libvpx (1.12.0-1+deb12u3) bookworm-security; urgency=medium
* Non-maintainer upload.
* CVE-2024-5197: Integer overflows
-- Adrian Bunk <bunk@debian.org> Thu, 20 Jun 2024 13:01:27 +0300
libvpx (1.12.0-1+deb12u2) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix bug with smaller width bigger size (CVE-2023-44488)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 01 Oct 2023 17:26:47 +0200
libvpx (1.12.0-1+deb12u1) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* encode_api_test: add ConfigResizeChangeThreadCount
* VP8: disallow thread count changes (CVE-2023-5217) (Closes: #1053182)
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 28 Sep 2023 22:55:08 +0200
libvpx (1.12.0-1) unstable; urgency=medium
* Team upload
* New upstream version 1.12.0
* debian/control: Bump Standards-Version
* debian/libvpx7.symbols: Bump minimal version of symbols doing version checks
-- Sebastian Ramacher <sramacher@debian.org> Sat, 09 Jul 2022 15:20:25 +0200
libvpx (1.11.0-2) unstable; urgency=medium
* Team upload
* Upload to unstable
-- Sebastian Ramacher <sramacher@debian.org> Sun, 24 Oct 2021 17:08:21 +0200
libvpx (1.11.0-1) experimental; urgency=medium
* Team upload
[ Jakub Adam ]
* Enable VP9 high bit depth (10/12) profiles.
[ Sebastian Ramacher ]
* New upstream version 1.11.0
* SONAME bump: libvpx6 -> libvpx7
* debian/control: Remove incorrect MA: foreign from vpx-tools
-- Sebastian Ramacher <sramacher@debian.org> Sun, 10 Oct 2021 22:18:17 +0200
libvpx (1.10.0-2) unstable; urgency=medium
* debian/: Relax ABI version check and bump minimum version for init
functions
-- Sebastian Ramacher <sramacher@debian.org> Tue, 31 Aug 2021 08:59:02 +0200
libvpx (1.10.0-1) unstable; urgency=medium
* Team upload
[ Debian Janitor ]
* Set upstream metadata fields: Repository, Repository-Browse.
* Remove constraints unnecessary since buster
[ Sebastian Ramacher ]
* New upstream release
* debian/control:
- Bump Standards-Version
- Drop obsolete Pre-Depends
* debian/rules: Do not install README and AUTHORS
-- Sebastian Ramacher <sramacher@debian.org> Tue, 24 Aug 2021 22:56:11 +0200
libvpx (1.9.0-1) unstable; urgency=medium
* Team upload
* New upstream release (Closes: #976835)
* debian/watch: versionmangle for RC releases
* debian/control:
- Bump Standards-Version
- Remove unneeded ${shlibs:Depends} from libvpx-dev
- Bump debhelper compat to 13
- Set RRR: no
* debian/rules: Use /usr/share/dpkg/architecture.mk
-- Sebastian Ramacher <sramacher@debian.org> Tue, 08 Dec 2020 18:02:59 +0100
libvpx (1.8.2-1) unstable; urgency=medium
* New upstream version 1.8.2.
* Bump Standards-Version to 4.4.1.
-- Ondřej Nový <onovy@debian.org> Fri, 27 Dec 2019 17:59:25 +0100
libvpx (1.8.1-2) unstable; urgency=medium
* Uploading to unstable.
-- Ondřej Nový <onovy@debian.org> Mon, 05 Aug 2019 08:46:57 +0200
libvpx (1.8.1-1) experimental; urgency=medium
* New upstream release
- This release is ABI incompatible
* Bump debhelper compat level to 12 and use debhelper-compat
* Bump Standards-Version to 4.4.0 (no changes needed)
* d/changelog, d/control: Remove trailing empty line at the end of file
* Fix installation of neon version of library on ARM (Closes: #922817)
-- Ondřej Nový <onovy@debian.org> Wed, 17 Jul 2019 00:05:27 +0200
libvpx (1.7.0-3) unstable; urgency=medium
* Uploading to unstable
* Install examples into libvpx-dev
-- Ondřej Nový <onovy@debian.org> Sat, 17 Feb 2018 13:47:07 +0100
libvpx (1.7.0-2) experimental; urgency=medium
* New upstream release
- This release is ABI incompatible due to new vp9 encoder features.
* Standards-Version is 4.1.3 now (no changes needed)
* d/copyright: Bump copyright year
* d/libvpx-doc.lintian-overrides: Remove, not needed anymore
* Bump debhelper compat level to 11
-- Ondřej Nový <onovy@debian.org> Mon, 05 Feb 2018 15:41:07 +0100
libvpx (1.6.1-3) unstable; urgency=medium
* Team upload.
* Mark libvpx-doc as Multi-Arch:foreign.
* Do not forcefully disable PIE anymore as -pie changed meaning.
(Closes: #859415)
-- Mattia Rizzolo <mattia@debian.org> Mon, 03 Apr 2017 23:06:37 +0200
libvpx (1.6.1-2) unstable; urgency=medium
* Add arm64 native support
* Build generic-gnu on armel/armhf because armv6-linux-gcc support was dropped
-- Ondřej Nový <onovy@debian.org> Tue, 17 Jan 2017 17:23:34 +0100
libvpx (1.6.1-1) unstable; urgency=medium
* New upstream version 1.6.1
* Removed d/patches/fix-build.patch - not needed anymore
-- Ondřej Nový <onovy@debian.org> Tue, 17 Jan 2017 12:59:18 +0100
libvpx (1.6.0-3) unstable; urgency=medium
* Bumped debhelper version to 10
* Install vpx.pc into a multiarch location (Closes: #843724)
-- Ondřej Nový <onovy@debian.org> Thu, 10 Nov 2016 09:57:03 +0100
libvpx (1.6.0-2) unstable; urgency=medium
* Upload to unstable.
-- Ondřej Nový <onovy@debian.org> Thu, 01 Sep 2016 10:46:47 +0200
libvpx (1.6.0-1) experimental; urgency=medium
* New upstream release
- ABI version bump
* Removed d/p/fix-armhf-link.patch, applied upstream
* Removed useless rm from -dbg package
* Use dh sequencer and dh-exec for building package
* Enabled all but PIE hardening
* Added myself as uploader
* Added doc-base for documentation
* d/copyright: Rewritten for new upstream release in machine-readable format
* Override Lintian embedded-javascript-library - it's not jQuery lib
* d/copyright: Added myself to Debian part
* d/p/fix-build.patch: Added DEP-3 header
* Added man pages (Closes: #769532)
* Enabled parallel building
* Added autopkgtest
* d/rules: Removed dh_strip and dh_makeshlibs overrides
-- Ondřej Nový <onovy@debian.org> Thu, 18 Aug 2016 15:12:01 +0200
libvpx (1.5.0-4) unstable; urgency=medium
* Team upload.
* Moved to Debian Multimedia Maintainers team
* Added d/watch file
* Bumped debhelper version to 9
* Use automatic debug packages instead of libvpx3-dbg
* Bumped Standards-Version to 3.9.8 (no changes needed)
-- Ondřej Nový <onovy@debian.org> Wed, 10 Aug 2016 23:04:35 +0200
libvpx (1.5.0-3) unstable; urgency=medium
* debian/control:
+ Remove php5-cli from Build-Depends-Indep, it's unused since a while
anyway and going to be removed in favor of php7 (Closes: #821689).
-- Sebastian Dröge <slomo@debian.org> Thu, 05 May 2016 11:50:23 +0300
libvpx (1.5.0-2) unstable; urgency=medium
* debian/rules:
+ Disable PPC specific target to fix FTBFS. It's not supported anymore.
-- Sebastian Dröge <slomo@debian.org> Mon, 28 Dec 2015 16:40:00 +0200
libvpx (1.5.0-1) unstable; urgency=medium
* New upstream release:
+ debian/rules,
debian/control,
debian/libvpx*.symbols:
- Update from libvpx2 to libvpx3.
* debian/patches/fix-build.patch:
+ Fix invalid C that causes the build to fail (Closes: #809129).
Patch based on the one from Colin Watson from
https://bugs.launchpad.net/ubuntu/+source/libvpx/+bug/1528297
-- Sebastian Dröge <slomo@debian.org> Mon, 28 Dec 2015 09:59:43 +0200
libvpx (1.4.0-4) unstable; urgency=medium
* debian/rules:
+ Configure with --size-limit=16384x16384 to work around
CVE-2015-1258 like Chrome does. Streams with a higher
resolution than that will fail to decode now.
+ Configure with --enable-postproc --enable-multi-res-encoding
--enable-temporal-denoising --enable-vp9-temporal-denoising
--enable-vp9-postproc to mirror the configuration that Chrome
is using.
-- Sebastian Dröge <slomo@debian.org> Tue, 23 Jun 2015 10:09:08 +0200
libvpx (1.4.0-3) unstable; urgency=medium
* debian/rules:
+ Disable MIPS assembly in the rules for now to try to fix FTBFS. The
assembly is only used in the tools, not the library, and requires
DSP R2 support.
-- Sebastian Dröge <slomo@debian.org> Thu, 14 May 2015 14:19:25 +0300
libvpx (1.4.0-2) unstable; urgency=medium
* Upload to unstable.
-- Sebastian Dröge <slomo@debian.org> Wed, 13 May 2015 11:40:02 +0300
libvpx (1.4.0-1) experimental; urgency=medium
* New upstream stable release:
+ debian/control,
debian/rules,
debian/libvpx*symbols:
- Update for new soname.
-- Sebastian Dröge <slomo@debian.org> Mon, 13 Apr 2015 18:17:08 +0200
libvpx (1.3.0+git20150219-1) experimental; urgency=medium
* New upstream GIT snapshot, based on the Chrome version from 2015-02-19:
+ debian/patches/Bug-fix-in-ssse3-quantize-function.patch,
debian/patches/vp9-out-of-bounds-access.patch:
- Deleted, merged upstream.
+ debian/patches/fix-armhf-link.patch:
- Rebased.
+ debian/libvpx1.symbols:
- Update for API changes, i.e. dropping of old non-public API and
addition of some new API.
-- Sebastian Dröge <slomo@debian.org> Mon, 02 Mar 2015 14:27:58 +0100
libvpx (1.3.0-3) unstable; urgency=high
* debian/control:
+ Add VP9 to the short and long package descriptions (Closes: #760095).
* debian/patches/vp9-out-of-bounds-access.patch:
+ Fix out of bounds access in the VP9 codec (CVE-2014-1578) (Closes: #765435).
-- Sebastian Dröge <slomo@debian.org> Tue, 21 Oct 2014 10:02:18 +0200
libvpx (1.3.0-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Build using the default GCC. Closes: #751318.
* Move doxygen and php5-cli to B-D-I (Peter Pentchev). Closes: #726485.
* Build using hardening defaults. Closes: #674570.
* Apply bug fix for ssse3 quantize function.
-- Matthias Klose <doko@debian.org> Sat, 09 Aug 2014 14:38:23 +0200
libvpx (1.3.0-2) unstable; urgency=medium
* debian/control,
debian/rules:
+ Build with gcc 4.8 to fix FTBFS on SPARC (Closes: #734445).
-- Sebastian Dröge <slomo@debian.org> Tue, 07 Jan 2014 11:25:31 +0100
libvpx (1.3.0-1) unstable; urgency=medium
* New upstream release, including VP9 support:
+ debian/patches/fix-armhf-link.patch:
- Refresh patch.
+ debian/rules,
debian/libvpx1.symbols:
- Update shlibs version and symbols file for API additions.
-- Sebastian Dröge <slomo@debian.org> Tue, 17 Dec 2013 18:20:51 +0100
libvpx (1.2.0-2) unstable; urgency=low
* debian/rules,
debian/patches/fix-armhf-link.patch:
+ Fix build on ARM by using the correct compiler and CFLAGS.
-- Sebastian Dröge <slomo@debian.org> Mon, 27 May 2013 13:08:06 +0200
libvpx (1.2.0-1) unstable; urgency=low
* New upstream release.
* debian/patches/*: Refreshed to apply cleanly again.
-- Sebastian Dröge <slomo@debian.org> Sun, 26 May 2013 10:39:18 +0200
libvpx (1.1.0-1) unstable; urgency=low
* New upstream release, "Eider".
* debian/patches/*: Refreshed to apply cleanly again.
* debian/rules: Update shlibs version for API additions.
-- Sebastian Dröge <slomo@debian.org> Mon, 14 May 2012 10:03:37 +0200
libvpx (1.0.0-2) unstable; urgency=low
* debian/control,
debian/libvpx1.install,
debian/libvpx-dev.install,
debian/rules:
+ Add support for multi-arch (Closes: #643016).
Thanks to Riku Voipio for the patch.
* debian/rules,
debian/patches/fix-armhf-link.patch:
+ Add NEON flavor on arm (Closes: #660692).
Thanks to Riku Voipio for the patch.
-- Sebastian Dröge <slomo@debian.org> Tue, 21 Feb 2012 12:15:36 +0100
libvpx (1.0.0-1.1) unstable; urgency=high
* Non-maintainer upload.
* Drop binaries from the debug package, to stop libvpx0-dbg and
libvpx1-dbg from conflicting with each other (Closes: #658453).
* Set urgency to “high” for the RC bug fix, to speed up things with
packages (involved in other transitions) having picked up a
dependency on libvpx1 due to this unannounced transition.
-- Cyril Brulebois <kibi@debian.org> Wed, 15 Feb 2012 22:40:09 +0100
libvpx (1.0.0-1) unstable; urgency=low
* New upstream release, "Duclair":
+ debian/libvpx1.install,
debian/libvpx1.symbols,
debian/control,
debian/rules:
- Update for new soname.
-- Sebastian Dröge <slomo@debian.org> Wed, 01 Feb 2012 09:50:13 +0100
libvpx (0.9.7.p1-2) unstable; urgency=low
* debian/rules,
debian/libvpx-dev.install:
+ Install vpx.pc file in the -dev package. Thanks to
j@v2v.cc for the patch (Closes: #644542).
* debian/control,
debian/vpx-tools.install:
+ Install vpxenc and vpxenc in the new vpx-tools package. Thanks
to j@v2v.cc for the patch (Closes: #644543).
-- Sebastian Dröge <slomo@debian.org> Mon, 10 Oct 2011 09:42:49 +0200
libvpx (0.9.7.p1-1) unstable; urgency=low
* New upstream bugfix release.
-- Sebastian Dröge <slomo@debian.org> Tue, 16 Aug 2011 15:35:26 +0200
libvpx (0.9.7-1) unstable; urgency=low
* New upstream release, "Cayuga" (Closes: #636670):
+ debian/patches/01_enable-shared.patch:
- Refreshed to apply cleanly again.
+ debian/rules:
- Update shlibs version because of API additions.
-- Sebastian Dröge <slomo@debian.org> Tue, 09 Aug 2011 10:14:33 +0200
libvpx (0.9.6-1) unstable; urgency=low
* New upstream release, "Bali":
+ debian/patches/02_cve-2010-4489.patch:
- Dropped, merged upstream.
-- Sebastian Dröge <slomo@debian.org> Tue, 08 Mar 2011 17:58:26 +0100
libvpx (0.9.5-2) unstable; urgency=low
* Upload to unstable.
* debian/patches/02_cve-2010-4489.patch:
+ SECURITY -- CVE 2010-4489: Fix integer overflow in decoder
Patch taken from upstream GIT (Closes: #610510).
-- Sebastian Dröge <slomo@debian.org> Tue, 08 Feb 2011 11:59:42 +0100
libvpx (0.9.5-1) experimental; urgency=low
* New upstream release:
+ debian/patches/01_enable-shared.patch:
- Refreshed.
+ debian/rules:
- Enable altivec assembly for powerpc.
+ debian/libvpx0.symbols,
debian/rules:
- Update for API additions.
-- Sebastian Dröge <slomo@debian.org> Fri, 29 Oct 2010 08:36:14 +0200
libvpx (0.9.2-1) experimental; urgency=low
* New upstream release:
+ debian/patches/01_enable-shared.patch:
- Refreshed.
-- Sebastian Dröge <slomo@debian.org> Tue, 07 Sep 2010 23:12:53 +0200
libvpx (0.9.1-1) unstable; urgency=low
* New upstream release.
-- Sebastian Dröge <slomo@debian.org> Fri, 18 Jun 2010 06:00:58 +0200
libvpx (0.9.0+git-2010-06-15-13-41-2) unstable; urgency=low
* debian/patches/01_enable-shared.patch:
+ Allow shared library build everywhere, fixes FTBFS.
* debian/rules:
+ Enable assembly optimizations for kfreebsd and hurd too.
-- Sebastian Dröge <slomo@debian.org> Wed, 16 Jun 2010 13:07:32 +0200
libvpx (0.9.0+git-2010-06-15-13-41-1) unstable; urgency=low
* New upstream GIT snapshot:
+ Fixes enormous amount of virtual memory used by the library,
causing problems on 32 bit architectures (Closes: #583765).
+ Replaces non-free MD5 implementation with a free one (Closes: #585821).
+ debian/rules:
- Update for build system changes, especially for the shared library
support that is upstream now.
-- Sebastian Dröge <slomo@debian.org> Wed, 16 Jun 2010 07:17:13 +0200
libvpx (0.9.0-6) unstable; urgency=low
* debian/patches/*:
+ Update to upstream GIT 09202d80716ef7e2931de60c66b6fb2383f52613.
* debian/copyright:
+ Update for the new, improved and GPL compatible
license (Closes: #583758).
-- Sebastian Dröge <slomo@debian.org> Fri, 04 Jun 2010 22:34:15 +0200
libvpx (0.9.0-5) unstable; urgency=low
* debian/copyright:
+ Use new FSF address.
* debian/patches/*:
+ Update to upstream GIT 1689564bb5c0f03bb2f35244bf40bcf58c9fec35.
* debian/rules,
debian/control:
+ Remove execstack and -fPIC hacks that were fixed upstream.
* debian/vpx_codec.h.patch,
debian/rules:
+ Remove HAVE_CONFIG_H removal hack for the public header files.
-- Sebastian Dröge <slomo@debian.org> Sat, 29 May 2010 07:29:58 +0200
libvpx (0.9.0-4) unstable; urgency=low
* debian/rules:
+ x86 is i386, this enables assembly optimizations on i386.
* debian/control:
+ Build depend on yasm >= 0.7.
* debian/copyright:
+ Add all the other copyright holders and licenses to the copyright
file. These only apply to the scripts in examples/includes, which
are used for building the API documentation.
-- Sebastian Dröge <slomo@debian.org> Sat, 22 May 2010 12:10:35 +0200
libvpx (0.9.0-3) unstable; urgency=low
* debian/rules:
+ Always build with -fPIC, configure doesn't set it for the
generic-gnu target.
* debian/copyright,
debian/control:
+ Fix download URLs.
-- Sebastian Dröge <slomo@debian.org> Thu, 20 May 2010 12:56:42 +0200
libvpx (0.9.0-2) unstable; urgency=low
* debian/rules:
+ Fix shlibs version.
-- Sebastian Dröge <slomo@debian.org> Wed, 19 May 2010 22:20:14 +0200
libvpx (0.9.0-1) unstable; urgency=low
* Initial Debian packaging (Closes: #582271).
-- Sebastian Dröge <slomo@debian.org> Tue, 18 May 2010 20:49:11 +0200