Change log for faad2 package in Debian
| 1 → 32 of 32 results | First • Previous • Next • Last |
faad2 (2.11.1-1) unstable; urgency=medium
* Add fixed CVE ids to previous debian/changelog entry.
* New upstream version 2.11.1
+ Check for lrintf() availability, link with -lm and define
HAVE_LRINTF accordingly (Closes: #1055729).
* Upstream installs the frontend manpage again, so do we.
* Add "Build-Depends-Package: libfaad-dev" to libfaad_drm.so.2
symbols.
* Bump Standards-Version to 4.6.2.
* Bump Debian packaging copyright to 2023.
-- Fabian Greffrath <email address hidden> Tue, 14 Nov 2023 08:32:47 +0100
Available diffs
- diff from 2.10.1-1 to 2.11.1-1 (156.2 KiB)
- diff from 2.11.0-1 to 2.11.1-1 (3.2 KiB)
faad2 (2.11.0-1) unstable; urgency=medium * New upstream version 2.11.0 * Add cmake to Build-Depends. * Build only shared libraries. * Build with -fvisibility=hidden. * Remove plugins/ directory from debian/copyright. -- Fabian Greffrath <email address hidden> Tue, 07 Nov 2023 10:10:20 +0100
faad2 (2.10.1-1) unstable; urgency=medium * Fix debian/watch file. * New upstream version 2.10.1 * Remove patches, applied upstream. * Update Debian packaging copyright. * Update faad.lintian-overrides file. -- Fabian Greffrath <email address hidden> Thu, 20 Oct 2022 22:15:02 +0200
Available diffs
- diff from 2.10.0-2 to 2.10.1-1 (3.9 KiB)
| Published in buster-release |
faad2 (2.10.0-1~deb10u1) buster-security; urgency=medium * Rebuild for buster, addresses multiple security issues -- Moritz Mühlenhoff <email address hidden> Thu, 24 Mar 2022 19:44:40 +0100
faad2 (2.10.0-2) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Bug-Submit,
Repository, Repository-Browse.
* Update standards version to 4.5.1, no changes needed.
[ Fabian Greffrath ]
* Fix debian/watch file.
* Add post-release patch from upstream to reject buffers of zero
size.
* Bump Standards-Version to 4.6.0.
-- Fabian Greffrath <email address hidden> Thu, 21 Oct 2021 12:46:57 +0200
Available diffs
- diff from 2.10.0-1 to 2.10.0-2 (1.3 KiB)
faad2 (2.10.0-1) unstable; urgency=medium
* New upstream version 2.10.0
* Bump Standards-Version to 4.5.0.
* Drop "-Wl,--as-needed" linker flag.
* Bump debhelper-compat to 13.
* Add "usr/lib/${DEB_HOST_MULTIARCH}/*.la" to debian/not-installed.
-- Fabian Greffrath <email address hidden> Tue, 20 Oct 2020 21:45:18 +0200
Available diffs
- diff from 2.9.2-1 to 2.10.0-1 (31.2 KiB)
faad2 (2.9.2-1) unstable; urgency=medium * New upstream version 2.9.2 * Install pkg-config file. * Rules-Requires-Root: no. -- Fabian Greffrath <email address hidden> Mon, 04 May 2020 22:05:34 +0200
Available diffs
- diff from 2.9.1-1 to 2.9.2-1 (4.5 KiB)
| Published in stretch-release |
faad2 (2.8.0~cvs20161113-1+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2018-20357, CVE-2018-20359, CVE-2018-20197, CVE-2018-20194,
CVE-2018-19503, CVE-2018-20361: multiple memory corruption vulnerabilities
caused by insufficiently sanitized frequency band borders.
* CVE-2018-20358, CVE-2018-20362, CVE-2018-19504, CVE-2018-20195,
CVE-2018-20198: multiple memory corruption vulnerabilities caused by syntax
element inconsistencies (implicit channel mapping reconfiguration).
* CVE-2019-15296: buffer overflow in faad_resetbits.
* CVE-2018-19502: heap based buffer overfow in excluded_channels
(libfaad/syntax.c) (Closes: #914641).
-- Hugo Lefeuvre <email address hidden> Fri, 06 Sep 2019 18:52:19 +0200
faad2 (2.9.1-1) unstable; urgency=medium [ Ondřej Nový ] * Bump Standards-Version to 4.4.1 [ Fabian Greffrath ] * New upstream version 2.9.1 -- Fabian Greffrath <email address hidden> Mon, 04 Nov 2019 16:52:15 +0100
Available diffs
- diff from 2.9.0-1 to 2.9.1-1 (1.1 KiB)
faad2 (2.9.0-1) unstable; urgency=medium [ Ondřej Nový ] * Use debhelper-compat instead of debian/compat [ Fabian Greffrath ] * Ack NMUs, thanks Hugo! * Upstream moved to GitHub, adapt packaging accordingly. * New upstream version 2.9.0. * Remove all patches, applied upstream. * Build reproducibly. * Finish debug symbols package migration. * Bump debhelper-compat to 12. * Bump Standards-Version to 4.4.0. * Add Build-Depends-Package line to the symbols file. -- Fabian Greffrath <email address hidden> Wed, 11 Sep 2019 20:28:04 +0200
Available diffs
- diff from 2.8.8-3.2 to 2.9.0-1 (506.9 KiB)
faad2 (2.8.8-3.2) unstable; urgency=high
* Non-maintainer upload with maintainer's permission.
* debian/patches/gcc-9.patch: Fix build with GCC-9 (thanks Gianfranco
Costamagna for the patch) (Closes: #930363).
-- Hugo Lefeuvre <email address hidden> Sat, 31 Aug 2019 09:11:54 -0400
Available diffs
faad2 (2.8.8-3.1) unstable; urgency=medium
* Non-maintainer upload with maintainer's permission.
* CVE-2019-6956: Buffer over read in the function ps_mix_phase()
(libfaad/ps_dec.c) (Closes: #914641).
* CVE-2018-20196: Stack buffer overflow in the function calculate_gain
(libfaad/sbr_hfadj.c).
* CVE-2018-20199, CVE-2018-20360: NULL pointer dereference in the function
ifilter_bank (libfaad/filtbank.c).
-- Hugo Lefeuvre <email address hidden> Tue, 27 Aug 2019 13:29:39 -0400
Available diffs
faad2 (2.8.8-3) unstable; urgency=high * Team upload. * debian/patches: Cherry-pick patch to fix buffer overflows from VLC. -- Sebastian Ramacher <email address hidden> Fri, 07 Jun 2019 20:07:34 +0200
Available diffs
- diff from 2.8.8-2 to 2.8.8-3 (1.1 KiB)
faad2 (2.8.8-2) unstable; urgency=medium
[ Ondřej Nový ]
* d/copyright: Change Format URL to correct one
* d/control: Set Vcs-* to salsa.debian.org
* d/changelog: Remove trailing whitespaces
[ Felipe Sateler ]
* Change maintainer address to <email address hidden>
[ Ondřej Nový ]
* d/watch: Use https protocol
[ Fabian Greffrath ]
* Backport two patches from upstream to fix CVE-2018-20194 and
CVE-2018-20362, thanks Hugo Lefeuvre.
-- Fabian Greffrath <email address hidden> Wed, 17 Apr 2019 11:50:29 +0200
| Superseded in stretch-release |
faad2 (2.8.0~cvs20161113-1+deb9u1) stretch; urgency=high
* Non-maintainer upload.
* Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255,
CVE-2017-9256, CVE-2017-9257.
Various issues were discovered in faad2, a fast audio decoder, that could
cause a denial of service (large loop and CPU consumption) via a crafted
mp4 file. (Closes: #889915)
-- Markus Koschany <email address hidden> Tue, 01 May 2018 17:49:02 +0200
| Published in jessie-release |
faad2 (2.7-8+deb8u1) jessie; urgency=high
* Non-maintainer upload.
* Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255,
CVE-2017-9256, CVE-2017-9257.
Various issues were discovered in faad2, a fast audio decoder, that could
cause a denial of service (large loop and CPU consumption) via a crafted
mp4 file. (Closes: #889915)
-- Markus Koschany <email address hidden> Tue, 01 May 2018 17:36:53 +0200
faad2 (2.8.8-1) unstable; urgency=medium * New upstream version 2.8.8 -- Fabian Greffrath <email address hidden> Mon, 18 Dec 2017 21:28:02 +0100
Available diffs
- diff from 2.8.6-1 to 2.8.8-1 (11.6 KiB)
faad2 (2.8.6-1) unstable; urgency=medium * New upstream version 2.8.6 -- Fabian Greffrath <email address hidden> Mon, 06 Nov 2017 17:05:46 +0100
Available diffs
- diff from 2.8.5-1 to 2.8.6-1 (3.2 KiB)
faad2 (2.8.5-1) unstable; urgency=medium
* New upstream version 2.8.5
* Remove faad2_version.patch, upstream has changed the
FAAD2_VERSION macro to read 'unknown'.
* Refresh reproducible-build.patch.
* Add the NeAACDecGetVersion@Base symbol to the libfaad2.symbols file,
this function is supposed to be used to get the FAAD2 library
version at runtime.
* Update debian/copyright for recently added or removed source files.
* Bump Standards-Version to 4.1.0.
-- Fabian Greffrath <email address hidden> Sat, 30 Sep 2017 14:29:31 +0200
Available diffs
- diff from 2.8.1-2 to 2.8.5-1 (509.9 KiB)
faad2 (2.8.1-2) unstable; urgency=medium
* Set the FAAD2_VERSION macro back to the version string,
thanks Adrian Bunk (Closes: #868854).
+ In the next upstream release this macro will read "unknown version"
and an API will be provided to retrieve the actual library version
at run-time.
-- Fabian Greffrath <email address hidden> Wed, 02 Aug 2017 20:46:57 +0200
Available diffs
- diff from 2.8.1-1 to 2.8.1-2 (700 bytes)
faad2 (2.8.1-1) unstable; urgency=medium
* New upstream version 2.8.1.
+ Fixes multiple vulnerabilities: CVE-2017-9218,
CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253,
CVE-2017-9254, CVE-2017-9255, CVE-2017-9256,
CVE-2017-9257 (Closes: #867724).
* Update debian/watch file.
* Refresh reproducible-build.patch.
* Remove debian/README.source and debian/gbp.conf files,
they do not apply anymore.
* Bump Standards-Version to 4.0.0.
* Bump debhelper compat to 10.
* Fix vcs-field-uses-insecure-uri lintian warnings.
* Enable all hardening flags.
* Update debian/copyright,
refer to MPL-1.1 in common-licenses.
* Drop obsolete faad2-dbg package.
-- Fabian Greffrath <email address hidden> Mon, 17 Jul 2017 22:25:26 +0200
Available diffs
- diff from 2.8.0~cvs20161113-1 to 2.8.1-1 (32.8 KiB)
faad2 (2.8.0~cvs20161113-1) unstable; urgency=medium
* New upstream CVS snapshot.
+ Fixes implicit SBR detection via AudioSpecificConfig
on systems with unsigned char (Closes: #843173).
* Change Uploaders field to use my Debian account.
-- Fabian Greffrath <email address hidden> Sun, 13 Nov 2016 17:45:15 +0100
Available diffs
faad2 (2.8.0~cvs20150510-1) unstable; urgency=medium
* New upstream CVS snapshot.
+ Does not crash when given ADTS AAC file with large ID3v2 tag anymore,
thanks Mike Crowe for the bug report and patch (Closes: #689712).
+ Does not crash with the Mayhem testcase anymore, thanks Alexandre Rebert
for the bug report (Closes: #715882).
* Add debian/README.source to document how the Debian source tarball was
created and force xz compression in debian/gbp.conf.
* Remove all patches that were either applied, solved differently or
disapproved upstream:
+ autotools-compat.patch: Disapproved upstream.
+ noinst-mp4ff.patch: Applied upstream.
+ manpage.patch: Applied upstream.
+ incorrect_pointer_size.patch: Does not apply anymore.
+ bpa-stdin.patch: Applied upstream.
+ path_max.patch: Applied upstream.
+ fix_ftbfs_with_gcc4.5.patch: Disapproved upstream.
+ symbol-visibility.patch: Does not apply anymore.
+ libfaad-drm.patch: Applied upstream.
* Ship upstream's own frontend and API documentation manpages.
* Update Debian packaging copyright years.
* Remove '__DATE__' CPP macro for reproducible builds.
-- Fabian Greffrath <email address hidden> Mon, 11 May 2015 13:59:49 +0200
Available diffs
- diff from 2.7-9 to 2.8.0~cvs20150510-1 (348.4 KiB)
faad2 (2.7-9) unstable; urgency=medium
* Build the DRM version of the library as well as the normal version,
thanks Julian Cable for the idea and the patch!
* Remove Andres Mejia from Uploaders (Closes: #743545).
* Remove "DM-Upload-Allowed" field from debian/control.
* Mark the faad2-dbg package as "Multi-Arch: same" and
remove faad ("Multi-Arch: no") from its Dependencies.
* Remove debian/source/local-options, they are default now.
* Add faad.lintian-overrides for a spelling error that is used
in the id3 specification.
* Fix "vcs-field-not-canonical" lintian warning.
* Fix "'visibility' attribute ignored on non-class types" compiler warnings
introduced by our symbol versioning patch.
* Fix most autotools warnings.
* Bump "Standards-Version" to 3.9.6.
* Run "wrap-and-sort -asb".
* Add extensive API documentation in libfaad.3, courtesy of Julian Cable.
-- Fabian Greffrath <email address hidden> Thu, 30 Apr 2015 18:04:42 +0200
Available diffs
- diff from 2.7-8 to 2.7-9 (7.0 KiB)
| Superseded in stretch-release |
| Superseded in jessie-release |
| Published in wheezy-release |
| Superseded in sid-release |
faad2 (2.7-8) unstable; urgency=low
[ Fabian Greffrath ]
* debian/patches/path_max.patch:
+ Dynamically allocate file name buffers,
instead of relying on PATH_MAX.
* Set appropriate symbol visibility attributes.
* Rebuild autofoo with dh-autoreconf.
* Add debian/libfaad2.symbols file.
* Multi-Archify.
* Remove redundant license blurb from debian/copyright.
* libmp4ff ist not packaged, so do not install it either.
* Simplify debian/*.install accordingly.
[ Andres Mejia ]
* Make dev package multiarch installable.
* Bump to Standards-Version 3.9.3.
-- Andres Mejia <email address hidden> Sun, 18 Mar 2012 09:07:55 -0400
Available diffs
- diff from 2.7-7 to 2.7-8 (3.5 KiB)
faad2 (2.7-7) unstable; urgency=low
[ Andres Mejia ]
* Update to my @debian.org email.
* Update gbp.conf.
[ Reinhard Tartler ]
* Update Vcs-Browser field
* bump standards version (no changes needed)
[ Fabian Greffrath ]
* Convert to 3.0 (quilt) source format.
* Re-enable two patches that got lost in the 2.7-6 upload:
- debian/patches/bpa-stdin.patch
+ Apply SqueezeCenter patches from FreeBSD that enable streaming with
BBCiPlayer and ezstream (LP: #470562).
- debian/patches/path_max.patch
+ Extend file name buffers for longer path names (LP: #475050).
* Merge patch from 2.7-6ubuntu1:
- debian/patches/fix_ftbfs_with_gcc4.5.patch
+ Correctly declare lrintf in libfaad/common.h to avoid a conflict of
declaration in mathcalls.h to fix FTBFS on i386
* Improve debian/copyright.
-- Fabian Greffrath <email address hidden> Wed, 03 Aug 2011 14:19:49 +0200
faad2 (2.7-6) unstable; urgency=high
[ Alessio Treglia ]
* Fix segmentation fault in faad due to an incorrect pointer size
(Closes: #603807, LP: #665802).
* Add gbp config file.
[ Andres Mejia ]
* Revert changes in 2.7-5. Upload of 2.7-5 was unintentionally done.
* Refresh patches.
-- Andres Mejia <email address hidden> Mon, 22 Nov 2010 19:17:36 -0500
faad2 (2.7-5) unstable; urgency=low
* Update my e-mail address.
* Apply SqueezeCenter patches from FreeBSD that enable streaming with
BBCiPlayer and ezstream (LP: #470562).
* Extend file name buffers for longer path names (LP: #475050).
-- Fabian Greffrath <email address hidden> Mon, 16 Aug 2010 16:43:14 +0200
faad2 (2.7-4) unstable; urgency=low
* debian/control: Do not build the shared libmp4ff library packages
anymore (Closes: #550679).
* Removed debian/patches/force-include-stdint_h.patch.
* Removed debian/patches/libmp4ff-shared-lib.patch.
* Removed debian/patches/70_automake-1.9.patch.
* Added debian/README.source.
* Bumped Standards-Version to 3.8.3.
* Raised Build-Depends to debhelper (>= 7.0.50~), thanks lintian.
* Removed debian/libmp4ff-dev.install and debian/libmp4ff0.install.
* Removed libmp4ff0 from Depends for faad2-dbg.
-- Fabian Greffrath <email address hidden> Mon, 26 Oct 2009 12:04:41 +0100
faad2 (2.7-2) unstable; urgency=low * upload to unstable. -- Reinhard Tartler <email address hidden> Wed, 16 Sep 2009 21:07:45 +0200
| Deleted in experimental-release (Reason: None provided.) |
faad2 (2.7-1) experimental; urgency=low
[ Andres Mejia ]
* New upstream release. (Closes: #515072)
* Verified all patches are either applied upstream, or a different
implementation is used.
+ (Closes: #505901)
+ (Closes: #503657)
* Switch to quilt.
* Add -DPIC for CFLAGS.
* Don't include dpatch.make in debian/rules.
* Update watch file to default DEHS would use.
* Bump to using debhelper 7.
* Use quilt (>= 0.46-7).
* Update control file.
* Add DM-Upload-Allowed: yes field.
* Don't include dummy package anymore.
* Add in description for libfaad2 that it contains shared library.
* Move libfaad-dev to the front to be 'default' package debhelper acts
on.
* Add ${misc:Depends} for all packages. Remove libc dev packages from
Depends.
* Add debug packages. (Closes: #516680)
* Rewrite debian/rules to use new debhelper and quilt.
* Rename <package>.files to <package>.install. Be more specific what
to include in libfaad-dev. Also include .install files for other packages.
* Add libmp4ff-dev package.
* Don't include version for rename of libfaad package. Place all debug
symbols for binary packages in faad2-dbg.
* Modify description for libmp4ff-dev.
* Update address to FSF in debian/copyright.
* Fix hyphen in manpage. Fixes lintian warning as well.
* Patch faad2 to create a shared lib for libmp4ff. (Closes: #485373)
* Allow to pass in more CFLAGS via DEB_CFLAGS.
* Add in DRM (Digital Radio Mondiale) support.
* Add Build-Depends of automake, autoconf, and autotools-dev.
[ Fabian Greffrath ]
* Add myself to Uploaders.
* Clean up Build-Depends: libid3-dev was only needed for the obsolete
XMMS plugin, autotools stuff shouldn't be needed at all.
* Untagle library file names in the install rules.
* Revert overriding of CFLAGS, dpkg-buildpackage will choose
appripriate settings. Revert running the entire autoreconf sequence
before calling ./configure. Build without DRM support, it has proven
to break base functionality.
* Clean up watch file.
* Make faad2-dbg and libmp4ff-dev depend on libmp4ff0.
* Improve short description for the libmp4ff\* packages.
* debian/patches/70_automake-1.9.patch: New patch, run automake-1.9 to
regenerate Makefile.in with the changes introduced by
debian/patches/libmp4ff-shared-lib.patch.
* Do not ship .la files in the development packages.
* Add reasonable defaults to CFLAGS/CXXFLAGS.
-- Fabian Greffrath <email address hidden> Wed, 03 Jun 2009 11:02:00 +0200
faad2 (2.6.1-3.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Include upstream patch to fix heap overflow in the frontend code
(Closes: #499899)
-- Steffen Joeris <email address hidden> Fri, 26 Sep 2008 12:02:35 +0000
| 1 → 32 of 32 results | First • Previous • Next • Last |
