Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libvorbis0-1.3.7-4.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libvorbis0 Distribution: openSUSE Tumbleweed
Version: 1.3.7 Vendor: openSUSE
Release: 4.2 Build date: Sat Aug 12 17:26:31 2023
Group: System/Libraries Build host: sheep81
Size: 186426 Source RPM: libvorbis-1.3.7-4.2.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.vorbis.com/
Summary: The Vorbis General Audio Compression Codec
Vorbis is a fully open, nonproprietary, patent-and-royalty-free, and
general-purpose compressed audio format for audio and music at fixed
and variable bit rates from 16 to 128 kbps/channel.

The native bitstream format of Vorbis is libogg (Ogg). Alternatively,
libmatroska (matroska) can also be used.

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu May 04 2023 Dominique Leuenberger <dimstar@opensuse.org>
  - Add _multibuild to define 2nd spec file as additional flavor.
    Eliminates the need for source package links in OBS.
* Mon Mar 13 2023 Martin Pluskal <mpluskal@suse.com>
  - Build AVX2 enabled hwcaps library for x86_64-v3
  - Small spec file cleanup
* Wed Jun 15 2022 Callum Farmer <gmbr3@opensuse.org>
  - Remove bad %defattr - not needed and causes SHLIB non-executable
    rpmlint error
* Fri Jul 10 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.3.7
    * Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read
      encoding very low sample rates
    * Fix CVE-2017-14160 - out-of-bounds read encoding very low
      sample rates.
    * Fix handling invalid bytes per sample arguments.
    * Fix handling invalid channel count arguments.
    * Fix invalid free on seek failure.
    * Fix negative shift reading blocksize.
    * Fix accepting unreasonable float32 values.
    * Fix tag comparison depending on locale.
    * Fix unnecessarily linking libm.
    * Fix memory leak in test_sharedbook.
    * Distribute CMake build files with the source package.
    * Remove unnecessary configure --target switch.
    * Add OSS-Fuzz support.
    * Build system and integration updates.
  - Drop not longer needed patches (fixed by upstream):
    * vorbis-CVE-2017-14160.patch
    * vorbis-CVE-2018-10392.patch
    * vorbis-CVE-2018-10393.patch
  - Add source verification
* Tue Jun 05 2018 tiwai@suse.de
  - Replace vorbis-CVE-2017-14160.patch with the upstream fix
    (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch
  - Fix the validation of channels in mapping0_forward()
    (CVE-2018-10392, bsc#1091070):
    vorbis-CVE-2018-10392.patch
* Thu May 03 2018 tiwai@suse.de
  - Fix out-of-bounds access inside bark_noise_hybridmp function
    (CVE-2017-14160, bsc#1059812):
    downstream fix: vorbis-CVE-2017-14160.patch
  - Fix stack-basedbuffer over-read in bark_noise_hybridm
    (CVE-2018-10393, bsc#1091072):
    downstream fix: vorbis-CVE-2018-10393.patch
* Sat Mar 17 2018 tiwai@suse.de
  - Split libvorbis-doc subpackage to a separate spec file for
    reducing the dependencies
* Fri Mar 16 2018 tiwai@suse.de
  - Update to version 1.3.6:
    * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
    * Fix CVE-2017-14632 - free() on unitialized data
    * Fix CVE-2017-14633 - out-of-bounds read
    * Fix bitrate metadata parsing.
    * Fix out-of-bounds read in codebook parsing.
    * Fix residue vector size in Vorbis I spec.
    * Appveyor support
    * Travis CI support
    * Add secondary CMake build system.
    * Build system fixes
  - Build documents with doxygen, and many tex stuff;
    this requires to disable parallel builds partially
  - Move COPYING to license directory
  - Drop obsoleted patches:
    vorbis-fix-linking.patch
    0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
    0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
    libvorbis-CVE-2018-5146.patch
* Fri Mar 16 2018 tiwai@suse.de
  - Fix VUL-0: libvorbis: Out of bounds memory write while processing
    Vorbis audio data (CVE-2018-5146, bsc#1085687):
    libvorbis-CVE-2018-5146.patch
* Tue Dec 19 2017 tiwai@suse.de
  - Fix VUL-0: out-of-bounds array read vulnerability exists in
    function mapping0_forward() (CVE-2017-14633, bsc#1059811):
    0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
  - Fix VUL-0: Remote Code Execution upon freeing uninitialized
    memory in function vorbis_analysis_headerout(CVE-2017-14632,
    bsc#1059809):
    0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch

Files

/usr/lib64/libvorbis.so.0
/usr/lib64/libvorbis.so.0.4.9


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 2 23:36:56 2024