2018-05-01 - Markus Koschany <email@example.com>
faad2 (2.8.0~cvs20161113-1+deb9u1) stretch; urgency=high
* Non-maintainer upload.
* Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255,
Various issues were discovered in faad2, a fast audio decoder, that could
cause a denial of service (large loop and CPU consumption) via a crafted
mp4 file. (Closes: #889915)
2016-11-13 - Fabian Greffrath <firstname.lastname@example.org>
faad2 (2.8.0~cvs20161113-1) unstable; urgency=medium
* New upstream CVS snapshot.
+ Fixes implicit SBR detection via AudioSpecificConfig
on systems with unsigned char (Closes: #843173).
* Change Uploaders field to use my Debian account.
2015-05-11 - Fabian Greffrath <email@example.com>
faad2 (2.8.0~cvs20150510-1) unstable; urgency=medium
* New upstream CVS snapshot.
+ Does not crash when given ADTS AAC file with large ID3v2 tag anymore,
thanks Mike Crowe for the bug report and patch (Closes: #689712).
+ Does not crash with the Mayhem testcase anymore, thanks Alexandre Rebert
for the bug report (Closes: #715882).
* Add debian/README.source to document how the Debian source tarball was
created and force xz compression in debian/gbp.conf.
* Remove all patches that were either applied, solved differently or
+ autotools-compat.patch: Disapproved upstream.
+ noinst-mp4ff.patch: Applied upstream.
+ manpage.patch: Applied upstream.
+ incorrect_pointer_size.patch: Does not apply anymore.
+ bpa-stdin.patch: Applied upstream.
+ path_max.patch: Applied upstream.
+ fix_ftbfs_with_gcc4.5.patch: Disapproved upstream.
+ symbol-visibility.patch: Does not apply anymore.
+ libfaad-drm.patch: Applied upstream.
* Ship upstream's own frontend and API documentation manpages.
* Update Debian packaging copyright years.
* Remove '__DATE__' CPP macro for reproducible builds.
2015-04-30 - Fabian Greffrath <firstname.lastname@example.org>
faad2 (2.7-9) unstable; urgency=medium
* Build the DRM version of the library as well as the normal version,
thanks Julian Cable for the idea and the patch!
* Remove Andres Mejia from Uploaders (Closes: #743545).
* Remove "DM-Upload-Allowed" field from debian/control.
* Mark the faad2-dbg package as "Multi-Arch: same" and
remove faad ("Multi-Arch: no") from its Dependencies.
* Remove debian/source/local-options, they are default now.
* Add faad.lintian-overrides for a spelling error that is used
in the id3 specification.
* Fix "vcs-field-not-canonical" lintian warning.
* Fix "'visibility' attribute ignored on non-class types" compiler warnings
introduced by our symbol versioning patch.
* Fix most autotools warnings.
* Bump "Standards-Version" to 3.9.6.
* Run "wrap-and-sort -asb".
* Add extensive API documentation in libfaad.3, courtesy of Julian Cable.
2012-03-18 - Andres Mejia <email@example.com>
faad2 (2.7-8) unstable; urgency=low
[ Fabian Greffrath ]
+ Dynamically allocate file name buffers,
instead of relying on PATH_MAX.
* Set appropriate symbol visibility attributes.
* Rebuild autofoo with dh-autoreconf.
* Add debian/libfaad2.symbols file.
* Remove redundant license blurb from debian/copyright.
* libmp4ff ist not packaged, so do not install it either.
* Simplify debian/*.install accordingly.
[ Andres Mejia ]
* Make dev package multiarch installable.
* Bump to Standards-Version 3.9.3.