summaryrefslogtreecommitdiff
path: root/media/libvorbis/CHANGES
blob: ba0c3ca01a561ea909923d72e73800f9fca3d397 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environment)"

* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2018-10392 - out-of-bounds access encoding invalid channel count.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Update Visual Studio projects for ogg library filename change.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add gitlab CI support.
* Add OSS-Fuzz support.
* Build system and integration updates.

libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

libvorbis 1.3.5 (2015-03-03) -- "Xiph.Org libVorbis I 20150105 (⛄⛄⛄⛄)"

* Tolerate single-entry codebooks.
* Fix decoder crash with invalid input.
* Fix encoder crash with non-positive sample rates.
# Fix issues in vorbisfile's seek bisection code.
* Spec errata.
* Reject multiple headers of the same type.
* Various build fixes and code cleanup.

libvorbis 1.3.4 (2014-01-22) -- "Xiph.Org libVorbis I 20140122 (Turpakäräjiin)"

* Reduce codebook footprint in library code.
* Various build and documentation fixes.

libvorbis 1.3.3 (2012-02-03) -- "Xiph.Org libVorbis I 20120203 (Omnipresent)"

* vorbis: additional proofing against invalid/malicious 
  streams in decode (see SVN for details).  
* vorbis: fix a memory leak in vorbis_commentheader_out().
* updates, corrections and clarifications in the Vorbis I specification 
  document
* win32: fixed project configuration which referenced two CRT versions 
  in output binaries.
* build warning fixes

libvorbis 1.3.2 (2010-11-01) -- "Xiph.Org libVorbis I 20101101 (Schaufenugget)"

 * vorbis: additional proofing against invalid/malicious 
   streams in floor, residue, and bos/eos packet trimming 
   code (see SVN for details). 
 * vorbis: Added programming documentation tree for the 
   low-level calls
 * vorbisfile: Correct handling of serial numbers array 
   element [0] on non-seekable streams
 * vorbisenc: Back out an [old] AoTuV HF weighting that was 
   first enabled in 1.3.0; there are a few samples where I 
   really don't like the effect it causes.
 * vorbis: return correct timestamp for granule positions 
   with high bit set.
 * vorbisfile: the [undocumented] half-rate decode api made no 
   attempt to keep the pcm offset tracking consistent in seeks. 
   Fix and add a testing mode to seeking_example.c to torture 
   test seeking in halfrate mode.  Also remove requirement that 
   halfrate mode only work with seekable files.
 * vorbisfile:  Fix a chaining bug in raw_seeks where seeking 
   out of the current link would fail due to not 
   reinitializing the decode machinery.  
 * vorbisfile: improve seeking strategy. Reduces the 
   necessary number of seek callbacks in an open or seek 
   operation by well over 2/3.

libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)"

 * tweak + minor arithmetic fix in floor1 fit
 * revert noise norm to conservative 1.2.3 behavior pending 
   more listening testing

libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot

 * Optimized surround support for 5.1 encoding at 44.1/48kHz
 * Added encoder control call to disable channel coupling
 * Correct an overflow bug in very low-bitrate encoding on 32 bit 
   machines that caused inflated bitrates
 * Numerous API hardening, leak and build fixes 
 * Correct bug in 22kHz compand setup that could cause a crash
 * Correct bug in 16kHz codebooks that could cause unstable pure 
   tones at high bitrates

libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709"

 * correct a vorbisfile bug that prevented proper playback of
   Vorbis files where all audio in a logical stream is in a
   single page
 * Additional decode setup hardening against malicious streams
 * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who 
   wish to avoid unused symbol warnings from the static callbacks 
   defined in vorbisfile.h

libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624"

 * define VENDOR and ENCODER strings
 * seek correctly in files bigger than 2 GB (Windows)
 * fix regression from CVE-2008-1420; 1.0b1 files work again
 * mark all tables as constant to reduce memory occupation
 * additional decoder hardening against malicious streams
 * substantially reduce amount of seeking performed by Vorbisfile
 * Multichannel decode bugfix 
 * build system updates
 * minor specification clarifications/fixes

libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501"

 * Improved robustness with corrupt streams.
 * New ov_read_filter() vorbisfile call allows filtering decoded
   audio as floats before converting to integer samples.
 * Fix an encoder bug with multichannel streams.
 * Replaced RTP payload format draft with RFC 5215.
 * Bare bones self test under 'make check'.
 * Fix a problem encoding some streams between 14 and 28 kHz.
 * Fix a numerical instability in the edge extrapolation filter.
 * Build system improvements.
 * Specification correction.

libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622"

 * new ov_fopen() convenience call that avoids the common
   stdio conflicts with ov_open() and MSVC runtimes.
 * libvorbisfile now handles multiplexed streams
 * improve robustness to corrupt input streams
 * fix a minor encoder bug
 * updated RTP draft
 * build system updates
 * minor corrections to the specification

libvorbis 1.1.2 (2005-11-27) -- "Xiph.Org libVorbis I 20050304"

 * fix a serious encoder bug with gcc 4 optimized builds
 * documentation and spec fixes
 * updated VS2003 and XCode builds
 * new draft RTP encapsulation spec

libvorbis 1.1.1 (2005-06-27) -- "Xiph.Org libVorbis I 20050304"

 * bug fix to the bitrate management encoder interface
 * bug fix to properly set packetno field in the encoder
 * new draft RTP encapsulation spec
 * library API documentation improvements

libvorbis 1.1.0 (2004-09-22) -- "Xiph.Org libVorbis I 20040629"

 * merges tuning improvements from Aoyumi's aoTuV with fixups
 * new managed bitrate (CBR) mode support
 * new vorbis_encoder_ctl() interface
 * extensive documentation updates
 * application/ogg mimetype is now official
 * autotools cleanup from Thomas Vander Stichele
 * SymbianOS build support from Colin Ward at CSIRO
 * various bugfixes
 * various packaging improvements

libvorbis 1.0.1 (2003-11-17) -- "Xiph.Org libVorbis I 20030909"

 * numerous bug fixes
 * specification corrections
 * new crosslap and halfrate APIs for game use
 * packaging and build updates

libvorbis 1.0.0 (2002-07-19) -- "Xiph.Org libVorbis I 20020717"

 * first stable release