SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libFLAC8-1.3.2-3.8.1.x86_64.rpm :
Wed Dec 16 13:00:00 2020 tiwaiAATTsuse.de
- Fix memory leak (CVE-2020-0487 bsc#1180112):
stream_decoder.c-Fix-a-memory-leak.patch

Wed Dec 16 13:00:00 2020 tiwaiAATTsuse.de
- Fix out-of-bounds access (CVE-2020-0499 bsc#1180099):
libFLAC-bitreader.c-Fix-out-of-bounds-read.patch

Fri Apr 27 14:00:00 2018 tiwaiAATTsuse.de
- Fix memory leak in read_metadata_vorbiscomment_() function
(CVE-2017-6888, bsc#1091045):
flac-CVE-2017-6888.patch

Sun Jan 1 13:00:00 2017 aloisioAATTgmx.com
- Update to version 1.3.2

* Fix undefined behaviour using GCC/Clang UBSAN (erikd).

* General hardening via fuzz testing with AFL (erikd and
others).

* General code improvements (lvqcl, erikd and others).

* Add FLAC in MP4 specification docs (Ralph Giles).

* Fix some cppcheck warnings (erikd).

* Assume all currently used OSes support SSE2.
flac:

* Fix potential infinite loop on flac-to-flac conversion
(erikd).

* Add WAVEFORMATEXTENSIBLE to WAV (as needed) when
decoding (lvqcl).

* Only write vorbis-comments if they are non-empty.

* Error out if decoding RAW with bits != (8|16|24).
metaflac:

* Add --scan-replay-gain option.
libraries:

* CPU detection cleanup and fixes (Julian Calaby, erikd
and lvqcl).

* Fix two stream decoder bugs (Max Kellermann).

* Fix a NULL dereference bug (on a malformed file).

* Changed the LPC order guess for a slight compression
improvement, particularly for classical music
(Martijn van Beurden).

* Improved encoding speed on older Intel CPUs.

* Fixed a seeking bug when decoding certain files
(Miroslav Lichvar).

* Put an upper bound (32768) on the number of seek
points.

* Fix potential memory leaks.

* Support 64bit brword/bwword allowing
FLAC__BYTES_PER_WORD to be set to 8 (disabled by
default).

* Fix an out-of-bounds heap read.
- Refreshed flac-cflags.patch

Sat Sep 10 14:00:00 2016 tchvatalAATTsuse.com
- Drop patch that should be upstreamed first, otherwise we will
have to keep it ofrever:

* flac-ocloexec.patch
- Drop wrong patch:

* flac-fix-pkgconfig.patch
+ If using this change you get assert.h include overriden in your
project by the one from FLAC/ which is not what upstream desired
If packages fail to build they should fix their include

Sat Mar 21 13:00:00 2015 mpluskalAATTsuse.com
- Build documentation as noarch

Fri Mar 20 13:00:00 2015 mpluskalAATTsuse.com
- Cleanup spec file with spec-cleaner
- Update url
- Remove no longer needed patches

* flac-fix-CVE-2014-8962.patch

* flac-fix-CVE-2014-9028.patch

* 0001-getopt_long-not-broken-here.patch
- Remove following as benefit of using openssl is small

* 0001-Allow-use-of-openSSL.patch
- Add flac-cflags.patch
- Use doxygen to build documentation
- Split documentation to separate package
- Update to 1.3.1

* Improved decoding efficiency of all bit depths but especially
so for 24 bits for IA32 architecture (lvqcl and Miroslav Lichvar).

* Faster encoding using SSE and AVX (lvqcl).

* Fixed bartlett, bartlett_hann and triangle functions.

* New apodization functions partial_tukey and punchout_tukey for
improved compression (Martijn van Beurden).

* Retuned compression presets to incorporate new apodization
functions (Martijn van Beurden).

* Fix -Wcast-align warnings on armhf architecture (Erik de
Castro Lopo).

* Help output documentation improvements.

* I/O buffering improvements on Windows to reduce disk
fragmentation when writing files.

* Only write vorbis-comments if they are non-empty.

* Fix symbol visibility in XMMS plugin.

* Many fixes and improvements across all the build systems.

* Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962
(heap read overflow)

Wed Nov 26 13:00:00 2014 tiwaiAATTsuse.de
- A couple of security fixes:

* flac-fix-CVE-2014-8962.patch:
arbitrary code execution by a stack overflow (CVE-2014-8962,
bnc#906831)

* flac-fix-CVE-2014-9028.patch:
Heap overflow via specially crafted .flac files (CVE-2014-9028,
bnc#907016)

Mon Jul 1 14:00:00 2013 jengelhAATTinai.de
- Update to final upstream release 1.3.0

* No user-visible changes
- More robust make install call

Sun May 26 14:00:00 2013 crrodriguezAATTopensuse.org
- Update to flac 1.3.0pre4 (packaged as 1.2.99_git
* to avoid
messing with RPM versioning)

* Mostly non-linux related bugfixes plus autotools fixes
- flac-openssl.patch --> 0001-Allow-use-of-openSSL.patch
- remove flac-1.2.1-automake1_13.patch, fixed in upstream.
- add 0001-getopt_long-not-broken-here.patch, FLAC bundles
GNU-compatible getopt_long for broken OS, but we do have
a functional version in libc already.

Mon Apr 22 14:00:00 2013 cfarrellAATTsuse.com
- license update: BSD-3-Clause and GPL-2.0+ and GFDL-1.2
Numerous GPL-2.0+ licensed files;documtation is GFDL-1.2

Thu Feb 28 13:00:00 2013 seife+obsAATTb1-systems.com
- add flac-1.2.1-automake1_13.patch, fix build with automake-1.13.1

Tue Dec 18 13:00:00 2012 idonmezAATTsuse.com
- Add flac-fix-pkgconfig.patch to fix includedir in the pkgconfig
files.

Sun Dec 9 13:00:00 2012 crrodriguezAATTopensuse.org
- add xz buildrequires for old distros.

Sat Dec 8 13:00:00 2012 crrodriguezAATTopensuse.org
- Update to current git

* patches deleted:
- flac-1.2.1-asm.patch
- flac-1.2.1-bitreader.patch
- flac-gcc43-fixes.diff
- flac-gcc47.patch
- flac-leaks.patch
- flac-no-xmms.diff
- flac-visibility.patch
- flac-printf-format-fix.diff
All Upstreamed either by us or other distros.
- Add flac-openssl.patch, do crypto with openssl (not wanted upstream)
- Restore make check

Tue Sep 4 14:00:00 2012 schwabAATTlinux-m68k.org
- Don\'t ignore $(AM_CFLAGS).
- Remove ppc patch.

Tue Mar 13 13:00:00 2012 dimstarAATTopensuse.org
- Add flac-gcc47.patch: Replacing strcpy without \'lenght
limitation\' with strncpy, limited to 4 chars. This is safe, as we
check the length already to be sure it is 4 chars, yet do not
suffer from the problem that strcpy wants to add a \'\\0\' char in
plus to the target string.

Thu Mar 8 13:00:00 2012 dvaleevAATTsuse.com
- don\'t use fvisibility=hidden on ppc. As it can\'t find symbols
afterwards

Fri Jan 27 13:00:00 2012 crrodriguezAATTopensuse.org
- Fix some memory and resources leak.
- Link shared libraries with -Bsymbolic-functions
- annotate relevant functions with proper attributes to
allow the compiler generate better code (attribute hot. alloc_size)

Tue Jan 24 13:00:00 2012 crrodriguezAATTopensuse.org
- Support symbol visibility features
- Disable test suite, nothing wrong with it, it just
takes too long to run and uses private/hidden symbols to
test flac\'s internals.

Sun Nov 20 13:00:00 2011 crrodriguezAATTopensuse.org
- Use O_CLOEXEC in all library code.

Sat Oct 1 14:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to make the spec file more reliable

Wed Sep 28 14:00:00 2011 crrodriguezAATTopensuse.org
- Build with --enable-sse, this only disables runtime
checking if the
*OS
* supports SSE, which registers a
SIGILL signal handler then tries to execute SSE code...
it still tests the running
*CPU
* though.

Sun Sep 18 14:00:00 2011 jengelhAATTmedozas.de
- Apply packaging guidelines (remove redundant/obsolete
tags/sections from specfile, etc.)
- Add flac-devel to baselibs

Sat Aug 6 14:00:00 2011 crrodriguezAATTopensuse.org
- Do not build with -fno-strict-aliasing since is no longer
required.
- Impoer two patches from redhat, one speeds up decoding and
the other enables the working ASM optimizations.

Wed Dec 8 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- run make check, but only the basic test suite, complete
one takes hours.

Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0


  
ICM