git.libre-soc.org Git - buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Sun, 22 Oct 2017 11:15:08 +0000 (13:15 +0200)
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
	Sun, 22 Oct 2017 12:04:44 +0000 (14:04 +0200)
commit	7e3583dd558925a447eaa4367d659f39482fbbc0
tree	039dbc8b17b8e43fe5f5feeb8a51aae1abb8030d	tree
parent	1dd543b4ae12aa161ac0558555c9f03e82ceffb6	commit \| diff

lame: security bump to version 3.100

Fixes the following security issues:

CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap

CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash

CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash

Drop patches now upstream or no longer needed:

0001-configure.patch: Upstream as mentioned in patch description

0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:

Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.

0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.

With these removed, autoreconf is no longer needed.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/lame/0001-configure.patch	[deleted file]	blob \| history
package/lame/0002-gtk1-ac-directives.patch	[deleted file]	blob \| history
package/lame/0003-msse.patch	[deleted file]	blob \| history
package/lame/lame.hash		diff \| blob \| history
package/lame/lame.mk		diff \| blob \| history