7e3583dd55
Fixes the following security issues: CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash Drop patches now upstream or no longer needed: 0001-configure.patch: Upstream as mentioned in patch description 0002-gtk1-ac-directives.patch: Upstream as mentioned in patch description/release notes: Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1. This was transplanted back from aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to regenerate autotools' files with a simple invocation of autoconf -vfi. 0003-msse.patch: Not needed as -march <x86-variant-with-msse-support> nowadays implies -msse. With these removed, autoreconf is no longer needed. Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
4 lines
194 B
Plaintext
4 lines
194 B
Plaintext
# Locally computed:
|
|
sha256 ddfe36cab873794038ae2c1210557ad34857a4b6bdc515785d1da9e175b1da1e lame-3.100.tar.gz
|
|
sha256 bfe4a52dc4645385f356a8e83cc54216a293e3b6f1cb4f79f5fc0277abf937fd COPYING
|