Bug#781006: marked as done (unblock: lame/3.99.5+repack1-7)

Debian Bug Tracking System Mon, 23 Mar 2015 08:46:08 -0700

Your message dated Mon, 23 Mar 2015 16:35:45 +0100
with message-id <551032d1.60...@thykier.net>
and subject line Re: Bug#781006: unblock: lame/3.99.5+repack1-7
has caused the Debian Bug report #781006,
regarding unblock: lame/3.99.5+repack1-7
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
781006: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781006
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package lame

Dear release team,

the lame package in unstable contains some bug fixes that are
considered security-relevant. The package has already been updated in
stable as requested in #779083, but I somehow forgot to request its
transition to testing until now -- sorry.

unblock lame/3.99.5+repack1-7

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru lame-3.99.5+repack1/debian/changelog lame-3.99.5+repack1/debian/changelog
--- lame-3.99.5+repack1/debian/changelog	2015-02-09 07:12:14.000000000 +0100
+++ lame-3.99.5+repack1/debian/changelog	2015-02-24 09:03:11.000000000 +0100
@@ -1,3 +1,13 @@
+lame (3.99.5+repack1-7) unstable; urgency=medium
+
+  * Extend Maks Naumov's patch to also include a sanity check for
+    a valid amount of input channels (Closes: #778703).
+  * Fix decision if sample rate ratio is an integer value or not
+    (Closes: #778529).
+  * Thanks to Henri Salo for the bug reports and the fuzzed samples!
+
+ -- Fabian Greffrath <fabian+deb...@greffrath.com>  Tue, 24 Feb 2015 09:03:07 +0100
+
 lame (3.99.5+repack1-6) unstable; urgency=high
 
   * Do not mangle CFLAGS in debian/rules anymore, leave this to
diff -Nru lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch
--- lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch	2015-02-06 09:24:34.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch	2015-02-19 07:18:28.000000000 +0100
@@ -14,7 +14,7 @@
      }
  #endif
  
-+    if (gfp->samplerate_in < 0) {
++    if (gfp->samplerate_in < 0 || gfp->num_channels < 0) {
 +        freegfc(gfc);
 +        gfp->internal_flags = NULL;
 +        return -1;
diff -Nru lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch
--- lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch	1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch	2015-02-24 07:29:29.000000000 +0100
@@ -0,0 +1,29 @@
+Subject: Fix decision if sample rate ratio is an integer value or not
+ If the sample rate of the input file is sufficiently close to an
+ integer multiple of the output sample rate, the value of the intratio
+ variable is calculated incorrectly. This leads to further values
+ being miscalculated up to the joff variable which is used as an index
+ to dereference the esv->blackfilt array. This leads top an overflow
+ and causes a segmentation fault.
+Author: Fabian Greffrath <fabian+deb...@greffrath.com>
+Bug-Debian: https://bugs.debian.org/778529
+
+--- a/libmp3lame/util.c
++++ b/libmp3lame/util.c
+@@ -26,6 +26,7 @@
+ # include <config.h>
+ #endif
+ 
++#include <float.h>
+ #include "lame.h"
+ #include "machine.h"
+ #include "encoder.h"
+@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags
+     if (bpc > BPC)
+         bpc = BPC;
+ 
+-    intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001);
++    intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < FLT_EPSILON);
+     fcn = 1.00 / resample_ratio;
+     if (fcn > 1.00)
+         fcn = 1.00;
diff -Nru lame-3.99.5+repack1/debian/patches/series lame-3.99.5+repack1/debian/patches/series
--- lame-3.99.5+repack1/debian/patches/series	2015-02-09 07:00:07.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/series	2015-02-18 11:35:11.000000000 +0100
@@ -5,3 +5,4 @@
 msse.patch
 0001-Add-check-for-invalid-input-sample-rate.patch
 bits_per_sample.patch
+int_resample_ratio.patch

--- End Message ---

--- Begin Message ---

On 2015-03-23 06:39, Fabian Greffrath wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian....@packages.debian.org
> Usertags: unblock
> 
> Please unblock package lame
> 
> Dear release team,
> 
> the lame package in unstable contains some bug fixes that are
> considered security-relevant. The package has already been updated in
> stable as requested in #779083, but I somehow forgot to request its
> transition to testing until now -- sorry.
> 
> unblock lame/3.99.5+repack1-7
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---

Bug#781006: marked as done (unblock: lame/3.99.5+repack1-7)

Reply via email to