1libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environment)" 2 3* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates. 4* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates. 5* Fix handling invalid bytes per sample arguments. 6* Fix handling invalid channel count arguments. 7* Fix invalid free on seek failure. 8* Fix negative shift reading blocksize. 9* Fix accepting unreasonable float32 values. 10* Fix tag comparison depending on locale. 11* Fix unnecessarily linking libm. 12* Fix memory leak in test_sharedbook. 13* Update Visual Studio projects for ogg library filename change. 14* Distribute CMake build files with the source package. 15* Remove unnecessary configure --target switch. 16* Add gitlab CI support. 17* Add OSS-Fuzz support. 18* Build system and integration updates. 19 20libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)" 21 22* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. 23* Fix CVE-2017-14632 - free() on unitialized data 24* Fix CVE-2017-14633 - out-of-bounds read 25* Fix bitrate metadata parsing. 26* Fix out-of-bounds read in codebook parsing. 27* Fix residue vector size in Vorbis I spec. 28* Appveyor support 29* Travis CI support 30* Add secondary CMake build system. 31* Build system fixes 32 33libvorbis 1.3.5 (2015-03-03) -- "Xiph.Org libVorbis I 20150105 (⛄⛄⛄⛄)" 34 35* Tolerate single-entry codebooks. 36* Fix decoder crash with invalid input. 37* Fix encoder crash with non-positive sample rates. 38# Fix issues in vorbisfile's seek bisection code. 39* Spec errata. 40* Reject multiple headers of the same type. 41* Various build fixes and code cleanup. 42 43libvorbis 1.3.4 (2014-01-22) -- "Xiph.Org libVorbis I 20140122 (Turpakäräjiin)" 44 45* Reduce codebook footprint in library code. 46* Various build and documentation fixes. 47 48libvorbis 1.3.3 (2012-02-03) -- "Xiph.Org libVorbis I 20120203 (Omnipresent)" 49 50* vorbis: additional proofing against invalid/malicious 51 streams in decode (see SVN for details). 52* vorbis: fix a memory leak in vorbis_commentheader_out(). 53* updates, corrections and clarifications in the Vorbis I specification 54 document 55* win32: fixed project configuration which referenced two CRT versions 56 in output binaries. 57* build warning fixes 58 59libvorbis 1.3.2 (2010-11-01) -- "Xiph.Org libVorbis I 20101101 (Schaufenugget)" 60 61 * vorbis: additional proofing against invalid/malicious 62 streams in floor, residue, and bos/eos packet trimming 63 code (see SVN for details). 64 * vorbis: Added programming documentation tree for the 65 low-level calls 66 * vorbisfile: Correct handling of serial numbers array 67 element [0] on non-seekable streams 68 * vorbisenc: Back out an [old] AoTuV HF weighting that was 69 first enabled in 1.3.0; there are a few samples where I 70 really don't like the effect it causes. 71 * vorbis: return correct timestamp for granule positions 72 with high bit set. 73 * vorbisfile: the [undocumented] half-rate decode api made no 74 attempt to keep the pcm offset tracking consistent in seeks. 75 Fix and add a testing mode to seeking_example.c to torture 76 test seeking in halfrate mode. Also remove requirement that 77 halfrate mode only work with seekable files. 78 * vorbisfile: Fix a chaining bug in raw_seeks where seeking 79 out of the current link would fail due to not 80 reinitializing the decode machinery. 81 * vorbisfile: improve seeking strategy. Reduces the 82 necessary number of seek callbacks in an open or seek 83 operation by well over 2/3. 84 85libvorbis 1.3.1 (2010-02-26) -- "Xiph.Org libVorbis I 20100325 (Everywhere)" 86 87 * tweak + minor arithmetic fix in floor1 fit 88 * revert noise norm to conservative 1.2.3 behavior pending 89 more listening testing 90 91libvorbis 1.3.0 (2010-02-25) -- unreleased staging snapshot 92 93 * Optimized surround support for 5.1 encoding at 44.1/48kHz 94 * Added encoder control call to disable channel coupling 95 * Correct an overflow bug in very low-bitrate encoding on 32 bit 96 machines that caused inflated bitrates 97 * Numerous API hardening, leak and build fixes 98 * Correct bug in 22kHz compand setup that could cause a crash 99 * Correct bug in 16kHz codebooks that could cause unstable pure 100 tones at high bitrates 101 102libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I 20090709" 103 104 * correct a vorbisfile bug that prevented proper playback of 105 Vorbis files where all audio in a logical stream is in a 106 single page 107 * Additional decode setup hardening against malicious streams 108 * Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who 109 wish to avoid unused symbol warnings from the static callbacks 110 defined in vorbisfile.h 111 112libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I 20090624" 113 114 * define VENDOR and ENCODER strings 115 * seek correctly in files bigger than 2 GB (Windows) 116 * fix regression from CVE-2008-1420; 1.0b1 files work again 117 * mark all tables as constant to reduce memory occupation 118 * additional decoder hardening against malicious streams 119 * substantially reduce amount of seeking performed by Vorbisfile 120 * Multichannel decode bugfix 121 * build system updates 122 * minor specification clarifications/fixes 123 124libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I 20080501" 125 126 * Improved robustness with corrupt streams. 127 * New ov_read_filter() vorbisfile call allows filtering decoded 128 audio as floats before converting to integer samples. 129 * Fix an encoder bug with multichannel streams. 130 * Replaced RTP payload format draft with RFC 5215. 131 * Bare bones self test under 'make check'. 132 * Fix a problem encoding some streams between 14 and 28 kHz. 133 * Fix a numerical instability in the edge extrapolation filter. 134 * Build system improvements. 135 * Specification correction. 136 137libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622" 138 139 * new ov_fopen() convenience call that avoids the common 140 stdio conflicts with ov_open() and MSVC runtimes. 141 * libvorbisfile now handles multiplexed streams 142 * improve robustness to corrupt input streams 143 * fix a minor encoder bug 144 * updated RTP draft 145 * build system updates 146 * minor corrections to the specification 147 148libvorbis 1.1.2 (2005-11-27) -- "Xiph.Org libVorbis I 20050304" 149 150 * fix a serious encoder bug with gcc 4 optimized builds 151 * documentation and spec fixes 152 * updated VS2003 and XCode builds 153 * new draft RTP encapsulation spec 154 155libvorbis 1.1.1 (2005-06-27) -- "Xiph.Org libVorbis I 20050304" 156 157 * bug fix to the bitrate management encoder interface 158 * bug fix to properly set packetno field in the encoder 159 * new draft RTP encapsulation spec 160 * library API documentation improvements 161 162libvorbis 1.1.0 (2004-09-22) -- "Xiph.Org libVorbis I 20040629" 163 164 * merges tuning improvements from Aoyumi's aoTuV with fixups 165 * new managed bitrate (CBR) mode support 166 * new vorbis_encoder_ctl() interface 167 * extensive documentation updates 168 * application/ogg mimetype is now official 169 * autotools cleanup from Thomas Vander Stichele 170 * SymbianOS build support from Colin Ward at CSIRO 171 * various bugfixes 172 * various packaging improvements 173 174libvorbis 1.0.1 (2003-11-17) -- "Xiph.Org libVorbis I 20030909" 175 176 * numerous bug fixes 177 * specification corrections 178 * new crosslap and halfrate APIs for game use 179 * packaging and build updates 180 181libvorbis 1.0.0 (2002-07-19) -- "Xiph.Org libVorbis I 20020717" 182 183 * first stable release 184 185