| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Update to version 3.100
* Improved detection of MPEG audio data in RIFF WAVE files.
sf#3545112 Invalid sampling detection
* New switch --gain <decibel>, range -20.0 to +12.0, a more
convenient way to apply Gain adjustment in decibels,
than the use of --scale <factor>.
* Fix for sf#3558466 Bug in path handling
* Fix for sf#3567844 problem with Tag genre
* Fix for sf#3565659 no progress indication with pipe input
* Fix for sf#3544957 scale (empty) silent encode without warning
* Fix for sf#3580176 environment variable LAMEOPT doesn't
work anymore
* Fix for sf#3608583 input file name displayed with wrong
character encoding (on windows console with CP_UTF8)
* Fix dereference NULL and Buffer not NULL terminated issues.
* Fix dereference of a null pointer possible in loop.
* Make sure functions with SSE instructions maintain their own
properly aligned stack. Thanks to Fabian Greffrath
* Multiple Stack and Heap Corruptions from Malicious File.
* Fix a division by zero vulnerability (CVE-2017-11720 bsc#1082311)
* Fix CVE-2017-9410 fill_buffer_resample function in
libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)
* Fix CVE-2017-9411 fill_buffer_resample function in
libmp3lame/util.c invalid memory read and application crash
(bsc#1082397)
* Fix CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash
(bsc#1082340)
* Fix clip detect scale suggestion unaware of scale input value
* HIP decoder bug fixed: decoding mixed blocks of lower sample
frequency Layer3 data resulted in internal buffer overflow.
* Add lame_encode_buffer_interleaved_int()
* Fix a stack-based buffer overflow and application crash in the
III_dequantisize_sample function in layer3.c in mpglib (CVE-2017-9872
bsc#1082391)
* Fix a stack-based buffer overflow and application crash in the
III_i_stereo function in layer3.c in mpglib (CVE-2017-9871
bsc#1082392)
* Fix a buffer over-read and application crash in the III_i_stereo function
in layer3.c (CVE-2017-9870 bsc#1082393)
* Fix a buffer over-read and application crash in the II_step_one function
in layer2.c (CVE-2017-9869 bsc#1082395)
* Fix buffer overflows when data types for values in WAV or AIFF headers are
no signed (CVE-2017-8419 bsc#1037255)
* Fix a stack-based buffer overflow in unpack_read_samples in the file
frontend/get_audio.c (CVE-2017-15046 bsc#1061973)
* Fix a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related
to lame_encode_buffer_sample_t in libmp3lame/lame.c (CVE-2017-15045
bsc#1061970)
* Fix a NULL Pointer Dereference in the hip_decode_init function within
libmp3lame/mpglib_interface.c via a malformed mpg file, because of an
incorrect calloc call. (CVE-2017-15019 bsc#1082317)
* Fix a heap-based buffer over-read when handling a malformed file in k_34_4 in
vbrquantize.c. (CVE-2017-15018 bsc#1082341)
* Fix a NULL Pointer Dereference in the id3v2AddAudioDuration function in
libmp3lame/id3tag.c (CVE-2017-13712 bsc#1082399)
* Fix a heap-based buffer over-read in fill_buffer_resample function in util.c
(CVE-2015-9101 bsc#1082400)
* Fix a NULL pointer dereference in fill_buffer_resample function in util.c
(CVE-2015-9100 bsc#1082401)
* Fix invalid read in lame_init_params function in lame.c (CVE-2015-9099
bsc#1082329)
- Drop upstream patches:
* lame-Add-check-for-invalid-input-sample-rate.patch
* lame-ansi2knr2.patch
* lame-bits_per_sample.patch
* lame-force_align_arg_pointer.patch
* lame-gtk1.patch
* lame-int_resample_ratio.patch
* lame-msse.patch
- Update to version 3.100
* Improved detection of MPEG audio data in RIFF WAVE files.
sf#3545112 Invalid sampling detection
* New switch --gain <decibel>, range -20.0 to +12.0, a more
convenient way to apply Gain adjustment in decibels,
than the use of --scale <factor>.
* Fix for sf#3558466 Bug in path handling
* Fix for sf#3567844 problem with Tag genre
* Fix for sf#3565659 no progress indication with pipe input
* Fix for sf#3544957 scale (empty) silent encode without warning
* Fix for sf#3580176 environment variable LAMEOPT doesn't
work anymore
* Fix for sf#3608583 input file name displayed with wrong
character encoding (on windows console with CP_UTF8)
* Fix dereference NULL and Buffer not NULL terminated issues.
* Fix dereference of a null pointer possible in loop.
* Make sure functions with SSE instructions maintain their own
properly aligned stack. Thanks to Fabian Greffrath
* Multiple Stack and Heap Corruptions from Malicious File.
* Fix a division by zero vulnerability.
* Fix CVE-2017-9410 fill_buffer_resample function in
libmp3lame/util.c heap-based buffer over-read and ap
* Fix CVE-2017-9411 fill_buffer_resample function in
libmp3lame/util.c invalid memory read and application crash
* Fix CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash
* Fix clip detect scale suggestion unaware of scale input value
* HIP decoder bug fixed: decoding mixed blocks of lower sample
frequency Layer3 data resulted in internal buffer overflow.
* Add lame_encode_buffer_interleaved_int()
- Drop upstream patches:
* lame-Add-check-for-invalid-input-sample-rate.patch
* lame-ansi2knr2.patch
* lame-bits_per_sample.patch
* lame-force_align_arg_pointer.patch
* lame-gtk1.patch
* lame-int_resample_ratio.patch
* lame-msse.patch
- Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error
- Escape the "$" character in spec file, so that the non-existing variable does not get replaced by empty string
- Create pkgconfig file.