Hello community,

here is the log from the commit of package mpg123 for openSUSE:Factory checked 
in at 2017-07-17 09:01:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mpg123 (Old)
 and      /work/SRC/openSUSE:Factory/.mpg123.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mpg123"

Mon Jul 17 09:01:23 2017 rev:4 rq:509420 version:1.25.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/mpg123/mpg123.changes    2017-07-10 
10:59:47.808588201 +0200
+++ /work/SRC/openSUSE:Factory/.mpg123.new/mpg123.changes       2017-07-17 
09:01:51.034586604 +0200
@@ -1,0 +2,17 @@
+Tue Jul 11 10:36:15 UTC 2017 - aloi...@gmx.com
+
+- Update to version 1.25.2
+  libmpg123:
+  * Extend pow tables for layer III to properly handle files
+    with i-stereo and 5-bit scalefactors. Never observed them
+    for real, just as fuzzed input to trigger the read overflow.
+    Note: This one goes on record as CVE-2017-11126, calling
+    remote denial of service. While the accesses are out of
+    bounds for the pow tables, they still are safely within
+    libmpg123's memory (other static tables). Just wrong values
+    are used for computation, no actual crash unless you use
+    something like GCC's AddressSanitizer, nor any information
+    disclosure.
+  * Avoid left-shifts of negative integers in layer I decoding.
+
+-------------------------------------------------------------------

Old:
----
  mpg123-1.25.1.tar.bz2
  mpg123-1.25.1.tar.bz2.sig

New:
----
  mpg123-1.25.2.tar.bz2
  mpg123-1.25.2.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mpg123.spec ++++++
--- /var/tmp/diff_new_pack.djQobD/_old  2017-07-17 09:01:51.606506070 +0200
+++ /var/tmp/diff_new_pack.djQobD/_new  2017-07-17 09:01:51.610505507 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           mpg123
-Version:        1.25.1
+Version:        1.25.2
 Release:        0
 Summary:        Console MPEG audio player and decoder library
 License:        LGPL-2.1

++++++ mpg123-1.25.1.tar.bz2 -> mpg123-1.25.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.1/NEWS new/mpg123-1.25.2/NEWS
--- old/mpg123-1.25.1/NEWS      2017-07-03 01:19:16.000000000 +0200
+++ new/mpg123-1.25.2/NEWS      2017-07-11 11:36:46.000000000 +0200
@@ -1,3 +1,17 @@
+1.25.2
+------
+
+- libmpg123:
+-- Extend pow tables for layer III to properly handle files with i-stereo and
+   5-bit scalefactors. Never observed them for real, just as fuzzed input to
+   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
+   calling remote denial of service. While the accesses are out of bounds for
+   the pow tables, they still are safely within libmpg123's memory (other
+   static tables). Just wrong values are used for computation, no actual crash
+   unless you use something like GCC's AddressSanitizer, nor any information
+   disclosure.
+-- Avoid left-shifts of negative integers in layer I decoding.
+
 1.25.1: Hot Fuzz
 -------
 - libmpg123:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.1/configure new/mpg123-1.25.2/configure
--- old/mpg123-1.25.1/configure 2017-07-03 01:19:32.000000000 +0200
+++ new/mpg123-1.25.2/configure 2017-07-11 11:37:28.000000000 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for mpg123 1.25.1.
+# Generated by GNU Autoconf 2.69 for mpg123 1.25.2.
 #
 # Report bugs to <maintai...@mpg123.org>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='mpg123'
 PACKAGE_TARNAME='mpg123'
-PACKAGE_VERSION='1.25.1'
-PACKAGE_STRING='mpg123 1.25.1'
+PACKAGE_VERSION='1.25.2'
+PACKAGE_STRING='mpg123 1.25.2'
 PACKAGE_BUGREPORT='maintai...@mpg123.org'
 PACKAGE_URL=''
 
@@ -1567,7 +1567,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures mpg123 1.25.1 to adapt to many kinds of systems.
+\`configure' configures mpg123 1.25.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1637,7 +1637,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of mpg123 1.25.1:";;
+     short | recursive ) echo "Configuration of mpg123 1.25.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1863,7 +1863,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-mpg123 configure 1.25.1
+mpg123 configure 1.25.2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2469,7 +2469,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by mpg123 $as_me 1.25.1, which was
+It was created by mpg123 $as_me 1.25.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2822,7 +2822,7 @@
 
 
 API_VERSION=44
-LIB_PATCHLEVEL=1
+LIB_PATCHLEVEL=2
 
 OUTAPI_VERSION=2
 OUTLIB_PATCHLEVEL=1
@@ -3425,7 +3425,7 @@
 
 # Define the identity of the package.
  PACKAGE='mpg123'
- VERSION='1.25.1'
+ VERSION='1.25.2'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -20241,7 +20241,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by mpg123 $as_me 1.25.1, which was
+This file was extended by mpg123 $as_me 1.25.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -20307,7 +20307,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-mpg123 config.status 1.25.1
+mpg123 config.status 1.25.2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.1/configure.ac 
new/mpg123-1.25.2/configure.ac
--- old/mpg123-1.25.1/configure.ac      2017-07-03 01:19:17.000000000 +0200
+++ new/mpg123-1.25.2/configure.ac      2017-07-11 11:28:42.000000000 +0200
@@ -8,12 +8,12 @@
 AC_PREREQ(2.57)
 
 dnl ############# Initialisation
-AC_INIT([mpg123], [1.25.1], [maintai...@mpg123.org])
+AC_INIT([mpg123], [1.25.2], [maintai...@mpg123.org])
 dnl Increment API_VERSION when the API gets changes (new functions).
 
 dnl libmpg123
 API_VERSION=44
-LIB_PATCHLEVEL=1
+LIB_PATCHLEVEL=2
 
 dnl libout123
 OUTAPI_VERSION=2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.1/mpg123.spec 
new/mpg123-1.25.2/mpg123.spec
--- old/mpg123-1.25.1/mpg123.spec       2017-07-03 01:19:57.000000000 +0200
+++ new/mpg123-1.25.2/mpg123.spec       2017-07-11 11:39:09.000000000 +0200
@@ -3,7 +3,7 @@
 # - devel packages for alsa, sdl, etc... to build the respective output 
modules.
 Summary:       The fast console mpeg audio decoder/player.
 Name:          mpg123
-Version:       1.25.1
+Version:       1.25.2
 Release:       1
 URL:           http://www.mpg123.org/
 License:       GPL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.1/src/libmpg123/layer1.c 
new/mpg123-1.25.2/src/libmpg123/layer1.c
--- old/mpg123-1.25.1/src/libmpg123/layer1.c    2017-07-03 01:19:17.000000000 
+0200
+++ new/mpg123-1.25.2/src/libmpg123/layer1.c    2017-07-11 11:27:37.000000000 
+0200
@@ -84,6 +84,9 @@
        return 0;
 }
 
+/* Something sane in place of undefined (-1)<<n. Well, not really. */
+#define MINUS_SHIFT(n) ( (int)(((unsigned int)-1)<<(n)) )
+
 static void I_step_two(real fraction[2][SBLIMIT],unsigned int 
balloc[2*SBLIMIT], unsigned int scale_index[2][SBLIMIT],mpg123_handle *fr)
 {
        int i,n;
@@ -112,18 +115,18 @@
                for(sample=smpb,i=0;i<jsbound;i++)
                {
                        if((n=*ba++))
-                       *f0++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15( 
((-1)<<n) + (*sample++) + 1), fr->muls[n+1][*sca++]);
+                       *f0++ = 
REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1), 
fr->muls[n+1][*sca++]);
                        else *f0++ = DOUBLE_TO_REAL(0.0);
 
                        if((n=*ba++))
-                       *f1++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15( 
((-1)<<n) + (*sample++) + 1), fr->muls[n+1][*sca++]);
+                       *f1++ = 
REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1), 
fr->muls[n+1][*sca++]);
                        else *f1++ = DOUBLE_TO_REAL(0.0);
                }
                for(i=jsbound;i<SBLIMIT;i++)
                {
                        if((n=*ba++))
                        {
-                               real samp = DOUBLE_TO_REAL_15( ((-1)<<n) + 
(*sample++) + 1);
+                               real samp = DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + 
(*sample++) + 1);
                                *f0++ = REAL_MUL_SCALE_LAYER12(samp, 
fr->muls[n+1][*sca++]);
                                *f1++ = REAL_MUL_SCALE_LAYER12(samp, 
fr->muls[n+1][*sca++]);
                        }
@@ -144,7 +147,7 @@
                for(sample=smpb,i=0;i<SBLIMIT;i++)
                {
                        if((n=*ba++))
-                       *f0++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15( 
((-1)<<n) + (*sample++) + 1), fr->muls[n+1][*sca++]);
+                       *f0++ = 
REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1), 
fr->muls[n+1][*sca++]);
                        else *f0++ = DOUBLE_TO_REAL(0.0);
                }
                for(i=fr->down_sample_sblimit;i<32;i++)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.1/src/libmpg123/layer3.c 
new/mpg123-1.25.2/src/libmpg123/layer3.c
--- old/mpg123-1.25.1/src/libmpg123/layer3.c    2017-07-03 01:19:17.000000000 
+0200
+++ new/mpg123-1.25.2/src/libmpg123/layer3.c    2017-07-11 11:27:37.000000000 
+0200
@@ -47,7 +47,7 @@
 #ifdef NEW_DCT9
 static real cos9[3],cos18[3];
 static real tan1_1[16],tan2_1[16],tan1_2[16],tan2_2[16];
-static real pow1_1[2][16],pow2_1[2][16],pow1_2[2][16],pow2_2[2][16];
+static real pow1_1[2][32],pow2_1[2][32],pow1_2[2][32],pow2_2[2][32];
 #endif
 #endif
 
@@ -245,7 +245,10 @@
                tan2_1[i] = DOUBLE_TO_REAL_15(1.0 / (1.0 + t));
                tan1_2[i] = DOUBLE_TO_REAL_15(M_SQRT2 * t / (1.0+t));
                tan2_2[i] = DOUBLE_TO_REAL_15(M_SQRT2 / (1.0 + t));
+       }
 
+       for(i=0;i<32;i++)
+       {
                for(j=0;j<2;j++)
                {
                        double base = pow(2.0,-0.25*(j+1.0));



Reply via email to