Hello community,

here is the log from the commit of package mpg123 for openSUSE:Factory checked 
in at 2017-08-12 20:19:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mpg123 (Old)
 and      /work/SRC/openSUSE:Factory/.mpg123.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mpg123"

Sat Aug 12 20:19:40 2017 rev:7 rq:516085 version:1.25.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/mpg123/mpg123.changes    2017-07-28 
09:43:32.486924071 +0200
+++ /work/SRC/openSUSE:Factory/.mpg123.new/mpg123.changes       2017-08-12 
20:19:43.938835385 +0200
@@ -1,0 +2,16 @@
+Fri Aug 11 08:11:26 UTC 2017 - aloi...@gmx.com
+
+- Update to version 1.25.6
+  * Hotfix for bug 255: Overflow reading frame data bits in layer
+    II decoding. Now, all-zero data is returned if the frame data
+    is exhausted. This might have a slight impact on performance,
+    but not easily measurable so far.
+
+-------------------------------------------------------------------
+Tue Aug  8 20:22:15 UTC 2017 - aloi...@gmx.com
+
+- Update to version 1.25.5
+  * Avoid another buffer read overflow in the ID3 parser on 32 bit
+    platforms (bug 254).
+
+-------------------------------------------------------------------

Old:
----
  mpg123-1.25.4.tar.bz2
  mpg123-1.25.4.tar.bz2.sig

New:
----
  mpg123-1.25.6.tar.bz2
  mpg123-1.25.6.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mpg123.spec ++++++
--- /var/tmp/diff_new_pack.FGuKqZ/_old  2017-08-12 20:19:45.274648216 +0200
+++ /var/tmp/diff_new_pack.FGuKqZ/_new  2017-08-12 20:19:45.278647655 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           mpg123
-Version:        1.25.4
+Version:        1.25.6
 Release:        0
 Summary:        Console MPEG audio player and decoder library
 License:        LGPL-2.1

++++++ mpg123-1.25.4.tar.bz2 -> mpg123-1.25.6.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.4/NEWS new/mpg123-1.25.6/NEWS
--- old/mpg123-1.25.4/NEWS      2017-07-24 11:52:26.000000000 +0200
+++ new/mpg123-1.25.6/NEWS      2017-08-11 09:29:15.000000000 +0200
@@ -1,3 +1,14 @@
+1.25.6
+------
+- Hotfix for bug 255: Overflow reading frame data bits in layer II decoding.
+  Now, all-zero data is returned if the frame data is exhausted. This might
+  have a slight impact on performance, but not easily measurable so far.
+
+1.25.5
+------
+- Avoid another buffer read overflow in the ID3 parser on 32 bit platforms
+  (bug 254).
+
 1.25.4
 ------
 - Better configure checks for i?86-apple-darwin (bug 253).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.4/configure new/mpg123-1.25.6/configure
--- old/mpg123-1.25.4/configure 2017-07-24 11:53:18.000000000 +0200
+++ new/mpg123-1.25.6/configure 2017-08-11 09:30:00.000000000 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for mpg123 1.25.4.
+# Generated by GNU Autoconf 2.69 for mpg123 1.25.6.
 #
 # Report bugs to <maintai...@mpg123.org>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='mpg123'
 PACKAGE_TARNAME='mpg123'
-PACKAGE_VERSION='1.25.4'
-PACKAGE_STRING='mpg123 1.25.4'
+PACKAGE_VERSION='1.25.6'
+PACKAGE_STRING='mpg123 1.25.6'
 PACKAGE_BUGREPORT='maintai...@mpg123.org'
 PACKAGE_URL=''
 
@@ -1567,7 +1567,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures mpg123 1.25.4 to adapt to many kinds of systems.
+\`configure' configures mpg123 1.25.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1637,7 +1637,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of mpg123 1.25.4:";;
+     short | recursive ) echo "Configuration of mpg123 1.25.6:";;
    esac
   cat <<\_ACEOF
 
@@ -1863,7 +1863,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-mpg123 configure 1.25.4
+mpg123 configure 1.25.6
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2469,7 +2469,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by mpg123 $as_me 1.25.4, which was
+It was created by mpg123 $as_me 1.25.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2822,7 +2822,7 @@
 
 
 API_VERSION=44
-LIB_PATCHLEVEL=3
+LIB_PATCHLEVEL=5
 
 OUTAPI_VERSION=2
 OUTLIB_PATCHLEVEL=1
@@ -3425,7 +3425,7 @@
 
 # Define the identity of the package.
  PACKAGE='mpg123'
- VERSION='1.25.4'
+ VERSION='1.25.6'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -20241,7 +20241,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by mpg123 $as_me 1.25.4, which was
+This file was extended by mpg123 $as_me 1.25.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -20307,7 +20307,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-mpg123 config.status 1.25.4
+mpg123 config.status 1.25.6
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.4/configure.ac 
new/mpg123-1.25.6/configure.ac
--- old/mpg123-1.25.4/configure.ac      2017-07-24 11:52:33.000000000 +0200
+++ new/mpg123-1.25.6/configure.ac      2017-08-11 09:29:23.000000000 +0200
@@ -8,12 +8,12 @@
 AC_PREREQ(2.57)
 
 dnl ############# Initialisation
-AC_INIT([mpg123], [1.25.4], [maintai...@mpg123.org])
+AC_INIT([mpg123], [1.25.6], [maintai...@mpg123.org])
 dnl Increment API_VERSION when the API gets changes (new functions).
 
 dnl libmpg123
 API_VERSION=44
-LIB_PATCHLEVEL=3
+LIB_PATCHLEVEL=5
 
 dnl libout123
 OUTAPI_VERSION=2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.4/mpg123.spec 
new/mpg123-1.25.6/mpg123.spec
--- old/mpg123-1.25.4/mpg123.spec       2017-07-24 11:53:32.000000000 +0200
+++ new/mpg123-1.25.6/mpg123.spec       2017-08-11 09:30:13.000000000 +0200
@@ -3,7 +3,7 @@
 # - devel packages for alsa, sdl, etc... to build the respective output 
modules.
 Summary:       The fast console mpeg audio decoder/player.
 Name:          mpg123
-Version:       1.25.4
+Version:       1.25.6
 Release:       1
 URL:           http://www.mpg123.org/
 License:       GPL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.4/src/libmpg123/getbits.h 
new/mpg123-1.25.6/src/libmpg123/getbits.h
--- old/mpg123-1.25.4/src/libmpg123/getbits.h   2017-07-24 11:46:05.000000000 
+0200
+++ new/mpg123-1.25.6/src/libmpg123/getbits.h   2017-08-11 09:29:15.000000000 
+0200
@@ -44,7 +44,10 @@
 #ifdef DEBUG_GETBITS
 fprintf(stderr,"g%d",number_of_bits);
 #endif
-
+  /* Safety catch until we got the nasty code fully figured out. */
+  if( (long)(fr->wordpointer-fr->bsbuf)*8
+      + fr->bitindex+number_of_bits > (long)fr->framesize*8 )
+    return 0;
 /*  This is actually slow: if(!number_of_bits)
     return 0; */
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpg123-1.25.4/src/libmpg123/id3.c 
new/mpg123-1.25.6/src/libmpg123/id3.c
--- old/mpg123-1.25.4/src/libmpg123/id3.c       2017-07-24 11:52:08.000000000 
+0200
+++ new/mpg123-1.25.6/src/libmpg123/id3.c       2017-08-11 09:28:59.000000000 
+0200
@@ -704,6 +704,7 @@
                ,1) \
        )
        /* id3v2.3 does not store synchsafe frame sizes, but synchsafe tag size 
- doh! */
+       /* Remember: bytes_to_long() can yield ULONG_MAX on 32 bit platforms! */
        #define bytes_to_long(buf,res) \
        ( \
                major == 3 ? \
@@ -772,16 +773,25 @@
                        if((ret2 = fr->rd->read_frame_body(fr,tagdata,length)) 
> 0)
                        {
                                unsigned long tagpos = 0;
+                               /* bytes of frame title and of framesize value 
*/
+                               unsigned int head_part = fr->id3v2.version > 2 
? 4 : 3;
+                               unsigned int flag_part = fr->id3v2.version > 2 
? 2 : 0;
+                               /* The amount of bytes that are unconditionally 
read for each frame: */
+                               /* ID, size, flags. */
+                               unsigned int framebegin = 
head_part+head_part+flag_part;
                                debug1("ID3v2: have read at all %lu bytes for 
the tag now", (unsigned long)length+6);
                                /* going to apply strlen for strings inside 
frames, make sure that it doesn't overflow! */
                                tagdata[length] = 0;
                                if(flags & EXTHEAD_FLAG)
                                {
                                        debug("ID3v2: skipping extended 
header");
-                                       if(!bytes_to_long(tagdata, tagpos))
+                                       if(!bytes_to_long(tagdata, tagpos) || 
tagpos >= length)
                                        {
                                                ret = 0;
-                                               if(NOQUIET) error4("Bad 
(non-synchsafe) tag offset: 0x%02x%02x%02x%02x", tagdata[0], tagdata[1], 
tagdata[2], tagdata[3]);
+                                               if(NOQUIET)
+                                                       error4( "Bad 
(non-synchsafe/too large) tag offset:"
+                                                               
"0x%02x%02x%02x%02x"
+                                                       ,       tagdata[0], 
tagdata[1], tagdata[2], tagdata[3] );
                                        }
                                }
                                if(ret > 0)
@@ -789,13 +799,12 @@
                                        char id[5];
                                        unsigned long framesize;
                                        unsigned long fflags; /* need 16 bits, 
actually */
-                                       /* bytes of frame title and of 
framesize value */
-                                       int head_part = fr->id3v2.version > 2 ? 
4 : 3;
-                                       int flag_part = fr->id3v2.version > 2 ? 
2 : 0;
                                        id[4] = 0;
-                                       /* pos now advanced after ext head, now 
a frame has to follow */
+                                       /* Pos now advanced after ext head, now 
a frame has to follow. */
+                                       /* Note: tagpos <= length, which is 28 
bit integer, so both */
+                                       /* far away from overflow for adding 
known small values. */
                                        /* I want to read at least one full 
header now. */
-                                       while(tagpos <= 
length-head_part-head_part-flag_part)
+                                       while(length >= tagpos+framebegin)
                                        {
                                                int i = 0;
                                                unsigned long pos = tagpos;
@@ -828,12 +837,7 @@
                                                                break;
                                                        }
                                                        if(VERBOSE3) 
fprintf(stderr, "Note: ID3v2 %s frame of size %lu\n", id, framesize);
-                                                       tagpos += head_part + 
framesize; /* the important advancement in whole tag */
-                                                       if(tagpos > 
length-flag_part)
-                                                       {
-                                                               if(NOQUIET) 
error("Whoa! ID3v2 frame claims to be larger than the whole rest of the tag.");
-                                                               break;
-                                                       }
+                                                       tagpos += head_part;
                                                        pos += head_part;
                                                        if(fr->id3v2.version > 
2)
                                                        {
@@ -842,6 +846,13 @@
                                                                tagpos += 2;
                                                        }
                                                        else fflags = 0;
+
+                                                       if(length - tagpos < 
framesize)
+                                                       {
+                                                               if(NOQUIET) 
error("Whoa! ID3v2 frame claims to be larger than the whole rest of the tag.");
+                                                               break;
+                                                       }
+                                                       tagpos += framesize; /* 
the important advancement in whole tag */
                                                        /* for sanity, after 
full parsing tagpos should be == pos */
                                                        /* debug4("ID3v2: found 
%s frame, size %lu (as bytes: 0x%08lx), flags 0x%016lx", id, framesize, 
framesize, fflags); */
                                                        /* %0abc0000 %0h00kmnp 
*/



Reply via email to