A new libvorbis release is now available. http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.bz2 http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.zip This release fixes some robustness issues with corrupt streams, including a security issue. Also new in this release is support for multiplexed streams in libvorbisfile, so you can now play the audio portion of Ogg video files with a vorbisfile-based audio player. We recommend upgrading to all users. MD5 checksums: 7c6e409d7aa1fa8a5481dea571d5bde0 libvorbis-1.2.0.tar.bz2 478646358c49f34aedcce58948793619 libvorbis-1.2.0.tar.gz ceae7e999ed18469418a1e971d7029d9 libvorbis-1.2.0.zip SHA-1 checksums: fd10558c7dc297887caf20f3ac2601e084715a6a libvorbis-1.2.0.tar.bz2 6ff5f9d9d71cc385ee180171cc21af5653b76a16 libvorbis-1.2.0.tar.gz 7f10e762486299e662181333d00078181619b641 libvorbis-1.2.0.zip libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622" * new ov_fopen() convenience call that avoids the common stdio conflicts with ov_open() and MSVC runtimes. * libvorbisfile now handles multiplexed streams * improve robustness to corrupt input streams * fix a minor encoder bug * updated RTP draft * build system updates * minor corrections to the specification Thanks to everyone who contributed to this release, and especially to David Thiel and Christopher Montgomery. -r
On 26/07/07, Ralph Giles <giles@xiph.org> wrote:> A new libvorbis release is now available.> libvorbis 1.2.0 (2007-07-25) -- "Xiph.Org libVorbis I 20070622" > > * new ov_fopen() convenience call that avoids the common > stdio conflicts with ov_open() and MSVC runtimes. > * libvorbisfile now handles multiplexed streams > * improve robustness to corrupt input streams > * fix a minor encoder bug > * updated RTP draft > * build system updates > * minor corrections to the specification >Nice to see this (and liking the multiplexed stream support). Should I be worried by minor differences when round-tripping through oggenc/oggdec compared to libvorbis 1.1.2? [ian@prometheus tmp]$ cmp 1.1.wav 1.2.wav 1.1.wav 1.2.wav differ: byte 195111, line 615 [ian@prometheus tmp]$ cmp -i 200000 1.1.wav 1.2.wav 1.1.wav 1.2.wav differ: byte 3, line 1 [ian@prometheus tmp]$ cmp -i 220000 1.1.wav 1.2.wav 1.1.wav 1.2.wav differ: byte 143037, line 318 [ian@prometheus tmp]$ (en/de-coded using the same version of vorbis-tools, -q6, haven't tried crossing to find out if the difference is due to the encode, decode or both) -- imalone
Ralph Giles <giles <at> xiph.org> writes:> A new libvorbis release is now available. > > http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.bz2 > http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz > http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.zip > > This release fixes some robustness issues with corrupt streams, > including a security issue.The correspoding CVEs are CVE-2007-4029 and CVE-2007-3106 [1]. Please consider mentioning security fixes in the ChangeLog or on your website, especially for those users not following this mailing list or their unix vendor's advisories. Regards, Robert [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106