest (closes: #772877) -- Florian Schlichting Mon, 25 Feb 2019 22:02:32 +0100 libvorbis (1.3.6-1) unstable; urgency=medium * Add more used CPE strings to d/upstream/metadata. * Fix typo in patch description. Thanks lintian. * Updated Standards-Version from 3.9.8 to 4.1.3. * Changed debhelper compat level from 9 to 10. * Remove no longer needed Testsuite header from d/control. * Drop binary package libvorbis-dbg. Use automatically generated dbgsym package instead. * New upstream version 1.3.6. - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding. - Fixes CVE-2017-14632 - free() on uninitialized data - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341) - Removed obsolete patches CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch, CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch. -- Petter Reinholdtsen Thu, 22 Mar 2018 08:22:56 +0100 libvorbis (1.3.5-4.2) unstable; urgency=medium * Non-maintainer upload. * Prevent out-of-bounds write in codebook decoding (CVE-2018-5146) (Closes: #893130) -- Salvatore Bonaccorso Fri, 16 Mar 2018 22:26:37 +0100 libvorbis (1.3.5-4.1) unstable; urgency=medium * Non-maintainer upload. * Cherry-pick upstream patches for CVE-2017-14632 and CVE-2017-14633 (Closes: #876778, 876779) -- Guido Günther Wed, 20 Dec 2017 17:31:19 +0100 libvorbis (1.3.5-4) unstable; urgency=low * Changed Standards-Version from 3.9.6 to 3.9.8. * Added CPE id in d/upstream/metadata for future reference. * Adjusted d/tests/test-coupling-segfault to print bug number and upstream URL. -- Petter Reinholdtsen Thu, 22 Dec 2016 17:28:24 +0000 libvorbis (1.3.5-3) unstable; urgency=medium * Replace Peter Samuelson with Ralph Giles as uploader. Thank you Peter for all past work. * Fix autopkgtest script by redirecting stderr to log file. * Add new autopkgtest script test-coupling-segfault to detect if bug #772877 is present. -- Petter Reinholdtsen Thu, 11 Feb 2016 20:08:19 +0100 libvorbis (1.3.5-2) unstable; urgency=medium * Add build-essential to the list of autopkgtest dependencies to get gcc. -- Petter Reinholdtsen Sun, 07 Feb 2016 10:26:56 +0000 libvorbis (1.3.5-1) unstable; urgency=low [ Martin Steghöfer ] * New upstream version 1.3.5. (Closes: #798960) [ Petter Reinholdtsen ] * Added simple autopkgtest script running the examples. -- Petter Reinholdtsen Sat, 06 Feb 2016 13:17:12 +0000 libvorbis (1.3.4-3) unstable; urgency=low [ Martin Steghöfer ] * Fix crash on corrupt input file (invalid mode index). (Closes: #774516) * Take into account error codes returned from "vorbis_packet_blocksize" in "_initial_pcmoffset" (follow-up problem related to #774516). Thanks to Timothy B. Terriberry * Fix segmentation fault on two subsequent seeks to 0. (Closes: #782831) [ Petter Reinholdtsen ] * Add debian/gbp.conf to enforce the user of pristine-tar. -- Petter Reinholdtsen Tue, 22 Sep 2015 14:30:24 +0200 libvorbis (1.3.4-2) unstable; urgency=low [ Martin Steghöfer ] * Add sampling rate sanity check to avoid invalid memory access. (Closes: #716613) -- Petter Reinholdtsen Mon, 03 Nov 2014 09:08:25 +0100 libvorbis (1.3.4-1) unstable; urgency=medium [ Martin Steghöfer ] * New upstream version 1.3.4. (Closes: #739722) * Rebased patches and dropped cve-2012-0444 patch that is included in new upstream. * Removed lintian override for tag "using-first-person-in-description". Lintian has improved and doesn't report this false positive any longer. * Upgrade Standards-Version to 3.9.6. No changes necessary. * Clean-up: Removed references to the old libvorbis0 package, it hasn't been in any release for ages. -- Petter Reinholdtsen Fri, 24 Oct 2014 20:13:09 +0200 libvorbis (1.3.2-2) unstable; urgency=medium [ Martin Steghöfer ] * Format patches for gbp-pq. * Updated VCS meta information to list git repository. [ Petter Reinholdtsen ] * Drop John Francesco Ferlito and add me and Martin Steghöfer as uploaders. * Updated standards-version from 3.9.1 to 3.9.6. [ Martin Steghöfer ] * Fix lintian warning "description-synopsis-starts-with-article". Make sure the synopsis of the package description meets the formula "The package [name] provides {a,an,the,some} [synopsis]." * Override lintian tag "license-problem-non-free-RFC-BCP78" for RFC 5215 - it has a dual license. * Fix lintian warning "wrong-name-for-upstream-changelog" by using "dh_installchangelogs" instead of "dh_installdocs" for the upstream changelog. -- Petter Reinholdtsen Fri, 24 Oct 2014 07:08:55 +0200 libvorbis (1.3.2-1.5) unstable; urgency=low * Non-maintainer upload to fix crash and hang bug. * Switch to debian source format 3.0 (quilt). * Add Homepage link in debian/control. * Avoid floating point exception when dividing by zero when bytespersample is zero (Closes: #635906). Patch from Daniel Exner. * Fix hang with loading Ogg Theora files when seeking to PCM 0 by backporting r19159 of upstream SVN, authored by Chris Montgomery (Closes: #762571). Patch from Martin Steghöfer. -- Petter Reinholdtsen Tue, 14 Oct 2014 09:32:30 +0200 libvorbis (1.3.2-1.4) unstable; urgency=low * Non-maintainer upload. * Build-Depends on dh-autoreconf and use it in rules for config.{guess,sub} (Closes: #744722) -- Manuel A. Fernandez Montecelo Wed, 21 May 2014 23:47:10 +0100 libvorbis (1.3.2-1.3) unstable; urgency=low * Non-maintainer upload to fix release goals * Convert to Multi-Arch, closes: #637578 (Thanks, Steve Langasek) * Remove .la file dependencies, closes: #633339 -- Riku Voipio Mon, 07 May 2012 14:53:26 +0300 libvorbis (1.3.2-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix cve-2012-0444: buffer overflow in floor1.c. -- Michael Gilbert Tue, 17 Apr 2012 22:37:49 -0400 libvorbis (1.3.2-1.1) unstable; urgency=low * Non-maintainer upload. * Fix FTBFS with ld --no-add-needed (Closes: #604797). patch made by Matthias Klose . -- HIGUCHI Daisuke (VDR dai) Mon, 09 Jan 2012 02:58:52 +0900 libvorbis (1.3.2-1) unstable; urgency=low * New upstream release (Closes: #613489) - ov_fopen should have const qualifier for char *path (Closes: #547223) * debian/control - Bumped standards version to 3.9.1 * debian/rules - Add --with-pic (Closes: #603195) * debian/docs - CHANGELOG was renamed to CHANGES * Added debian/source/format 1.0 -- John Francesco Ferlito Tue, 15 Feb 2011 23:32:40 +1100 libvorbis (1.3.1-1) unstable; urgency=low * New upstream release. - Please package new upstream version 1.3.1. (Closes: #575676) - libvorbis: additional CVE-2009-3379 security fixes. (Closes: #573562) - libvorbis0a: Incorrect encoding on powerpc. (Closes: #549899) - FTBFS with binutils-gold. (Closes: #555383) * debian/compat - Moved to version 7 * debian/control - Added ${misc:Depends}. - Bumped dependency on debhelper to 7.0.50~. - Added strict version depends on libvorbis0a to libvorbisenc2 and libvorbisfile3. * Added debian/docs * Simplified debian/*.install * Updated debian/libvorbis0a.symbols * Moved to debhelper 7 style dh rules -- John Francesco Ferlito Fri, 26 Mar 2010 19:10:35 +1100 libvorbis (1.2.3-3) unstable; urgency=low * debian/copyright - Add details for doc/rfc5215.txt (Closes: #550687). * Add a -dbg package (Closes: #516661). -- John Francesco Ferlito Tue, 13 Oct 2009 09:46:51 +1100 libvorbis (1.2.3-2) unstable; urgency=low * Add back in changes from dfsg-5 and dfsg-6. * Remove CVE-2009-2663.patch -- John Francesco Ferlito Wed, 30 Sep 2009 09:28:22 +1000 libvorbis (1.2.3-1) unstable; urgency=low * New upstream release (Closes: #543549, #249695) (LP: #418059). - Remove upstream-r14811_huffman_sanity_checks.diff - Remove CVE-2008-1420.patch - Remove CVE-2008-1423+CVE-2008-1419.patch * Draft RFCs have been replaced with RFC5215 which is DFSG compliant due to clause 11. SO there is no more need for a dfsg binary. * Update .symbol files. * Update debian/control + Add version dependency on debhelper. + Bump to Standards-Version 3.8.3. + Add John Francesco Ferlito to Uploaders. + Remove Adeodato Simó from Uploaders. + Remove duplicate Section headers. + Update short descriptions. * Remove quilt as there are currently no patches. * Register HTML documentation with doc-base. * Add lintian override for package-name-doesnt-match-sonames. -- John Francesco Ferlito Tue, 29 Sep 2009 20:42:57 +1000 libvorbis (1.2.0.dfsg-6) unstable; urgency=high * Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg file to corrupt memory. (Closes: #540958) * patches/CVE-2008-1420.patch: fix a regression playing files generated by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421) -- Peter Samuelson Mon, 10 Aug 2009 23:11:11 -0500 libvorbis (1.2.0.dfsg-5) unstable; urgency=low * New maintainer. * Standards-Version: 3.8.1. * gcc -fno-finite-math-only on armel, to work around a gcc bug (fixed upstream in gcc 4.3 and 4.4). (Closes: #515949) * Fix watch file to unmangle .dfsg in version, thanks Lintian. * Distinguish the short descriptions of the different lib packages, and other tweaks to debian/control. Thanks Lintian. (Closes: #432688) -- Peter Samuelson Thu, 28 May 2009 21:56:02 -0500 libvorbis (1.2.0.dfsg-4) unstable; urgency=low * Add upstream-r14811_huffman_sanity_checks.diff. closes: #482039. * Bump to Standards-Version 3.8.0. * Remove myself from Uploaders. -- Clint Adams Tue, 10 Jun 2008 12:06:58 -0400 libvorbis (1.2.0.dfsg-3.1) unstable; urgency=high * Non-maintainer upload by the security team * Fix integer overflows (and possible DoS attacks) via crafted OGG files (Closes: #482518) Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419 -- Steffen Joeris Mon, 26 May 2008 12:48:06 +0000 libvorbis (1.2.0.dfsg-3) unstable; urgency=low * Use dpkg-gensymbols, with symbol files obtained from Mole (stripping debian revision and .dfsg suffix). * Install upstream CHANGES file as changelog.gz. (Closes: #302037) * Bump debian/compat to 5, and Standards-Version to 3.7.3 (no changes needed). * Use quilt.make in debian/rules. -- Adeodato Simó Thu, 27 Dec 2007 14:33:45 +0100 libvorbis (1.2.0.dfsg-2) unstable; urgency=high * Bump shlibs for libvorbis0a due to new vorbis_synthesis_idheader header. (Closes: #436083) -- Adeodato Simó Tue, 14 Aug 2007 20:55:54 +0200 libvorbis (1.2.0.dfsg-1) unstable; urgency=low [ Adeodato Simó ] * Use ${binary:Version} instead of ${Source-Version}. [ Clint Adams ] * New upstream release. - Remove upstream_r13198-fix_segfault_in_ov_time_seek.diff . - Fixes: CVE-2007-4029, CVE-2007-4065, CVE-2007-4066 * Bump shlibs for libvorbisfile3 to >= 1.2.0 due to new ov_fopen function. -- Clint Adams Fri, 27 Jul 2007 02:57:44 -0400 libvorbis (1.1.2.dfsg-2) unstable; urgency=low * Bump to Standards-Version 3.7.2. * Add upstream_r13198-fix_segfault_in_ov_time_seek.diff. closes: #281995. -- Clint Adams Fri, 29 Jun 2007 09:46:12 -0400 libvorbis (1.1.2.dfsg-1.2) unstable; urgency=high * Fix shlibs files for libvorbisenc and libvorbisfile, which were broken by my first NMU to have dependencies for libvorbis0a. Closes: #395048 -- Joey Hess Tue, 24 Oct 2006 19:55:19 -0400 libvorbis (1.1.2.dfsg-1.1) unstable; urgency=low * NMU * Remove draft RFC files, as they are not under a free license. Closes: #390660 * Repackage the source package without these files. * Add README.Source documenting how the upstream source is repackaged. * Modify dh_makeshlibs call to avoid generating a shlibs file that has an unncessarily tight versioned dependency on this new pseudo-version of libvorbis. -- Joey Hess Sun, 15 Oct 2006 17:21:37 -0400 libvorbis (1.1.2-1) unstable; urgency=low * Switch maintenance to the Debian Xiph.org Maintainers (alioth/pkg-xiph). * New upstream release packaged. (Closes: #327586) * Move HTML documentation from /usr/share/doc/libvorbis-dev itself to an html/ subdirectory of it. * Update debian/control: + drop unnecessary build-dependency on devscripts. + drop version restriction on debhelper and libogg-dev build-dependencies, since they're already satisfied with stable. * Overhaul debian/rules, and switch to quilt for patch management. * Add debian/compat file, instead of exporting DH_COMPAT. * Update download URL in debian/copyright. * Add debian/watch file. * Bumped Standards-Version to 3.6.2 (no changes required). -- Adeodato Simó Thu, 26 Jan 2006 01:35:39 +0100 libvorbis (1.1.0-1) unstable; urgency=low * New upstream. -- Christopher L Cheney Thu, 17 Mar 2005 21:30:00 -0600 libvorbis (1.0.1-1) unstable; urgency=low * New upstream. * Improved descriptions. (Closes: #166649) * Updated DEB_BUILD_OPTIONS support. (Closes: #188464) -- Christopher L Cheney Tue, 9 Dec 2003 01:00:00 -0600 libvorbis (1.0.0-3) unstable; urgency=low * Add libvorbis0 conflict to libvorbis0a. -- Christopher L Cheney Wed, 12 Mar 2003 17:00:00 -0600 libvorbis (1.0.0-2) unstable; urgency=low * Rename libvorbis0 -> libvorbis0a to keep packages from upgrading to it by mistake. (Closes: #156227, #156365, #161961, #171548, #172466, #172469, #178756) * GNU config automated update: config.sub (20020621 to 20030103), config.guess (20020529 to 20030110) -- Christopher L Cheney Sat, 8 Mar 2003 13:00:00 -0600 libvorbis (1.0.0-1) unstable; urgency=low * New upstream. * Split libvorbis package into libvorbis libvorbisenc libvorbisfile due to shared object major versions going out of sync. -- Christopher L Cheney Fri, 19 Jul 2002 09:00:00 -0500 libvorbis (1.0rc3-1) unstable; urgency=low * New upstream. (Closes: #121995, #123472) * added autotools target (config.* updater) to rules -- Christopher L Cheney Mon, 24 Dec 2001 11:00:00 -0600 libvorbis (1.0rc2-1) unstable; urgency=low * New upstream. -- Christopher L Cheney Sun, 12 Aug 2001 22:00:00 -0500 libvorbis (1.0rc1-1) unstable; urgency=low * New upstream. (Closes: #84977, #95330) * Upstream says lame at fault. See bug details. (Closes: #98010) * Fixed versioned depends. * Changed clean method to distclean. -- Christopher L Cheney Sun, 17 Jun 2001 20:00:00 -0500 libvorbis (1.0beta4-1) unstable; urgency=low * New upstream. * Appears to be fixed, can't reproduce bug (closes: #78848) -- Christopher L Cheney Mon, 26 Feb 2001 08:00:00 -0600 libvorbis (1.0beta3-3) unstable; urgency=low * Fixed Build-Depends libogg-dev version dependency. * Fixed Sections. * Updated to Standards-Version to 3.5.1.0 -- Christopher L Cheney Sat, 17 Feb 2001 18:14:53 -0600 libvorbis (1.0beta3-2) unstable; urgency=low * Added dependency for libogg-dev (closes: #78262) * Added dependency for libogg-dev (closes: #81432) * Corrected development library package name (closes: #82464) -- Christopher L Cheney Sat, 3 Feb 2001 13:29:30 -0600 libvorbis (1.0beta3-1) unstable; urgency=low * New Maintainer. * Upstream source was reorganized. * Package split according to the upstream reorganization. -- Christopher L Cheney Tue, 31 Oct 2000 15:08:22 -0600 vorbis (1.0beta2-1) unstable; urgency=low * New upstream version. Closes: #67326, #68416 * Changed xmms-vorbis to Architechture: any. Closes: #67395 * Added Build-deps. Closes: #66628 * Moved vorbize to vorbis-tools along with oggenc and vorbiscomment -- Michael Beattie Wed, 9 Aug 2000 00:30:15 +1200 vorbis (1.0beta1-1) unstable; urgency=low * First Beta, Ready for debian release. -- Michael Beattie Fri, 30 Jun 2000 19:26:59 +1200 vorbis (0.0-1) unstable; urgency=low * Initial Release. * Initial package, not placed in archive. -- Michael Beattie Mon, 26 Jun 2000 18:59:56 +1200