File: changelog

package info (click to toggle)
mp3splt 2.6.2+20170630-3
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 8,672 kB
  • sloc: ansic: 41,869; sh: 13,220; xml: 3,097; makefile: 607; sed: 16
file content (156 lines) | stat: -rw-r--r-- 6,390 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
 
mp3splt (2.6.2+20170630-3) unstable; urgency=medium

  * Drop support for things that are deprecated and/or unmaintained in GNOME:
    scrollkeeper was obsoleted by rarian, which in turn is also obsoleted now.
    The build dependency on libgnomeui-dev appears to have been spurious, as
    the only "gnome integration" used here is the documentation - so drop it
    too because its maintainers want to remove that for the Buster release.
    Closes: #885757, #885758

 -- Ron Lee <ron@debian.org>  Sat, 13 Jan 2018 14:58:07 +1030

mp3splt (2.6.2+20170630-2) unstable; urgency=medium

  * Properly zero the ogg and vorbis state structures after they are malloc'd.
    This fixes the second issue that was indicated in CVE-2017-11333, which
    isn't actually the fault of libvorbis.  It's caused by the libmp3splt ogg
    plugin unwinding when the error in the test file is detected, and calling
    vorbis_block_clear() on an uninitialised vorbis_block struct before the
    call to vorbis_block_init() occurs.  Similar things would go badly for the
    other uninitialised structs if this one didn't explode first.

    Update: This actually fixes CVE-2017-11735, not CVE-2017-11333 mentioned
    above.  There were two separate issues in the original bug report, but
    I missed that they were assigned separate CVEs after reading the report
    via the reference from CVE-2017-11333.  Thanks to Guido Günther for
    noting that they were distinct and querying which one this really fixed.
    Also CVE-2017-11735 has now been REJECTED, replaced by CVE-2017-15185
    which correctly attributes this issue to mp3splt not libvorbis.

 -- Ron Lee <ron@debian.org>  Wed, 27 Sep 2017 03:21:24 +0930

mp3splt (2.6.2+20170630-1) unstable; urgency=medium

  * Adopt this package now.  I was prepared to do that with the 2.2.8 bugfixes
    but ended up keeping them as a locally packaged version when there was one
    more maintainer upload, three years after 2.2.5.  But it's only been NMU'd
    since then and was 'officially' orphaned in February, and nobody else had
    picked it up or saved the mp3splt package from being removed for Stretch,
    or the mp3splt-gtk package from being removed from unstable too.  So let's
    resurrect them based on the work I did with cleaning this up previously.
    Closes: #856294, #856296, #777433

  * Build with gtk3 and gstreamer 1.0 now.  Include the FLAC plugin and PCRE
    support.  Enable gnome support.

  * Fix some of the issues that stronger hardening options and the stricter
    checking of new toolchain releases shook out.

 -- Ron Lee <ron@debian.org>  Fri, 30 Jun 2017 20:07:09 +0930

mp3splt (2.2.8-1) unstable; urgency=low

  * Prepare a new upstream release, primarily to fix #585614 in mp3splt-gtk,
    and #536027 in mp3splt.
  * Ok, scratch that thought.  Entirely repackage the whole lot instead.
    It's all in one source file now.  The lib doesn't look like it keeps a
    stable API or does soname management, but fortunately nothing except the
    two apps from the same upstream actually need it.  So make it internal
    with no -dev exported, and build the whole lot in a single pass without
    needing crazy hacks to look in local source dirs for a separate package.
  * Profit.

 -- Ron Lee <ron@debian.org>  Sun, 13 Jun 2010 01:28:03 +0930

mp3splt (2.2.6a-1) UNRELEASED; urgency=low

  * move debian/rules to the libmp3splt-dev package
  * regenerate debian/control against libmp3splt 0.5.7a-1, to get the
    bumped build dep
  * change build dependency on debhelper to 7.0.50 instead of 7.2
  * standards version 3.8.3
  * remove dep on libmp3splt-plugin, moved to libmp3splt0
  * suggest mp3splt-gtk
  * New Upstream Version
    - fix -o option fails without any '@' variable (Closes: #536027)

 -- Ryan Niebur <ryanryan52@gmail.com>  Thu, 30 Jul 2009 19:42:50 -0700

mp3splt (2.2.5-1) unstable; urgency=low

  * New Upstream Version
  * add DM-Upload-Allowed field
  * remove quilt patching, patches are applied upstream
  * pass --disable-mp3splttest, those tests look for ../libmp3splt
  * pass --enable-oggsplt_symlink, previous versions of the package had
    the oggsplt binary, but my last one didn't...oops
  * add dependency on libmp3splt-mp3 | libmp3splt-plugin, since the
    dependency was removed from the libmp3splt0 package due to a
    circular dependency

 -- Ryan Niebur <ryanryan52@gmail.com>  Thu, 21 May 2009 18:50:38 -0700

mp3splt (2.2.3-1) unstable; urgency=low

  * Adopt package (Closes: #488931)
  * New upstream release (Closes: #459510, #403463, #316046)
  * Document default min= value (Closes: #316050)
  * Redo packaging from scratch

 -- Ryan Niebur <ryanryan52@gmail.com>  Sun, 29 Mar 2009 02:12:55 -0700

mp3splt (2.1c-5) unstable; urgency=low

  * Orphan this package
  * Bump Standards-Version up to 3.8.0 (no changes)

 -- Francois Marier <francois@debian.org>  Mon, 15 Sep 2008 13:13:02 +1200

mp3splt (2.1c-4) unstable; urgency=low

  * Fix hyphens in manpage
  * Bump debhelper compatibility to 6

 -- Francois Marier <francois@debian.org>  Tue, 03 Jun 2008 14:55:19 +1200

mp3splt (2.1c-3) unstable; urgency=low

  * Build-depend on automake1.7 to fix powerpc build problems

 -- Francois Marier <francois@debian.org>  Fri, 04 Jan 2008 01:17:28 -0500

mp3splt (2.1c-2) unstable; urgency=low

  * Add support for audacity labels (closes: #456771)
    Thanks to Federico Grau for the patch!
  * debian/copyright: it's actually released under the LGPL 2, not 2.1

 -- Francois Marier <francois@debian.org>  Sun, 23 Dec 2007 20:18:56 -0500

mp3splt (2.1c-1) unstable; urgency=low

  * New upstream release
  * Setting myself as maintainer (closes: #457132)
  * Bump Standards-Version up to 3.7.3
  * Bump debhelper version to 5
  * Add homepage and Vcs-* fields in debian/control
  * Rewrite debian/copyright page
  * Add a watch file
  * Removed AUTHORS from debian/docs
  * Check for the existence of the Makefile before calling it (lintian warning)

 -- Francois Marier <francois@debian.org>  Sun, 23 Dec 2007 11:11:17 -0500

mp3splt (2.1-1.1) unstable; urgency=low

  * NMU with the permission of the maintainer.
  * Fix build failure.  Closes: #300270.

 -- Joost Yervante Damad <joost@lumatec.be>  Thu, 13 Apr 2006 15:55:35 +0200

mp3splt (2.1-1) unstable; urgency=low

  * Initial release.

 -- Paul Melnikow <pnm@zephyr.to>  Mon,  4 Oct 2004 16:30:24 -0400