CHANGES 7.21 KB
Newer Older
1
2
3
4
libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environment)"

* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
5
* Fix CVE-2018-10392 - out-of-bounds access encoding invalid channel count.
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Update Visual Studio projects for ogg library filename change.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add gitlab CI support.
* Add OSS-Fuzz support.
* Build system and integration updates.

21
22
23
24
25
26
27
28
29
30
31
32
33
libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

Ralph Giles's avatar
Ralph Giles committed
34
libvorbis 1.3.5 (2015-03-03) -- "Xiph.Org libVorbis I 20150105 (⛄⛄⛄⛄)"
Ralph Giles's avatar
Ralph Giles committed
35
36
37
38
39
40
41
42
43
44
45
46
47
48

* Tolerate single-entry codebooks.
* Fix decoder crash with invalid input.
* Fix encoder crash with non-positive sample rates.
# Fix issues in vorbisfile's seek bisection code.
* Spec errata.
* Reject multiple headers of the same type.
* Various build fixes and code cleanup.

libvorbis 1.3.4 (2014-01-22) -- "Xiph.Org libVorbis I 20140122 (Turpakäräjiin)"

* Reduce codebook footprint in library code.
* Various build and documentation fixes.

49
50
51
52
53
54
55
56
57
58
59
libvorbis 1.3.3 (2012-02-03) -- "Xiph.Org libVorbis I 20120203 (Omnipresent)"

* vorbis: additional proofing against invalid/malicious 
  streams in decode (see SVN for details).  
* vorbis: fix a memory leak in vorbis_commentheader_out().
* updates, corrections and clarifications in the Vorbis I specification 
  document
* win32: fixed project configuration which referenced two CRT versions 
  in output binaries.
* build warning fixes

Monty's avatar
Monty committed
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
libvorbis 1.3.2 (2010-11-01) -- "Xiph.Org libVorbis I 20101101 (Schaufenugget)"

 * vorbis: additional proofing against invalid/malicious 
   streams in floor, residue, and bos/eos packet trimming 
   code (see SVN for details). 
 * vorbis: Added programming documentation tree for the 
   low-level calls
 * vorbisfile: Correct handling of serial numbers array 
   element [0] on non-seekable streams
 * vorbisenc: Back out an [old] AoTuV HF weighting that was 
   first enabled in 1.3.0; there are a few samples where I 
   really don't like the effect it causes.
 * vorbis: return correct timestamp for granule positions 
   with high bit set.
 * vorbisfile: the [undocumented] half-rate decode api made no 
   attempt to keep the pcm offset tracking consistent in seeks. 
   Fix and add a testing mode to seeking_example.c to torture 
   test seeking in halfrate mode.  Also remove requirement that 
   halfrate mode only work with seekable files.
 * vorbisfile:  Fix a chaining bug in raw_seeks where seeking 
   out of the current link would fail due to not 
   reinitializing the decode machinery.  
 * vorbisfile: improve seeking strategy. Reduces the 
   necessary number of seek callbacks in an open or seek 
   operation by well over 2/3.

Monty's avatar
Monty committed
86
87
88
89
90
91
92
libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)"

 * tweak + minor arithmetic fix in floor1 fit
 * revert noise norm to conservative 1.2.3 behavior pending 
   more listening testing

libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot
93
94
95
96
97
98
99
100
101
102

 * Optimized surround support for 5.1 encoding at 44.1/48kHz
 * Added encoder control call to disable channel coupling
 * Correct an overflow bug in very low-bitrate encoding on 32 bit 
   machines that caused inflated bitrates
 * Numerous API hardening, leak and build fixes 
 * Correct bug in 22kHz compand setup that could cause a crash
 * Correct bug in 16kHz codebooks that could cause unstable pure 
   tones at high bitrates

Monty's avatar
Monty committed
103
104
105
106
107
108
109
libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709"

 * correct a vorbisfile bug that prevented proper playback of
   Vorbis files where all audio in a logical stream is in a
   single page
 * Additional decode setup hardening against malicious streams
 * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who 
Monty's avatar
Monty committed
110
111
   wish to avoid unused symbol warnings from the static callbacks 
   defined in vorbisfile.h
Monty's avatar
Monty committed
112

Monty's avatar
Monty committed
113
libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624"
114
115
116
117
118

 * define VENDOR and ENCODER strings
 * seek correctly in files bigger than 2 GB (Windows)
 * fix regression from CVE-2008-1420; 1.0b1 files work again
 * mark all tables as constant to reduce memory occupation
Monty's avatar
Monty committed
119
120
121
122
123
 * additional decoder hardening against malicious streams
 * substantially reduce amount of seeking performed by Vorbisfile
 * Multichannel decode bugfix 
 * build system updates
 * minor specification clarifications/fixes
124

125
libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501"
126

127
128
 * Improved robustness with corrupt streams.
 * New ov_read_filter() vorbisfile call allows filtering decoded
129
   audio as floats before converting to integer samples.
Ralph Giles's avatar
Ralph Giles committed
130
 * Fix an encoder bug with multichannel streams.
ivo's avatar
ivo committed
131
 * Replaced RTP payload format draft with RFC 5215.
132
 * Bare bones self test under 'make check'.
133
134
135
136
 * Fix a problem encoding some streams between 14 and 28 kHz.
 * Fix a numerical instability in the edge extrapolation filter.
 * Build system improvements.
 * Specification correction.
137

138
libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622"
139

140
141
 * new ov_fopen() convenience call that avoids the common
   stdio conflicts with ov_open() and MSVC runtimes.
142
 * libvorbisfile now handles multiplexed streams
143
 * improve robustness to corrupt input streams
144
 * fix a minor encoder bug
145
146
147
148
 * updated RTP draft
 * build system updates
 * minor corrections to the specification

Ralph Giles's avatar
Ralph Giles committed
149
libvorbis 1.1.2 (2005-11-27) -- "Xiph.Org libVorbis I 20050304"
150
151
152
153
154
155

 * fix a serious encoder bug with gcc 4 optimized builds
 * documentation and spec fixes
 * updated VS2003 and XCode builds
 * new draft RTP encapsulation spec

Ralph Giles's avatar
Ralph Giles committed
156
libvorbis 1.1.1 (2005-06-27) -- "Xiph.Org libVorbis I 20050304"
157
158

 * bug fix to the bitrate management encoder interface
Ralph Giles's avatar
Ralph Giles committed
159
 * bug fix to properly set packetno field in the encoder
160
161
162
 * new draft RTP encapsulation spec
 * library API documentation improvements

163
libvorbis 1.1.0 (2004-09-22) -- "Xiph.Org libVorbis I 20040629"
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

 * merges tuning improvements from Aoyumi's aoTuV with fixups
 * new managed bitrate (CBR) mode support
 * new vorbis_encoder_ctl() interface
 * extensive documentation updates
 * application/ogg mimetype is now official
 * autotools cleanup from Thomas Vander Stichele
 * SymbianOS build support from Colin Ward at CSIRO
 * various bugfixes
 * various packaging improvements

libvorbis 1.0.1 (2003-11-17) -- "Xiph.Org libVorbis I 20030909"

 * numerous bug fixes
 * specification corrections
 * new crosslap and halfrate APIs for game use
 * packaging and build updates

libvorbis 1.0.0 (2002-07-19) -- "Xiph.Org libVorbis I 20020717"

 * first stable release