lame: security bump to version 3.100
Fixes the following security issues: CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash Drop patches now upstream or no longer needed: 0001-configure.patch: Upstream as mentioned in patch description 0002-gtk1-ac-directives.patch: Upstream as mentioned in patch description/release notes: Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1. This was transplanted back from aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to regenerate autotools' files with a simple invocation of autoconf -vfi. 0003-msse.patch: Not needed as -march <x86-variant-with-msse-support> nowadays implies -msse. With these removed, autoreconf is no longer needed. Also add a hash for the license file while we're at it. Signed-off-by:Peter Korsgaard <peter@korsgaard.com> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Loading
Please register or sign in to comment