SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for flac-devel-32bit-1.3.2-150000.3.14.1.x86_64.rpm :

* Mon Aug 28 2023 tiwaiAATTsuse.com- Fix Buffer Overflow vulnerability in function bitwriter_grow_ (CVE-2020-22219, bsc#1214615): 0001-fix-potential-memleak.patch 0002-Add-and-use-_nofree-variants-of-safe_realloc-functio.patch 0003-Leave-metadata-items-untouched-if-resize-function-fa.patch 0004-Do-not-memset-when-allocation-fails.patch 0005-Move-entropy-partitioning-result-allocation-so-it-ca.patch 0006-Don-t-overwrite-bad-state-with-seek-error.patch
* Wed Mar 02 2022 tiwaiAATTsuse.de- Fix out of bound write in append_to_verify_fifo_interleaved_ (CVE-2021-0561 bsc#1196660): libFlac-Exit-at-EOS-in-verify-mode.patch
* Wed Dec 16 2020 tiwaiAATTsuse.de- Fix memory leak (CVE-2020-0487 bsc#1180112): stream_decoder.c-Fix-a-memory-leak.patch
* Wed Dec 16 2020 tiwaiAATTsuse.de- Fix out-of-bounds access (CVE-2020-0499 bsc#1180099): libFLAC-bitreader.c-Fix-out-of-bounds-read.patch
* Fri Apr 27 2018 tiwaiAATTsuse.de- Fix memory leak in read_metadata_vorbiscomment_() function (CVE-2017-6888, bsc#1091045): flac-CVE-2017-6888.patch
* Sun Jan 01 2017 aloisioAATTgmx.com- Update to version 1.3.2
* Fix undefined behaviour using GCC/Clang UBSAN (erikd).
* General hardening via fuzz testing with AFL (erikd and others).
* General code improvements (lvqcl, erikd and others).
* Add FLAC in MP4 specification docs (Ralph Giles).
* Fix some cppcheck warnings (erikd).
* Assume all currently used OSes support SSE2. flac:
* Fix potential infinite loop on flac-to-flac conversion (erikd).
* Add WAVEFORMATEXTENSIBLE to WAV (as needed) when decoding (lvqcl).
* Only write vorbis-comments if they are non-empty.
* Error out if decoding RAW with bits != (8|16|24). metaflac:
* Add --scan-replay-gain option. libraries:
* CPU detection cleanup and fixes (Julian Calaby, erikd and lvqcl).
* Fix two stream decoder bugs (Max Kellermann).
* Fix a NULL dereference bug (on a malformed file).
* Changed the LPC order guess for a slight compression improvement, particularly for classical music (Martijn van Beurden).
* Improved encoding speed on older Intel CPUs.
* Fixed a seeking bug when decoding certain files (Miroslav Lichvar).
* Put an upper bound (32768) on the number of seek points.
* Fix potential memory leaks.
* Support 64bit brword/bwword allowing FLAC__BYTES_PER_WORD to be set to 8 (disabled by default).
* Fix an out-of-bounds heap read.- Refreshed flac-cflags.patch
* Sat Sep 10 2016 tchvatalAATTsuse.com- Drop patch that should be upstreamed first, otherwise we will have to keep it ofrever:
* flac-ocloexec.patch- Drop wrong patch:
* flac-fix-pkgconfig.patch + If using this change you get assert.h include overriden in your project by the one from FLAC/ which is not what upstream desired If packages fail to build they should fix their include
* Sat Mar 21 2015 mpluskalAATTsuse.com- Build documentation as noarch
* Fri Mar 20 2015 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Update url- Remove no longer needed patches
* flac-fix-CVE-2014-8962.patch
* flac-fix-CVE-2014-9028.patch
* 0001-getopt_long-not-broken-here.patch- Remove following as benefit of using openssl is small
* 0001-Allow-use-of-openSSL.patch- Add flac-cflags.patch- Use doxygen to build documentation- Split documentation to separate package- Update to 1.3.1
* Improved decoding efficiency of all bit depths but especially so for 24 bits for IA32 architecture (lvqcl and Miroslav Lichvar).
* Faster encoding using SSE and AVX (lvqcl).
* Fixed bartlett, bartlett_hann and triangle functions.
* New apodization functions partial_tukey and punchout_tukey for improved compression (Martijn van Beurden).
* Retuned compression presets to incorporate new apodization functions (Martijn van Beurden).
* Fix -Wcast-align warnings on armhf architecture (Erik de Castro Lopo).
* Help output documentation improvements.
* I/O buffering improvements on Windows to reduce disk fragmentation when writing files.
* Only write vorbis-comments if they are non-empty.
* Fix symbol visibility in XMMS plugin.
* Many fixes and improvements across all the build systems.
* Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962 (heap read overflow)
* Wed Nov 26 2014 tiwaiAATTsuse.de- A couple of security fixes:
* flac-fix-CVE-2014-8962.patch: arbitrary code execution by a stack overflow (CVE-2014-8962, bnc#906831)
* flac-fix-CVE-2014-9028.patch: Heap overflow via specially crafted .flac files (CVE-2014-9028, bnc#907016)
  
ICM