Package Release Info

libsndfile-1.0.28-5.12.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2764
Available in Package Hub : 15 SP3 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

libsndfile1-32bit

Change Logs

* Fri Jul 23 2021 tiwai@suse.de

- Fix heap buffer overflow vulnerability in msadpcm_decode_block
  (CVE-2021-3246, bsc#1188540):
  ms_adpcm-Fix-and-extend-size-checks.patch

* Tue Dec 04 2018 tiwai@suse.de

- Fix segfault in wav conversion due to the invalid loop count
  (CVE-2018-19758, bsc#1117954):
  libsndfile-wav-loop-count-fix.patch

* Fri Jul 06 2018 tiwai@suse.de

- Fix buffer overflow in sndfile-deinterleave, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
  CVE-2018-19432):
  sndfile-deinterlace-channels-check.patch

* Fri Jun 08 2018 tiwai@suse.de

- Use license file tag

* Fri Jun 08 2018 tiwai@suse.de

- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
  bsc#1071777):
  libsndfile-CVE-2017-17456-alaw-range-check.patch
- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
  bsc#1071767):
  libsndfile-CVE-2017-17457-ulaw-range-check.patch

* Tue Dec 19 2017 tiwai@suse.de

- Fix VUL-0: divide-by-zero error exists in the function
  double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
  0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
- Tentative fix for VUL-0: out of bounds read in the function
  d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
  VUL-0: out of bounds read in the function d2ulaw_array() in
  ulaw.c (CVE-2017-14246, bsc#1059913):
  0031-sfe_copy_data_fp-check-value-of-max-variable.patch

* Tue Aug 08 2017 tiwai@suse.de

- Fix Heap-based Buffer Overflow in the psf_binheader_writef
  (CVE-2017-12562, bsc#1052476):
  0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch

* Tue Jun 13 2017 tiwai@suse.de

- Fix out-of-bounds read memory access in the aiff_read_chanmap()
  (CVE-2017-6892, bsc#1043978):
  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch

* Tue May 02 2017 tiwai@suse.de

- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
  CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
  bsc#1036943):
  0001-FLAC-Fix-a-buffer-read-overrun.patch
  0002-src-flac.c-Fix-a-buffer-read-overflow.patch

* Mon Apr 10 2017 tiwai@suse.de

- Update to version 1.0.27:
  * Fix a seek regression in 1.0.26
  * Add metadata read/write for CAF and RF64
  * FIx PAF endian-ness issue
- Update to version 1.0.28
  * Fix buffer overruns in FLAC and ID3 handling code
  (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
  * Reduce default header memory requirements
  * Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch

* Tue May 10 2016 tom.mbrt@googlemail.com

- Fix spec file to enable builds on non opensuse OS

* Mon Nov 23 2015 tiwai@suse.de

- Update to version 1.0.26:
  * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
  * Add ALAC/CAF support. Minor bug fixes and improvements.
- Refreshed patches:
  sndfile-ocloexec.patch
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Removed obsoleted patches:
  libsndfile-example-fix.diff
  libsndfile-fix-header-read-CVE-2015-7805.patch
  libsndfile-paf-zero-division-fix.diff
  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch

* Wed Nov 04 2015 tiwai@suse.de

- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
  libsndfile-fix-header-read-CVE-2015-7805.patch
- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro

* Wed Nov 04 2015 tiwai@suse.de

- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch

* Sat Mar 21 2015 mpluskal@suse.com

- Cleanup spec file with spec-cleaner
- Add gpg signature
- Remove old ppc provides/obsoletes

* Wed Jan 07 2015 tiwai@suse.de

- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork()
  (CVE-2014-9496, bnc#911796): backported upstream fix patches
  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch

* Mon Apr 15 2013 mmeister@suse.com

- Added url as source.
  Please see http://en.opensuse.org/SourceUrls

* Fri Dec 02 2011 coolo@suse.com

- add libtool as buildrequire to avoid implicit dependency

* Thu Nov 24 2011 tiwai@suse.de

- add missing provides/obsoletes for libsndfile -> libsndfile1
  rename (bnc#732565)

* Thu Nov 24 2011 crrodriguez@opensuse.org

- use O_CLOEXEC in library code.

Version: 1.0.28-150000.5.20.1

* Fri Oct 20 2023 tiwai@suse.com

- Fix signed integers overflows in au_read_header()
  (bsc#1213451, CVE-2022-33065):
  libsndfile-CVE-2022-33065.patch

Version: 1.0.28-150000.5.17.1