Accepting request 559093 from multimedia:libs

- Update to version 3.100 * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. * Fix a division by zero vulnerability. * Fix CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap * Fix CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash * Fix CVE-2017-9412 unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() OBS-URL: https://build.opensuse.org/request/show/559093 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/lame?expand=0&rev=2
2017-12-28 23:02:00 +00:00 · 2017-12-28 23:02:00 +00:00 · 1814f7f30b
commit 1814f7f30b
parent 4ae584a350 f1a3821897
11 changed files with 50 additions and 227 deletions
--- a/lame-3.100.tar.gz
+++ b/lame-3.100.tar.gz
--- a/lame-3.99.5.tar.gz
+++ b/lame-3.99.5.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff
 size 1445348
--- a/lame-Add-check-for-invalid-input-sample-rate.patch
+++ b/lame-Add-check-for-invalid-input-sample-rate.patch
@ -1,25 +0,0 @@
 From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
 From: Maks Naumov <maksqwe1@ukr.net>
 Date: Thu, 22 Jan 2015 16:20:40 +0200
 Subject: [PATCH] Add check for invalid input sample rate
 Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
 ---
 libmp3lame/lame.c | 6 ++++++
 1 file changed, 6 insertions(+)
 --- a/libmp3lame/lame.c
 +++ b/libmp3lame/lame.c
@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp
     }
 #endif
 +    if (gfp->samplerate_in < 0 || gfp->num_channels < 0) {
 +        freegfc(gfc);
 +        gfp->internal_flags = NULL;
 +        return -1;
 +    }
 +
     cfg->disable_reservoir = gfp->disable_reservoir;
     cfg->lowpassfreq = gfp->lowpassfreq;
     cfg->highpassfreq = gfp->highpassfreq;
--- a/lame-ansi2knr2.patch
+++ b/lame-ansi2knr2.patch
@ -1,43 +0,0 @@
 Description: Patch out remaining ansi2knr.
 Author: Dimitri John Ledkov <xnox@ubuntu.com>
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755111
 --- a/configure.in
 +++ b/configure.in
@@ -78,7 +78,6 @@
 fi
 dnl more automake stuff
 -AM_C_PROTOTYPES
 AC_CHECK_HEADER(dmalloc.h)
 if test "${ac_cv_header_dmalloc_h}" = "yes"; then
 --- a/doc/man/Makefile.am
 +++ b/doc/man/Makefile.am
@@ -1,6 +1,6 @@
 ## $Id: Makefile.am,v 1.1 2000/10/22 11:39:44 aleidinger Exp $
 -AUTOMAKE_OPTIONS = foreign ansi2knr
 +AUTOMAKE_OPTIONS = foreign
 man_MANS = lame.1
 EXTRA_DIST = ${man_MANS}
 --- a/libmp3lame/i386/Makefile.am
 +++ b/libmp3lame/i386/Makefile.am
@@ -1,6 +1,6 @@
 ## $Id: Makefile.am,v 1.26 2011/04/04 09:42:34 aleidinger Exp $
 -AUTOMAKE_OPTIONS = foreign $(top_srcdir)/ansi2knr
 +AUTOMAKE_OPTIONS = foreign
 DEFS = @DEFS@ @CONFIG_DEFS@
 --- a/doc/html/Makefile.am
 +++ b/doc/html/Makefile.am
@@ -1,6 +1,6 @@
 ## $Id: Makefile.am,v 1.7 2010/09/30 20:58:40 jaz001 Exp $
 -AUTOMAKE_OPTIONS = foreign ansi2knr
 +AUTOMAKE_OPTIONS = foreign
 docdir = $(datadir)/doc
 pkgdocdir = $(docdir)/$(PACKAGE)
--- a/lame-bits_per_sample.patch
+++ b/lame-bits_per_sample.patch
@ -1,17 +0,0 @@
 Description: Avoid malformed wav causing floating point exception (integer divide by zero) 
 Author: Fabian Greffrath <fabian+debian@greffrath.com>
 Bug-Debian: https://bugs.debian.org/777159
 --- a/frontend/get_audio.c
 +++ b/frontend/get_audio.c
@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf
         else {
             (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate);
         }
 +        /* avoid division by zero */
 +        if (bits_per_sample < 1)
 +            return -1;
 +
         global. pcmbitwidth = bits_per_sample;
         global. pcm_is_unsigned_8bit = 1;
         global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0);
--- a/lame-force_align_arg_pointer.patch
+++ b/lame-force_align_arg_pointer.patch
@ -1,52 +0,0 @@
 Author: Fabian Greffrath <fabian@debian.org>
 Subject: Enable functions with SSE instructions to maintain their own properly aligned stack
 Operands in SSE instructions must be aligned on 16-byte boundaries. In the
 init_xrpow_core_sse() function these operands are variables on the stack.
 However, when the code is called from the ocaml bindings, the stack is
 allocated by ocaml which does not adhere to the 16-byte boundary rule and thus
 causes the code to crash with a general protection error.
 What is needed is a means enable functions calling SSE instructions to
 maintain their own properly aligned stack. The "force_align_arg_pointer"
 attribute does exactly this, see
 <https://gcc.gnu.org/onlinedocs/gcc/x86-Function-Attributes.html>.
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786438
 Forwarded: https://sourceforge.net/p/lame/bugs/449/
 Last-Update: 2015-06-10
 --- a/libmp3lame/vector/xmm_quantize_sub.c
 +++ b/libmp3lame/vector/xmm_quantize_sub.c
@@ -51,8 +51,14 @@ static const FLOAT costab[TRI_SIZE * 2]
 };
 +/* make sure functions with SSE instructions maintain their own properly aligned stack */
 +#if defined (__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2)))
 +#define SSE_FUNCTION __attribute__((force_align_arg_pointer))
 +#else
 +#define SSE_FUNCTION
 +#endif
 -void
 +SSE_FUNCTION void
 init_xrpow_core_sse(gr_info * const cod_info, FLOAT xrpow[576], int upper, FLOAT * sum)
 {
     int     i;
@@ -113,7 +119,8 @@ init_xrpow_core_sse(gr_info * const cod_
 }
 -static void store4(__m128 v, float* f0, float* f1, float* f2, float* f3)
 +SSE_FUNCTION static void
 +store4(__m128 v, float* f0, float* f1, float* f2, float* f3)
 {
     vecfloat_union r;
     r._m128 = v;
@@ -124,7 +131,7 @@ static void store4(__m128 v, float* f0,
 }
 -void
 +SSE_FUNCTION void
 fht_SSE2(FLOAT * fz, int n)
 {
     const FLOAT *tri = costab;
--- a/lame-gtk1.patch
+++ b/lame-gtk1.patch
@ -1,21 +0,0 @@
 ---
 m4/gtk1.m4 |10758 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 configure.in |    4 
 m4/gtk1.m4   |10758 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 10761 insertions(+), 1 deletion(-)
 Index: lame-3.99.5/configure.in
 ===================================================================
 --- lame-3.99.5.orig/configure.in
 +++ lame-3.99.5/configure.in
@@ -393,7 +393,9 @@ CONFIG_MATH_LIB="${USE_LIBM}"
 dnl configure use of features
 -AM_PATH_GTK(1.2.0, HAVE_GTK="yes", HAVE_GTK="no")
 +GTK_CFLAGS=
 +AC_SUBST(GTK_CFLAGS)
 +
 dnl ElectricFence malloc debugging
 AC_MSG_CHECKING(use of ElectricFence malloc debugging)
--- a/lame-int_resample_ratio.patch
+++ b/lame-int_resample_ratio.patch
@ -1,29 +0,0 @@
 Subject: Fix decision if sample rate ratio is an integer value or not
 If the sample rate of the input file is sufficiently close to an
 integer multiple of the output sample rate, the value of the intratio
 variable is calculated incorrectly. This leads to further values
 being miscalculated up to the joff variable which is used as an index
 to dereference the esv->blackfilt array. This leads top an overflow
 and causes a segmentation fault.
 Author: Fabian Greffrath <fabian+debian@greffrath.com>
 Bug-Debian: https://bugs.debian.org/778529
 --- a/libmp3lame/util.c
 +++ b/libmp3lame/util.c
@@ -26,6 +26,7 @@
 # include <config.h>
 #endif
 +#include <float.h>
 #include "lame.h"
 #include "machine.h"
 #include "encoder.h"
@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags
     if (bpc > BPC)
         bpc = BPC;
 -    intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001);
 +    intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < FLT_EPSILON);
     fcn = 1.00 / resample_ratio;
     if (fcn > 1.00)
         fcn = 1.00;
--- a/lame-msse.patch
+++ b/lame-msse.patch
@ -1,17 +0,0 @@
 Description: Build xmm_quantize_sub.c with -msse
 Author: Sebastian Ramacher <sramacher@debian.org>
 Bug: http://sourceforge.net/p/lame/bugs/443/
 Bug-Debian: https://bugs.debian.org/760047
 Forwarded: http://sourceforge.net/p/lame/bugs/443/
 Last-Update: 2014-08-31
 --- lame-3.99.5+repack1.orig/libmp3lame/vector/Makefile.am
 +++ lame-3.99.5+repack1/libmp3lame/vector/Makefile.am
@@ -20,6 +20,7 @@ xmm_sources = xmm_quantize_sub.c
 if WITH_XMM
 liblamevectorroutines_la_SOURCES = $(xmm_sources)
 +liblamevectorroutines_la_CFLAGS = -msse
 endif
 noinst_HEADERS = lame_intrin.h
--- a/lame.changes
+++ b/lame.changes
@ -1,3 +1,45 @@
 -------------------------------------------------------------------
 Thu Dec 21 13:00:57 UTC 2017 - idonmez@suse.com
 - Update to version 3.100
   * Improved detection of MPEG audio data in RIFF WAVE files.
     sf#3545112 Invalid sampling detection
  * New switch --gain <decibel>, range -20.0 to +12.0, a more
    convenient way to apply Gain adjustment in decibels, 
    than the use of --scale <factor>.
  * Fix for sf#3558466 Bug in path handling
  * Fix for sf#3567844 problem with Tag genre
  * Fix for sf#3565659 no progress indication with pipe input
  * Fix for sf#3544957 scale (empty) silent encode without warning
  * Fix for sf#3580176 environment variable LAMEOPT doesn't
    work anymore
  * Fix for sf#3608583 input file name displayed with wrong
    character encoding (on windows console with CP_UTF8)
  * Fix dereference NULL and Buffer not NULL terminated issues.
  * Fix dereference of a null pointer possible in loop.
  * Make sure functions with SSE instructions maintain their own
    properly aligned stack. Thanks to Fabian Greffrath
  * Multiple Stack and Heap Corruptions from Malicious File.
  * Fix a division by zero vulnerability.
  * Fix CVE-2017-9410 fill_buffer_resample function in
    libmp3lame/util.c heap-based buffer over-read and ap
  * Fix CVE-2017-9411 fill_buffer_resample function in
    libmp3lame/util.c invalid memory read and application crash
  * Fix CVE-2017-9412 unpack_read_samples function in
    frontend/get_audio.c invalid memory read and application crash
  * Fix clip detect scale suggestion unaware of scale input value
  * HIP decoder bug fixed: decoding mixed blocks of lower sample
    frequency Layer3 data resulted in internal buffer overflow.
  * Add lame_encode_buffer_interleaved_int()
 - Drop upstream patches:
  * lame-Add-check-for-invalid-input-sample-rate.patch
  * lame-ansi2knr2.patch
  * lame-bits_per_sample.patch
  * lame-force_align_arg_pointer.patch
  * lame-gtk1.patch
  * lame-int_resample_ratio.patch
  * lame-msse.patch
 -------------------------------------------------------------------
 Thu Mar  2 10:33:47 UTC 2017 - jengelh@inai.de
--- a/lame.spec
+++ b/lame.spec
@ -19,24 +19,16 @@
 %define sover 0
 Name:           lame
-Version:        3.99.5
+Version:        3.100
 Release:        0
 Summary:        The LAME MP3 encoder
 License:        LGPL-2.0+
 Group:          Productivity/Multimedia/Sound/Editors and Convertors
 # https://github.com/rbrito/lame
 Url:            http://lame.sourceforge.net/
 Source:         http://prdownloads.sourceforge.net/lame/lame-%{version}.tar.gz
 Source99:       lame-rpmlintrc
 Source1000:     baselibs.conf
-Patch1:         lame-gtk1.patch
+Patch1:         lame-field-width-fix.patch
 Patch10:        lame-Add-check-for-invalid-input-sample-rate.patch
 Patch11:        lame-ansi2knr2.patch
 Patch12:        lame-bits_per_sample.patch
 Patch13:        lame-field-width-fix.patch
 Patch14:        lame-force_align_arg_pointer.patch
 Patch15:        lame-int_resample_ratio.patch
 Patch16:        lame-msse.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@ -98,19 +90,9 @@ This package includes "mp3rtp", an MP3 encoder with RTP streaming of the output.
 %prep
 %setup -q
 find -name Makefile.in -print -delete
 %patch1 -p1
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
 sed -i -e '/define sp/s/+/ + /g' libmp3lame/i386/nasm.h
 %build
 autoreconf -fi
 LIBS="-lm" \
 CFLAGS="%{optflags}" \
 %configure \
@ -125,6 +107,9 @@ CFLAGS="%{optflags}" \
 make %{?_smp_mflags} pkgdocdir=%{_defaultdocdir}/%{name}/
 %check
 make test
 %install
 make install pkgdocdir=%{_defaultdocdir}/%{name}/ DESTDIR=%{buildroot}
 rm -f %{buildroot}%{_libdir}/libmp3lame.la