libvpx (1.7.0-3+deb10u3) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2024-5197: Integer overflows -- Adrian Bunk Sun, 16 Jun 2024 21:55:29 +0300 libvpx (1.7.0-3+deb10u2) buster-security; urgency=medium * Non-maintainer upload by the LTS team. * CVE-2023-5217 * CVE-2023-44488 -- Emilio Pozuelo Monfort Sun, 01 Oct 2023 12:28:40 +0200 libvpx (1.7.0-3+deb10u1) buster-security; urgency=medium * CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 -- Moritz Mühlenhoff Wed, 27 Nov 2019 00:09:29 +0100 libvpx (1.7.0-3) unstable; urgency=medium * Uploading to unstable * Install examples into libvpx-dev -- Ondřej Nový Sat, 17 Feb 2018 13:47:07 +0100 libvpx (1.7.0-2) experimental; urgency=medium * New upstream release - This release is ABI incompatible due to new vp9 encoder features. * Standards-Version is 4.1.3 now (no changes needed) * d/copyright: Bump copyright year * d/libvpx-doc.lintian-overrides: Remove, not needed anymore * Bump debhelper compat level to 11 -- Ondřej Nový Mon, 05 Feb 2018 15:41:07 +0100 libvpx (1.6.1-3) unstable; urgency=medium * Team upload. * Mark libvpx-doc as Multi-Arch:foreign. * Do not forcefully disable PIE anymore as -pie changed meaning. (Closes: #859415) -- Mattia Rizzolo Mon, 03 Apr 2017 23:06:37 +0200 libvpx (1.6.1-2) unstable; urgency=medium * Add arm64 native support * Build generic-gnu on armel/armhf because armv6-linux-gcc support was dropped -- Ondřej Nový Tue, 17 Jan 2017 17:23:34 +0100 libvpx (1.6.1-1) unstable; urgency=medium * New upstream version 1.6.1 * Removed d/patches/fix-build.patch - not needed anymore -- Ondřej Nový Tue, 17 Jan 2017 12:59:18 +0100 libvpx (1.6.0-3) unstable; urgency=medium * Bumped debhelper version to 10 * Install vpx.pc into a multiarch location (Closes: #843724) -- Ondřej Nový Thu, 10 Nov 2016 09:57:03 +0100 libvpx (1.6.0-2) unstable; urgency=medium * Upload to unstable. -- Ondřej Nový Thu, 01 Sep 2016 10:46:47 +0200 libvpx (1.6.0-1) experimental; urgency=medium * New upstream release - ABI version bump * Removed d/p/fix-armhf-link.patch, applied upstream * Removed useless rm from -dbg package * Use dh sequencer and dh-exec for building package * Enabled all but PIE hardening * Added myself as uploader * Added doc-base for documentation * d/copyright: Rewritten for new upstream release in machine-readable format * Override Lintian embedded-javascript-library - it's not jQuery lib * d/copyright: Added myself to Debian part * d/p/fix-build.patch: Added DEP-3 header * Added man pages (Closes: #769532) * Enabled parallel building * Added autopkgtest * d/rules: Removed dh_strip and dh_makeshlibs overrides -- Ondřej Nový Thu, 18 Aug 2016 15:12:01 +0200 libvpx (1.5.0-4) unstable; urgency=medium * Team upload. * Moved to Debian Multimedia Maintainers team * Added d/watch file * Bumped debhelper version to 9 * Use automatic debug packages instead of libvpx3-dbg * Bumped Standards-Version to 3.9.8 (no changes needed) -- Ondřej Nový Wed, 10 Aug 2016 23:04:35 +0200 libvpx (1.5.0-3) unstable; urgency=medium * debian/control: + Remove php5-cli from Build-Depends-Indep, it's unused since a while anyway and going to be removed in favor of php7 (Closes: #821689). -- Sebastian Dröge Thu, 05 May 2016 11:50:23 +0300 libvpx (1.5.0-2) unstable; urgency=medium * debian/rules: + Disable PPC specific target to fix FTBFS. It's not supported anymore. -- Sebastian Dröge Mon, 28 Dec 2015 16:40:00 +0200 libvpx (1.5.0-1) unstable; urgency=medium * New upstream release: + debian/rules, debian/control, debian/libvpx*.symbols: - Update from libvpx2 to libvpx3. * debian/patches/fix-build.patch: + Fix invalid C that causes the build to fail (Closes: #809129). Patch based on the one from Colin Watson from https://bugs.launchpad.net/ubuntu/+source/libvpx/+bug/1528297 -- Sebastian Dröge Mon, 28 Dec 2015 09:59:43 +0200 libvpx (1.4.0-4) unstable; urgency=medium * debian/rules: + Configure with --size-limit=16384x16384 to work around CVE-2015-1258 like Chrome does. Streams with a higher resolution than that will fail to decode now. + Configure with --enable-postproc --enable-multi-res-encoding --enable-temporal-denoising --enable-vp9-temporal-denoising --enable-vp9-postproc to mirror the configuration that Chrome is using. -- Sebastian Dröge Tue, 23 Jun 2015 10:09:08 +0200 libvpx (1.4.0-3) unstable; urgency=medium * debian/rules: + Disable MIPS assembly in the rules for now to try to fix FTBFS. The assembly is only used in the tools, not the library, and requires DSP R2 support. -- Sebastian Dröge Thu, 14 May 2015 14:19:25 +0300 libvpx (1.4.0-2) unstable; urgency=medium * Upload to unstable. -- Sebastian Dröge Wed, 13 May 2015 11:40:02 +0300 libvpx (1.4.0-1) experimental; urgency=medium * New upstream stable release: + debian/control, debian/rules, debian/libvpx*symbols: - Update for new soname. -- Sebastian Dröge Mon, 13 Apr 2015 18:17:08 +0200 libvpx (1.3.0+git20150219-1) experimental; urgency=medium * New upstream GIT snapshot, based on the Chrome version from 2015-02-19: + debian/patches/Bug-fix-in-ssse3-quantize-function.patch, debian/patches/vp9-out-of-bounds-access.patch: - Deleted, merged upstream. + debian/patches/fix-armhf-link.patch: - Rebased. + debian/libvpx1.symbols: - Update for API changes, i.e. dropping of old non-public API and addition of some new API. -- Sebastian Dröge Mon, 02 Mar 2015 14:27:58 +0100 libvpx (1.3.0-3) unstable; urgency=high * debian/control: + Add VP9 to the short and long package descriptions (Closes: #760095). * debian/patches/vp9-out-of-bounds-access.patch: + Fix out of bounds access in the VP9 codec (CVE-2014-1578) (Closes: #765435). -- Sebastian Dröge Tue, 21 Oct 2014 10:02:18 +0200 libvpx (1.3.0-2.1) unstable; urgency=medium * Non-maintainer upload. * Build using the default GCC. Closes: #751318. * Move doxygen and php5-cli to B-D-I (Peter Pentchev). Closes: #726485. * Build using hardening defaults. Closes: #674570. * Apply bug fix for ssse3 quantize function. -- Matthias Klose Sat, 09 Aug 2014 14:38:23 +0200 libvpx (1.3.0-2) unstable; urgency=medium * debian/control, debian/rules: + Build with gcc 4.8 to fix FTBFS on SPARC (Closes: #734445). -- Sebastian Dröge Tue, 07 Jan 2014 11:25:31 +0100 libvpx (1.3.0-1) unstable; urgency=medium * New upstream release, including VP9 support: + debian/patches/fix-armhf-link.patch: - Refresh patch. + debian/rules, debian/libvpx1.symbols: - Update shlibs version and symbols file for API additions. -- Sebastian Dröge Tue, 17 Dec 2013 18:20:51 +0100 libvpx (1.2.0-2) unstable; urgency=low * debian/rules, debian/patches/fix-armhf-link.patch: + Fix build on ARM by using the correct compiler and CFLAGS. -- Sebastian Dröge Mon, 27 May 2013 13:08:06 +0200 libvpx (1.2.0-1) unstable; urgency=low * New upstream release. * debian/patches/*: Refreshed to apply cleanly again. -- Sebastian Dröge Sun, 26 May 2013 10:39:18 +0200 libvpx (1.1.0-1) unstable; urgency=low * New upstream release, "Eider". * debian/patches/*: Refreshed to apply cleanly again. * debian/rules: Update shlibs version for API additions. -- Sebastian Dröge Mon, 14 May 2012 10:03:37 +0200 libvpx (1.0.0-2) unstable; urgency=low * debian/control, debian/libvpx1.install, debian/libvpx-dev.install, debian/rules: + Add support for multi-arch (Closes: #643016). Thanks to Riku Voipio for the patch. * debian/rules, debian/patches/fix-armhf-link.patch: + Add NEON flavor on arm (Closes: #660692). Thanks to Riku Voipio for the patch. -- Sebastian Dröge Tue, 21 Feb 2012 12:15:36 +0100 libvpx (1.0.0-1.1) unstable; urgency=high * Non-maintainer upload. * Drop binaries from the debug package, to stop libvpx0-dbg and libvpx1-dbg from conflicting with each other (Closes: #658453). * Set urgency to “high” for the RC bug fix, to speed up things with packages (involved in other transitions) having picked up a dependency on libvpx1 due to this unannounced transition. -- Cyril Brulebois Wed, 15 Feb 2012 22:40:09 +0100 libvpx (1.0.0-1) unstable; urgency=low * New upstream release, "Duclair": + debian/libvpx1.install, debian/libvpx1.symbols, debian/control, debian/rules: - Update for new soname. -- Sebastian Dröge Wed, 01 Feb 2012 09:50:13 +0100 libvpx (0.9.7.p1-2) unstable; urgency=low * debian/rules, debian/libvpx-dev.install: + Install vpx.pc file in the -dev package. Thanks to j@v2v.cc for the patch (Closes: #644542). * debian/control, debian/vpx-tools.install: + Install vpxenc and vpxenc in the new vpx-tools package. Thanks to j@v2v.cc for the patch (Closes: #644543). -- Sebastian Dröge Mon, 10 Oct 2011 09:42:49 +0200 libvpx (0.9.7.p1-1) unstable; urgency=low * New upstream bugfix release. -- Sebastian Dröge Tue, 16 Aug 2011 15:35:26 +0200 libvpx (0.9.7-1) unstable; urgency=low * New upstream release, "Cayuga" (Closes: #636670): + debian/patches/01_enable-shared.patch: - Refreshed to apply cleanly again. + debian/rules: - Update shlibs version because of API additions. -- Sebastian Dröge Tue, 09 Aug 2011 10:14:33 +0200 libvpx (0.9.6-1) unstable; urgency=low * New upstream release, "Bali": + debian/patches/02_cve-2010-4489.patch: - Dropped, merged upstream. -- Sebastian Dröge Tue, 08 Mar 2011 17:58:26 +0100 libvpx (0.9.5-2) unstable; urgency=low * Upload to unstable. * debian/patches/02_cve-2010-4489.patch: + SECURITY -- CVE 2010-4489: Fix integer overflow in decoder Patch taken from upstream GIT (Closes: #610510). -- Sebastian Dröge Tue, 08 Feb 2011 11:59:42 +0100 libvpx (0.9.5-1) experimental; urgency=low * New upstream release: + debian/patches/01_enable-shared.patch: - Refreshed. + debian/rules: - Enable altivec assembly for powerpc. + debian/libvpx0.symbols, debian/rules: - Update for API additions. -- Sebastian Dröge Fri, 29 Oct 2010 08:36:14 +0200 libvpx (0.9.2-1) experimental; urgency=low * New upstream release: + debian/patches/01_enable-shared.patch: - Refreshed. -- Sebastian Dröge Tue, 07 Sep 2010 23:12:53 +0200 libvpx (0.9.1-1) unstable; urgency=low * New upstream release. -- Sebastian Dröge Fri, 18 Jun 2010 06:00:58 +0200 libvpx (0.9.0+git-2010-06-15-13-41-2) unstable; urgency=low * debian/patches/01_enable-shared.patch: + Allow shared library build everywhere, fixes FTBFS. * debian/rules: + Enable assembly optimizations for kfreebsd and hurd too. -- Sebastian Dröge Wed, 16 Jun 2010 13:07:32 +0200 libvpx (0.9.0+git-2010-06-15-13-41-1) unstable; urgency=low * New upstream GIT snapshot: + Fixes enormous amount of virtual memory used by the library, causing problems on 32 bit architectures (Closes: #583765). + Replaces non-free MD5 implementation with a free one (Closes: #585821). + debian/rules: - Update for build system changes, especially for the shared library support that is upstream now. -- Sebastian Dröge Wed, 16 Jun 2010 07:17:13 +0200 libvpx (0.9.0-6) unstable; urgency=low * debian/patches/*: + Update to upstream GIT 09202d80716ef7e2931de60c66b6fb2383f52613. * debian/copyright: + Update for the new, improved and GPL compatible license (Closes: #583758). -- Sebastian Dröge Fri, 04 Jun 2010 22:34:15 +0200 libvpx (0.9.0-5) unstable; urgency=low * debian/copyright: + Use new FSF address. * debian/patches/*: + Update to upstream GIT 1689564bb5c0f03bb2f35244bf40bcf58c9fec35. * debian/rules, debian/control: + Remove execstack and -fPIC hacks that were fixed upstream. * debian/vpx_codec.h.patch, debian/rules: + Remove HAVE_CONFIG_H removal hack for the public header files. -- Sebastian Dröge Sat, 29 May 2010 07:29:58 +0200 libvpx (0.9.0-4) unstable; urgency=low * debian/rules: + x86 is i386, this enables assembly optimizations on i386. * debian/control: + Build depend on yasm >= 0.7. * debian/copyright: + Add all the other copyright holders and licenses to the copyright file. These only apply to the scripts in examples/includes, which are used for building the API documentation. -- Sebastian Dröge Sat, 22 May 2010 12:10:35 +0200 libvpx (0.9.0-3) unstable; urgency=low * debian/rules: + Always build with -fPIC, configure doesn't set it for the generic-gnu target. * debian/copyright, debian/control: + Fix download URLs. -- Sebastian Dröge Thu, 20 May 2010 12:56:42 +0200 libvpx (0.9.0-2) unstable; urgency=low * debian/rules: + Fix shlibs version. -- Sebastian Dröge Wed, 19 May 2010 22:20:14 +0200 libvpx (0.9.0-1) unstable; urgency=low * Initial Debian packaging (Closes: #582271). -- Sebastian Dröge Tue, 18 May 2010 20:49:11 +0200