File wavpack.changes of Package wavpack

Overview Repositories Revisions Requests Users Attributes Meta

File wavpack.changes of Package wavpack

-------------------------------------------------------------------
Thu Jul 21 07:58:51 UTC 2022 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2022-2476 [bsc#1201716], Null pointer dereference in wvunpack
  + wavpack-CVE-2022-2476.patch

-------------------------------------------------------------------
Wed Mar 16 09:03:58 UTC 2022 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file
  + wavpack-CVE-2021-44269.patch

-------------------------------------------------------------------
Mon Jan 18 10:48:16 UTC 2021 - Alexandros Toptsoglou <atoptsoglou@suse.com>

- Update to version 5.4.0
  * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) 
  * fixed: disable A32 asm code when building for Apple silicon
  * fixed: issues with Adobe-style floating-point WAV files
  * added: --normalize-floats option to wvunpack for correctly
             exporting un-normalized floating-point files

- Update to version 5.3.0 
  * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
  * fixed: trailing garbage characters on imported ID3v2 TXXX tags
  * fixed: various minor undefined behavior and memory access issues
  * fixed: sanitize tag extraction names for length and path inclusion
  * improved: reformat wvunpack "help" and split into long + short versions
  * added: regression testing to Travis CI for OSS-Fuzz crashers

- Updated to version 5.2.0 
  *fixed: potential security issues including the following CVEs:
         CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
         CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),  
         CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), 
         CVE-2018-7254,  CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 
         and CVE-2019-1010319
  * added: support for CMake, Travis CI, and Google's OSS-fuzz
  * fixed: use correction file for encode verify (pipe input, Windows)
  * fixed: correct WAV header with actual length (pipe input, -i option)
  * fixed: thumb interworking and not needing v6 architecture (ARM asm)
  * added: handle more ID3v2.3 tag items and from all file types
  * fixed: coredump on Sparc64 (changed MD5 implementation)
  * fixed: handle invalid ID3v2.3 tags from sacd-ripper
  * fixed: several corner-case memory leaks

Dropped patches that included in upstream version: 
  * CVE-2018-19840.patch
  * CVE-2018-19841.patch
  * CVE-2018-7253.patch
  * CVE-2018-7254.patch
  * wavpack-CVE-2018-6767.patch
  * CVE-2019-1010319.patch
  * CVE-2019-11498.patch

-------------------------------------------------------------------
Wed Aug 14 10:15:49 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

- Add patch for bsc#1141334 CVE-2019-1010319 (use of unitialized var):
  * CVE-2019-1010319.patch
- Add patch for bsc#1133384 CVE-2019-11498 (conditional jump):
  * CVE-2019-11498.patch

-------------------------------------------------------------------
Mon Jan  7 19:29:45 CET 2019 - sbrabec@suse.com

- Fix denial-of-service (resource exhaustion caused by an infinite
  loop; bsc#1120930, CVE-2018-19840, CVE-2018-19840.patch).
- Fix denial-of-service (out-of-bounds read and application crash;
  bsc#1120929, CVE-2018-19841, CVE-2018-19841.patch).

-------------------------------------------------------------------
Tue Feb 20 08:48:07 UTC 2018 - kbabioch@suse.com

- Added CVE-2018-7253.patch: Fixed a heap based buffer overread in
  cli/dsdiff.c, which allowed remote attackers to cause DoS via
  a specially crafted input file (CVE-2018-7253, bsc#1081692)

- Added CVE-2018-7254.patch: Fixed a buffer overread in cli/caff.c,
  which allowed remote attackers to cause DoS via a specially
  crafted input file (CVE-2018-7254, bsc#1081693)

-------------------------------------------------------------------
Mon Feb 19 16:27:30 UTC 2018 - pmonrealgonzalez@suse.com

- Security fix [bsc#1079746, CVE-2018-6767]
  * Crafted wav file can trigger a stack buffer overflow when
    parsing the file
  * Added wavpack-CVE-2018-6767.patch

-------------------------------------------------------------------
Mon Nov 13 21:12:39 UTC 2017 - jengelh@inai.de

- Compact description. Drop pointless --with-pic since no static
  libs are built.

-------------------------------------------------------------------
Thu Nov  9 17:14:33 UTC 2017 - aavindraa@gmail.com

- Update to version 5.1.0
  * new: command-line tagging utility (wvtag)
  * added: option to import ID3v2.3 tags from Sony DSF files
  * fixed: fuzz test failures from AFL reported on SourceForge
  * improved: DSD decimation filter (less HF rolloff & CPU use)
  * fixed: non-byte audio depths (12-bit, 20-bit) not showing
  * fixed: rare case of noise-shaping triggering a lossy mute
  * fixed: recognize UTF-8 BOM when reading text files
  * fixed: a few portability issues
- Includes changes from 5.0.0:
  * new: input formats (RF64, Wave64, and CAF)
  * removed: support for legacy WavPack files (< 4.0)
  * added: lossless DSD audio in Philips DSDIFF and Sony DSF files
  * fixed: seeking in > 2GB WavPack files (new stream reader)
  * fixed: accept > 4GB source audio files (all formats)
  * improved: increase maximum samples from 2^32 to 2^40
  * added: block checksums for robustness to corruption
  * added: support for non-standard channel identities
  * added: block decoder for streaming applications
  * added: new pdf documentation
- For other changes, see upstream:
  * https://github.com/dbry/WavPack/blob/master/ChangeLog
- cleanup with spec-cleaner
- remove wavpack-fix_pkgconfig.patch, fixed upstream in:
  * d440649aa113797a50e94285c8c037dc2ad7a5a9
  * 779a2e62783acc6a46f75dd89359e95079ef708a
  * 7846e95eb1c3fa97da41dfe96de532c2df5ad281
- remove license.txt, use upstream copying file instead
- Drop Requires, Provides and Obsoletes, as the SUSE versions they
  were needed for are now EOL.

-------------------------------------------------------------------
Sat Jun 22 00:28:57 UTC 2013 - crrodriguez@opensuse.org

- update to WavPack 4.70-beta (packaged as 4.60.99)
* 4GB file support on 32-bit OS
* memcpy() not always used correctly (Linux targets)
* unsigned char issue (ARM targets)
* use temporary files for safer overwriting

-------------------------------------------------------------------
Mon Feb 13 10:57:33 UTC 2012 - coolo@suse.com

- patch license to follow spdx.org standard

-------------------------------------------------------------------
Fri Nov 25 12:33:45 UTC 2011 - coolo@suse.com

- add libtool as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Fri Nov 25 12:33:27 UTC 2011 - coolo@suse.com

- remove _service

-------------------------------------------------------------------
Sun Mar  6 21:12:12 UTC 2011 - reddwarf@opensuse.org

- Add libwavpack1 to baselibs.conf

-------------------------------------------------------------------
Wed Dec  8 19:05:07 UTC 2010 - cristian.rodriguez@opensuse.org

- Update to version 4.60.1
 * fixed: filename specs in tag extractions failed in batch operations
 * fixed: prevent creation of APEv2 tags > 1 MB (which we can't read)
 * fixed: crash when decoding old WavPack files (pre version 4.0)
 * added: man pages to build system and updated with newer options

-------------------------------------------------------------------
Fri Apr 30 08:57:13 CEST 2010 - meissner@suse.de

- buildrequire pkgconfig

-------------------------------------------------------------------
Thu Sep  4 13:35:36 CEST 2008 - sbrabec@suse.cz

- Updated to version 4.50.1:
  * added dynamic noise shaping for improved hybrid quality
  * added option to merge blocks of similar redundancy
  * added ability to store and retrieve extra mode level
  * improved bitrate calculation
  * improved decoding of corrupt and nonconforming files
  * added optimize storage of LossyWAV output files
  * added transcoding API
  * added metadata writing API
  * added full Unicode support
  * multichannel and 24-bit audio improvements
  * portability and crash fixes

-------------------------------------------------------------------
Mon Aug 13 07:06:33 CEST 2007 - crrodriguez@suse.de

- remove static libraries and useless libtool archive

-------------------------------------------------------------------
Fri Jul 27 09:49:25 CEST 2007 - sbrabec@suse.cz

- Updated to version 4.41.0:
  * bug fixes
  * improvements
  * new features
  * new optimization code
  * for complete list of changes see ChangeLog
- Split package according to shared library packaging policy.

-------------------------------------------------------------------
Thu Mar 29 11:20:58 CEST 2007 - sbrabec@suse.cz

- "comparison is always false" warnings fix (David Bryant).

-------------------------------------------------------------------
Wed Mar 28 16:41:05 CEST 2007 - sbrabec@suse.cz

- New SuSE package, version 4.40.0, based on work of Toni Graffy
  <toni@links2linux.de>.

Places

File wavpack.changes of Package wavpack

Places