Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libvorbis0-1.3.7-1.2 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: libvorbis0 Distribution: openSUSE Tumbleweed
Version: 1.3.7 Vendor: openSUSE
Release: 1.2 Build date: Tue Aug 25 15:43:38 2020
Group: System/Libraries Build host: obs-arm-9
Size: 199368 Source RPM: libvorbis-1.3.7-1.2.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.vorbis.com/
Summary: The Vorbis General Audio Compression Codec
Vorbis is a fully open, nonproprietary, patent-and-royalty-free, and
general-purpose compressed audio format for audio and music at fixed
and variable bit rates from 16 to 128 kbps/channel.

The native bitstream format of Vorbis is libogg (Ogg). Alternatively,
libmatroska (matroska) can also be used.

Provides

Requires

License

BSD-3-Clause

Changelog

* Fri Jul 10 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.3.7
    * Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read
      encoding very low sample rates
    * Fix CVE-2017-14160 - out-of-bounds read encoding very low
      sample rates.
    * Fix handling invalid bytes per sample arguments.
    * Fix handling invalid channel count arguments.
    * Fix invalid free on seek failure.
    * Fix negative shift reading blocksize.
    * Fix accepting unreasonable float32 values.
    * Fix tag comparison depending on locale.
    * Fix unnecessarily linking libm.
    * Fix memory leak in test_sharedbook.
    * Distribute CMake build files with the source package.
    * Remove unnecessary configure --target switch.
    * Add OSS-Fuzz support.
    * Build system and integration updates.
  - Drop not longer needed patches (fixed by upstream):
    * vorbis-CVE-2017-14160.patch
    * vorbis-CVE-2018-10392.patch
    * vorbis-CVE-2018-10393.patch
  - Add source verification
* Tue Jun 05 2018 tiwai@suse.de
  - Replace vorbis-CVE-2017-14160.patch with the upstream fix
    (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch
  - Fix the validation of channels in mapping0_forward()
    (CVE-2018-10392, bsc#1091070):
    vorbis-CVE-2018-10392.patch
* Thu May 03 2018 tiwai@suse.de
  - Fix out-of-bounds access inside bark_noise_hybridmp function
    (CVE-2017-14160, bsc#1059812):
    downstream fix: vorbis-CVE-2017-14160.patch
  - Fix stack-basedbuffer over-read in bark_noise_hybridm
    (CVE-2018-10393, bsc#1091072):
    downstream fix: vorbis-CVE-2018-10393.patch
* Sat Mar 17 2018 tiwai@suse.de
  - Split libvorbis-doc subpackage to a separate spec file for
    reducing the dependencies
* Fri Mar 16 2018 tiwai@suse.de
  - Update to version 1.3.6:
    * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
    * Fix CVE-2017-14632 - free() on unitialized data
    * Fix CVE-2017-14633 - out-of-bounds read
    * Fix bitrate metadata parsing.
    * Fix out-of-bounds read in codebook parsing.
    * Fix residue vector size in Vorbis I spec.
    * Appveyor support
    * Travis CI support
    * Add secondary CMake build system.
    * Build system fixes
  - Build documents with doxygen, and many tex stuff;
    this requires to disable parallel builds partially
  - Move COPYING to license directory
  - Drop obsoleted patches:
    vorbis-fix-linking.patch
    0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
    0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
    libvorbis-CVE-2018-5146.patch
* Fri Mar 16 2018 tiwai@suse.de
  - Fix VUL-0: libvorbis: Out of bounds memory write while processing
    Vorbis audio data (CVE-2018-5146, bsc#1085687):
    libvorbis-CVE-2018-5146.patch
* Tue Dec 19 2017 tiwai@suse.de
  - Fix VUL-0: out-of-bounds array read vulnerability exists in
    function mapping0_forward() (CVE-2017-14633, bsc#1059811):
    0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
  - Fix VUL-0: Remote Code Execution upon freeing uninitialized
    memory in function vorbis_analysis_headerout(CVE-2017-14632,
    bsc#1059809):
    0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
* Tue Nov 29 2016 aloisio@gmx.com
  - Added 32bit libvorbis-devel in baselibs.conf
* Fri Mar 06 2015 mpluskal@suse.com
  - Cleanup spec file with spec-cleaner
  - Update to 1.3.5
    * Tolerate single-entry codebooks.
    * Fix decoder crash with invalid input.
    * Fix encoder crash with non-positive sample rates.
    * Fix issues in vorbisfile's seek bisection code.
    * Spec errata.
    * Reject multiple headers of the same type.
    * Various build fixes and code cleanup.
* Mon Aug 18 2014 fcrozat@suse.com
  - Fix obsoletes and provides in baselibs.conf.
* Sun Feb 23 2014 andreas.stieger@gmx.de
  - Xiph libvorbis 1.3.4
    * reduced static data size in libvorbisenc
    * associated minor changes required to libvorbis and libvorbisfile
    * minor build fixes and build system updates
    * no functional changes over the previous 1.3.3 release
  - removed libvorbis-pkgconfig.patch, in upstream
  - updated vorbis-fix-linking.patch for context changes
* Tue Apr 16 2013 mmeister@suse.com
  - Added url as source.
    Please see http://en.opensuse.org/SourceUrls
* Sat Mar 02 2013 seife+obs@b1-systems.com
  - fix build with automake-1.13.1
* Wed Jun 20 2012 ftake@geeko.jp
  - updated to 1.3.3
    * vorbis: additional proofing against invalid/malicious
    streams in decode (see SVN for details).
    * vorbis: fix a memory leak in vorbis_commentheader_out().
    * updates, corrections and clarifications in the Vorbis I
    specification document
    * build warning fixes
* Tue Feb 21 2012 tiwai@suse.de
  - VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
    (bnc#747912)
* Sun Dec 25 2011 idonmez@suse.com
  - -O20 optimization level doesn't exist, use -O3
* Fri Nov 25 2011 crrodriguez@opensuse.org
  - open files with O_CLOEXEC, in order to avoid fd leaks
    when calling applications fork() ..execve()...
    This patch does not cover the executable tools since
    it is not critical for them.
* Tue Nov 22 2011 coolo@suse.com
  - add libtool as buildrequire to avoid implicit dependency
* Mon Aug 29 2011 crrodriguez@opensuse.org
  - Fix build with no-add-needed
* Thu May 05 2011 dmueller@suse.de
  - fix provides/obsoletes in baselibs
* Thu Dec 09 2010 davejplater@gmail.com
  - Split libvorbisenc2 and libvorbisfile3 from libvorbis0
  - Removed services.
* Wed Dec 08 2010 coolo@novell.com
  - fix the package split
* Wed Dec 08 2010 reddwarf@opensuse.org
  - updated to version 1.3.2
    * vorbis: additional proofing against invalid/malicious
    streams in floor, residue, and bos/eos packet trimming
    code (see SVN for details).
    * vorbis: Added programming documentation tree for the
    low-level calls
    * vorbisfile: Correct handling of serial numbers array
    element [0] on non-seekable streams
    * vorbisenc: Back out an [old] AoTuV HF weighting that was
    first enabled in 1.3.0; there are a few samples where I
    really don't like the effect it causes.
    * vorbis: return correct timestamp for granule positions
    with high bit set.
    * vorbisfile: the [undocumented] half-rate decode api made no
    attempt to keep the pcm offset tracking consistent in seeks.
    Fix and add a testing mode to seeking_example.c to torture
    test seeking in halfrate mode.  Also remove requirement that
    halfrate mode only work with seekable files.
    * vorbisfile:  Fix a chaining bug in raw_seeks where seeking
    out of the current link would fail due to not
    reinitializing the decode machinery.
    * vorbisfile: improve seeking strategy. Reduces the
    necessary number of seek callbacks in an open or seek
    operation by well over 2/3.
  - updated to version 1.3.1
    * tweak + minor arithmetic fix in floor1 fit
    * revert noise norm to conservative 1.2.3 behavior pending
    more listening testing
  - updated to versio 1.3.0
    * Optimized surround support for 5.1 encoding at 44.1/48kHz
    * Added encoder control call to disable channel coupling
    * Correct an overflow bug in very low-bitrate encoding on 32 bit
    machines that caused inflated bitrates
    * Numerous API hardening, leak and build fixes
    * Correct bug in 22kHz compand setup that could cause a crash
    * Correct bug in 16kHz codebooks that could cause unstable pure
    tones at high bitrates
  - run spec-cleaner
  - removed libvorbis-automake-fix.diff, libvorbis-doc-fixes.diff,
    libvorbis-r16326-CVE-2009-3379.diff and
    libvorbis-r16597-CVE-2009-3379.diff (upstream fixed)
  - follow library packaging policy
  - run make check
* Wed May 26 2010 tiwai@suse.de
  - VUL-0: libvorbis: memory corruption while parsing ogg files
    (bnc#608192, CVE-2009-3379)
* Wed Dec 16 2009 jengelh@medozas.de
  - add baselibs.conf as a source
  - enable parallel building
  - package documentation as noarch
* Wed Nov 11 2009 tiwai@suse.de
  - updated to version 1.2.3:
    * correct a vorbisfile bug that prevented proper playback of
    Vorbis files where all audio in a logical stream is in a
    single page
    * Additional decode setup hardening against malicious streams
    * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who
    wish to avoid avoid unused symbol warnings from the static
    callbacks defined in vorbisfile.h
  - updated to version 1.2.2:
    * define VENDOR and ENCODER strings
    * seek correctly in files bigger than 2 GB (Windows)
    * fix regression from CVE-2008-1420; 1.0b1 files work again
    * mark all tables as constant to reduce memory occupation
    * additional decoder hardening against malicious streams
    * substantially reduce amount of seeking performed by Vorbisfile
    * Multichannel decode bugfix
    * build system updates
    * minor specification clarifications/fixes
  - dropped aotuv patch temporarily
* Thu Jul 23 2009 tiwai@suse.de
  - updated to aoTuV patch version beta5.7:
    * including security fixes
    * improved encoding speed of low bitrate mode
    * reduced distrotion by clipping at low sampling frequency
    * fixed noise control part of impulse block
    * tuning of each part was redone
    * expanded noise control of the impulse block
    * fixed pre-echo reduction code
    * noise normalization reviewed
    * detailed tuning done again
* Mon Jun 22 2009 coolo@novell.com
  - fix build with automake 1.11
* Wed Jan 07 2009 olh@suse.de
  - obsolete old -XXbit packages (bnc#437293)
* Thu Nov 20 2008 pth@suse.de
  - Fix the test in libvorbis-m4.dif and adapt libvorbis-lib64.dif.
* Wed May 14 2008 tiwai@suse.de
  - VUL-0: Multiple vulnerabilities in libogg and libvorbis
    (bnc#372246)
    * CVE-2008-1419 vorbis: zero-dim codebooks can cause crash,
      infinite loop or heap overflow
    * CVE-2008-1420 vorbis: integer overflow in partvals computation
    * CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
* Mon Apr 28 2008 tiwai@suse.de
  - fixed dependency in *.pc files (bnc#384153)
  - removed old run_ldconfig
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Thu Aug 02 2007 tiwai@suse.de
  - updated to version 1.2.0:
    * new ov_fopen() convenience call that avoids the common
    stdio conflicts with ov_open() and MSVC runtimes.
    * libvorbisfile now handles multiplexed streams
    * improve robustness to corrupt input streams
    * fix a minor encoder bug
    * updated RTP draft
    * build system updates
    * minor corrections to the specification
* Fri Jul 27 2007 tiwai@suse.de
  - fix the documentation link (#293784)
  - split documentation to doc subpackage
  - remove -fno-strict-aliasing gcc option
* Mon Jul 09 2007 tiwai@suse.de
  - fix array boundary conditional flaw in mapping (#287124,
    CVE-2007-3106)
* Mon Apr 23 2007 tiwai@suse.de
  - use aoTuV beta5 patch:
    * The action of noise normalization has been improved.
    * The threshold of a stereo mode change was calculated
      dynamically.
    * Noise control of an impulse block was changed (quality 0-10
      / 32-48kHz). And pre-echo decreased slightly.
    * Tuning of each part was redone according to above-mentioned
      changed part and additional part.
* Mon Apr 16 2007 tiwai@suse.de
  - follow library packaging policy
    * move docs to devel package
    * remove static library
  - remove obsolete m4 files
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Wed Jan 11 2006 tiwai@suse.de
  - compile with -fstack-protector.
* Fri Dec 02 2005 tiwai@suse.de
  - updated to version 1.1.2.
* Tue Oct 18 2005 tiwai@suse.de
  - updated to version 1.1.1.
* Sun Sep 04 2005 aj@suse.de
  - Build with -fno-strict-aliasing (#115135).
* Thu Jul 07 2005 tiwai@suse.de
  - remove -fsigned-char (#93878).
  - fixed Requires of devel subpackage.
* Mon Jun 20 2005 tiwai@suse.de
  - updated to aoTuV beta4.
* Wed Jan 19 2005 tiwai@suse.de
  - fixed compile warnings with gcc-4.0.
* Wed Nov 24 2004 tiwai@suse.de
  - updated to libvorbis version 1.1.0.
  - updated to aoTuV beta3.
* Thu Aug 05 2004 tiwai@suse.de
  - applied aoTuV patch to improve the encoding quality.
* Fri Apr 16 2004 tiwai@suse.de
  - fixed the type-punning.
  - disabled the removal of $RPM_BUILD_ROOT in %install.
* Wed Jan 21 2004 tiwai@suse.de
  - fixed quoting in m4 files.
* Fri Jan 09 2004 adrian@suse.de
  - add %run_ldconfig to %postun
* Fri Jan 09 2004 tiwai@suse.de
  - updated to version 1.0.1.
    removed obsolete patches.
  - added pkgconfig to neededforbuild.
* Sat Mar 01 2003 adrian@suse.de
  - let libvorbis-devel require libogg-devel
* Fri Jan 17 2003 tiwai@suse.de
  - fixed m4 macro (bug #21267).
* Thu Jan 09 2003 kukuk@suse.de
  - Add *.la files to -devel filelist
* Wed Dec 04 2002 tiwai@suse.de
  - fixed the undefined weak links.
  - renamed m4.dif and lib64.dif with libvorbis- prefix to avoid
    filename conflictions.
* Thu Sep 19 2002 tiwai@suse.de
  - don't add -I/usr/include to VORBIS_VFLAGS.
  - fix test for prefix.
  - move devel documents under %{_docdir}/libvorbis-devel.
* Mon Aug 12 2002 tiwai@suse.de
  - added Requires %{name} = %{version} to devel package.
* Tue Jul 23 2002 tiwai@suse.de
  - fixed m4 file for lib64.
  - provides the backward compatible m4 file.
* Mon Jul 22 2002 tiwai@suse.de
  - updated to version 1.0.
  - clean up the spec file.
  - added %run_ldconfig.
* Wed Jun 12 2002 meissner@suse.de
  - rm acinclude.m4 so we don't have the problematic ogg.m4 (which contains
    /lib hardcoded).
* Thu Apr 18 2002 kukuk@suse.de
  - Remove additional optimization, default is better
  - Add --libdir to configure to build on x86_64
* Thu Feb 07 2002 tiwai@suse.de
  - fixed build on s390x.
* Fri Jan 04 2002 tiwai@suse.de
  - updated to RC3.
    sync with cvs 2002.01.04.
* Tue Dec 04 2001 tiwai@suse.de
  - sync with cvs 2001.12.04.
* Wed Oct 24 2001 tiwai@suse.de
  - sync with cvs 20011024.
    + fixed/updated documents
    + tuned up parameters
    + bugfixes on 64bit arch.
  - removed Requires to libogg.
* Sat Oct 20 2001 schwab@suse.de
  - Fix use of qsort.
* Mon Aug 13 2001 tiwai@suse.de
  - updated to 1.0rc2 from cvs 20010813.
* Thu Jun 07 2001 tiwai@suse.de
  - fixed build with the recent libtool.
* Tue Apr 03 2001 bk@suse.de
  - make use of RPM_OPT_FLAGS
  - include the include/vorbis dir into the file list(+rpm-macroized)
* Mon Mar 12 2001 tiwai@suse.de
  - corrected copyright in spec file.
* Mon Feb 26 2001 tiwai@suse.de
  - Updated to 1.0beta4.
* Wed Jan 31 2001 tiwai@suse.de
  - Initial version: 1.0beta3.

Files

/usr/lib64/libvorbis.so.0
/usr/lib64/libvorbis.so.0.4.9


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Oct 27 00:31:05 2020