libvorbis-1.3.6-150000.4.5.2

- Replace vorbis-CVE-2017-14160.patch with the upstream fix
  (commit 018ca26dece6), refresh vorbis-CVE-2018-10393.patch
- Fix the validation of channels in mapping0_forward()
  (CVE-2018-10392, bsc#1091070):
  vorbis-CVE-2018-10392.patch

- Fix out-of-bounds access inside bark_noise_hybridmp function
  (CVE-2017-14160, bsc#1059812):
  downstream fix: vorbis-CVE-2017-14160.patch
- Fix stack-basedbuffer over-read in bark_noise_hybridm
  (CVE-2018-10393, bsc#1091072):
  downstream fix: vorbis-CVE-2018-10393.patch

- Split libvorbis-doc subpackage to a separate spec file for
  reducing the dependencies

- Update to version 1.3.6:
  * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
  * Fix CVE-2017-14632 - free() on unitialized data
  * Fix CVE-2017-14633 - out-of-bounds read
  * Fix bitrate metadata parsing.
  * Fix out-of-bounds read in codebook parsing.
  * Fix residue vector size in Vorbis I spec.
  * Appveyor support
  * Travis CI support
  * Add secondary CMake build system.
  * Build system fixes
- Build documents with doxygen, and many tex stuff;
  this requires to disable parallel builds partially
- Move COPYING to license directory
- Drop obsoleted patches:
  vorbis-fix-linking.patch
  0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
  0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
  libvorbis-CVE-2018-5146.patch

- Fix VUL-0: libvorbis: Out of bounds memory write while processing
  Vorbis audio data (CVE-2018-5146, bsc#1085687):
  libvorbis-CVE-2018-5146.patch

- Fix VUL-0: out-of-bounds array read vulnerability exists in
  function mapping0_forward() (CVE-2017-14633, bsc#1059811):
  0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
- Fix VUL-0: Remote Code Execution upon freeing uninitialized
  memory in function vorbis_analysis_headerout(CVE-2017-14632,
  bsc#1059809):
  0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch

- Added 32bit libvorbis-devel in baselibs.conf

- Cleanup spec file with spec-cleaner
- Update to 1.3.5
  * Tolerate single-entry codebooks.
  * Fix decoder crash with invalid input.
  * Fix encoder crash with non-positive sample rates.
  * Fix issues in vorbisfile's seek bisection code.
  * Spec errata.
  * Reject multiple headers of the same type.
  * Various build fixes and code cleanup.

- Fix obsoletes and provides in baselibs.conf.

- Xiph libvorbis 1.3.4
  * reduced static data size in libvorbisenc
  * associated minor changes required to libvorbis and libvorbisfile
  * minor build fixes and build system updates
  * no functional changes over the previous 1.3.3 release
- removed libvorbis-pkgconfig.patch, in upstream
- updated vorbis-fix-linking.patch for context changes

- Added url as source.
  Please see http://en.opensuse.org/SourceUrls

- fix build with automake-1.13.1

- updated to 1.3.3
  * vorbis: additional proofing against invalid/malicious
  streams in decode (see SVN for details).
  * vorbis: fix a memory leak in vorbis_commentheader_out().
  * updates, corrections and clarifications in the Vorbis I
  specification document
  * build warning fixes

- VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
  (bnc#747912)

- -O20 optimization level doesn't exist, use -O3

- open files with O_CLOEXEC, in order to avoid fd leaks
  when calling applications fork() ..execve()...
  This patch does not cover the executable tools since
  it is not critical for them.

- add libtool as buildrequire to avoid implicit dependency

- Fix build with no-add-needed

- fix provides/obsoletes in baselibs

- Split libvorbisenc2 and libvorbisfile3 from libvorbis0
- Removed services.