AArch64 | |
ppc64le | |
s390x | |
x86-64 |
- Update to version 3.100 * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. * Fix a division by zero vulnerability (CVE-2017-11720 bsc#1082311) * Fix CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333) * Fix CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397) * Fix CVE-2017-9412 unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340) * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() * Fix a stack-based buffer overflow and application crash in the III_dequantisize_sample function in layer3.c in mpglib (CVE-2017-9872 bsc#1082391) * Fix a stack-based buffer overflow and application crash in the III_i_stereo function in layer3.c in mpglib (CVE-2017-9871 bsc#1082392) * Fix a buffer over-read and application crash in the III_i_stereo function in layer3.c (CVE-2017-9870 bsc#1082393) * Fix a buffer over-read and application crash in the II_step_one function in layer2.c (CVE-2017-9869 bsc#1082395) * Fix buffer overflows when data types for values in WAV or AIFF headers are no signed (CVE-2017-8419 bsc#1037255) * Fix a stack-based buffer overflow in unpack_read_samples in the file frontend/get_audio.c (CVE-2017-15046 bsc#1061973) * Fix a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c (CVE-2017-15045 bsc#1061970) * Fix a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. (CVE-2017-15019 bsc#1082317) * Fix a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. (CVE-2017-15018 bsc#1082341) * Fix a NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c (CVE-2017-13712 bsc#1082399) * Fix a heap-based buffer over-read in fill_buffer_resample function in util.c (CVE-2015-9101 bsc#1082400) * Fix a NULL pointer dereference in fill_buffer_resample function in util.c (CVE-2015-9100 bsc#1082401) * Fix invalid read in lame_init_params function in lame.c (CVE-2015-9099 bsc#1082329) - Drop upstream patches: * lame-Add-check-for-invalid-input-sample-rate.patch * lame-ansi2knr2.patch * lame-bits_per_sample.patch * lame-force_align_arg_pointer.patch * lame-gtk1.patch * lame-int_resample_ratio.patch * lame-msse.patch
- Update to version 3.100 * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. * Fix a division by zero vulnerability. * Fix CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap * Fix CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash * Fix CVE-2017-9412 unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() - Drop upstream patches: * lame-Add-check-for-invalid-input-sample-rate.patch * lame-ansi2knr2.patch * lame-bits_per_sample.patch * lame-force_align_arg_pointer.patch * lame-gtk1.patch * lame-int_resample_ratio.patch * lame-msse.patch
- Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error
- Escape the "$" character in spec file, so that the non-existing variable does not get replaced by empty string
- Create pkgconfig file.