libsndfile (1.0.28-6+deb10u2) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2021-4156 heap out-of-bounds read -- Thorsten Alteholz Thu, 29 Sep 2022 19:03:02 +0200 libsndfile (1.0.28-6+deb10u1) buster-security; urgency=medium * CVE-021-3246 (Closes: #991496) -- Moritz Mühlenhoff Fri, 30 Jul 2021 00:14:25 +0200 libsndfile (1.0.28-6) unstable; urgency=medium * Backported fix for out-of-bound reading (CVE-2019-3832) (Closes: #922372) -- IOhannes m zmölnig (Debian/GNU) Fri, 08 Mar 2019 20:35:07 +0100 libsndfile (1.0.28-5) unstable; urgency=medium [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org * d/changelog: Remove trailing whitespaces [ Felipe Sateler ] * Change maintainer address to debian-multimedia@lists.debian.org [ IOhannes m zmölnig (Debian/GNU) ] * Normalize patches with 'gbp pq' * Add patch to fix buffer overflows in alaw/ulaw code (CVE-2018-19661, CVE-2018-19662, CVE-2017-17456 and CVE-2017-17457). Thanks to Hugo Lefeuvre (Closes: #884735) * Patch to fix division by zero (CVE-2017-14634) Thanks to Fabian Greffrath (Closes: #876783) * Patch to fix heap read overflow (CVE-2018-19758) Thanks to Erik de Castro Lopo (Closes: #917416) * Patch to ensure that maxnum channels is not exceeded. Thanks to Brett T. Warden * Declare that "root" is not required to build this package * Removed whitespace at end of d/changelog * Bumped dh compat to 12 * Bump standards version to 4.3.0 -- IOhannes m zmölnig (Debian/GNU) Tue, 12 Feb 2019 15:59:58 +0100 libsndfile (1.0.28-4) unstable; urgency=medium * Moved maintainance to pkg-multimedia team * Made examples buildable (and build reproducible) * Dropped doubly installed docs * Dropped B-D on autotools-dev * Bumped standards version to 4.0.1 -- IOhannes m zmölnig (Debian/GNU) Thu, 17 Aug 2017 14:21:33 +0200 libsndfile (1.0.28-3) unstable; urgency=medium * Backported heap-overflow fix from upstream. -- IOhannes m zmölnig (Debian/GNU) Wed, 12 Jul 2017 23:22:54 +0200 libsndfile (1.0.28-2) unstable; urgency=medium * Backported fixes for RF64 support on armel/armhf (Closes: #865344) -- IOhannes m zmölnig (Debian/GNU) Tue, 20 Jun 2017 21:35:50 +0200 libsndfile (1.0.28-1) unstable; urgency=medium * New upstream version 1.0.28 * d/patches/ * Removed patches applied upstream * Refreshed patches * Backported patch for fixing CVE-2017-6892 (Closes: #864704) * Fixed more typos * d/control: single line per Depends * Switched packaging to shorthand dh * Build automatic debug packages * Dropped setting of DEB_*_GNU_TYPE and friends * Raised debhelper compat to 10 * Dropped B-D on dh-autoreconf * B-D on autotools-dev * Use DEP5 for d/copyright * Bumped standards version to 4.0.0 * -- IOhannes m zmölnig (Debian/GNU) Tue, 20 Jun 2017 15:03:55 +0200 libsndfile (1.0.27-3) unstable; urgency=medium * Mentioned CVEs fixed by fix_bufferoverflows.patch (CVE-2017-7741, CVE-2017-7586, CVE-2017-7585) * Backported patch for error handling of malicious/broken FLAC files (CVE-2017-7742, CVE-2017-7741, CVE-2017-7585) (Closes: #860255) * Backported patch to fix buffer read overflow in FLAC code (CVE-2017-8362) (Closes: #862204) * Backported patches to fix memory leaks in FLAC code (CVE-2017-8363) (Closes: #862203) * Backported patch to fix buffer overruns in FLAC-code (CVE-2017-8365, CVE-2017-8363, CVE-2017-8361) (Closes: #862205, #862203, #862202) * Added Vcs-* stanzas to d/control -- IOhannes m zmölnig (Debian/GNU) Sun, 28 May 2017 22:52:39 +0200 libsndfile (1.0.27-2) unstable; urgency=medium * Backported fixes for buffer-write overflows from 1.0.28. Thanks to Erik de Castro Lopo * Added myself to uploaders -- IOhannes m zmölnig (Debian/GNU) Tue, 04 Apr 2017 15:33:45 +0200 libsndfile (1.0.27-1) unstable; urgency=low [ Erik de Castro Lopo ] * debian/patches : Drop un-needed patches. * debian/control : Standards version 3.9.8. * debian/copyright : Fix typo. * libsndfile1.symbols : Add new symbols. * Drop man pages that are now in upstream package. [ IOhannes m zmölnig ] * debian/patches : - Fix spelling errors. * debian/rules : - Drop deprecated inclusion of hardening-includes. - Disable silent builds. -- Erik de Castro Lopo Wed, 5 Oct 2016 22:32:40 +0200 libsndfile (1.0.25-10) unstable; urgency=low * debian/patches : - Add 02_sd2_buffer_read_overflow.diff (CVE-2014-9496, closes: #774162). - Add 03_file_io_divide_by_zero.diff (CVE-2014-9756, closes: #804447). - Add 04_fix_aiff_heap_overflow.diff (CVE-2015-7805, closes: #804445). * Install sndfile-salvage binary and man page. * debian/control: Standards version 3.9.6. No changes needed. -- Erik de Castro Lopo Tue, 10 Nov 2015 20:36:47 +1100 libsndfile (1.0.25-9) unstable; urgency=low * debian/rules: Switch from autotools-dev to dh-autoreconf. * debian/control Standards-Version 3.9.5. -- Erik de Castro Lopo Wed, 29 Jan 2014 18:21:13 +1100 libsndfile (1.0.25-8) unstable; urgency=low [Wookey ] * Ensure config.sub/guess are up to date (Closes: #732346). [Erik de Castro Lopo] * debian/control: - Standards version 3.9.4. No changes needed. - Set 'Multi-Arch: same' for -dbg package. -- Erik de Castro Lopo Tue, 17 Dec 2013 21:18:40 +1100 libsndfile (1.0.25-7) unstable; urgency=low * debian/control debian/rules Create -dbg versions of libsndfile1 and sndfile-programs binary packages. -- Erik de Castro Lopo Sat, 13 Jul 2013 18:48:35 +1000 libsndfile (1.0.25-6) unstable; urgency=low * debian/patches/01_sd2_rsrc_segfault.diff : Patch from upstream git. * debian/rules : Remove cruft at end of ifeq line. * debian/control : Remove DM-Upload-Allowed which no longer works. -- Erik de Castro Lopo Fri, 28 Jun 2013 17:39:23 +1000 libsndfile (1.0.25-5) unstable; urgency=low * debian/libsndfile1-dev: Do not install libsndfile.la (Closes: #670420). * debian/control: Standards version 3.9.3. No changes needed. -- Erik de Castro Lopo Mon, 18 Jun 2012 19:22:57 +1000 libsndfile (1.0.25-4) unstable; urgency=low * Patch from Moritz Muehlenhoff enabling harden build flags (Closes: #654831). -- Erik de Castro Lopo Fri, 6 Jan 2012 21:19:17 +1100 libsndfile (1.0.25-3) unstable; urgency=low * Patch from Steve Langasek to enable multiarch (Closes: #637585). -- Erik de Castro Lopo Sat, 13 Aug 2011 09:01:35 +1000 libsndfile (1.0.25-2) unstable; urgency=low * debian/control: Use linux-any dpkg architecture wildcard (Closes: #634492). -- Erik de Castro Lopo Tue, 19 Jul 2011 18:40:14 +1000 libsndfile (1.0.25-1) unstable; urgency=low * New upstream. * debian/control: Update standards version (no changes needed). * debian/rules: Add build-indep and build-arch targets. -- Erik de Castro Lopo Mon, 18 Jul 2011 20:06:57 +1000 libsndfile (1.0.24-1) unstable; urgency=low * New upstream. -- Erik de Castro Lopo Wed, 23 Mar 2011 20:50:15 +1100 libsndfile (1.0.23-1) unstable; urgency=low * New upstream (Closes: #599145, #545257). -- Erik de Castro Lopo Sun, 10 Oct 2010 18:31:15 +1100 libsndfile (1.0.22-1) unstable; urgency=low * New upstream. * Remove debian/patches/01kfreebsd_symbols.diff (already in upstream). * Remove debian/patches/02flac_zero_len.diff (already in upstream). * debian/control : - Remove build-dep on autoconf and automake. - Standard version 3.9.1. -- Erik de Castro Lopo Mon, 4 Oct 2010 12:28:26 +1100 libsndfile (1.0.21-3) unstable; urgency=low * Add patch 02flac_zero_len.diff to make FLAC handler work on files of unknown length (FLAC metadata says 0 frames). (Closes: #590752). * debian/control : Standards version 3.9.0. -- Erik de Castro Lopo Mon, 2 Aug 2010 19:28:17 +1000 libsndfile (1.0.21-2) unstable; urgency=low * Patch configure.ac to generate symbols file for kfreebsd (Closes: 561086). * debian/control : Add build-dep on autoconf and automake (for autoreconf). * debian/rules : Run autoreconf before configure. -- Erik de Castro Lopo Tue, 15 Dec 2009 20:59:14 +1100 libsndfile (1.0.21-1) unstable; urgency=low * New upstream. * debian/rules : - Remove old man pages which are now in upstream package. - Remove old patches now in usptream. - sndfile-programs now recommends sndfile-tools. * debian/control : Updated long desription for sndfile-programs. -- Erik de Castro Lopo Mon, 14 Dec 2009 20:12:32 +1100 libsndfile (1.0.20-3) unstable; urgency=low * debian/rules : - Man pages belong to sndfile-programs. (Closes: #549972). - Make sure that test suite failures are not ignored. -- Erik de Castro Lopo Wed, 7 Oct 2009 06:56:20 +1100 libsndfile (1.0.20-2) unstable; urgency=low * debian/control : - New maintainer (Closes: #546787). - Add DM-Upload-Allowed yes. - Standards-Version: 3.8.3. - Depend on libvorbis >= 1.2.3. Version 1.2.0 gives weird results on some arches (eg PPC, MIPS) (Closes: #518037). * debian/copyright : - Add missing license info (Closes: #532448). * debian/rules : - Clear dependency_libs field of libsndfile.la (Closes: #539889). * debian/patches/ debian/rules debian/control : - Use quilt instead of dpatch. * Add file debian/README.source * Add patch debian/patches/02man_sndfile_convert.diff to fix man page lintian warning. * Add three new manpages. -- Erik de Castro Lopo Tue, 6 Oct 2009 21:34:58 +1100 libsndfile (1.0.20-1) unstable; urgency=low * New upstream release. * Fixes potential heap overflows on VOC and AIFF files, closes: #528650. -- Samuel Mimram Tue, 19 May 2009 09:13:56 +0200 libsndfile (1.0.19-2) unstable; urgency=low * Ignore failures of check since it causes too many false negatives, closes: #518037, #519338. * Update standards version to 3.8.1. -- Samuel Mimram Mon, 16 Mar 2009 09:44:42 +0100 libsndfile (1.0.19-1) unstable; urgency=low * New upstream release. - Adds back flac support, closes: #517224. -- Samuel Mimram Tue, 03 Mar 2009 09:36:10 +0100 libsndfile (1.0.18-2) unstable; urgency=low * Add missing build-dependencies on pkg-config and libvorbis-dev. -- Samuel Mimram Tue, 17 Feb 2009 19:21:03 +0100 libsndfile (1.0.18-1) unstable; urgency=low * New upstream release. - Corrected error messages in libsndfile, closes: #481833. * Removed flac-1.1.4.dpatch and overflow.dpatch, integrated upstream. * Updated lossy_comp_test-overflow.dpatch and sndfile-play-kfreebsd.dpatch. * Updated compat to 7. * Updated standards version to 3.8.0. * Put homepage in headers instead of description. -- Samuel Mimram Mon, 16 Feb 2009 10:13:44 +0100 libsndfile (1.0.17-4) unstable; urgency=low * Added overflow.dpatch to fix a possible heap-based buffer overflow (CVE-2007-4974), closes: #443386. -- Samuel Mimram Thu, 20 Sep 2007 23:40:17 +0000 libsndfile (1.0.17-3) unstable; urgency=low * Version dependencies on libflac-dev, closes: #431140. -- Samuel Mimram Sat, 30 Jun 2007 17:05:38 +0200 libsndfile (1.0.17-2) unstable; urgency=low * Added flac-1.1.4.dpatch to adapt to the new FLAC API, closes: #426676. * Don't build-depend on libasound2-dev on hurd, closes: #426795. -- Samuel Mimram Fri, 15 Jun 2007 12:41:00 +0200 libsndfile (1.0.17-1) unstable; urgency=low * Adopting the package, closes: #418082. * New upstream release, closes: #407635. * Big-endian architectures should now correctly be handled by sndfile-play, closes: #350807. * Using dpatch to handle patches. * Added lossy_comp_test-overflow.dpatch to prevent a possible overflow in the tests when compiled with gcc 4.2, closes: #362414. * Added sndfile-play-kfreebsd.dpatch to make sndfile-play work on kfreebsd, closes: #376525. -- Samuel Mimram Sat, 07 Apr 2007 13:07:14 +0200 libsndfile (1.0.16-1) unstable; urgency=low * New upstream release * Update standards version (no changes required) -- Anand Kumria Mon, 3 Jul 2006 20:24:54 +1000 libsndfile (1.0.15-3) unstable; urgency=low * Depend on libasound2-dev so we use ALSA for the example programs rather than (potentially) using OSS. Should fix #350807 but I'll wait until the reporter confirms this before closing. -- Anand Kumria Mon, 24 Apr 2006 22:21:00 +1000 libsndfile (1.0.15-2) unstable; urgency=medium * Pull changes from 1.0.16pre1 for src/aiff.c so we can build on m68k (Closes: #359325) -- Anand Kumria Wed, 29 Mar 2006 23:07:45 +1100 libsndfile (1.0.15-1) unstable; urgency=low * New upstream release * Fix ia64 compilation issues (and possible ARM and m68k) * Add RIFX support -- Anand Kumria Fri, 17 Mar 2006 11:32:16 +1100 libsndfile (1.0.14-1) unstable; urgency=low * New upstream release -- Anand Kumria Tue, 21 Feb 2006 22:20:26 +1100 libsndfile (1.0.13-1) unstable; urgency=low * New upstream release * Add reading/writing of instrument chunks to WAV and AIFF files * Support G721 / G610 coded WAV files -- Anand Kumria Mon, 23 Jan 2006 08:35:00 +1100 libsndfile (1.0.12-3) unstable; urgency=medium * Add dependancy on libflac-dev to libsndfile1-dev (Closes: #332591) -- Anand Kumria Sat, 8 Oct 2005 14:32:56 +1000 libsndfile (1.0.12-2) unstable; urgency=low * Depend on libflac7 (Closes: #331040) -- Anand Kumria Sat, 01 Oct 2005 20:15:28 +1000 libsndfile (1.0.12-1) unstable; urgency=low * New upstream release * Upstream has updated config.sub/config.guess (Closes: #328147) * Upstream now supports Ogg Flac, so depend on libflac-dev * Update to standards version 3.6.2.1 -- Anand Kumria Fri, 30 Sep 2005 15:57:54 +1000 libsndfile (1.0.11-1) unstable; urgency=low * New upstream release -- Anand Kumria Sun, 17 Jul 2005 01:00:59 +1000 libsndfile (1.0.10-2) unstable; urgency=medium * Patch from upstream to correct flaw in sndfile-progs * Corrects sndfile-convert (closes: #271999) -- Anand Kumria Sat, 18 Sep 2004 04:33:42 +1000 libsndfile (1.0.10-1) unstable; urgency=low * New upstream release * Slightly different patch from upstream to correct #253490 * bugfixes to AIFF/WAV read/write * hardier testsuite * 1.0.9 were accidently uploaded as Debian native. Fix that. -- Anand Kumria Thu, 17 Jun 2004 00:05:56 +1000 libsndfile (1.0.9-2) unstable; urgency=low * Apply patch from Andreas Jochens to correctly cast to size_t various arguments (closes: #253490) -- Anand Kumria Wed, 16 Jun 2004 23:41:36 +1000 libsndfile (1.0.9-1) unstable; urgency=low * New upstream release (closes: #252770) -- Anand Kumria Sun, 6 Jun 2004 00:11:41 +1000 libsndfile (1.0.8-1) unstable; urgency=low * New upstream release -- Anand Kumria Sun, 28 Mar 2004 17:04:57 +1000 libsndfile (1.0.7-1) unstable; urgency=medium * New upstream releasea * detects how the CPU clips and acts appropriately. (closes: #233970) -- Anand Kumria Sat, 28 Feb 2004 05:36:42 +1100 Libsndfile (1.0.6-1) unstable; urgency=low * New upstream release (closes: #223940) * New maintainer (thanks Joshua!) * Provide virtual package libsndfile-dev (closes: #200931) -- Anand Kumria Sun, 15 Feb 2004 00:52:53 +1100 libsndfile (1.0.4-3) unstable; urgency=low * Oops; forgot section change from devel to libdevel -- Joshua Haberman Sun, 27 Apr 2003 21:42:49 +0000 libsndfile (1.0.4-2) unstable; urgency=low * Fix from upstream to fix string_test from 'make check' on m68k (closes: #180377) -- Joshua Haberman Sun, 27 Apr 2003 21:22:28 +0000 libsndfile (1.0.4-1) unstable; urgency=low * New upstream release -- Joshua Haberman Sat, 8 Feb 2003 23:14:17 +0000 libsndfile (1.0.3-1) unstable; urgency=low * New upstream release - "make check" should no longer fail on Alpha - "make check" should no longer fail on ia64 (closes: #161090) -- Joshua Haberman Sun, 8 Dec 2002 23:56:03 -0800 libsndfile (1.0.2-1) unstable; urgency=low * New upstream release - "make check" should no longer fail on ARM (closes: #168424) - though progress has been made on the ia64 problems, they have not been fully resolved, so I am not closing #161090. - interfaces have been added, (new sf_command SFC_GET_FORMAT_INFO) so I am bumping the shlibs version to (>= this release) -- Joshua Haberman Sun, 1 Dec 2002 21:08:51 -0800 libsndfile (1.0.0-1) unstable; urgency=low * New upstream release (closes: #144821, #144897) - The bump in sonumber makes for new binary packages libsndfile1 and libsndfile1-dev * New maintainer, with blessings from previous maintainer and upstream * The -dev package now uses and depends on pkg-config instead of including a separate program 'sndfile-config' * Associated programs 'sndfile-info' and 'sndfile-play' moved to separate package 'sndfile-programs' * DH_COMPAT=4 * Standards-Version: 3.5.6.1 -- Joshua Haberman Sat, 8 Jun 2002 19:56:23 -0700 libsndfile (0.0.26-1.1) unstable; urgency=high * NMU with permission of Hwei Sheng Teoh. * Added a build conflict with automake. (closes: #120218) -- Adrian Bunk Fri, 7 Dec 2001 09:24:43 +0100 libsndfile (0.0.26-1) unstable; urgency=low * New upstream release * Merged fixes by Jeff Licquia : - Added Build-Depends on debhelper. Closes: #104308. - Use autoconf endian test instead of the silly architecture lists. - Fixed build problem w/ CAN_READ_WRITE_x86_IEEE on ia64 and arm. Closes: #105136. -- Hwei Sheng Teoh Mon, 22 Oct 2001 19:31:32 -0400 libsndfile (0.0.22-2.1) unstable; urgency=low * Run libtoolize to get support for new architectures. Closes: #95080 -- LaMont Jones Mon, 9 Jul 2001 21:39:34 -0600 libsndfile (0.0.22-2) unstable; urgency=low * Changed documention section of libsndfile-dev to "Programming" (Closes: #79458). -- Hwei Sheng Teoh Wed, 13 Dec 2000 10:29:13 -0500 libsndfile (0.0.22-1) unstable; urgency=low * New upstream release -- Hwei Sheng Teoh Wed, 6 Dec 2000 09:09:51 -0500 libsndfile (0.0.21-2) unstable; urgency=low * Fixed: missing section lines in debian/control for libsndfile0 * Removed questionable text about MP3's from package description. -- Hwei Sheng Teoh Mon, 4 Sep 2000 17:00:41 -0400 libsndfile (0.0.21-1) unstable; urgency=low * Initial Release. * Converted to DH_COMPAT=2. Not sure why dh_make defaults to DH_COMPAT=1 even in the pristine source tree (is this a bug in debhelper?) * Fixed debian/rules to properly produce changelogs in binary packages -- Hwei Sheng Teoh Mon, 28 Aug 2000 12:41:14 -0400