Change log for flac package in Debian

flac (1.4.3+ds-4) unstable; urgency=medium

  * Team upload
  * Exclude pandoc on i386

 -- Jeremy Bícha <email address hidden>  Thu, 12 Dec 2024 15:02:08 -0500

Available diffs

• diff from 1.4.3+ds-2.1ubuntu2 (in Ubuntu) to 1.4.3+ds-4 (1.4 KiB)

flac (1.4.3+ds-3) unstable; urgency=medium

  [ Sebastian Ramacher ]
  * Remove unused bits
  * Remove architectures that no longer exist
  * Clean generated files (Closes: #1044698)

  [ Fabian Greffrath ]
  * Exclude some more archs from the Build-Depends on the pandoc package
  * Ack NMU (Closes: #1063114)

 -- Fabian Greffrath <email address hidden>  Tue, 10 Dec 2024 09:07:52 +0100

flac (1.4.3+ds-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.  Closes: #1063114

 -- Benjamin Drung <email address hidden>  Fri, 01 Mar 2024 11:59:59 +0000

flac (1.4.3+ds-2.1~exp1) experimental; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.

 -- Steve Langasek <email address hidden>  Mon, 05 Feb 2024 06:16:48 +0000

flac (1.3.3-2+deb11u2) bullseye-security; urgency=medium

  * CVE-2020-22219

 -- Moritz Mühlenhoff <email address hidden>  Sun, 17 Sep 2023 19:49:54 +0200

flac (1.4.3+ds-2) unstable; urgency=medium

  [ Adrian Bunk ]
  * Don't use pandoc on ports architectures that don't have it.

 -- Fabian Greffrath <email address hidden>  Mon, 03 Jul 2023 08:43:49 +0200

flac (1.4.3+ds-1) unstable; urgency=medium

  [ Martijn van Beurden ]
  * Remove some flac building rules (Fixes: #1022201).

  [ Fabian Greffrath ]
  * New upstream version 1.4.3+ds
  * Remove patch applied upstream.
  * Update libflac12.symbols file for API additions.

 -- Fabian Greffrath <email address hidden>  Tue, 27 Jun 2023 12:05:01 +0200

flac (1.4.2+ds-2) unstable; urgency=medium

  [ Fabian Greffrath ]
  * Remove doc/FLAC.tag and prebuilt manpages as well.

  [ Dennis Braun ]
  * d/copyright: Re-add a line which was removed accidentally

  [ Fabian Greffrath ]
  * Backport --force-legacy-wave-format command line option from
    upstream to force the decoder to output to WAVE_FORMAT_PCM when
    WAVE_FORMAT_EXTENSIBLE would be appropriate (Closes: #941132).

 -- Fabian Greffrath <email address hidden>  Fri, 11 Nov 2022 09:10:23 +0100

Available diffs

• diff from 1.4.2+ds-1 to 1.4.2+ds-2 (2.7 KiB)

flac (1.4.2+ds-1) unstable; urgency=medium

  [ Sebastian Ramacher ]
  * Remove incorrect Breaks+Replaces

  [ Dennis Braun ]
  * New upstream version 1.4.2
  * Drop privacy breach patch, applied by upstream
  * d/copyright: Remove non-existing entries

  [ Fabian Greffrath ]
  * Rebuild upstream tarball without documentation.
  * Remove debian/source/lintian-overrides file.

 -- Fabian Greffrath <email address hidden>  Wed, 26 Oct 2022 07:31:09 +0200

flac (1.4.1-2) unstable; urgency=medium

  * Team upload
  * Source-only upload

 -- Sebastian Ramacher <email address hidden>  Thu, 20 Oct 2022 10:05:04 +0200

flac (1.4.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.4.1
  * Refresh patchset, drop patches applied by upstream
  * Bump SO names
  * Apply wrap-and-sort -ast
  * Bump Standards Version to 4.6.1
  * Replace docbook-to-man with pandoc as B-D
  * Bump d/copyright years
  * Update doc installation, new path for html files & rename README file
  * Update symbols file
  * Add d/source/lintian-overrides
  * Add salsa ci config

 -- Dennis Braun <email address hidden>  Fri, 14 Oct 2022 23:47:26 +0200

flac (1.3.2-3+deb10u2) buster; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * CVE-2021-0561 (Closes: #1006339)
    Add patch to exit at EOS in verify mode.

 -- Thorsten Alteholz <email address hidden>  Wed, 27 Apr 2022 22:03:02 +0200

flac (1.3.4-2) unstable; urgency=medium

  [ Philip Rinn ]
  * Add upstream patch to fix seeking bug (closes: #1008424)

 -- Fabian Greffrath <email address hidden>  Thu, 09 Jun 2022 08:40:28 +0200

Available diffs

• diff from 1.3.4-1 to 1.3.4-2 (1.2 KiB)

flac (1.3.2-3+deb10u1) buster; urgency=medium

  * Non-maintainer upload.
  * CVE-2020-0499: Out of bounds read due to a heap buffer overflow.
    (Closes: #977764)

 -- Adrian Bunk <email address hidden>  Sun, 16 Jan 2022 20:54:01 +0200

flac (1.3.3-2+deb11u1) bullseye; urgency=medium

  * CVE-2021-0561 (Closes: #1006339)

 -- Moritz Mühlenhoff <email address hidden>  Mon, 14 Mar 2022 10:51:59 +0100

flac (1.3.4-1) unstable; urgency=medium

  * New upstream version 1.3.4
    + Closes: #1006339, CVE-2021-0561.
  * Remove patch backported from upstream.
  * Bump debhelper-compat to 13.
  * Add "Rules-Requires-Root: no".
  * Bump Standards-Version to 4.6.0.
  * Bump watch file version to 4.
  * Add "usr/lib/*/*.la" to debian/not-installed.
  * Adapt doc-base paths to actual file locations.

 -- Fabian Greffrath <email address hidden>  Sat, 05 Mar 2022 13:07:41 +0100

Available diffs

• diff from 1.3.3-2build2 (in ~ci-train-ppa-service/ubuntu/4810-deletedppa) to 1.3.4-1 (758.8 KiB)

flac (1.3.3-2) unstable; urgency=medium

  [ Debian Janitor ]
  * Use secure URI in Homepage field.

  [ Fabian Greffrath ]
  * libFLAC/bitreader.c: Fix out-of-bounds read (CVE-2020-0499),
    Closes: #977764.

 -- Fabian Greffrath <email address hidden>  Mon, 21 Dec 2020 16:39:34 +0100

Available diffs

• diff from 1.3.3-1build1 (in Ubuntu) to 1.3.3-2 (1.2 KiB)

flac (1.3.3-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * Use debhelper-compat instead of debian/compat

  [ Fabian Greffrath ]
  * New upstream version 1.3.3
  * Remove patches applied upstream.
  * Bump debhelper-compat to 12.
  * Bump Standards-Version to 4.4.0.
  * Use secure URI in debian/watch.
  * Update symbols files with new symbols and Build-Depends-Package lines.

 -- Fabian Greffrath <email address hidden>  Fri, 09 Aug 2019 12:02:03 +0200

Available diffs

• diff from 1.3.2-3 to 1.3.3-1 (796.2 KiB)

flac (1.3.2-3) unstable; urgency=medium

  * Use my debian account in Uploaders field and
    update Debian packaging copyright information.
  * Bump debhelper compat to 11.
  * Add patch by Dafydd Harries to make the build reproducible
    (Closes: #846893).
  * Bump Standards-Version to 4.1.4.
  * Drop versioned Build-Depends on g++.
  * Mark libflac-doc as Multi-Arch: foreign.
  * Remove unused debian/libflac-doc.lintian-overrides.
  * Move doxygen to Build-Depends-Indep and adjust debian/rules accordingly
    (Closes: #706805).

 -- Fabian Greffrath <email address hidden>  Wed, 16 May 2018 21:35:01 +0200

Available diffs

• diff from 1.3.2-2 to 1.3.2-3 (1.9 KiB)

flac (1.3.2-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field
  * d/control: Set Vcs-* to salsa.debian.org
  * d/changelog: Remove trailing whitespaces

  [ Felipe Sateler ]
  * Change maintainer address to <email address hidden>

  [ Fabian Greffrath ]
  * Apply two commits from upstream's GIT repo to fix memory leaks
    (Closes: #897015, CVE-2017-6888).

 -- Fabian Greffrath <email address hidden>  Tue, 01 May 2018 20:56:47 +0200

Available diffs

• diff from 1.3.2-1 to 1.3.2-2 (2.6 KiB)

flac (1.3.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/patches:
    - Refresh patches.
    - Remove patches integrated upstream.
  * debian/copyright: Update copyright years.
  * debian/control:
    - Bump Standards-Version.
    - Update Vcs-*.
  * debian/{rules,control,compat}: Bump dh compat to 10.
  * debian/libflac-doc.lintian-overrides: Override incorrect lintian warning
    about jquery.js.

 -- Sebastian Ramacher <email address hidden>  Tue, 03 Jan 2017 20:36:10 +0100

Available diffs

• diff from 1.3.1-4 to 1.3.2-1 (861.3 KiB)

flac (1.3.1-4) unstable; urgency=medium

  * Team upload.
  * Upload to unstable.

 -- Sebastian Ramacher <email address hidden>  Wed, 05 Aug 2015 02:01:47 +0200

Available diffs

• diff from 1.3.1-1ubuntu1 (in Ubuntu) to 1.3.1-4 (6.0 KiB)
• diff from 1.3.1-3 to 1.3.1-4 (282 bytes)

flac (1.3.1-3) experimental; urgency=medium

  * Team upload.
  * Rename libflac++6 to libflac++6v5 for GCC 5 transition.

 -- Sebastian Ramacher <email address hidden>  Mon, 03 Aug 2015 21:32:22 +0200

flac (1.3.1-2) unstable; urgency=low


  * Team upload.

  [ Dmitry Smirnov ]
  * Pin all C++ symbols in "libflac++6.symbols" to current version
    (Closes: #783258).
  * Copyright updates/lintianisation:
    - space-in-std-shortname-in-dep5-copyright
    - file-without-copyright-information
  * Updated Vcs-Browser URL.
  * Upload to unstable.

  [ Fabian Greffrath ]
  * Drop (fake)root privileges, but still skip running test suite as it is
    _exhaustive_.

 -- Dmitry Smirnov <email address hidden>  Sun, 26 Apr 2015 19:29:44 +1000

flac (1.2.1-6+deb7u1) wheezy-security; urgency=medium


  * Non-maintainer upload by the security team.
  * Fix CVE-2014-8962: heap-based buffer overflow in stream_decoder.c,
    allowing remote attackers to execute arbitrary code via a specially
    crafted .flac file.
  * Fix CVE-2014-9028: stack-based buffer overflow in stream_decoder.c,
    allowing remote attackers to execute arbitrary code via a specially
    crafted .flac file.

 -- Sebastien Delafond <email address hidden>  Sat, 29 Nov 2014 17:31:06 +0100

flac (1.3.1-1) experimental; urgency=medium


  [ Jackson Doak ]
  * Disable silent rules
  * Enable hardening
  * Add symbols files

  [ Fabian Greffrath ]
  * Adapt debian/watch file to reflect actual upstream versioning scheme.
  * Imported Upstream version 1.3.1
    + Fixes CVE-2014-8962 and CVE-2014-9028 (Closes: #770918).
    + Support for 3DNOW! optimizations has been removed.
    + Localized RU documentation has been removed.
  * Drop patches applied upstream.
  * Backport patch from upstream GIT to fix another input validation bug.
  * Fix "privacy-breach-logo" and "privacy-breach-w3c-valid-html"
    lintian errors.
  * In debian/rules, remove the "override_dh_makeshlibs" rule
    for the symbols files to have effect.
  * Update, improve and convert debian/copyright to machine-readable format.
  * Bump Standards-Version to 3.9.6.

 -- Fabian Greffrath <email address hidden>  Mon, 01 Dec 2014 18:32:57 +0100

Available diffs

• diff from 1.3.0-3 to 1.3.1-1 (1000.2 KiB)

flac (1.3.0-3) unstable; urgency=high


  * Fixes for CVE-2014-8962 and CVE-2014-9028:
    + Backport three patches from upstream GIT repository:
      - CVE-2014-8962.patch: Fix a buffer read overflow.
      - CVE-2014-9028.patch: Avoid a heap overflow.
      - CVE-2014-9028-2.patch: Avoid a heap overflow. Closely related to
        the former fix, but strictly speaking not the same vulnerability.
    + Closes: #770918.
    + Thanks Erik de Castro Lopo for the bug report and the upstream fixes!

 -- Fabian Greffrath <email address hidden>  Thu, 27 Nov 2014 16:52:51 +0100

Available diffs

• diff from 1.3.0-2ubuntu1 (in Ubuntu) to 1.3.0-3 (2.3 KiB)

flac (1.3.0-2) unstable; urgency=low


  [ Reinhard Tartler ]
  * switch to xz compression
  * Bump standards version (no changes)

  [ Fabian Greffrath ]
  * Add -lflac to flac++'s pkg-config file (Closes: #713645);
    thanks Sebastian Ramacher.

 -- Fabian Greffrath <email address hidden>  Tue, 03 Sep 2013 21:38:39 +0200

Available diffs

• diff from 1.3.0-1 to 1.3.0-2 (1.1 KiB)

flac (1.3.0-1) unstable; urgency=low


  * Imported Upstream version 1.3.0 (Closes: #527542, #705601).
  * Update debian/watch file, thanks Ulrich Klauer (Closes: #710062).
  * Revert "Remove manpages from master branch."
  * Imported Upstream version 1.3.0
  * Convert package to "3.0 (quilt)" source format.
  * Remove all patches, they have either been merged upstream or do not
    apply anymore (tested).
  * Explicitly enable static libraries.
  * Simplify debian/libflac-doc.install.
  * Bump shlibs for added symbols.
  * Remove needless Build-Depends: libid3-3.8.3-dev.
  * Update Homepage field.
  * Repair upstream manpage regeneration rule.
  * Bump Build-Depends: debhelper (>= 9).
  * Fix vcs-field-not-canonical.
  * Import two patches from upstream GIT:
    + Add missing config.h includes.
    + Fix local_strcat() to terminate string correctly.
  * Disable 3DNow! optimizations, enable SSE only on amd64, enable Altivec
    only on ppc64, disable ASM optimizations elsewhere.

 -- Fabian Greffrath <email address hidden>  Fri, 07 Jun 2013 10:24:30 +0200

Available diffs

• diff from 1.2.1-6build1 (in Ubuntu) to 1.3.0-1 (1.5 MiB)

flac (1.2.1-6) unstable; urgency=medium


  * Fix "format not a string literal and no format arguments
    [-Werror=format-security]" errors (Closes: #643377).

 -- Fabian Greffrath <email address hidden>  Wed, 05 Oct 2011 14:26:47 +0200

flac (1.2.1-5) unstable; urgency=low


  * Team upload.

  [ Steve Langasek ]
  * Transition package to multiarch (Closes: #637582)

 -- Alessio Treglia <email address hidden>  Tue, 16 Aug 2011 12:55:20 +0200

Available diffs

• diff from 1.2.1-4 to 1.2.1-5 (896 bytes)

flac (1.2.1-4) unstable; urgency=low
  [ Fabian Greffrath ]  * Convert patch tracking system from dpatch to quilt.  * Convert package to use dh7 with quilt and autotools-dev sequence    addons.  * Clean up debian/control and debian/flac.install.  * Remove unnecessary debian/fixrpath.  * Skip test suite, it was also skipped before.  * Bring back config.sub and config.guess from upstream branch.  * Improve debian/copyright.  * Remove special handling of CFLAGS for m68k.  * debian/patches/12_ac_config_macro_dir.patch: New patch, fixes    "undefined macro: AM_PATH_XMMS" and similar errors which cause    autoreconf to fail.  * Drop debian/patches/90_autoreconf.patch in favour of dh-autoreconf.  * Convert patch tracking system from dpatch to quilt.  * Convert package to use dh7 with quilt and autotools-dev sequence addons.  * Clean up debian/control and debian/flac.install.  * Remove unseless debian/fixrpath.  * Prepare new changelog entry.  * Skip test suite, it was also skipped before.  * Bring back config.sub and config.guess from upstream branch.  * Clarify dh_auto_test should be omitted.  * Update debian/changelog.  * Improve debian/copyright.  * Update debian/changelog.  * Remove special handling of CFLAGS for m68k.  * debian/patches/12_ac_config_macro_dir.patch: New patch, fixes    "undefined macro: AM_PATH_XMMS" and similar errors which cause    autoreconf to fail.  * Drop debian/patches/90_autoreconf.patch in favour of dh-autoreconf.  * Update debian/changelog.  * Remove 90_autoreconf.patch from debian/patches/series as well.  [ Alessio Treglia ]  * debian/control:    - Bump Standards.    - Fix team's name.  * debian/patches/13_replaygain_c_locale.patch:    - flac should not use locales when running with 'replaygain'      option (Closes: #498050).  * debian/patches/14_metadata_iterators_memleak.patch:    - Fix memoy leak in metadata_iterators.c, 'node' is not freed;      Patch taken from upstream's patchtracker.  * Add .gitignore to skip quilt files.  * Add gbp config file.  * Get rid of unneeded *.la files (Closes: #633177). -- Fabian Greffrath <email address hidden>  Sat, 09 Jul 2011 11:51:59 +0200

flac (1.2.1-3) unstable; urgency=low


  * Add Joshua Kwan back to Uploaders, sorry!
  * Update my e-mail address.
  * Fix "libFLAC.m4 may set empty -L flag when configure is called
    without arguments" (Closes: #579025).
  * Consider *gnuspe which matches powerpc-unknown-linux-gnuspe where
    AltiVec is not available at all (Closes: #585518), thanks Sebastian
    Andrzej Siewior.
  * Mandatory autoreconf.
  * Add debian/source/format, keep at 1.0 for now.
  * Add debian/README.source.
  * Add Vcs-* and Homepage fields.
  * Bump Standards-Version to 3.8.4.

 -- Fabian Greffrath <email address hidden>  Tue, 15 Jun 2010 14:37:46 +0200

flac (1.2.1-2) unstable; urgency=high


  * New maintainer (Closes: #539565).
  * Acknowledge NMUs (Closes: #456726, #455304, #525826, #525829).
  * Urgency high, because of fixed RC bugs.

  * Set Maintainer to Debian multimedia packages maintainers and added
    myself to Uploaders.
  * Wrapped and sorted Build-Depends.
  * Added ${misc:Depends} to all packages and wrapped Depends fields.
  * Bumped debhelper compat to 7.
  * Removed versioned dependency on g++ and libid3-3.8.3-dev, the
    required versions are already in oldstable.
  * Bumped Standards-Version to 3.8.2.
  * Removed Conflicts and Replaces against packages that aren't even in
    oldstable anymore.
  * Point to versioned license file (GPL-2).
  * Use dh_prep instead of dh_clean -k.
  * Update config.sub and config.guess in the configure rule and remove
    them in the clean target.
  * Fixed doc-base-uses-applications-section.
  * debian/patches/09_noexec-stack.dpatch: New patch to indicate that
    libFLAC.so doesn't need an executable stack (Closes: #467544),
    Thanks Russell Coker <email address hidden>.
  * Added shlibs information for libflac8 and libflac++6 (Closes:
    #481428, #508293).
  * Fixed binary-control-field-duplicates-source.
  * Added patch description to debian/patches/02_doc_path.dpatch.
  * Added patch description to debian/patches/08_gcc-4.3_fixes.dpatch.
  * Regenerate manpages at compile time: Add docbook-to-man to Build-
    Depends, change debian/patches/02_doc_path.dpatch to modify
    man/flac.sgml, stop touching man/flac.1 in debian/rules and remove
    the manpages in the clean target.

 -- Fabian Greffrath <email address hidden>  Tue, 04 Aug 2009 08:54:15 +0200

flac (1.2.1-1.2) unstable; urgency=low


  * Non-maintainer upload.
  * Fix gcc-4.3 FTBFS, patch by KiBi (Closes: #455304)

 -- Marc 'HE' Brockschmidt <email address hidden>  Sun, 16 Mar 2008 18:02:56 +0100