1.2.2 - Nov 14 2017 - Hessu
Fixes CVE-2017-15953, a heap-based buffer overflow.
Fix provided by Yegor Timoshenko.
Fixes CVE-2017-15955, Access violation near NULL on destination
operand and crash when processing a malformed CUE (.cue) file.
Fix provided by Yegor Timoshenko.
Fix wrong track size calculation when having multiple tracks in
one image. (Closes debian bug: #261274).
Fix provided by Piotr Kaczuba.
Clarify manual page for input/output file types
Improvement from Reuben Thomas, debian bug: #503151
Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
- Only use index 1 as track boundary. Previously, the first index was
taken as the end of the previous track and the last index as the start
of this track. All sectors in between were silently dropped.
- Stop output of a track *before* the first sector of the next track.
Previously, the first sector was output twice, once as the last
sector of the previous track, once as the first sector of the
current track.
Patches will be sent upstream shortly.
Take maintainership, ok pooka.
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
