-
audiofile (0.3.3-2ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
- Apply patches backported from Debian 0.3.6-4:
+ 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
+ 05_Always-check-the-number-of-coefficients.patch
+ 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
+ 07_Check-for-multiplication-overflow-in-sfconvert.patch
+ 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
+ 09_Actually-fail-when-error-occurs-in-parseFormat.patch
+ 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
- CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
CVE-2017-6839
* debian/patches/sfconvert_error_handling.patch: improve sfconvert error
handling so we can test the reproducers.
-- Marc Deslauriers <email address hidden> Wed, 22 Mar 2017 10:39:00 -0400
-
audiofile (0.3.3-2ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: buffer overflow when changing both sample format and
number of channels (LP: #1502721)
- debian/patches/CVE-2015-7747.patch: don't corrupt files in
libaudiofile/modules/ModuleState.cpp, added test to test/Makefile.am,
test/sixteen-stereo-to-eight-mono.c.
- CVE-2015-7747
-- Marc Deslauriers <email address hidden> Tue, 20 Oct 2015 08:57:52 -0400
-
audiofile (0.3.3-2) unstable; urgency=low
* Move sfinfo and sfconvert tools into a new audiofile-tools package;
thanks to Jakub Wilk for having reported this (Closes: #656883).
- The utilities provided by audiofile-tools are not needed
by the shared library to work properly, so there's no
need to set a Multi-Arch: foreign field.
-- Alessio Treglia <email address hidden> Sun, 22 Jan 2012 20:50:31 +0100
-
audiofile (0.3.2-0ubuntu4) precise; urgency=low
* Build for Multiarch. (LP: #900153, Debian #651029)
-- Benjamin Kerensa <email address hidden> Mon, 05 Dec 2011 01:18:41 +0000
-
audiofile (0.3.2-0ubuntu3) precise; urgency=low
* No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
-- Adam Conrad <email address hidden> Fri, 02 Dec 2011 17:39:40 -0700
-
audiofile (0.3.2-0ubuntu2) precise; urgency=low
* debian/libaudiofile0.symbols, debian/rules:
- Guh, C++ symbols files are hard to get right. Drop it and use
strict -V for dh_makeshlibs. Fixes FTBFS on amd64.
-- Michael Terry <email address hidden> Fri, 02 Dec 2011 10:06:58 -0500
-
audiofile (0.3.2-0ubuntu1) precise; urgency=low
* New upstream release, which fixes FTBFS on powerpc (LP: #894824)
* debian/patches:
- Drop all patches, they are upstreamed or obsolete
* debian/control:
- Add libasound2-dev as a build-dep for an example program
* debian/libaudiofile-dev.install:
- audiofile.m4 is no longer shipped by upstream
* debian/libaudiofile0.symbols:
- Update for new C++ library
* debian/rules:
- Drop our explicitly enabled LFS since upstream enables it by
default now
-- Michael Terry <email address hidden> Fri, 02 Dec 2011 09:37:08 -0500
-
audiofile (0.2.7-0.1ubuntu1) precise; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/rules: Explicitly enable LFS (Debian bug 562677).
audiofile (0.2.7-0.1) unstable; urgency=low
* Non-maintainer upload.
* New upstream release (Closes: #586686):
- Fix decoding of multi-channel ADPCM WAVE files.
- Reduce unshared data in library.
- Fix handling of audio files with more than 2^24 frames.
- Add support for writing double-precision floating-point WAVE files.
- Add support for reading certain uncompressed AIFF-C files created by
Mac OS X.
- Write fact chunk in floating-point WAVE files.
A big 'thank you!' goes to the upstream author Michael Pruett for
the great help.
* Switch packaging to source format 3.0 (quilt).
* Switch to DH 7 short-form:
- Add ${misc:Depends} to packages' Depends fields.
* Convert patches to the quilt format and then:
- 10_update_docs: adopted upstream.
- 10_update_libtool: not needed anymore as DH's autotools_dev add-on is
used now
- 10_export_vfs: applied upstream.
- 10_pack_real_char3: refresh'd.
- 10_incorrect_wav_size: applied upstream.
- 10_au_length_unspecified: refresh'd.
- 10_support_nonstandard_aiffc: adopted upstream.
- 10_sfinfo_no_options: refresh'd.
- 10_sfconvert_add_nist_support: applied upstream.
- 10_warning_fixes: applied upstream.
- 10_m4_quoting_fix: applied upstream.
- 10_include_audiofile_in_af_vfs: refresh'd.
- 10_pkgconfig_privlibs: dropped to avoid FTBFS with new toolchain.
- 10_float_size_calculation_fix: refresh'd.
- 20_exports_vpath_fix{,up}: applied upstream.
- 22_CVE-2008-5824: superseded upstream.
* Strip unneeded *.la files from -DEV package.
* Add symbols file.
* Add watch file.
* Add Homepage.
* Improve libaudiofile0-dbg's short description, fix Lintian's
duplicate-short-description warning.
* Fix Lintian's "binary-control-field-duplicates-source field" warning.
* Update debian/copyright.
* Bump Standards.
-- Michael Terry <email address hidden> Fri, 21 Oct 2011 14:36:09 -0400
-
audiofile (0.2.6-8ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes:
- debian/rules: Explicitly enable LFS (Debian bug 562677).
audiofile (0.2.6-8) unstable; urgency=low
* Added patches:
+ [10_float_size_calculation_fix] New.
Fix incorrect calculation of WAV sizes due to rounding errors.
Patch thanks to Thomas Eschenbacher. Closes: #443888
* debian/compat, debian/rules: No longer set debhelper compat level from
rules file.
* debian/control: Move dbg package to section debug, priority extra.
* debian/control: Replace Source-Version substitutions with
binary:Version.
* debian/control: Complies with version 3.8.3 of Debian policy.
* debian/README.source: Refer to dpatch documentation.
audiofile (0.2.6-7.1) unstable; urgency=medium
* Non-maintainer upload by the Security Team.
* CVE-2008-5824: Fix buffer overflow when decompressing MS ADPCM .wav files
(closes: #510205).
-- Kees Cook <email address hidden> Sat, 26 Dec 2009 13:19:40 -0800
