Version: 1.4.2-bp153.1.1
* Tue Feb 23 2021 Dirk Müller <dmueller@suse.com>
- update to 1.4.2:
* Fixed several heap overflow bugs in the `ReadData` functions of
various data type classes. This fixes CVE-2021-3405.
* Tue Jan 05 2021 aloisio@gmx.com
- Update to version 1.4.1
* Fixed a case EbmlMaster::Read where the element returned via
UpperEltFound and FountElt points to a just-deleted element,
causing callers to think the memory returned is valid,
potentially leading to use-after-free/double-free errors.
This can happen if the specific element's Read function
throws an exception when encountering certain invalid data
constellations.
* Sun Jun 28 2020 Luigi Baldoni <aloisio@gmx.com>
- Update to version 1.4.0
* Due to breaking ABI the soname version has been bumped to
5.0.0.
* Default symbol visibility is now "hidden", reducing binary
size.
* Converted some things pointed out by cppcheck & clang-tidy
to C++11.
* Fixed a lot of issues pointed out by clang-tidy.
* Added a function "ForceNoDefault" in the "EbmlElement" class.
* Added a function "OverwriteData" in the "EbmlElement" class
to complement the existing "OverwriteHead" function.
* A C++11 compliant compiler is now required. Several of its
features are now used in the source.
* EbmlElement::FindNextElement: fixed a buffer overflow on the
stack by one byte when the first byte read had its upper
four bits unset.
* EbmlCrc32: added a explicit assignment operator with default
implementation as an explicit copy constructor exists
(implicit assignment operators are deprecated in such cases).
- Spec cleanup
* Sat Dec 07 2019 Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 1.3.10:
* When reading binary elements with a size of 0, the element was
skipped by libebml instead of returned to the calling function.
Version: 1.3.5-bp150.2.4
* Fri Aug 25 2017 rpm@fthiessen.de
- Update to 1.3.5
* The function EbmlMaster::CheckMandatory() will now only return
false if a mandatory element is missing for which there's no
default value in the specifications. This means that callers
such as EbmlMaster::UpdateSize() and by extension
EbmlMaster::Render() will not insist on all mandatory elements
being present anymore, but only those for which there's
no default value.
* Added a template function `FindNextChild`.
* Fix reading and EBML element even though the ID was not found
within the allowed reading limit.
* Fixed an instance of undefined behavior in
EbmlElement::GetSemantic() due to binding a dereferenced null
pointer to a reference.
* Fri Jul 15 2016 rpm@fthiessen.de
- Update to new upstream release 1.3.4
* Some minor changes required for clang
* Some minor changes for C99 support
* Required for mkvtoolnix >= 9.3.0
* Thu Oct 22 2015 rpm@fthiessen.de
- Update to new upstream release 1.3.3 (security fixes!):
* EbmlUnicodeString::UpdateFromUTF8(): Fixed an invalid memory
access. When reading from a UTF-8 string in which the length
indicated by a UTF-8 character's first byte exceeds the string's
actual number of bytes the parser would access beyond the end of
the string resulting in a heap information leak. Fixes the issue
reported as Cisco TALOS-CAN-0036.
* EbmlElement::ReadCodedSizeValue(): Fixed an invalid memory
access. When reading a EBML variable length integer value a read
access beyond the end of the available buffer was possible if
fewer bytes were available than indicated by the first byte
resulting in a heap information leak.
* EbmlMaster::Read(): When the parser encountered a deeply nested
element with an infinite size then a following element of an upper
level was not propagated correctly. Instead the element with the
infinite size was added into the EBML element tree a second time
resulting in memory access after freeing it and multiple attempts
to free the same memory address during destruction. Fixes the
issue reported as Cisco TALOS-CAN-0037.
* EbmlElement::FindNextElement(): Handle EOF when reading the
element size properly.
* Fri May 01 2015 jengelh@inai.de
- Update package descriptions a bit
* Wed Feb 11 2015 dimstar@opensuse.org
- Add back BuildRoot: the rpm version of SLE11 still requires this
and libebml is linked to 3rd party Build Servers, where building
for SLE11 is still enabled.
* Sun Feb 01 2015 jengelh@inai.de
- Update to new upstream release 1.3.1
* EbmlMaster: Fixed read() trying to calculate the end position of
elements with an unknown size. This avoids endless loops and
assertions in certain cases.
* EbmlElement::Render(): does not catch exceptions anymore.
Instead, exceptions generated from the IOCallback class (e.g.
if a write failed) are propagated to the caller.
- Drop libebml-1.3.0-6efcb74d1e.patch (no longer relevant)
* Wed Aug 06 2014 jengelh@inai.de
- Set RPM groups
* Tue Feb 11 2014 dimstar@opensuse.org
- Also revert inlines-hidden: still breaks mkvtoolnix on i586.
* Thu Jan 16 2014 crrodriguez@opensuse.org
- revert last change, breaks mkvtoolnix that uses
internal and symbols that are not annotated as public :(
keep inlines-hidden though.
* Sun Jan 12 2014 crrodriguez@opensuse.org
- Support C++ visibility by reusing win32 code for the same
purpose.
- added patches:
* libebml-visibility.patch
* Tue May 21 2013 reddwarf@opensuse.org
- Add libebml-1.3.0-6efcb74d1e.patch
- Simplify make calls
* Sat Mar 23 2013 zaitor@opensuse.org
- Update to version 1.3.0:
+ Compilation warning fixes
+ GetValue() and SetValue() functions for
EbmlFloat/EbmlSInteger/EbmlUInteger
+ GetValue(), SetValue(), GetValueUTF8(), SetValueUTF8()
functions for EbmlString/EbmlUnicodeString
+ Date values use 64bit integers
+ Integer conversion operators were made 'const'
+ GetElementList() function for EbmlMaster providing a
reference to the underlying std::vector<> for better
interaction with the C++ standard library
+ New constructor for UTFstring taking a single std::wstring
+ Increased library .so name to .4 due to binary incompatible
changes.
+ Removed the Debian build files from our package.
- Bump soname following upstream code changes.
* Thu May 10 2012 crrodriguez@opensuse.org
- Do not use gcc -ansi flag.
* Sun Sep 25 2011 reddwarf@opensuse.org
- Update to version 1.2.2
+ fix usage of the DEBUG #define (use LIBEBML_DEBUG instead)
+ The EbmlCodeVersion variable now resides in the library instead of being declared static in the header file.
+ only use the test element to read once in the loop
* Thu Jun 30 2011 dimstar@opensuse.org
- Update to version 1.2.1:
+ fix the constructor of CRTError in StdIOCallback
+ fix the size returned by MemIOCallback::read() when reaching
the end of the buffer
+ add a macro to define signed integer elements that have a
default value
+ fix compilation of debug builds on win32
+ fix for Sun Studio C compiler
- Stop source service usage: Factory is moving to a slightly
different approch to verify source authenticity. Cconsequently,
specify a full URL as Source.
* Mon Apr 18 2011 ro@suse.de
- update baselibs.conf
* Sun Jan 30 2011 reddwarf@opensuse.org
- update to version 1.2.0
- no need to put the internal code of EbmlCrc32 in the public header
- more safety on the Binary buffer handling in case we run out of memory
- fix CRC32 detection in master elements
- fix compilation under gcc 4.5
- Fixed handling of UTF-8 strings with characters encoded in more than three bytes
- Increased library .so name to .3 due to binary incompatible changes
* Wed Dec 08 2010 cristian.rodriguez@opensuse.org
- fix -devel package dependencies
* Wed Jul 28 2010 coolo@novell.com
- fix build in renaming shared library package
* Sat Jun 05 2010 cmorve69@yahoo.es
- Update to version 1.0.0
- Fix more issues which came to light with the recent push of
WebM -- mostly regarding elements with unknown sizes.