Hello community, here is the log from the commit of package mpg123 for openSUSE:Factory checked in at 2017-07-10 10:59:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mpg123 (Old) and /work/SRC/openSUSE:Factory/.mpg123.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mpg123" Mon Jul 10 10:59:46 2017 rev:3 rq:507725 version:1.25.1 Changes: -------- --- /work/SRC/openSUSE:Factory/mpg123/mpg123.changes 2017-05-17 10:54:39.564251002 +0200 +++ /work/SRC/openSUSE:Factory/.mpg123.new/mpg123.changes 2017-07-10 10:59:47.808588201 +0200 @@ -1,0 +2,50 @@ +Mon Jul 3 06:45:17 UTC 2017 - [email protected] + +- Update to version 1.25.1 + * libmpg123: + + Avoid memset(NULL, 0, 0) to calm down the paranoid. + + Fix bug 252, invalid read of size 1 in ID3v2 parser due to + forgotten offset from the frame flag bytes (unnoticed in + practice for a long time). Fuzzers are in the house again. + This one got CVE-2017-10683. + + Avoid a mostly harmless conditional jump depending on + uninitialised fr->lay in compute_bpf() (mpg123_position()) + when track is not ready yet. + + Fix undefined shifts on signed long mask in layer3.c + (worked in practice, never right in theory). Code might be + a bit faster now, even. Thanks to Agostino Sarubbo for + reporting. + 1.25.0: + * Silence test for artsc-config if it is not there. + * Make sure -static-libgcc from LDFLAGS gets through libtool, + fixing 32 bit Windows builds (depend on libgcc DLL otherwise). + * Fix build with non-GNU make by using plain rm -f instead of + silly $(RM) in libout123/modules makefile fragment. + * Make build work on iOS, including coreaudio backend. + * libmpg123: + + Finally provide position-independent code for x86 with + assembly optimisations.The textrels are gone thanks to Won + Kyu Park and Taihei Momma. + + Clarify some license language in files descending from the + original MMX optimisation. + + Fix return value overflow check for MPG123_BUFFERFILL. + + Introduced mpg123_getformat2() to enable the FORMAT command + for the generic control not stealing MPG123_NEW_FORMAT from + the main playback loop. The sequence LOADPAUSED-FORMAT-PAUSE + (play) is supposed to work now. + + Enable aarch64 optimisations on *BSD by default, too. You + can always override that stupid OS whitelist using + --with-optimization, anyway. + + Use of the i486 decoder is now discouraged more + prominently, in configure output. + * out123: Fix stupid crash with verbose mode and tone + generation (print the string if the pointer is non-null, not if + it is null). + * libout123: More consistent error messages for dynamic and + legacy (built-in) modules. Namely, you get a hint how if you + choose a different module than the built-in ones for a static + libout123. + +- Fixes (boo#1046766) + +------------------------------------------------------------------- Old: ---- mpg123-1.24.0.tar.bz2 mpg123-1.24.0.tar.bz2.sig New: ---- mpg123-1.25.1.tar.bz2 mpg123-1.25.1.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mpg123.spec ++++++ --- /var/tmp/diff_new_pack.VHLoT9/_old 2017-07-10 10:59:48.324515336 +0200 +++ /var/tmp/diff_new_pack.VHLoT9/_new 2017-07-10 10:59:48.324515336 +0200 @@ -17,7 +17,7 @@ Name: mpg123 -Version: 1.24.0 +Version: 1.25.1 Release: 0 Summary: Console MPEG audio player and decoder library License: LGPL-2.1 ++++++ mpg123-1.24.0.tar.bz2 -> mpg123-1.25.1.tar.bz2 ++++++ ++++ 3712 lines of diff (skipped)
