1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156
|
mp3splt (2.6.2+20170630-3) unstable; urgency=medium
* Drop support for things that are deprecated and/or unmaintained in GNOME:
scrollkeeper was obsoleted by rarian, which in turn is also obsoleted now.
The build dependency on libgnomeui-dev appears to have been spurious, as
the only "gnome integration" used here is the documentation - so drop it
too because its maintainers want to remove that for the Buster release.
Closes: #885757, #885758
-- Ron Lee <ron@debian.org> Sat, 13 Jan 2018 14:58:07 +1030
mp3splt (2.6.2+20170630-2) unstable; urgency=medium
* Properly zero the ogg and vorbis state structures after they are malloc'd.
This fixes the second issue that was indicated in CVE-2017-11333, which
isn't actually the fault of libvorbis. It's caused by the libmp3splt ogg
plugin unwinding when the error in the test file is detected, and calling
vorbis_block_clear() on an uninitialised vorbis_block struct before the
call to vorbis_block_init() occurs. Similar things would go badly for the
other uninitialised structs if this one didn't explode first.
Update: This actually fixes CVE-2017-11735, not CVE-2017-11333 mentioned
above. There were two separate issues in the original bug report, but
I missed that they were assigned separate CVEs after reading the report
via the reference from CVE-2017-11333. Thanks to Guido Günther for
noting that they were distinct and querying which one this really fixed.
Also CVE-2017-11735 has now been REJECTED, replaced by CVE-2017-15185
which correctly attributes this issue to mp3splt not libvorbis.
-- Ron Lee <ron@debian.org> Wed, 27 Sep 2017 03:21:24 +0930
mp3splt (2.6.2+20170630-1) unstable; urgency=medium
* Adopt this package now. I was prepared to do that with the 2.2.8 bugfixes
but ended up keeping them as a locally packaged version when there was one
more maintainer upload, three years after 2.2.5. But it's only been NMU'd
since then and was 'officially' orphaned in February, and nobody else had
picked it up or saved the mp3splt package from being removed for Stretch,
or the mp3splt-gtk package from being removed from unstable too. So let's
resurrect them based on the work I did with cleaning this up previously.
Closes: #856294, #856296, #777433
* Build with gtk3 and gstreamer 1.0 now. Include the FLAC plugin and PCRE
support. Enable gnome support.
* Fix some of the issues that stronger hardening options and the stricter
checking of new toolchain releases shook out.
-- Ron Lee <ron@debian.org> Fri, 30 Jun 2017 20:07:09 +0930
mp3splt (2.2.8-1) unstable; urgency=low
* Prepare a new upstream release, primarily to fix #585614 in mp3splt-gtk,
and #536027 in mp3splt.
* Ok, scratch that thought. Entirely repackage the whole lot instead.
It's all in one source file now. The lib doesn't look like it keeps a
stable API or does soname management, but fortunately nothing except the
two apps from the same upstream actually need it. So make it internal
with no -dev exported, and build the whole lot in a single pass without
needing crazy hacks to look in local source dirs for a separate package.
* Profit.
-- Ron Lee <ron@debian.org> Sun, 13 Jun 2010 01:28:03 +0930
mp3splt (2.2.6a-1) UNRELEASED; urgency=low
* move debian/rules to the libmp3splt-dev package
* regenerate debian/control against libmp3splt 0.5.7a-1, to get the
bumped build dep
* change build dependency on debhelper to 7.0.50 instead of 7.2
* standards version 3.8.3
* remove dep on libmp3splt-plugin, moved to libmp3splt0
* suggest mp3splt-gtk
* New Upstream Version
- fix -o option fails without any '@' variable (Closes: #536027)
-- Ryan Niebur <ryanryan52@gmail.com> Thu, 30 Jul 2009 19:42:50 -0700
mp3splt (2.2.5-1) unstable; urgency=low
* New Upstream Version
* add DM-Upload-Allowed field
* remove quilt patching, patches are applied upstream
* pass --disable-mp3splttest, those tests look for ../libmp3splt
* pass --enable-oggsplt_symlink, previous versions of the package had
the oggsplt binary, but my last one didn't...oops
* add dependency on libmp3splt-mp3 | libmp3splt-plugin, since the
dependency was removed from the libmp3splt0 package due to a
circular dependency
-- Ryan Niebur <ryanryan52@gmail.com> Thu, 21 May 2009 18:50:38 -0700
mp3splt (2.2.3-1) unstable; urgency=low
* Adopt package (Closes: #488931)
* New upstream release (Closes: #459510, #403463, #316046)
* Document default min= value (Closes: #316050)
* Redo packaging from scratch
-- Ryan Niebur <ryanryan52@gmail.com> Sun, 29 Mar 2009 02:12:55 -0700
mp3splt (2.1c-5) unstable; urgency=low
* Orphan this package
* Bump Standards-Version up to 3.8.0 (no changes)
-- Francois Marier <francois@debian.org> Mon, 15 Sep 2008 13:13:02 +1200
mp3splt (2.1c-4) unstable; urgency=low
* Fix hyphens in manpage
* Bump debhelper compatibility to 6
-- Francois Marier <francois@debian.org> Tue, 03 Jun 2008 14:55:19 +1200
mp3splt (2.1c-3) unstable; urgency=low
* Build-depend on automake1.7 to fix powerpc build problems
-- Francois Marier <francois@debian.org> Fri, 04 Jan 2008 01:17:28 -0500
mp3splt (2.1c-2) unstable; urgency=low
* Add support for audacity labels (closes: #456771)
Thanks to Federico Grau for the patch!
* debian/copyright: it's actually released under the LGPL 2, not 2.1
-- Francois Marier <francois@debian.org> Sun, 23 Dec 2007 20:18:56 -0500
mp3splt (2.1c-1) unstable; urgency=low
* New upstream release
* Setting myself as maintainer (closes: #457132)
* Bump Standards-Version up to 3.7.3
* Bump debhelper version to 5
* Add homepage and Vcs-* fields in debian/control
* Rewrite debian/copyright page
* Add a watch file
* Removed AUTHORS from debian/docs
* Check for the existence of the Makefile before calling it (lintian warning)
-- Francois Marier <francois@debian.org> Sun, 23 Dec 2007 11:11:17 -0500
mp3splt (2.1-1.1) unstable; urgency=low
* NMU with the permission of the maintainer.
* Fix build failure. Closes: #300270.
-- Joost Yervante Damad <joost@lumatec.be> Thu, 13 Apr 2006 15:55:35 +0200
mp3splt (2.1-1) unstable; urgency=low
* Initial release.
-- Paul Melnikow <pnm@zephyr.to> Mon, 4 Oct 2004 16:30:24 -0400
|