mp3splt (2.6.2+20170630-3) unstable; urgency=medium * Drop support for things that are deprecated and/or unmaintained in GNOME: scrollkeeper was obsoleted by rarian, which in turn is also obsoleted now. The build dependency on libgnomeui-dev appears to have been spurious, as the only "gnome integration" used here is the documentation - so drop it too because its maintainers want to remove that for the Buster release. Closes: #885757, #885758 -- Ron Lee Sat, 13 Jan 2018 14:58:07 +1030 mp3splt (2.6.2+20170630-2) unstable; urgency=medium * Properly zero the ogg and vorbis state structures after they are malloc'd. This fixes the second issue that was indicated in CVE-2017-11333, which isn't actually the fault of libvorbis. It's caused by the libmp3splt ogg plugin unwinding when the error in the test file is detected, and calling vorbis_block_clear() on an uninitialised vorbis_block struct before the call to vorbis_block_init() occurs. Similar things would go badly for the other uninitialised structs if this one didn't explode first. Update: This actually fixes CVE-2017-11735, not CVE-2017-11333 mentioned above. There were two separate issues in the original bug report, but I missed that they were assigned separate CVEs after reading the report via the reference from CVE-2017-11333. Thanks to Guido Günther for noting that they were distinct and querying which one this really fixed. Also CVE-2017-11735 has now been REJECTED, replaced by CVE-2017-15185 which correctly attributes this issue to mp3splt not libvorbis. -- Ron Lee Wed, 27 Sep 2017 03:21:24 +0930 mp3splt (2.6.2+20170630-1) unstable; urgency=medium * Adopt this package now. I was prepared to do that with the 2.2.8 bugfixes but ended up keeping them as a locally packaged version when there was one more maintainer upload, three years after 2.2.5. But it's only been NMU'd since then and was 'officially' orphaned in February, and nobody else had picked it up or saved the mp3splt package from being removed for Stretch, or the mp3splt-gtk package from being removed from unstable too. So let's resurrect them based on the work I did with cleaning this up previously. Closes: #856294, #856296, #777433 * Build with gtk3 and gstreamer 1.0 now. Include the FLAC plugin and PCRE support. Enable gnome support. * Fix some of the issues that stronger hardening options and the stricter checking of new toolchain releases shook out. -- Ron Lee Fri, 30 Jun 2017 20:07:09 +0930 mp3splt (2.2.8-1) unstable; urgency=low * Prepare a new upstream release, primarily to fix #585614 in mp3splt-gtk, and #536027 in mp3splt. * Ok, scratch that thought. Entirely repackage the whole lot instead. It's all in one source file now. The lib doesn't look like it keeps a stable API or does soname management, but fortunately nothing except the two apps from the same upstream actually need it. So make it internal with no -dev exported, and build the whole lot in a single pass without needing crazy hacks to look in local source dirs for a separate package. * Profit. -- Ron Lee Sun, 13 Jun 2010 01:28:03 +0930 mp3splt (2.2.6a-1) UNRELEASED; urgency=low * move debian/rules to the libmp3splt-dev package * regenerate debian/control against libmp3splt 0.5.7a-1, to get the bumped build dep * change build dependency on debhelper to 7.0.50 instead of 7.2 * standards version 3.8.3 * remove dep on libmp3splt-plugin, moved to libmp3splt0 * suggest mp3splt-gtk * New Upstream Version - fix -o option fails without any '@' variable (Closes: #536027) -- Ryan Niebur Thu, 30 Jul 2009 19:42:50 -0700 mp3splt (2.2.5-1) unstable; urgency=low * New Upstream Version * add DM-Upload-Allowed field * remove quilt patching, patches are applied upstream * pass --disable-mp3splttest, those tests look for ../libmp3splt * pass --enable-oggsplt_symlink, previous versions of the package had the oggsplt binary, but my last one didn't...oops * add dependency on libmp3splt-mp3 | libmp3splt-plugin, since the dependency was removed from the libmp3splt0 package due to a circular dependency -- Ryan Niebur Thu, 21 May 2009 18:50:38 -0700 mp3splt (2.2.3-1) unstable; urgency=low * Adopt package (Closes: #488931) * New upstream release (Closes: #459510, #403463, #316046) * Document default min= value (Closes: #316050) * Redo packaging from scratch -- Ryan Niebur Sun, 29 Mar 2009 02:12:55 -0700 mp3splt (2.1c-5) unstable; urgency=low * Orphan this package * Bump Standards-Version up to 3.8.0 (no changes) -- Francois Marier Mon, 15 Sep 2008 13:13:02 +1200 mp3splt (2.1c-4) unstable; urgency=low * Fix hyphens in manpage * Bump debhelper compatibility to 6 -- Francois Marier Tue, 03 Jun 2008 14:55:19 +1200 mp3splt (2.1c-3) unstable; urgency=low * Build-depend on automake1.7 to fix powerpc build problems -- Francois Marier Fri, 04 Jan 2008 01:17:28 -0500 mp3splt (2.1c-2) unstable; urgency=low * Add support for audacity labels (closes: #456771) Thanks to Federico Grau for the patch! * debian/copyright: it's actually released under the LGPL 2, not 2.1 -- Francois Marier Sun, 23 Dec 2007 20:18:56 -0500 mp3splt (2.1c-1) unstable; urgency=low * New upstream release * Setting myself as maintainer (closes: #457132) * Bump Standards-Version up to 3.7.3 * Bump debhelper version to 5 * Add homepage and Vcs-* fields in debian/control * Rewrite debian/copyright page * Add a watch file * Removed AUTHORS from debian/docs * Check for the existence of the Makefile before calling it (lintian warning) -- Francois Marier Sun, 23 Dec 2007 11:11:17 -0500 mp3splt (2.1-1.1) unstable; urgency=low * NMU with the permission of the maintainer. * Fix build failure. Closes: #300270. -- Joost Yervante Damad Thu, 13 Apr 2006 15:55:35 +0200 mp3splt (2.1-1) unstable; urgency=low * Initial release. -- Paul Melnikow Mon, 4 Oct 2004 16:30:24 -0400