Op 24-11-14 om 11:13 schreef Erik de Castro Lopo:
> Can anyone see anything I've missed?
>
> Cheers,
> Erik
The copyright year should probably be 2014, but that's not only
the changelog of course.
___
flac-dev mailing list
flac-dev@xiph.org
http://list
Hi all,
Google Security Team member, Michele Spagnuolo, recently found two potential
problems in the FLAC code base. They are :
CVE-2014-9028 : Heap buffer write overflow
CVE-2014-8962 : Heap buffer read overflow
For Linux distributions, the specific fixes for these two CVEs are availab
Martijn van Beurden wrote:
>
> Op 24-11-14 om 11:13 schreef Erik de Castro Lopo:
> > Can anyone see anything I've missed?
> >
> > Cheers,
> > Erik
>
> The copyright year should probably be 2014, but that's not only
> the changelog of course.
Yes, that has been fixed :-).
Cheers,
Erik
--
Hi all,
As people may have seen there's a pre-release here:
http://downloads.xiph.org/releases/flac/beta/
Specifically:
flac-1.3.1pre1.tar.xz : The source code
flac-1.3.1pre1-win.zip : Windows 32 and 64 bit binaries
Please test.
I'm particularly interested in hearing about the wi
tsuites. Maybe someone on windows could grab the source
> and the binaries, build from source, copy the binaries into the
> built flac tree and then run the tests.
>
> Cheers,
> Erik
I seem to recall from 1.3.0 that there was an issue with the encoder string
(for instance "refe
MauritsVB wrote:
> I seem to recall from 1.3.0 that there was an issue with the encoder
> string (for instance "reference LibFLAC 1.3.1 20141125"). I believe
> this is set at various locations which are also platform dependent and
> in 1.3.0 some places initially still con
Op 25-11-14 om 10:22 schreef MauritsVB:
> Unless this was simplified in the mean time and I missed that
It was in this commit:
http://git.xiph.org/?p=flac.git;a=commit;h=f931d134112e327c5ccb88a0a8f2eb2abfa281e3
___
flac-dev mailing list
flac-dev@xiph.or
On 25 Nov 2014, at 08:43, Erik de Castro Lopo wrote:
> Hi all,
>
> As people may have seen there's a pre-release here:
>
>http://downloads.xiph.org/releases/flac/beta/
>
> Specifically:
>
>flac-1.3.1pre1.tar.xz : The source code
>flac-1.3.1pre1-win.zip : Windows 32 and 64 bit bi
Op 25-11-14 om 09:43 schreef Erik de Castro Lopo:
> I'm particularly interested in hearing about the windows binaries
> which were cross compiled from Linux to Windows.
I've ran test_flac.sh, test_metaflac.sh and test_streams.sh. If
the other tests (like ./test_libFLAC.sh) have to be run, the
co
On Tue, Nov 25, 2014 at 12:29:33AM -0800, Erik de Castro Lopo wrote:
> Google Security Team member, Michele Spagnuolo, recently found two potential
> problems in the FLAC code base. They are :
>
>
> CVE-2014-9028 : Heap buffer write overflow
>
> https://git.xiph.org/?p=flac.git;a=commit
On 25.11.2014 11:43, Erik de Castro Lopo wrote:
>
> flac-1.3.1pre1.tar.xz : The source code
> flac-1.3.1pre1-win.zip : Windows 32 and 64 bit binaries
>
> Please test.
>
> I'm particularly interested in hearing about the windows binaries
> which were cross compiled from Linux to Windows.
MauritsVB wrote:
> Is there any objection to posting the news about the pre-release in
> this topic on HydrogenAudio
> (http://www.hydrogenaud.io/forums/index.php?showtopic=101082)?
All good!
Erik
--
--
Erik de Castro Lopo
ht
On 25 Nov 2014, at 10:58, Erik de Castro Lopo wrote:
> MauritsVB wrote:
>
>> Is there any objection to posting the news about the pre-release in
>> this topic on HydrogenAudio
>> (http://www.hydrogenaud.io/forums/index.php?showtopic=101082)?
>
>
> All good!
>
> Erik
> --
Done, thanks!
htt
On Nov 25 00:43:22, mle...@mega-nerd.com wrote:
> Hi all,
>
> As people may have seen there's a pre-release here:
>
> http://downloads.xiph.org/releases/flac/beta/
>
> Specifically:
>
> flac-1.3.1pre1.tar.xz : The source code
> flac-1.3.1pre1-win.zip : Windows 32 and 64 bit binarie
On 25.11.2014 16:03, Jan Stary wrote:
> On Nov 25 00:43:22, mle...@mega-nerd.com wrote:
>> Hi all,
>>
>> As people may have seen there's a pre-release here:
>>
>> http://downloads.xiph.org/releases/flac/beta/
>>
>> Specifically:
>>
>> flac-1.3.1pre1.tar.xz : The source code
>> flac-1.3
Erik de Castro Lopo писал(а) в своём письме Tue, 25 Nov
2014 11:43:22 +0300:
>
> flac-1.3.1pre1.tar.xz : The source code
> flac-1.3.1pre1-win.zip : Windows 32 and 64 bit binaries
>
> Please test.
Binaries contain debug info, so it's possible to reduce their size. For example,
32-bit: f
On Tue, Nov 25, 2014 at 12:29:33AM -0800, mle...@mega-nerd.com wrote:
>
> CVE-2014-9028 : Heap buffer write overflow
> CVE-2014-8962 : Heap buffer read overflow
Is it known what other FLAC decoding software or firmware is vulnerable
to these overflows?
Any software player that was derive
On 2014-11-25 7:36 AM, lvqcl wrote:
> Binaries contain debug info, so it's possible to reduce their size. For
> example,
> 32-bit: for flac.exe - from 1080 to 670 kB, for metaflac.exe - from 802 to
> 421 kB.
Yes, please strip the windows binaries. That's preferred by the Windows
community, as I
Erik de Castro Lopo wrote:
> For Linux distributions, the specific fixes for these two CVEs are available
> from Git here:
>
>
> https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
A comment in the code about the patch:
"We have received a potentially ma
Miroslav Lichvar wrote:
> I'm trying to figure out how this one works. It seems the problem is
> integer underflow in the "frame.header.blocksize-order" expression
> used in read_subframe_fixed_() and read_subframe_lpc_() to get the
> number of encoded samples, which causes a buffer overflow in th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2014-11-24 9:49 PM, mark4o wrote:
> $ make check ... Original file size 441044 bytes. Compression
> level 0, file size 421389 bytes. ./test_compression.sh: line 42:
> let: last_size=: syntax error: operand expected (error token is
> "=")
I c
On Nov 25 00:43:22, mle...@mega-nerd.com wrote:
> http://downloads.xiph.org/releases/flac/beta/
> Please test.
Running 'make fullcheck' fails for me like this:
$ pwd
/home/hans/src/flac-1.3.1pre1/test
$ make fullcheck
FLAC__TEST_LEVEL=1 FLAC__TEST_WITH_VALGRIND=no ./test_libFLAC.sh
/bin/sh:
Op 25-11-14 om 23:39 schreef Jan Stary:
> Is there a reason the test scripts are calling bash?
The change from sh to bash was made a little more than a year
ago. The mailing list thread accompanying this change can be
found here:
http://lists.xiph.org/pipermail/flac-dev/2013-September/004374.ht
For anyone wondering, here's a PDF comparing encoding speed,
decoding speed and compression between FLAC 1.2.1, 1.3.0 and
1.3.1pre1.
Compiles on a Intel Core 2 Duo T9600 (SSE up to and including
4.1, no AVX), Kubuntu 14.04.1, GCC 4.9.1.
long set of samples-1.3.1pre1.pdf
Description: Adobe PD
On Nov 25 23:56:05, mva...@gmail.com wrote:
> Op 25-11-14 om 23:39 schreef Jan Stary:
> > Is there a reason the test scripts are calling bash?
>
> The change from sh to bash was made a little more than a year
> ago. The mailing list thread accompanying this change can be
> found here:
> http://
Ralph Giles wrote:
> Yes, please strip the windows binaries. That's preferred by the Windows
> community, as I was reminded every time I built opus binary packages...
Build script updated to strip binaries.
Cheers,
Erik
--
--
E
Ralph Giles wrote:
> I can reproduce on MacOS X 10.8.5. It doesn't seem to like the
> assignment inside the let statement. Possible an issue with the older
> bash (3.2) Apple ships?
>
> The attached patch resolves the issue, and I believe does the same
> thing. Martin, does this look correct to y
27 matches
Mail list logo
