Accepting request 627880 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/627880 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/aubio?expand=0&rev=25
2018-08-08 12:53:26 +00:00 · 2018-08-08 12:53:26 +00:00 · b04614b66d
commit b04614b66d
parent 447892a288 a3d4a60444
8 changed files with 168 additions and 26 deletions
--- a/0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
+++ b/0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
@ -0,0 +1,25 @@
 From 25f280f347868fc0f4ecdcb0b45d5a9400f8f772 Mon Sep 17 00:00:00 2001
 From: Paul Brossier <piem@piem.org>
 Date: Mon, 6 Aug 2018 14:03:48 +0200
 Subject: [PATCH] src/notes/notes.c: bail out if pitch creation failed (see
 #188)
 ---
 src/notes/notes.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/notes/notes.c b/src/notes/notes.c
 index f6b7d5673cff..343e5a00bc2f 100644
 --- a/src/notes/notes.c
 +++ b/src/notes/notes.c
@@ -83,6 +83,7 @@ aubio_notes_t * new_aubio_notes (const char_t * method,
   o->onset_output = new_fvec (1);
   o->pitch = new_aubio_pitch (pitch_method, o->pitch_buf_size, o->hop_size, o->samplerate);
 +  if (o->pitch == NULL) goto fail;
   if (o->pitch_tolerance != 0.) aubio_pitch_set_tolerance (o->pitch, o->pitch_tolerance);
   aubio_pitch_set_unit (o->pitch, "midi");
   o->pitch_output = new_fvec (1);
 -- 
 2.18.0
--- a/0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
+++ b/0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
@ -0,0 +1,36 @@
 From af4f9e6a93b629fb6defa2a229ec828885b9d187 Mon Sep 17 00:00:00 2001
 From: Paul Brossier <piem@piem.org>
 Date: Mon, 6 Aug 2018 13:41:52 +0200
 Subject: [PATCH] src/pitch/pitchyinfft.c: fix out of bound read when
 samplerate > 50kHz (closes: #189)
 ---
 src/pitch/pitchyinfft.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c
 index f213ef2406cf..493ca08d40e0 100644
 --- a/src/pitch/pitchyinfft.c
 +++ b/src/pitch/pitchyinfft.c
@@ -44,7 +44,7 @@ static const smpl_t freqs[] = {
      0.,    20.,    25.,   31.5,    40.,    50.,    63.,    80.,   100.,   125.,
    160.,   200.,   250.,   315.,   400.,   500.,   630.,   800.,  1000.,  1250.,
   1600.,  2000.,  2500.,  3150.,  4000.,  5000.,  6300.,  8000.,  9000., 10000.,
 - 12500., 15000., 20000., 25100
 + 12500., 15000., 20000., 25100., -1.
 };
 static const smpl_t weight[] = {
@@ -72,7 +72,8 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize)
   p->weight = new_fvec (bufsize / 2 + 1);
   for (i = 0; i < p->weight->length; i++) {
     freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate;
 -    while (freq > freqs[j]) {
 +    while (freq > freqs[j] && freqs[j] > 0) {
 +      AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, i, j);
       j += 1;
     }
     a0 = weight[j - 1];
 -- 
 2.18.0
--- a/0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
+++ b/0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
@ -0,0 +1,28 @@
 From 99c7aa2e3efec988a5f81018b48d9388ff24bba1 Mon Sep 17 00:00:00 2001
 From: Paul Brossier <piem@piem.org>
 Date: Mon, 6 Aug 2018 14:04:48 +0200
 Subject: [PATCH] src/io/source_wavread.c: also exit if samplerate is negative
 (closes #188)
 ---
 src/io/source_wavread.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
 index b91eb5cd0f07..90638af88eae 100644
 --- a/src/io/source_wavread.c
 +++ b/src/io/source_wavread.c
@@ -195,8 +195,8 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa
     goto beach;
   }
 -  if ( sr == 0 ) {
 -    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path);
 +  if ( (sint_t)sr <= 0 ) {
 +    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be <= 0)\n", s->path);
     goto beach;
   }
 -- 
 2.18.0
--- a/0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch
+++ b/0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch
@ -0,0 +1,27 @@
 From 802e8abf5ce7152952bcf8c767b7a5433177c421 Mon Sep 17 00:00:00 2001
 From: Paul Brossier <piem@piem.org>
 Date: Mon, 6 Aug 2018 16:09:48 +0200
 Subject: [PATCH] src/pitch/pitchyinfft.c: comment out debug output
 ---
 src/pitch/pitchyinfft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c
 index 493ca08d40e0..b613f60e45be 100644
 --- a/src/pitch/pitchyinfft.c
 +++ b/src/pitch/pitchyinfft.c
@@ -73,7 +73,9 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize)
   for (i = 0; i < p->weight->length; i++) {
     freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate;
     while (freq > freqs[j] && freqs[j] > 0) {
 -      AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, i, j);
 +      //AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t"
 +      //    "(weight length %d, bufsize %d) %d %d\n", freq, freqs[j],
 +      //    samplerate, p->weight->length, bufsize, i, j);
       j += 1;
     }
     a0 = weight[j - 1];
 -- 
 2.18.0
--- a/aubio-resampler-NULL-deref-fix.patch
+++ b/aubio-resampler-NULL-deref-fix.patch
@ -1,30 +1,26 @@
-From: Takashi Iwai <tiwai@suse.de>
+From a81b12a3b4174953b3bc7ef4c37103f4d5636740 Mon Sep 17 00:00:00 2001
-Subject: Fix a NULl dereference in aubio_source_avcodec_readframe()
+From: Paul Brossier <piem@piem.org>
-References: bsc#1072317 CVE-2017-17554 
+Date: Mon, 6 Aug 2018 14:58:27 +0200
-
+Subject: [PATCH] src/io/source_avcodec.c: give up if resampling context failed
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
+ opening (see #137, closes #187)
 ---
- src/io/source_avcodec.c |    4 ++++
+ src/io/source_avcodec.c | 2 ++
- 1 file changed, 4 insertions(+)
+ 1 file changed, 2 insertions(+)
 diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c
 index 8197445c0165..6d8efa79f685 100644
 --- a/src/io/source_avcodec.c
 +++ b/src/io/source_avcodec.c
-@@ -420,6 +420,8 @@ void aubio_source_avcodec_readframe(aubi
+@@ -275,6 +275,8 @@ aubio_source_avcodec_t * new_aubio_source_avcodec(const char_t * path, uint_t sa
-   }
+   // default to mono output
   aubio_source_avcodec_reset_resampler(s, 0);
- #ifdef HAVE_AVRESAMPLE
+  if (s->avr == NULL) goto beach;
-+  if (!avr)
+
-+      goto beach;
+   s->eof = 0;
-   in_linesize = 0;
+   s->multi = 0;
-   av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels,
+ 
-       avFrame->nb_samples, avCodecCtx->sample_fmt, 1);
+-- 
-@@ -430,6 +432,8 @@ void aubio_source_avcodec_readframe(aubi
+2.18.0
-         (uint8_t **)&output, out_linesize, max_out_samples,
+
         (uint8_t **)avFrame->data, in_linesize, in_samples);
 #elif defined(HAVE_SWRESAMPLE)
 +  if (!avr)
 +      goto beach;
   in_samples = avFrame->nb_samples;
   max_out_samples = AUBIO_AVCODEC_MAX_BUFFER_SIZE / avCodecCtx->channels;
   out_samples = swr_convert( avr,
--- a/aubio-wavread-input-validation.patch
+++ b/aubio-wavread-input-validation.patch
@ -5,12 +5,14 @@ Subject: [PATCH] src/io/source_wavread.c: add some input validation (closes:
 #158)
 ---
- src/io/source_wavread.c |   20 ++++++++++++++++++++
+ src/io/source_wavread.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
 index 640201bbbb19..b91eb5cd0f07 100644
 --- a/src/io/source_wavread.c
 +++ b/src/io/source_wavread.c
-@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_sourc
+@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa
   // BitsPerSample
   bytes_read += fread(buf, 1, 2, s->fid);
   bitspersample = read_little_endian(buf, 2);
@ -37,3 +39,6 @@ Subject: [PATCH] src/io/source_wavread.c: add some input validation (closes:
 #if 0
   if ( bitspersample != 16 ) {
     AUBIO_ERR("source_wavread: can not process %dbit file %s\n",
 -- 
 2.18.0
--- a/aubio.changes
+++ b/aubio.changes
@ -1,3 +1,16 @@
 -------------------------------------------------------------------
 Tue Aug  7 15:00:16 CEST 2018 - tiwai@suse.de
 - Fix minor security issues leading to segfault or buffer overread
  (CVE-2018-14522, bsc#1102359, CVE-2018-14523, bsc#1102364):
  0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
  0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch
  0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
  0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
 - Refresh the previous fixes from the upstream version
  aubio-wavread-input-validation.patch
  aubio-resampler-NULL-deref-fix.patch
 -------------------------------------------------------------------
 Fri Jun  8 16:19:05 CEST 2018 - tiwai@suse.de
--- a/aubio.spec
+++ b/aubio.spec
@ -42,8 +42,16 @@ Release:        0
 Source:         http://aubio.org/pub/%{name}-%{version}.tar.bz2
 Source1:        http://aubio.org/pub/%{name}-%{version}.tar.bz2.asc
 Source99:       baselibs.conf
 # PATCH-FIX-UPSTREAM CVE-2017-17054 bsc#1070399
 Patch1:         aubio-wavread-input-validation.patch
 # PATCH-FIX-UPSTREAM CVE-2017-17554 bsc#1072317
 Patch2:         aubio-resampler-NULL-deref-fix.patch
 # PATCH-FIX-UPSTREAM CVE-2018-14523 bsc#1102364
 Patch3:         0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
 Patch4:         0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch
 # PATCH-FIX-UPSTREAM CVE-2018-14522 bsc#1102359
 Patch5:         0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
 Patch6:         0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
 Url:            http://aubio.org
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define debug_package_requires %{libpkgname} = %{version}-%{release}
@ -87,6 +95,10 @@ This package includes the example programs for aubio library.
 %setup -q
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 sed -e "s,/lib,/%_lib," src/wscript_build > src/wscript_build.new
 diff -u src/wscript_build src/wscript_build.new || :
 mv src/wscript_build.new src/wscript_build