SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for lame-3.100-7.1.x86_64.rpm :
Fri Feb 23 13:00:00 2018 kbabiochAATTsuse.com
- Update to version 3.100

* Improved detection of MPEG audio data in RIFF WAVE files.
sf#3545112 Invalid sampling detection

* New switch --gain , range -20.0 to +12.0, a more
convenient way to apply Gain adjustment in decibels,
than the use of --scale .

* Fix for sf#3558466 Bug in path handling

* Fix for sf#3567844 problem with Tag genre

* Fix for sf#3565659 no progress indication with pipe input

* Fix for sf#3544957 scale (empty) silent encode without warning

* Fix for sf#3580176 environment variable LAMEOPT doesn\'t
work anymore

* Fix for sf#3608583 input file name displayed with wrong
character encoding (on windows console with CP_UTF8)

* Fix dereference NULL and Buffer not NULL terminated issues.

* Fix dereference of a null pointer possible in loop.

* Make sure functions with SSE instructions maintain their own
properly aligned stack. Thanks to Fabian Greffrath

* Multiple Stack and Heap Corruptions from Malicious File.

* Fix a division by zero vulnerability (CVE-2017-11720 bsc#1082311)

* Fix CVE-2017-9410 fill_buffer_resample function in
libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)

* Fix CVE-2017-9411 fill_buffer_resample function in
libmp3lame/util.c invalid memory read and application crash
(bsc#1082397)

* Fix CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash
(bsc#1082340)

* Fix clip detect scale suggestion unaware of scale input value

* HIP decoder bug fixed: decoding mixed blocks of lower sample
frequency Layer3 data resulted in internal buffer overflow.

* Add lame_encode_buffer_interleaved_int()

* Fix a stack-based buffer overflow and application crash in the
III_dequantisize_sample function in layer3.c in mpglib (CVE-2017-9872
bsc#1082391)

* Fix a stack-based buffer overflow and application crash in the
III_i_stereo function in layer3.c in mpglib (CVE-2017-9871
bsc#1082392)

* Fix a buffer over-read and application crash in the III_i_stereo function
in layer3.c (CVE-2017-9870 bsc#1082393)

* Fix a buffer over-read and application crash in the II_step_one function
in layer2.c (CVE-2017-9869 bsc#1082395)

* Fix buffer overflows when data types for values in WAV or AIFF headers are
no signed (CVE-2017-8419 bsc#1037255)

* Fix a stack-based buffer overflow in unpack_read_samples in the file
frontend/get_audio.c (CVE-2017-15046 bsc#1061973)

* Fix a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related
to lame_encode_buffer_sample_t in libmp3lame/lame.c (CVE-2017-15045
bsc#1061970)

* Fix a NULL Pointer Dereference in the hip_decode_init function within
libmp3lame/mpglib_interface.c via a malformed mpg file, because of an
incorrect calloc call. (CVE-2017-15019 bsc#1082317)

* Fix a heap-based buffer over-read when handling a malformed file in k_34_4 in
vbrquantize.c. (CVE-2017-15018 bsc#1082341)

* Fix a NULL Pointer Dereference in the id3v2AddAudioDuration function in
libmp3lame/id3tag.c (CVE-2017-13712 bsc#1082399)

* Fix a heap-based buffer over-read in fill_buffer_resample function in util.c
(CVE-2015-9101 bsc#1082400)

* Fix a NULL pointer dereference in fill_buffer_resample function in util.c
(CVE-2015-9100 bsc#1082401)

* Fix invalid read in lame_init_params function in lame.c (CVE-2015-9099
bsc#1082329)
- Drop upstream patches:

* lame-Add-check-for-invalid-input-sample-rate.patch

* lame-ansi2knr2.patch

* lame-bits_per_sample.patch

* lame-force_align_arg_pointer.patch

* lame-gtk1.patch

* lame-int_resample_ratio.patch

* lame-msse.patch

Thu Mar 2 13:00:00 2017 jengelhAATTinai.de
- Rename %soname to %sover to better reflect its use.
- Replace goals with what the software really does.

Sat Jun 20 14:00:00 2015 olafAATTaepfle.de
- Add patch for SSE
- Add check for invalid input sample rate
- Avoid malformed wav causing floating point exception (integer divide by zero)
- Fix warning on 64 bit machines. Explicitely set variables as unsigned ints.
- Enable functions with SSE instructions to maintain their own properly aligned stack
- Fix decision if sample rate ratio is an integer value or not
- run autoreconf, set GTK_CFLAGS
- Add patch to remove ansi2knr instead of using sed

Tue Feb 3 13:00:00 2015 scarabeusAATTopensuse.org
- Redux the conditionals for not building gtk1 anywhere anymore

Fri Nov 1 13:00:00 2013 obsAATTbotter.cc
- Fix logical issue in hvogel\'s fix

Thu Oct 31 13:00:00 2013 hvogelAATTopensuse.org
- Fix the conditional building of gtk1 binaries

Tue Oct 15 14:00:00 2013 obsAATTbotter.cc
- Fix pkgconfig(gtk+-2.0) for >= 11.4

Thu Jul 19 14:00:00 2012 reddwarfAATTopensuse.org
- Fix bug reporting link
- BuildRequires nasm only in x86-32 (there is no assembly available
for other archs)
- Stop BuildRequiring flac-devel, it\'s not used
- Remove autoreconf call and related BuildRequires and patches
- Remove old compatibility Provides
- Run spec-cleaner
- Removed all patches (unneeded)
- Replace some documentation and let the build system install its
own

Tue Jul 17 14:00:00 2012 pascal.bleserAATTopensuse.org
- update to 3.99.5: fixed build on 12.2

Tue Nov 22 13:00:00 2011 pascal.bleserAATTopensuse.org
- disable sndfile for IO, causes more issues than anything else (warnings and
issues in several applications that use lame)
- lame-tgetstr.patch: fix build on openSUSE > 12.1, tput and friends are now in
libtinfo

Mon Mar 7 13:00:00 2011 pascal.bleserAATTopensuse.org
- add Gentoo patch that fixes reading from stdin
- add rpmlintrc
- split out documentation into subpackage

Fri Jun 18 14:00:00 2010 lnusselAATTsuse.de
- disable use of gtk in 11.3, was dropped

Sat Mar 27 13:00:00 2010 pascalAATTlinks2linux.de
- update to 3.98.4:

* fix for #2973877, a problem regarding the new drain code

Sun Feb 28 13:00:00 2010 pascalAATTlinks2linux.de
- update to 3.98.3:

* a very important interaction with the FhG decoder was fixed

* the hip audio decoding library is used to perform a better job
when reencoding MP3 files to MP3 files

* bugs were worked around to improve compatibility with ffmpeg

* many fixes were made regarding ID3 tags, including correct
specification of the length of the tracks
- dropped cvs patch, merged upstream

Fri Aug 21 14:00:00 2009 Manfred.TremmelAATTiiv.de
- cleanups cvs patch
- removed static library

Sat May 30 14:00:00 2009 Manfred.TremmelAATTiiv.de
- patch from cvs to fix buffer problems with ffmpeg


  
ICM