Package Release Info

lame-3.100-6.1

Update Info: openSUSE-2018-214
Available in Package Hub : 12 SP2-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

lame
lame-doc
lame-mp3rtp
libmp3lame-devel
libmp3lame0

Change Logs

* Fri Feb 23 2018 kbabioch@suse.com
- Update to version 3.100
  * Improved detection of MPEG audio data in RIFF WAVE files.
    sf#3545112 Invalid sampling detection
  * New switch --gain <decibel>, range -20.0 to +12.0, a more
    convenient way to apply Gain adjustment in decibels,
    than the use of --scale <factor>.
  * Fix for sf#3558466 Bug in path handling
  * Fix for sf#3567844 problem with Tag genre
  * Fix for sf#3565659 no progress indication with pipe input
  * Fix for sf#3544957 scale (empty) silent encode without warning
  * Fix for sf#3580176 environment variable LAMEOPT doesn't
    work anymore
  * Fix for sf#3608583 input file name displayed with wrong
    character encoding (on windows console with CP_UTF8)
  * Fix dereference NULL and Buffer not NULL terminated issues.
  * Fix dereference of a null pointer possible in loop.
  * Make sure functions with SSE instructions maintain their own
    properly aligned stack. Thanks to Fabian Greffrath
  * Multiple Stack and Heap Corruptions from Malicious File.
  * Fix a division by zero vulnerability (CVE-2017-11720 bsc#1082311)
  * Fix CVE-2017-9410 fill_buffer_resample function in
    libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)
  * Fix CVE-2017-9411 fill_buffer_resample function in
    libmp3lame/util.c invalid memory read and application crash
    (bsc#1082397)
  * Fix CVE-2017-9412 unpack_read_samples function in
    frontend/get_audio.c invalid memory read and application crash
    (bsc#1082340)
  * Fix clip detect scale suggestion unaware of scale input value
  * HIP decoder bug fixed: decoding mixed blocks of lower sample
    frequency Layer3 data resulted in internal buffer overflow.
  * Add lame_encode_buffer_interleaved_int()
  * Fix a stack-based buffer overflow and application crash in the
    III_dequantisize_sample function in layer3.c in mpglib (CVE-2017-9872
    bsc#1082391)
  * Fix a stack-based buffer overflow and application crash in the
    III_i_stereo function in layer3.c in mpglib (CVE-2017-9871
    bsc#1082392)
  * Fix a buffer over-read and application crash in the III_i_stereo function
    in layer3.c (CVE-2017-9870 bsc#1082393)
  * Fix a buffer over-read and application crash in the II_step_one function
    in layer2.c (CVE-2017-9869 bsc#1082395)
  * Fix buffer overflows when data types for values in WAV or AIFF headers are
    no signed (CVE-2017-8419 bsc#1037255)
  * Fix a stack-based buffer overflow in unpack_read_samples in the file
    frontend/get_audio.c (CVE-2017-15046 bsc#1061973)
  * Fix a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related
    to lame_encode_buffer_sample_t in libmp3lame/lame.c (CVE-2017-15045
    bsc#1061970)
  * Fix a NULL Pointer Dereference in the hip_decode_init function within
    libmp3lame/mpglib_interface.c via a malformed mpg file, because of an
    incorrect calloc call. (CVE-2017-15019 bsc#1082317)
  * Fix a heap-based buffer over-read when handling a malformed file in k_34_4 in
    vbrquantize.c. (CVE-2017-15018 bsc#1082341)
  * Fix a NULL Pointer Dereference in the id3v2AddAudioDuration function in
    libmp3lame/id3tag.c (CVE-2017-13712 bsc#1082399)
  * Fix a heap-based buffer over-read in fill_buffer_resample function in util.c
    (CVE-2015-9101 bsc#1082400)
  * Fix a NULL pointer dereference in fill_buffer_resample function in util.c
    (CVE-2015-9100 bsc#1082401)
  * Fix invalid read in lame_init_params function in lame.c (CVE-2015-9099
    bsc#1082329)
- Drop upstream patches:
  * lame-Add-check-for-invalid-input-sample-rate.patch
  * lame-ansi2knr2.patch
  * lame-bits_per_sample.patch
  * lame-force_align_arg_pointer.patch
  * lame-gtk1.patch
  * lame-int_resample_ratio.patch
  * lame-msse.patch