Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#9884 closed enhancement (fixed)

lame-3.100

Reported by: bdubbs@… Owned by: bdubbs@…
Priority: normal Milestone: 8.2
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by bdubbs@…, 4 years ago

First release since 2012. Over 700 lines in the change log. No release notes.

comment:2 by bdubbs@…, 4 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:3 by bdubbs@…, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 19396.

comment:4 by Cheyenne McNutt, 4 years ago

LAME 3.100 has been released including fixes to security vulnerabilities.
Coy-paste from history:

Rogério Brito

- Don't include the debian directory as one that is needed during builds. Patch
taken from Debian's packaging of lame.

- Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.

- Fix possible race condition causing build failures in libmp3lame. Discovered
in automated builds by the Debian project with patch provided by Andres Mejia.

Robert Hegemann

- Improved detection of MPEG audio data in RIFF WAVE files. Tracker item [
3545112 ] Invalid sampling detection

- New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to
apply Gain adjustment in decibels, than the use of --scale <factor>.

- Fix for tracker item [ 3558466 ] Bug in path handling

- Fix for tracker item [ 3567844 ] problem with Tag genre

- Fix for tracker item [ 3565659 ] no progress indication with pipe input

- Fix for tracker item [ 3544957 ] scale (empty) silent encode without warning

- Fix for tracker item [ 3580176 ] environment variable LAMEOPT doesn't work
anymore

- Fix for tracker item [ 3608583 ] input file name displayed with wrong
character encoding (on windows console with CP_UTF8)

- Fix for bug ticket [ #447 ] Fix dereference NULL and Buffer not NULL
terminated issues. Thanks to Surabhi Mishra

- Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop.
Thanks to Renu Tyagi

- Fix for bug ticket [ #449 ] Make sure functions with SSE instructions
maintain their own properly aligned stack. Thanks to Fabian Greffrath

- Fix for bug ticket [ #458 ] Multiple Stack and Heap Corruptions from
Malicious File. Thanks to Gareth Evans and Elio Blanca

- Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang
Shiyang, Liu Bingchang

- Fix for bug ticket [ #461 ] CVE-2017-9410 fill_buffer_resample function in
libmp3lame/util.c heap-based buffer over-read and ap

- Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample function in
libmp3lame/util.c invalid memory read and application crash

- Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash

- Fix for bug ticket [ #434 ] clip detect scale suggestion unaware of scale
input value

- HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3
data resulted in internal buffer overflow (write). Thanks to Henri Salo

Note: See TracTickets for help on using tickets.