From df4156274c40f5a20f87c8589469a2de13c976746a2e6d4bd159737784913bdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 21 Dec 2017 13:16:20 +0000 Subject: [PATCH 1/2] - Update to version 3.100 * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain , range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale . * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. * Fix a division by zero vulnerability. * Fix CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap * Fix CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash * Fix CVE-2017-9412 unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/lame?expand=0&rev=7 --- lame-3.100.tar.gz | 3 ++ lame-3.99.5.tar.gz | 3 -- ...-check-for-invalid-input-sample-rate.patch | 25 --------- lame-ansi2knr2.patch | 43 --------------- lame-bits_per_sample.patch | 17 ------ lame-force_align_arg_pointer.patch | 52 ------------------- lame-gtk1.patch | 21 -------- lame-int_resample_ratio.patch | 29 ----------- lame-msse.patch | 17 ------ lame.changes | 42 +++++++++++++++ lame.spec | 26 +++------- 11 files changed, 51 insertions(+), 227 deletions(-) create mode 100644 lame-3.100.tar.gz delete mode 100644 lame-3.99.5.tar.gz delete mode 100644 lame-Add-check-for-invalid-input-sample-rate.patch delete mode 100644 lame-ansi2knr2.patch delete mode 100644 lame-bits_per_sample.patch delete mode 100644 lame-force_align_arg_pointer.patch delete mode 100644 lame-gtk1.patch delete mode 100644 lame-int_resample_ratio.patch delete mode 100644 lame-msse.patch diff --git a/lame-3.100.tar.gz b/lame-3.100.tar.gz new file mode 100644 index 0000000..f7882fd --- /dev/null +++ b/lame-3.100.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ddfe36cab873794038ae2c1210557ad34857a4b6bdc515785d1da9e175b1da1e +size 1524133 diff --git a/lame-3.99.5.tar.gz b/lame-3.99.5.tar.gz deleted file mode 100644 index 76d210c..0000000 --- a/lame-3.99.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff -size 1445348 diff --git a/lame-Add-check-for-invalid-input-sample-rate.patch b/lame-Add-check-for-invalid-input-sample-rate.patch deleted file mode 100644 index 6cb479e..0000000 --- a/lame-Add-check-for-invalid-input-sample-rate.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001 -From: Maks Naumov -Date: Thu, 22 Jan 2015 16:20:40 +0200 -Subject: [PATCH] Add check for invalid input sample rate - -Signed-off-by: Maks Naumov ---- - libmp3lame/lame.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/libmp3lame/lame.c -+++ b/libmp3lame/lame.c -@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp - } - #endif - -+ if (gfp->samplerate_in < 0 || gfp->num_channels < 0) { -+ freegfc(gfc); -+ gfp->internal_flags = NULL; -+ return -1; -+ } -+ - cfg->disable_reservoir = gfp->disable_reservoir; - cfg->lowpassfreq = gfp->lowpassfreq; - cfg->highpassfreq = gfp->highpassfreq; diff --git a/lame-ansi2knr2.patch b/lame-ansi2knr2.patch deleted file mode 100644 index e7d18a2..0000000 --- a/lame-ansi2knr2.patch +++ /dev/null @@ -1,43 +0,0 @@ -Description: Patch out remaining ansi2knr. -Author: Dimitri John Ledkov -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755111 ---- a/configure.in -+++ b/configure.in -@@ -78,7 +78,6 @@ - fi - - dnl more automake stuff --AM_C_PROTOTYPES - - AC_CHECK_HEADER(dmalloc.h) - if test "${ac_cv_header_dmalloc_h}" = "yes"; then ---- a/doc/man/Makefile.am -+++ b/doc/man/Makefile.am -@@ -1,6 +1,6 @@ - ## $Id: Makefile.am,v 1.1 2000/10/22 11:39:44 aleidinger Exp $ - --AUTOMAKE_OPTIONS = foreign ansi2knr -+AUTOMAKE_OPTIONS = foreign - - man_MANS = lame.1 - EXTRA_DIST = ${man_MANS} ---- a/libmp3lame/i386/Makefile.am -+++ b/libmp3lame/i386/Makefile.am -@@ -1,6 +1,6 @@ - ## $Id: Makefile.am,v 1.26 2011/04/04 09:42:34 aleidinger Exp $ - --AUTOMAKE_OPTIONS = foreign $(top_srcdir)/ansi2knr -+AUTOMAKE_OPTIONS = foreign - - DEFS = @DEFS@ @CONFIG_DEFS@ - ---- a/doc/html/Makefile.am -+++ b/doc/html/Makefile.am -@@ -1,6 +1,6 @@ - ## $Id: Makefile.am,v 1.7 2010/09/30 20:58:40 jaz001 Exp $ - --AUTOMAKE_OPTIONS = foreign ansi2knr -+AUTOMAKE_OPTIONS = foreign - - docdir = $(datadir)/doc - pkgdocdir = $(docdir)/$(PACKAGE) diff --git a/lame-bits_per_sample.patch b/lame-bits_per_sample.patch deleted file mode 100644 index 5bb4a90..0000000 --- a/lame-bits_per_sample.patch +++ /dev/null @@ -1,17 +0,0 @@ -Description: Avoid malformed wav causing floating point exception (integer divide by zero) -Author: Fabian Greffrath -Bug-Debian: https://bugs.debian.org/777159 - ---- a/frontend/get_audio.c -+++ b/frontend/get_audio.c -@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf - else { - (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate); - } -+ /* avoid division by zero */ -+ if (bits_per_sample < 1) -+ return -1; -+ - global. pcmbitwidth = bits_per_sample; - global. pcm_is_unsigned_8bit = 1; - global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0); diff --git a/lame-force_align_arg_pointer.patch b/lame-force_align_arg_pointer.patch deleted file mode 100644 index d2c94aa..0000000 --- a/lame-force_align_arg_pointer.patch +++ /dev/null @@ -1,52 +0,0 @@ -Author: Fabian Greffrath -Subject: Enable functions with SSE instructions to maintain their own properly aligned stack - Operands in SSE instructions must be aligned on 16-byte boundaries. In the - init_xrpow_core_sse() function these operands are variables on the stack. - However, when the code is called from the ocaml bindings, the stack is - allocated by ocaml which does not adhere to the 16-byte boundary rule and thus - causes the code to crash with a general protection error. - What is needed is a means enable functions calling SSE instructions to - maintain their own properly aligned stack. The "force_align_arg_pointer" - attribute does exactly this, see - . -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786438 -Forwarded: https://sourceforge.net/p/lame/bugs/449/ -Last-Update: 2015-06-10 - ---- a/libmp3lame/vector/xmm_quantize_sub.c -+++ b/libmp3lame/vector/xmm_quantize_sub.c -@@ -51,8 +51,14 @@ static const FLOAT costab[TRI_SIZE * 2] - }; - - -+/* make sure functions with SSE instructions maintain their own properly aligned stack */ -+#if defined (__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2))) -+#define SSE_FUNCTION __attribute__((force_align_arg_pointer)) -+#else -+#define SSE_FUNCTION -+#endif - --void -+SSE_FUNCTION void - init_xrpow_core_sse(gr_info * const cod_info, FLOAT xrpow[576], int upper, FLOAT * sum) - { - int i; -@@ -113,7 +119,8 @@ init_xrpow_core_sse(gr_info * const cod_ - } - - --static void store4(__m128 v, float* f0, float* f1, float* f2, float* f3) -+SSE_FUNCTION static void -+store4(__m128 v, float* f0, float* f1, float* f2, float* f3) - { - vecfloat_union r; - r._m128 = v; -@@ -124,7 +131,7 @@ static void store4(__m128 v, float* f0, - } - - --void -+SSE_FUNCTION void - fht_SSE2(FLOAT * fz, int n) - { - const FLOAT *tri = costab; diff --git a/lame-gtk1.patch b/lame-gtk1.patch deleted file mode 100644 index 48fd5da..0000000 --- a/lame-gtk1.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- - m4/gtk1.m4 |10758 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - configure.in | 4 - m4/gtk1.m4 |10758 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 10761 insertions(+), 1 deletion(-) - -Index: lame-3.99.5/configure.in -=================================================================== ---- lame-3.99.5.orig/configure.in -+++ lame-3.99.5/configure.in -@@ -393,7 +393,9 @@ CONFIG_MATH_LIB="${USE_LIBM}" - - dnl configure use of features - --AM_PATH_GTK(1.2.0, HAVE_GTK="yes", HAVE_GTK="no") -+GTK_CFLAGS= -+AC_SUBST(GTK_CFLAGS) -+ - - dnl ElectricFence malloc debugging - AC_MSG_CHECKING(use of ElectricFence malloc debugging) diff --git a/lame-int_resample_ratio.patch b/lame-int_resample_ratio.patch deleted file mode 100644 index 7607b14..0000000 --- a/lame-int_resample_ratio.patch +++ /dev/null @@ -1,29 +0,0 @@ -Subject: Fix decision if sample rate ratio is an integer value or not - If the sample rate of the input file is sufficiently close to an - integer multiple of the output sample rate, the value of the intratio - variable is calculated incorrectly. This leads to further values - being miscalculated up to the joff variable which is used as an index - to dereference the esv->blackfilt array. This leads top an overflow - and causes a segmentation fault. -Author: Fabian Greffrath -Bug-Debian: https://bugs.debian.org/778529 - ---- a/libmp3lame/util.c -+++ b/libmp3lame/util.c -@@ -26,6 +26,7 @@ - # include - #endif - -+#include - #include "lame.h" - #include "machine.h" - #include "encoder.h" -@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags - if (bpc > BPC) - bpc = BPC; - -- intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001); -+ intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < FLT_EPSILON); - fcn = 1.00 / resample_ratio; - if (fcn > 1.00) - fcn = 1.00; diff --git a/lame-msse.patch b/lame-msse.patch deleted file mode 100644 index 263538b..0000000 --- a/lame-msse.patch +++ /dev/null @@ -1,17 +0,0 @@ -Description: Build xmm_quantize_sub.c with -msse -Author: Sebastian Ramacher -Bug: http://sourceforge.net/p/lame/bugs/443/ -Bug-Debian: https://bugs.debian.org/760047 -Forwarded: http://sourceforge.net/p/lame/bugs/443/ -Last-Update: 2014-08-31 - ---- lame-3.99.5+repack1.orig/libmp3lame/vector/Makefile.am -+++ lame-3.99.5+repack1/libmp3lame/vector/Makefile.am -@@ -20,6 +20,7 @@ xmm_sources = xmm_quantize_sub.c - - if WITH_XMM - liblamevectorroutines_la_SOURCES = $(xmm_sources) -+liblamevectorroutines_la_CFLAGS = -msse - endif - - noinst_HEADERS = lame_intrin.h diff --git a/lame.changes b/lame.changes index 9eb19fb..73fd3a5 100644 --- a/lame.changes +++ b/lame.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Thu Dec 21 13:00:57 UTC 2017 - idonmez@suse.com + +- Update to version 3.100 + * Improved detection of MPEG audio data in RIFF WAVE files. + sf#3545112 Invalid sampling detection + * New switch --gain , range -20.0 to +12.0, a more + convenient way to apply Gain adjustment in decibels, + than the use of --scale . + * Fix for sf#3558466 Bug in path handling + * Fix for sf#3567844 problem with Tag genre + * Fix for sf#3565659 no progress indication with pipe input + * Fix for sf#3544957 scale (empty) silent encode without warning + * Fix for sf#3580176 environment variable LAMEOPT doesn't + work anymore + * Fix for sf#3608583 input file name displayed with wrong + character encoding (on windows console with CP_UTF8) + * Fix dereference NULL and Buffer not NULL terminated issues. + * Fix dereference of a null pointer possible in loop. + * Make sure functions with SSE instructions maintain their own + properly aligned stack. Thanks to Fabian Greffrath + * Multiple Stack and Heap Corruptions from Malicious File. + * Fix a division by zero vulnerability. + * Fix CVE-2017-9410 fill_buffer_resample function in + libmp3lame/util.c heap-based buffer over-read and ap + * Fix CVE-2017-9411 fill_buffer_resample function in + libmp3lame/util.c invalid memory read and application crash + * Fix CVE-2017-9412 unpack_read_samples function in + frontend/get_audio.c invalid memory read and application crash + * Fix clip detect scale suggestion unaware of scale input value + * HIP decoder bug fixed: decoding mixed blocks of lower sample + frequency Layer3 data resulted in internal buffer overflow. + * Add lame_encode_buffer_interleaved_int() +- Drop upstream patches: + * lame-Add-check-for-invalid-input-sample-rate.patch + * lame-ansi2knr2.patch + * lame-bits_per_sample.patch + * lame-force_align_arg_pointer.patch + * lame-gtk1.patch + * lame-int_resample_ratio.patch + * lame-msse.patch + ------------------------------------------------------------------- Thu Mar 2 10:33:47 UTC 2017 - jengelh@inai.de diff --git a/lame.spec b/lame.spec index 6f5d276..233f51c 100644 --- a/lame.spec +++ b/lame.spec @@ -19,24 +19,17 @@ %define sover 0 Name: lame -Version: 3.99.5 +Version: 3.100 Release: 0 Summary: The LAME MP3 encoder +# https://github.com/rbrito/lame License: LGPL-2.0+ Group: Productivity/Multimedia/Sound/Editors and Convertors -# https://github.com/rbrito/lame Url: http://lame.sourceforge.net/ Source: http://prdownloads.sourceforge.net/lame/lame-%{version}.tar.gz Source99: lame-rpmlintrc Source1000: baselibs.conf -Patch1: lame-gtk1.patch -Patch10: lame-Add-check-for-invalid-input-sample-rate.patch -Patch11: lame-ansi2knr2.patch -Patch12: lame-bits_per_sample.patch -Patch13: lame-field-width-fix.patch -Patch14: lame-force_align_arg_pointer.patch -Patch15: lame-int_resample_ratio.patch -Patch16: lame-msse.patch +Patch1: lame-field-width-fix.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -98,19 +91,9 @@ This package includes "mp3rtp", an MP3 encoder with RTP streaming of the output. %prep %setup -q -find -name Makefile.in -print -delete %patch1 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -sed -i -e '/define sp/s/+/ + /g' libmp3lame/i386/nasm.h %build -autoreconf -fi LIBS="-lm" \ CFLAGS="%{optflags}" \ %configure \ @@ -125,6 +108,9 @@ CFLAGS="%{optflags}" \ make %{?_smp_mflags} pkgdocdir=%{_defaultdocdir}/%{name}/ +%check +make test + %install make install pkgdocdir=%{_defaultdocdir}/%{name}/ DESTDIR=%{buildroot} rm -f %{buildroot}%{_libdir}/libmp3lame.la From f1a3821897578cf5065b40283bd2e7904d4f376249c0843c3e457fd11a03ef6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 21 Dec 2017 13:21:10 +0000 Subject: [PATCH 2/2] - OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/lame?expand=0&rev=8 --- lame.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/lame.spec b/lame.spec index 233f51c..bc450ef 100644 --- a/lame.spec +++ b/lame.spec @@ -22,7 +22,6 @@ Name: lame Version: 3.100 Release: 0 Summary: The LAME MP3 encoder -# https://github.com/rbrito/lame License: LGPL-2.0+ Group: Productivity/Multimedia/Sound/Editors and Convertors Url: http://lame.sourceforge.net/