Your message dated Sat, 14 Feb 2015 11:57:48 +0000 with message-id <1423915068.13356.7.ca...@adam-barratt.org.uk> and subject line Re: Bug#778347: unblock: lame/3.99.5+repack1-6 has caused the Debian Bug report #778347, regarding unblock: lame/3.99.5+repack1-6 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 778347: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778347 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock Please unblock package lame The samplerate security issues has been reported multiple times in the BTS: #775959, #777160, #777161 unblock lame/3.99.5+repack1-6 diff -Nru lame-3.99.5+repack1/debian/changelog lame-3.99.5+repack1/debian/changelog --- lame-3.99.5+repack1/debian/changelog 2014-08-31 16:05:02.000000000 +0200 +++ lame-3.99.5+repack1/debian/changelog 2015-02-09 07:12:14.000000000 +0100 @@ -1,3 +1,18 @@ +lame (3.99.5+repack1-6) unstable; urgency=high + + * Do not mangle CFLAGS in debian/rules anymore, leave this to + dpkg-buildflags (Closes: #775955). Thanks, Jakub Wilk. + * Add check for invalid input sample rate, thanks Maks Naumov + (Closes: #775959, #777160, #777161). Thanks Jakub Wilk and + Brian Carpenter for the bug reports and test cases. + * Remove chunks modifying */Makefile.in from parallel-builds-fix.patch, + we are running autoreconf anyway. + * Remove unbreak-ftbfs-gcc4.4.patch, does not apply anymore. + * Avoid malformed wav causing floating point exception in the frontend + (Closes: #777159). + + -- Fabian Greffrath <fabian+deb...@greffrath.com> Mon, 09 Feb 2015 07:11:42 +0100 + lame (3.99.5+repack1-5) unstable; urgency=medium * Team upload. diff -Nru lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch --- lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch 1970-01-01 01:00:00.000000000 +0100 +++ lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch 2015-02-06 09:24:34.000000000 +0100 @@ -0,0 +1,25 @@ +From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001 +From: Maks Naumov <maksq...@ukr.net> +Date: Thu, 22 Jan 2015 16:20:40 +0200 +Subject: [PATCH] Add check for invalid input sample rate + +Signed-off-by: Maks Naumov <maksq...@ukr.net> +--- + libmp3lame/lame.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/libmp3lame/lame.c ++++ b/libmp3lame/lame.c +@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp + } + #endif + ++ if (gfp->samplerate_in < 0) { ++ freegfc(gfc); ++ gfp->internal_flags = NULL; ++ return -1; ++ } ++ + cfg->disable_reservoir = gfp->disable_reservoir; + cfg->lowpassfreq = gfp->lowpassfreq; + cfg->highpassfreq = gfp->highpassfreq; diff -Nru lame-3.99.5+repack1/debian/patches/bits_per_sample.patch lame-3.99.5+repack1/debian/patches/bits_per_sample.patch --- lame-3.99.5+repack1/debian/patches/bits_per_sample.patch 1970-01-01 01:00:00.000000000 +0100 +++ lame-3.99.5+repack1/debian/patches/bits_per_sample.patch 2015-02-09 07:05:26.000000000 +0100 @@ -0,0 +1,17 @@ +Description: Avoid malformed wav causing floating point exception (integer divide by zero) +Author: Fabian Greffrath <fabian+deb...@greffrath.com> +Bug-Debian: https://bugs.debian.org/777159 + +--- a/frontend/get_audio.c ++++ b/frontend/get_audio.c +@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf + else { + (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate); + } ++ /* avoid division by zero */ ++ if (bits_per_sample < 1) ++ return -1; ++ + global. pcmbitwidth = bits_per_sample; + global. pcm_is_unsigned_8bit = 1; + global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0); diff -Nru lame-3.99.5+repack1/debian/patches/parallel-builds-fix.patch lame-3.99.5+repack1/debian/patches/parallel-builds-fix.patch --- lame-3.99.5+repack1/debian/patches/parallel-builds-fix.patch 2014-07-03 07:34:51.000000000 +0200 +++ lame-3.99.5+repack1/debian/patches/parallel-builds-fix.patch 2015-02-09 06:51:50.000000000 +0100 @@ -28,28 +28,3 @@ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ---- a/libmp3lame/i386/Makefile.in -+++ b/libmp3lame/i386/Makefile.in -@@ -218,6 +218,7 @@ - - @HAVE_NASM_TRUE@noinst_LTLIBRARIES = liblameasmroutines.la - @HAVE_NASM_TRUE@liblameasmroutines_la_SOURCES = $(nasm_sources) -+@HAVE_NASM_TRUE@liblameasmroutines_la_DEPENDENCIES = $(nasm_sources:.nas.lo) - @HAVE_NASM_TRUE@am_liblameasmroutines_la_OBJECTS = \ - @HAVE_NASM_TRUE@ choose_table$U.lo \ - @HAVE_NASM_TRUE@ cpu_feat$U.lo \ -@@ -526,11 +527,10 @@ - $(NASM) $(NASMFLAGS) $< -o $@ -l $@.lst - - .nas.lo: $< nasm.h -- mkdir -p .libs - $(ECHO) '# Generated by ltmain.sh - GNU libtool 1.5.22 (1.1220.2.365 2005/12/18 22:14:06)' >$@ -- $(ECHO) "pic_object='.libs/$*.o'" >>$@ -- $(ECHO) "non_pic_object='.libs/$*.o'" >>$@ -- $(NASM) $(NASMFLAGS) $< -o .libs/$*.o -l $@.lst -+ $(ECHO) "pic_object='$*.o'" >>$@ -+ $(ECHO) "non_pic_object='$*.o'" >>$@ -+ $(NASM) $(NASMFLAGS) $< -o $*.o -l $@.lst - - #$(OBJECTS): libtool - #libtool: $(LIBTOOL_DEPS) diff -Nru lame-3.99.5+repack1/debian/patches/series lame-3.99.5+repack1/debian/patches/series --- lame-3.99.5+repack1/debian/patches/series 2014-08-31 15:42:32.000000000 +0200 +++ lame-3.99.5+repack1/debian/patches/series 2015-02-09 07:00:07.000000000 +0100 @@ -1,6 +1,7 @@ 07-field-width-fix.patch parallel-builds-fix.patch -unbreak-ftbfs-gcc4.4.patch ansi2knr2devnull.patch privacy-breach.patch msse.patch +0001-Add-check-for-invalid-input-sample-rate.patch +bits_per_sample.patch diff -Nru lame-3.99.5+repack1/debian/patches/unbreak-ftbfs-gcc4.4.patch lame-3.99.5+repack1/debian/patches/unbreak-ftbfs-gcc4.4.patch --- lame-3.99.5+repack1/debian/patches/unbreak-ftbfs-gcc4.4.patch 2014-07-03 07:34:51.000000000 +0200 +++ lame-3.99.5+repack1/debian/patches/unbreak-ftbfs-gcc4.4.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,93 +0,0 @@ -Description: Unbreak compilation with gcc 4.4 - This patch is only necessary before gcc 4.5, such as gcc 4.4 in debian/squeeze. - Actually, this is a workaround in config.h for a workaround in the autoconf - generated configure script, which comments out every #undef CPP statement. - This is actually documented in the autoconf manual, like here: - http://www.gnu.org/s/hello/manual/autoconf/Header-Templates.html -Author: Reinhard Tartler <siret...@tauware.de> - - - ---- a/config.h.in -+++ b/config.h.in -@@ -56,12 +56,14 @@ - /* add ieee754_float32_t type */ - #undef HAVE_IEEE754_FLOAT32_T - #ifndef HAVE_IEEE754_FLOAT32_T -+#define HAVE_IEEE754_FLOAT32_T - typedef float ieee754_float32_t; - #endif - - /* add ieee754_float64_t type */ - #undef HAVE_IEEE754_FLOAT64_T - #ifndef HAVE_IEEE754_FLOAT64_T -+#define HAVE_IEEE754_FLOAT64_T - typedef double ieee754_float64_t; - #endif - -@@ -71,6 +73,7 @@ - /* add ieee854_float80_t type */ - #undef HAVE_IEEE854_FLOAT80_T - #ifndef HAVE_IEEE854_FLOAT80_T -+#define HAVE_IEEE854_FLOAT80_T - typedef long double ieee854_float80_t; - #endif - ---- a/configure.in -+++ b/configure.in -@@ -147,6 +147,7 @@ - [/* add uint8_t type */ - #undef HAVE_UINT8_T - #ifndef HAVE_UINT8_T -+#define HAVE_UINT8_T - typedef unsigned char uint8_t; - #endif]) - -@@ -154,6 +155,7 @@ - [/* add int8_t type */ - #undef HAVE_INT8_T - #ifndef HAVE_INT8_T -+#define HAVE_INT8_T - typedef char int8_t; - #endif]) - -@@ -161,6 +163,7 @@ - [/* add uint16_t type */ - #undef HAVE_UINT16_T - #ifndef HAVE_UINT16_T -+#define HAVE_UINT16_T - typedef unsigned short uint16_t; - #endif]) - -@@ -168,6 +171,7 @@ - [/* add int16_t type */ - #undef HAVE_INT16_T - #ifndef HAVE_INT16_T -+#define HAVE_INT16_T - typedef short int16_t; - #endif]) - -@@ -275,6 +279,7 @@ - [/* add ieee854_float80_t type */ - #undef HAVE_IEEE854_FLOAT80_T - #ifndef HAVE_IEEE854_FLOAT80_T -+#define HAVE_IEEE854_FLOAT80_T - typedef long double ieee854_float80_t; - #endif]) - -@@ -287,6 +292,7 @@ - [/* add ieee754_float64_t type */ - #undef HAVE_IEEE754_FLOAT64_T - #ifndef HAVE_IEEE754_FLOAT64_T -+#define HAVE_IEEE754_FLOAT64_T - typedef double ieee754_float64_t; - #endif]) - -@@ -294,6 +300,7 @@ - [/* add ieee754_float32_t type */ - #undef HAVE_IEEE754_FLOAT32_T - #ifndef HAVE_IEEE754_FLOAT32_T -+#define HAVE_IEEE754_FLOAT32_T - typedef float ieee754_float32_t; - #endif]) - diff -Nru lame-3.99.5+repack1/debian/rules lame-3.99.5+repack1/debian/rules --- lame-3.99.5+repack1/debian/rules 2014-08-30 21:10:10.000000000 +0200 +++ lame-3.99.5+repack1/debian/rules 2015-01-22 19:22:43.000000000 +0100 @@ -1,17 +1,10 @@ #!/usr/bin/make -f -CFLAGS = $(shell dpkg-buildflags --get CFLAGS 2>/dev/null | sed -e 's/-g\|-O2//g') -ifeq (,$(CFLAGS)) - # Handle case for versions of Debian/Ubuntu that have dpkg-dev (<< 1.15.7). - CFLAGS = -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -endif - %: dh $@ --parallel --with autoreconf override_dh_auto_configure: dh_auto_configure -- \ - --disable-debug \ --disable-rpath \ --enable-dynamic-frontends \ --enable-expopt=full \ -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---On Fri, 2015-02-13 at 22:14 +0100, Moritz Muehlenhoff wrote: > Please unblock package lame > > The samplerate security issues has been reported multiple times > in the BTS: #775959, #777160, #777161 Unblocked. Regards, Adam
--- End Message ---
