Your message dated Sat, 05 Sep 2015 14:33:54 +0100
with message-id <[email protected]>
and subject line Closing bugs for 7.9
has caused the Debian Bug report #779083,
regarding wheezy-pu: package lame/3.99.5+repack1-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
779083: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779083
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: wheezy
User: [email protected]
Usertags: pu
Hi there,
please grant permission to upload an updated package for lame in
wheezy. The package will contain three patches that have been created
to cope with a couple of crashes that were detected by feeding fuzzed
wav file samples into the library. At least two of them appear to be
security-relevant, to say the least, and the third one fixes a nasty
crash in the frontend.
All three patches have been forwarded upstream by private mail to one
of the upstream developers. Please find a debdiff between the original
and the updated package attached.
Cheers,
Fabian
PS: I have set the distribution to wheezy-p-u. Is this correct or
should I rather set it to stable, or wheezy?
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru lame-3.99.5+repack1/debian/changelog lame-3.99.5+repack1/debian/changelog
--- lame-3.99.5+repack1/debian/changelog 2012-03-17 18:41:48.000000000 +0100
+++ lame-3.99.5+repack1/debian/changelog 2015-02-24 09:50:06.000000000 +0100
@@ -1,3 +1,18 @@
+lame (3.99.5+repack1-3wheezy1) stable-proposed-updates; urgency=medium
+
+ * Add check for invalid input sample rate, thanks Maks Naumov
+ (Closes: #775959, #777160, #777161). Thanks Jakub Wilk and
+ Brian Carpenter for the bug reports and test cases.
+ * Extend Maks Naumov's patch to also include a sanity check for
+ a valid amount of input channels (Closes: #778703).
+ * Avoid malformed wav causing floating point exception in the
+ frontend (Closes: #777159).
+ * Fix decision if sample rate ratio is an integer value or not
+ (Closes: #778529). Thanks to Henri Salo for the bug reports
+ and the fuzzed samples!
+
+ -- Fabian Greffrath <[email protected]> Tue, 24 Feb 2015 09:46:48 +0100
+
lame (3.99.5+repack1-3) unstable; urgency=low
* Handle case on setting CFLAGS for systems where dpkg-dev (<< 1.15.7)
diff -Nru lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch
--- lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch 1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch 2015-02-24 09:38:55.000000000 +0100
@@ -0,0 +1,25 @@
+From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
+From: Maks Naumov <[email protected]>
+Date: Thu, 22 Jan 2015 16:20:40 +0200
+Subject: [PATCH] Add check for invalid input sample rate
+
+Signed-off-by: Maks Naumov <[email protected]>
+---
+ libmp3lame/lame.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/libmp3lame/lame.c
++++ b/libmp3lame/lame.c
+@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp
+ }
+ #endif
+
++ if (gfp->samplerate_in < 0 || gfp->num_channels < 0) {
++ freegfc(gfc);
++ gfp->internal_flags = NULL;
++ return -1;
++ }
++
+ cfg->disable_reservoir = gfp->disable_reservoir;
+ cfg->lowpassfreq = gfp->lowpassfreq;
+ cfg->highpassfreq = gfp->highpassfreq;
diff -Nru lame-3.99.5+repack1/debian/patches/bits_per_sample.patch lame-3.99.5+repack1/debian/patches/bits_per_sample.patch
--- lame-3.99.5+repack1/debian/patches/bits_per_sample.patch 1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/bits_per_sample.patch 2015-02-24 09:39:00.000000000 +0100
@@ -0,0 +1,17 @@
+Description: Avoid malformed wav causing floating point exception (integer divide by zero)
+Author: Fabian Greffrath <[email protected]>
+Bug-Debian: https://bugs.debian.org/777159
+
+--- a/frontend/get_audio.c
++++ b/frontend/get_audio.c
+@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf
+ else {
+ (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate);
+ }
++ /* avoid division by zero */
++ if (bits_per_sample < 1)
++ return -1;
++
+ global. pcmbitwidth = bits_per_sample;
+ global. pcm_is_unsigned_8bit = 1;
+ global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0);
diff -Nru lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch
--- lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch 1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch 2015-02-24 09:39:05.000000000 +0100
@@ -0,0 +1,29 @@
+Subject: Fix decision if sample rate ratio is an integer value or not
+ If the sample rate of the input file is sufficiently close to an
+ integer multiple of the output sample rate, the value of the intratio
+ variable is calculated incorrectly. This leads to further values
+ being miscalculated up to the joff variable which is used as an index
+ to dereference the esv->blackfilt array. This leads top an overflow
+ and causes a segmentation fault.
+Author: Fabian Greffrath <[email protected]>
+Bug-Debian: https://bugs.debian.org/778529
+
+--- a/libmp3lame/util.c
++++ b/libmp3lame/util.c
+@@ -26,6 +26,7 @@
+ # include <config.h>
+ #endif
+
++#include <float.h>
+ #include "lame.h"
+ #include "machine.h"
+ #include "encoder.h"
+@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags
+ if (bpc > BPC)
+ bpc = BPC;
+
+- intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001);
++ intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < FLT_EPSILON);
+ fcn = 1.00 / resample_ratio;
+ if (fcn > 1.00)
+ fcn = 1.00;
diff -Nru lame-3.99.5+repack1/debian/patches/series lame-3.99.5+repack1/debian/patches/series
--- lame-3.99.5+repack1/debian/patches/series 2012-03-15 22:47:42.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/series 2015-02-24 09:41:54.000000000 +0100
@@ -1,3 +1,6 @@
07-field-width-fix.patch
parallel-builds-fix.patch
unbreak-ftbfs-gcc4.4.patch
+0001-Add-check-for-invalid-input-sample-rate.patch
+bits_per_sample.patch
+int_resample_ratio.patch
--- End Message ---
--- Begin Message ---
Version: 7.9
Hi,
These bugs relate to updates which were included in the 7.9 point
release.
Regards,
Adam
--- End Message ---
