* No change rebuild for ppc64el baseline bump.
* No-change rebuild to build packages with zstd compression.
* Team upload
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
* Bump Standards-Version to 4.4.1
[ Petter Reinholdtsen ]
* Include upstream status in all patches.
[ Balint Reczey ]
* debian/gitlab-ci.yml: Add minimal Salsa CI configuration
[ Olivier Tilloy ]
* Change autopkgtest dependency on pysycache-i18n (Closes: #963082)
[ Dennis Braun ]
* New upstream version 1.3.7
* Update patchset
* Add me as uploader
* Bump dh-compat to 13
* Bump S-V to 4.5.0
* Set RRR: no
* Update copyright years
[ Sebastian Ramacher ]
* Do not install .la files (Closes: #955786)
Thanks to Pino Toscano
* Make autopkgtests cross-test-friendly (Closes: #946478)
Thanks to Steve Langasek
* Team upload
[ Ondřej Nový ]
* d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/control: Set Vcs-* to salsa.debian.org
[ Florian Schlichting ]
* Set Maintainer address to Debian Multimedia Maintainers (closes: #899590)
* Cherry-pick two patches from upstream git (closes: #876780):
+ 0003-CVE-2017-14160-fix-bounds-check-on-very-low-sample-r.patch
(this is also CVE-2018-10393)
+ 0004-Sanity-check-number-of-channels-in-setup.patch (CVE-2018-10392)
* Use secure URIs for xiph.org
* Update d/copyright to copyright-format 1.0
* Bump dh compat to level 12
* Enable all hardening build flags
* Add Build-Depends-Package field to symbols files
* Declare compliance with Debian Policy 4.3.0
* Drop debian/source.lintian-overrides, it is apparently unused
* Make lintian happy: "I" is a number here
* Update debian/tests/test-examples, the examples are no longer gzipped at
this compat level
* Add 0005-vorbisenc-detect-if-new-template-is-null.patch from upstream git
to fix the autopkgtest (closes: #772877)
* Add more used CPE strings to d/upstream/metadata.
* Fix typo in patch description. Thanks lintian.
* Updated Standards-Version from 3.9.8 to 4.1.3.
* Changed debhelper compat level from 9 to 10.
* Remove no longer needed Testsuite header from d/control.
* Drop binary package libvorbis-dbg. Use automatically generated dbgsym
package instead.
* New upstream version 1.3.6.
- Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
- Fixes CVE-2017-14632 - free() on uninitialized data
- Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
- Removed obsolete patches
CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
* Non-maintainer upload.
* Prevent out-of-bounds write in codebook decoding (CVE-2018-5146)
(Closes: #893130)
* Non-maintainer upload.
* Cherry-pick upstream patches for CVE-2017-14632 and CVE-2017-14633
(Closes: #876778, 876779)
* Changed Standards-Version from 3.9.6 to 3.9.8.
* Added CPE id in d/upstream/metadata for future reference.
* Adjusted d/tests/test-coupling-segfault to print bug number and
upstream URL.
* Replace Peter Samuelson with Ralph Giles as uploader. Thank you
Peter for all past work.
* Fix autopkgtest script by redirecting stderr to log file.
* Add new autopkgtest script test-coupling-segfault to detect if
bug #772877 is present.
* Add build-essential to the list of autopkgtest dependencies to get gcc.
[ Martin Steghöfer ]
* New upstream version 1.3.5. (Closes: #798960)
[ Petter Reinholdtsen ]
* Added simple autopkgtest script running the examples.
[ Martin Steghöfer ]
* Fix crash on corrupt input file (invalid mode index). (Closes: #774516)
* Take into account error codes returned from
"vorbis_packet_blocksize" in "_initial_pcmoffset" (follow-up
problem related to #774516). Thanks to Timothy B. Terriberry
* Fix segmentation fault on two subsequent seeks to 0. (Closes: #782831)
[ Petter Reinholdtsen ]
* Add debian/gbp.conf to enforce the user of pristine-tar.
[ Martin Steghöfer ]
* Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613)
[ Martin Steghöfer ]
* New upstream version 1.3.4. (Closes: #739722)
* Rebased patches and dropped cve-2012-0444 patch that is included
in new upstream.
* Removed lintian override for tag
"using-first-person-in-description". Lintian has improved and
doesn't report this false positive any longer.
* Upgrade Standards-Version to 3.9.6. No changes necessary.
* Clean-up: Removed references to the old libvorbis0 package, it
hasn't been in any release for ages.
[ Martin Steghöfer ]
* Format patches for gbp-pq.
* Updated VCS meta information to list git repository.
[ Petter Reinholdtsen ]
* Drop John Francesco Ferlito and add me and Martin Steghöfer as
uploaders.
* Updated standards-version from 3.9.1 to 3.9.6.
[ Martin Steghöfer ]
* Fix lintian warning
"description-synopsis-starts-with-article". Make sure the synopsis
of the package description meets the formula "The package [name]
provides {a,an,the,some} [synopsis]."
* Override lintian tag "license-problem-non-free-RFC-BCP78" for RFC
5215 - it has a dual license.
* Fix lintian warning "wrong-name-for-upstream-changelog" by using
"dh_installchangelogs" instead of "dh_installdocs" for the
upstream changelog.
* Non-maintainer upload to fix crash and hang bug.
* Switch to debian source format 3.0 (quilt).
* Add Homepage link in debian/control.
* Avoid floating point exception when dividing by zero when
bytespersample is zero (Closes: #635906). Patch from Daniel Exner.
* Fix hang with loading Ogg Theora files when seeking to PCM 0 by
backporting r19159 of upstream SVN, authored by Chris Montgomery
(Closes: #762571). Patch from Martin Steghöfer.
* Non-maintainer upload.
* Build-Depends on dh-autoreconf and use it in rules for
config.{guess,sub} (Closes: #744722)
* Non-maintainer upload to fix release goals
* Convert to Multi-Arch, closes: #637578 (Thanks, Steve Langasek)
* Remove .la file dependencies, closes: #633339
* Non-maintainer upload by the Security Team.
* Fix cve-2012-0444: buffer overflow in floor1.c.
* Non-maintainer upload.
* Fix FTBFS with ld --no-add-needed (Closes: #604797).
patch made by Matthias Klose <doko@ubuntu.com>.
* New upstream release (Closes: #613489)
- ov_fopen should have const qualifier for char *path (Closes: #547223)
* debian/control
- Bumped standards version to 3.9.1
* debian/rules
- Add --with-pic (Closes: #603195)
* debian/docs
- CHANGELOG was renamed to CHANGES
* Added debian/source/format 1.0
* New upstream release.
- Please package new upstream version 1.3.1. (Closes: #575676)
- libvorbis: additional CVE-2009-3379 security fixes. (Closes: #573562)
- libvorbis0a: Incorrect encoding on powerpc. (Closes: #549899)
- FTBFS with binutils-gold. (Closes: #555383)
* debian/compat
- Moved to version 7
* debian/control
- Added ${misc:Depends}.
- Bumped dependency on debhelper to 7.0.50~.
- Added strict version depends on libvorbis0a to libvorbisenc2 and
libvorbisfile3.
* Added debian/docs
* Simplified debian/*.install
* Updated debian/libvorbis0a.symbols
* Moved to debhelper 7 style dh rules
* debian/copyright
- Add details for doc/rfc5215.txt (Closes: #550687).
* Add a -dbg package (Closes: #516661).
* Add back in changes from dfsg-5 and dfsg-6.
* Remove CVE-2009-2663.patch
* New upstream release (Closes: #543549, #249695) (LP: #418059).
- Remove upstream-r14811_huffman_sanity_checks.diff
- Remove CVE-2008-1420.patch
- Remove CVE-2008-1423+CVE-2008-1419.patch
* Draft RFCs have been replaced with RFC5215 which is DFSG compliant due to
clause 11. SO there is no more need for a dfsg binary.
* Update .symbol files.
* Update debian/control
+ Add version dependency on debhelper.
+ Bump to Standards-Version 3.8.3.
+ Add John Francesco Ferlito to Uploaders.
+ Remove Adeodato Simó from Uploaders.
+ Remove duplicate Section headers.
+ Update short descriptions.
* Remove quilt as there are currently no patches.
* Register HTML documentation with doc-base.
* Add lintian override for package-name-doesnt-match-sonames.
* Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
file to corrupt memory. (Closes: #540958)
* patches/CVE-2008-1420.patch: fix a regression playing files generated
by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421)
* New maintainer.
* Standards-Version: 3.8.1.
* gcc -fno-finite-math-only on armel, to work around a gcc bug
(fixed upstream in gcc 4.3 and 4.4). (Closes: #515949)
* Fix watch file to unmangle .dfsg in version, thanks Lintian.
* Distinguish the short descriptions of the different lib packages, and
other tweaks to debian/control. Thanks Lintian. (Closes: #432688)
* Add upstream-r14811_huffman_sanity_checks.diff. closes: #482039.
* Bump to Standards-Version 3.8.0.
* Remove myself from Uploaders.
* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
OGG files (Closes: #482518)
Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419
* Use dpkg-gensymbols, with symbol files obtained from Mole (stripping
debian revision and .dfsg suffix).
* Install upstream CHANGES file as changelog.gz. (Closes: #302037)
* Bump debian/compat to 5, and Standards-Version to 3.7.3 (no changes
needed).
* Use quilt.make in debian/rules.
* Bump shlibs for libvorbis0a due to new vorbis_synthesis_idheader header.
(Closes: #436083)
[ Adeodato Simó ]
* Use ${binary:Version} instead of ${Source-Version}.
[ Clint Adams ]
* New upstream release.
- Remove upstream_r13198-fix_segfault_in_ov_time_seek.diff .
- Fixes: CVE-2007-4029, CVE-2007-4065, CVE-2007-4066
* Bump shlibs for libvorbisfile3 to >= 1.2.0 due to new ov_fopen
function.
* Bump to Standards-Version 3.7.2.
* Add upstream_r13198-fix_segfault_in_ov_time_seek.diff. closes: #281995.
* Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048
* NMU
* Remove draft RFC files, as they are not under a free license.
Closes: #390660
* Repackage the source package without these files.
* Add README.Source documenting how the upstream source is repackaged.
* Modify dh_makeshlibs call to avoid generating a shlibs file that has
an unncessarily tight versioned dependency on this new pseudo-version
of libvorbis.
* Switch maintenance to the Debian Xiph.org Maintainers (alioth/pkg-xiph).
* New upstream release packaged. (Closes: #327586)
* Move HTML documentation from /usr/share/doc/libvorbis-dev itself to an
html/ subdirectory of it.
* Update debian/control:
+ drop unnecessary build-dependency on devscripts.
+ drop version restriction on debhelper and libogg-dev build-dependencies,
since they're already satisfied with stable.
* Overhaul debian/rules, and switch to quilt for patch management.
* Add debian/compat file, instead of exporting DH_COMPAT.
* Update download URL in debian/copyright.
* Add debian/watch file.
* Bumped Standards-Version to 3.6.2 (no changes required).
* New upstream.
* New upstream.
* Improved descriptions. (Closes: #166649)
* Updated DEB_BUILD_OPTIONS support. (Closes: #188464)
* Add libvorbis0 conflict to libvorbis0a.
* Rename libvorbis0 -> libvorbis0a to keep packages from upgrading to it
by mistake. (Closes: #156227, #156365, #161961, #171548, #172466,
#172469, #178756)
* GNU config automated update: config.sub (20020621 to 20030103),
config.guess (20020529 to 20030110)
* New upstream.
* Split libvorbis package into libvorbis libvorbisenc libvorbisfile due to
shared object major versions going out of sync.
* New upstream. (Closes: #121995, #123472)
* added autotools target (config.* updater) to rules
* New upstream.
* New upstream. (Closes: #84977, #95330)
* Upstream says lame at fault. See bug details. (Closes: #98010)
* Fixed versioned depends.
* Changed clean method to distclean.
* New upstream.
* Appears to be fixed, can't reproduce bug (closes: #78848)
* Fixed Build-Depends libogg-dev version dependency.
* Fixed Sections.
* Updated to Standards-Version to 3.5.1.0
* Added dependency for libogg-dev (closes: #78262)
* Added dependency for libogg-dev (closes: #81432)
* Corrected development library package name (closes: #82464)
* New Maintainer.
* Upstream source was reorganized.
* Package split according to the upstream reorganization.
* New upstream version. Closes: #67326, #68416
* Changed xmms-vorbis to Architechture: any. Closes: #67395
* Added Build-deps. Closes: #66628
* Moved vorbize to vorbis-tools along with oggenc and vorbiscomment
* First Beta, Ready for debian release.
* Initial Release.
* Initial package, not placed in archive.