Package Release Info


Update Info: openSUSE-2017-1099
Available in Package Hub : 12 SP2-SP5





Change Logs

* Thu Mar 02 2017
- Rename %soname to %sover to better reflect its use.
- Replace goals with what the software really does.
* Sat Jun 20 2015
- Add patch for SSE
- Add check for invalid input sample rate
- Avoid malformed wav causing floating point exception (integer divide by zero)
- Fix warning on 64 bit machines. Explicitely set variables as unsigned ints.
- Enable functions with SSE instructions to maintain their own properly aligned stack
- Fix decision if sample rate ratio is an integer value or not
- run autoreconf, set GTK_CFLAGS
- Add patch to remove ansi2knr instead of using sed
* Tue Feb 03 2015
- Redux the conditionals for not building gtk1 anywhere anymore
* Fri Nov 01 2013
- Fix logical issue in hvogel's fix
* Thu Oct 31 2013
- Fix the conditional building of gtk1 binaries
* Tue Oct 15 2013
- Fix pkgconfig(gtk+-2.0) for >= 11.4
* Thu Jul 19 2012
- Fix bug reporting link
- BuildRequires nasm only in x86-32 (there is no assembly available
  for other archs)
- Stop BuildRequiring flac-devel, it's not used
- Remove autoreconf call and related BuildRequires and patches
- Remove old compatibility Provides
- Run spec-cleaner
- Removed all patches (unneeded)
- Replace some documentation and let the build system install its
* Tue Jul 17 2012
- update to 3.99.5: fixed build on 12.2
* Tue Nov 22 2011
- disable sndfile for IO, causes more issues than anything else (warnings and
  issues in several applications that use lame)
- lame-tgetstr.patch: fix build on openSUSE > 12.1, tput and friends are now in
* Mon Mar 07 2011
- add Gentoo patch that fixes reading from stdin
- add rpmlintrc
- split out documentation into subpackage
* Fri Jun 18 2010
- disable use of gtk in 11.3, was dropped
* Sat Mar 27 2010
- update to 3.98.4:
  * fix for #2973877, a problem regarding the new drain code
* Sun Feb 28 2010
- update to 3.98.3:
  * a very important interaction with the FhG decoder was fixed
  * the hip audio decoding library is used to perform a better job
    when reencoding MP3 files to MP3 files
  * bugs were worked around to improve compatibility with ffmpeg
  * many fixes were made regarding ID3 tags, including correct
    specification of the length of the tracks
- dropped cvs patch, merged upstream
* Fri Aug 21 2009
- cleanups cvs patch
- removed static library
* Sat May 30 2009
- patch from cvs to fix buffer problems with ffmpeg
* Tue Sep 23 2008
- added Authors: in description blocks
- use libsndfile for fileio, as it seems to be the prefered default now
- update to 3.98.2:
  * adds some quality improvements to the generated audio files
  * enables the user to choose fractional variable bitrate qualities
  * upgraded support for libsndfile1 (and, in turn, can use many file formats as input, including FLAC files)
  * includes many bugfixes, including peripheral tools for user convenience
* Sun Jul 13 2008
- added ldconfig in post and postun
- changed release to (instead of 1)
- split off shared library and -devel packages (still Requires by lame for
  backwards compatibility, may change later)
- fixed Group:
- added BuildRequires
- added debuginfo support
- revamped spec file
* Wed Dec 20 2006
- update to version 3.97
- build against libm for k3b
* Tue Feb 28 2006
- package missing include dir
* Sat Nov 27 2004
- make spec file lib/lib64 clean
Version: 3.100-6.1
* Fri Feb 23 2018
- Update to version 3.100
  * Improved detection of MPEG audio data in RIFF WAVE files.
    sf#3545112 Invalid sampling detection
  * New switch --gain <decibel>, range -20.0 to +12.0, a more
    convenient way to apply Gain adjustment in decibels,
    than the use of --scale <factor>.
  * Fix for sf#3558466 Bug in path handling
  * Fix for sf#3567844 problem with Tag genre
  * Fix for sf#3565659 no progress indication with pipe input
  * Fix for sf#3544957 scale (empty) silent encode without warning
  * Fix for sf#3580176 environment variable LAMEOPT doesn't
    work anymore
  * Fix for sf#3608583 input file name displayed with wrong
    character encoding (on windows console with CP_UTF8)
  * Fix dereference NULL and Buffer not NULL terminated issues.
  * Fix dereference of a null pointer possible in loop.
  * Make sure functions with SSE instructions maintain their own
    properly aligned stack. Thanks to Fabian Greffrath
  * Multiple Stack and Heap Corruptions from Malicious File.
  * Fix a division by zero vulnerability (CVE-2017-11720 bsc#1082311)
  * Fix CVE-2017-9410 fill_buffer_resample function in
    libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)
  * Fix CVE-2017-9411 fill_buffer_resample function in
    libmp3lame/util.c invalid memory read and application crash
  * Fix CVE-2017-9412 unpack_read_samples function in
    frontend/get_audio.c invalid memory read and application crash
  * Fix clip detect scale suggestion unaware of scale input value
  * HIP decoder bug fixed: decoding mixed blocks of lower sample
    frequency Layer3 data resulted in internal buffer overflow.
  * Add lame_encode_buffer_interleaved_int()
  * Fix a stack-based buffer overflow and application crash in the
    III_dequantisize_sample function in layer3.c in mpglib (CVE-2017-9872
  * Fix a stack-based buffer overflow and application crash in the
    III_i_stereo function in layer3.c in mpglib (CVE-2017-9871
  * Fix a buffer over-read and application crash in the III_i_stereo function
    in layer3.c (CVE-2017-9870 bsc#1082393)
  * Fix a buffer over-read and application crash in the II_step_one function
    in layer2.c (CVE-2017-9869 bsc#1082395)
  * Fix buffer overflows when data types for values in WAV or AIFF headers are
    no signed (CVE-2017-8419 bsc#1037255)
  * Fix a stack-based buffer overflow in unpack_read_samples in the file
    frontend/get_audio.c (CVE-2017-15046 bsc#1061973)
  * Fix a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related
    to lame_encode_buffer_sample_t in libmp3lame/lame.c (CVE-2017-15045
  * Fix a NULL Pointer Dereference in the hip_decode_init function within
    libmp3lame/mpglib_interface.c via a malformed mpg file, because of an
    incorrect calloc call. (CVE-2017-15019 bsc#1082317)
  * Fix a heap-based buffer over-read when handling a malformed file in k_34_4 in
    vbrquantize.c. (CVE-2017-15018 bsc#1082341)
  * Fix a NULL Pointer Dereference in the id3v2AddAudioDuration function in
    libmp3lame/id3tag.c (CVE-2017-13712 bsc#1082399)
  * Fix a heap-based buffer over-read in fill_buffer_resample function in util.c
    (CVE-2015-9101 bsc#1082400)
  * Fix a NULL pointer dereference in fill_buffer_resample function in util.c
    (CVE-2015-9100 bsc#1082401)
  * Fix invalid read in lame_init_params function in lame.c (CVE-2015-9099
- Drop upstream patches:
  * lame-Add-check-for-invalid-input-sample-rate.patch
  * lame-ansi2knr2.patch
  * lame-bits_per_sample.patch
  * lame-force_align_arg_pointer.patch
  * lame-gtk1.patch
  * lame-int_resample_ratio.patch
  * lame-msse.patch