Your message dated Sat, 21 Oct 2017 19:34:15 +0000
with message-id <e1e5zxd-000hou...@fasolo.debian.org>
and subject line Bug#702290: fixed in lame 3.100-2
has caused the Debian Bug report #702290,
regarding libmp3lame0: libmp3lame.so.0 exports too many symbols (e.g. "getbits")
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
702290: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702290
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libmp3lame0
Version: 3.99.5+repack1-3
Severity: normal
Tags: upstream patch
Dear Maintainer,
libmp3lame.so.0 currently exports lots of internal symbols.
In particular the getbits symbol causes real-world issues due to symbol
clashes, see e.g. http://users.softlab.ntua.gr/~ttsiod/mp3pro.html
To reproduce run:
nm -D /usr/lib/x86_64-linux-gnu/libmp3lame.so.0.0.0 | grep getbits
Returns:
000000000003d030 T getbits
000000000003d0a0 T getbits_fast
Expected: should not print anything, getbits is a too common name to
export safely.
mp3lame actually includes a .sym for use with libtool, but for some
reason does not use it (probably because it does not actually work
as-is).
I sent a patch upstream, but I am unsure there is much activity,
plus you might be in a better position to test if any applications
rely on these internal symbols.
Upstream bug report including (IMHO very simple) patch:
https://sourceforge.net/tracker/?func=detail&aid=3606697&group_id=290&atid=300290
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (700, 'unstable'), (600, 'experimental'), (500, 'testing'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libmp3lame0 depends on:
ii libc6 2.17-0experimental2
ii multiarch-support 2.17-0experimental2
libmp3lame0 recommends no packages.
libmp3lame0 suggests no packages.
-- no debconf information
Index: include/libmp3lame.sym
===================================================================
RCS file: /cvsroot/lame/lame/include/libmp3lame.sym,v
retrieving revision 1.1
diff -u -r1.1 libmp3lame.sym
--- include/libmp3lame.sym 14 Mar 2010 17:23:35 -0000 1.1
+++ include/libmp3lame.sym 4 Mar 2013 19:45:25 -0000
@@ -1,232 +1,177 @@
lame_init
-
+lame_init_old
lame_set_num_samples
lame_get_num_samples
-
lame_set_in_samplerate
lame_get_in_samplerate
-
lame_set_num_channels
lame_get_num_channels
-
lame_set_scale
lame_get_scale
-
lame_set_scale_left
lame_get_scale_left
-
lame_set_scale_right
lame_get_scale_right
-
lame_set_out_samplerate
lame_get_out_samplerate
-
lame_set_analysis
lame_get_analysis
-
lame_set_bWriteVbrTag
lame_get_bWriteVbrTag
-
lame_set_decode_only
lame_get_decode_only
-
+lame_set_ogg
+lame_get_ogg
lame_set_quality
lame_get_quality
-
lame_set_mode
lame_get_mode
-
+lame_set_mode_automs
+lame_get_mode_automs
lame_set_force_ms
lame_get_force_ms
-
lame_set_free_format
lame_get_free_format
-
-
lame_set_findReplayGain
lame_get_findReplayGain
-
lame_set_decode_on_the_fly
lame_get_decode_on_the_fly
-
+lame_set_ReplayGain_input
+lame_get_ReplayGain_input
+lame_set_ReplayGain_decode
+lame_get_ReplayGain_decode
+lame_set_findPeakSample
+lame_get_findPeakSample
lame_set_nogap_total
lame_get_nogap_total
-
lame_set_nogap_currentindex
lame_get_nogap_currentindex
-
-
lame_set_errorf
lame_set_debugf
lame_set_msgf
-
lame_set_brate
lame_get_brate
-
lame_set_compression_ratio
lame_get_compression_ratio
-
lame_set_preset
-
lame_set_asm_optimizations
-
-
lame_set_copyright
lame_get_copyright
-
lame_set_original
lame_get_original
-
lame_set_error_protection
lame_get_error_protection
-
lame_set_padding_type
lame_get_padding_type
-
lame_set_extension
lame_get_extension
-
lame_set_strict_ISO
lame_get_strict_ISO
-
lame_set_disable_reservoir
lame_get_disable_reservoir
-
lame_set_quant_comp
lame_get_quant_comp
lame_set_quant_comp_short
lame_get_quant_comp_short
-
lame_set_experimentalX
lame_get_experimentalX
-
lame_set_experimentalY
lame_get_experimentalY
-
lame_set_experimentalZ
lame_get_experimentalZ
-
lame_set_exp_nspsytune
lame_get_exp_nspsytune
-
lame_set_msfix
lame_get_msfix
-
lame_set_VBR
lame_get_VBR
-
lame_set_VBR_q
lame_get_VBR_q
-
+lame_set_VBR_quality
+lame_get_VBR_quality
lame_set_VBR_mean_bitrate_kbps
lame_get_VBR_mean_bitrate_kbps
-
lame_set_VBR_min_bitrate_kbps
lame_get_VBR_min_bitrate_kbps
-
lame_set_VBR_max_bitrate_kbps
lame_get_VBR_max_bitrate_kbps
-
lame_set_VBR_hard_min
lame_get_VBR_hard_min
-
lame_set_preset_expopts
-
lame_set_lowpassfreq
lame_get_lowpassfreq
-
lame_set_lowpasswidth
lame_get_lowpasswidth
-
lame_set_highpassfreq
lame_get_highpassfreq
-
lame_set_highpasswidth
lame_get_highpasswidth
-
lame_set_ATHonly
lame_get_ATHonly
-
lame_set_ATHshort
lame_get_ATHshort
-
lame_set_noATH
lame_get_noATH
-
lame_set_ATHtype
lame_get_ATHtype
-
lame_set_ATHlower
lame_get_ATHlower
-
lame_set_athaa_type
lame_get_athaa_type
-
lame_set_athaa_loudapprox
lame_get_athaa_loudapprox
-
lame_set_athaa_sensitivity
lame_get_athaa_sensitivity
-
lame_set_cwlimit
lame_get_cwlimit
-
+lame_set_allow_diff_short
+lame_get_allow_diff_short
lame_set_useTemporal
lame_get_useTemporal
-
lame_set_interChRatio
lame_get_interChRatio
-
lame_set_no_short_blocks
lame_get_no_short_blocks
lame_set_force_short_blocks
lame_get_force_short_blocks
-lame_set_allow_diff_short
-lame_get_allow_diff_short
-
lame_set_emphasis
lame_get_emphasis
-
lame_get_version
lame_get_encoder_delay
lame_get_encoder_padding
lame_get_framesize
-
lame_get_mf_samples_to_encode
lame_get_size_mp3buffer
lame_get_frameNum
lame_get_totalframes
-
lame_get_RadioGain
lame_get_AudiophileGain
lame_get_PeakSample
lame_get_noclipGainChange
lame_get_noclipScale
-
lame_init_params
-
get_lame_version
get_lame_short_version
get_lame_very_short_version
get_psy_version
get_lame_url
-get_lame_version_numerical
get_lame_os_bitness
-
+get_lame_version_numerical
lame_print_config
lame_print_internals
-
lame_encode_buffer
lame_encode_buffer_interleaved
lame_encode_buffer_float
+lame_encode_buffer_ieee_float
+lame_encode_buffer_interleaved_ieee_float
+lame_encode_buffer_ieee_double
+lame_encode_buffer_interleaved_ieee_double
lame_encode_buffer_long
lame_encode_buffer_long2
lame_encode_buffer_int
lame_encode_flush
lame_encode_flush_nogap
-
lame_init_bitstream
-
lame_bitrate_hist
lame_bitrate_kbps
lame_stereo_mode_hist
@@ -234,39 +179,26 @@
lame_block_type_hist
lame_bitrate_block_type_hist
lame_mp3_tags_fid
-lame_close
lame_get_lametag_frame
-lame_set_VBR_quality
-lame_get_VBR_quality
-
-
-bitrate_table
-samplerate_table
-
-lame_decode_init
-lame_decode
-lame_decode_headers
-lame_decode1
-lame_decode1_headers
-lame_decode1_headersB
-lame_decode_exit
-
-lame_get_id3v1_tag
-lame_get_id3v2_tag
-lame_set_write_id3tag_automatic
-lame_get_write_id3tag_automatic
-
+lame_close
+lame_encode_finish
hip_decode_init
hip_decode_exit
+hip_set_errorf
+hip_set_debugf
+hip_set_msgf
hip_decode
hip_decode_headers
hip_decode1
hip_decode1_headers
hip_decode1_headersB
-hip_set_debugf
-hip_set_errorf
-hip_set_msgf
-
+lame_decode_init
+lame_decode
+lame_decode_headers
+lame_decode1
+lame_decode1_headers
+lame_decode1_headersB
+lame_decode_exit
id3tag_genre_list
id3tag_init
id3tag_add_v2
@@ -274,6 +206,7 @@
id3tag_v2_only
id3tag_space_v1
id3tag_pad_v2
+id3tag_set_pad
id3tag_set_title
id3tag_set_artist
id3tag_set_album
@@ -283,7 +216,17 @@
id3tag_set_genre
id3tag_set_fieldvalue
id3tag_set_albumart
-id3tag_set_pad
-id3tag_set_comment_ucs2
+lame_get_id3v1_tag
+lame_get_id3v2_tag
+lame_set_write_id3tag_automatic
+lame_get_write_id3tag_automatic
+id3tag_set_textinfo_latin1
+id3tag_set_comment_latin1
id3tag_set_textinfo_ucs2
-
+id3tag_set_comment_ucs2
+id3tag_set_fieldvalue_ucs2
+id3tag_set_fieldvalue_utf16
+id3tag_set_textinfo_utf16
+id3tag_set_comment_utf16
+lame_get_bitrate
+lame_get_samplerate
Index: libmp3lame/Makefile.am
===================================================================
RCS file: /cvsroot/lame/lame/libmp3lame/Makefile.am,v
retrieving revision 1.39
diff -u -r1.39 Makefile.am
--- libmp3lame/Makefile.am 30 Oct 2010 13:21:02 -0000 1.39
+++ libmp3lame/Makefile.am 4 Mar 2013 19:45:25 -0000
@@ -22,6 +22,7 @@
libmp3lame_la_LIBADD = $(cpu_ldadd) $(vector_ldadd) $(decoder_ldadd) \
$(CONFIG_MATH_LIB)
libmp3lame_la_LDFLAGS = -version-info @LIB_MAJOR_VERSION@:@LIB_MINOR_VERSION@ \
+ -export-symbols $(top_builddir)/include/libmp3lame.sym \
-no-undefined
INCLUDES = @INCLUDES@ -I$(top_srcdir)/mpglib -I$(top_builddir)
--- End Message ---
--- Begin Message ---
Source: lame
Source-Version: 3.100-2
We believe that the bug you reported is fixed in the latest version of
lame, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 702...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Greffrath <fab...@debian.org> (supplier of updated lame package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Oct 2017 21:07:44 +0200
Source: lame
Binary: lame lame-doc libmp3lame-dev libmp3lame0
Architecture: source amd64 all
Version: 3.100-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Fabian Greffrath <fab...@debian.org>
Description:
lame - MP3 encoding library (frontend)
lame-doc - MP3 encoding library (documentation)
libmp3lame-dev - MP3 encoding library (development)
libmp3lame0 - MP3 encoding library
Closes: 702290 805899
Changes:
lame (3.100-2) unstable; urgency=medium
.
* Add CVE ids to previous changelog entry.
* Add a libmp3lame0.symbols file now that LAME only exports
its own API (Closes: #702290).
* Let lame suggest lame-doc (Closes: #805899).
Checksums-Sha1:
66cb11decb63e992941bcac6a15e1b050f9f2212 2193 lame_3.100-2.dsc
befd328a3d0adf74e1ca9fa749f292fa4d2cf73d 12152 lame_3.100-2.debian.tar.xz
1aa6f0ca348ea6cd89f8e8f1c96a0b56f2f885cf 85768 lame-dbgsym_3.100-2_amd64.deb
c86f0ede98ece22e87fbdef70ac3b7603ca0ca53 295254 lame-doc_3.100-2_all.deb
387ad4239e3316f4de3bf4fdde0755d06da92ea0 6997 lame_3.100-2_amd64.buildinfo
f41c23db9878fba0094f8c84e508a85709c1ccdb 280104 lame_3.100-2_amd64.deb
d0e8c690a4dd0d9f7c5e73a925ad75504119b983 388512
libmp3lame-dev_3.100-2_amd64.deb
d01ea18983a075cfea170db3557a7c9ca453489d 320506
libmp3lame0-dbgsym_3.100-2_amd64.deb
444e82f35c99674c6928214a0fcb0a71538d5c07 366810 libmp3lame0_3.100-2_amd64.deb
Checksums-Sha256:
23ead7cb4e1e0dd7925e67f935d005aa2ae73b508d240420e63d87b99c5a952e 2193
lame_3.100-2.dsc
096925e4c15a9ee4e3f79451111b0ad11ea33a4ab9b74581e6f4775b7f1867e5 12152
lame_3.100-2.debian.tar.xz
b19b5b72a07a22bdcaa027209bdf8f0a3032b114277df516235a421687a83b24 85768
lame-dbgsym_3.100-2_amd64.deb
81afa69cbb477e77adbed1397452e1e00698c64e6e64916dce9c395da30d62dd 295254
lame-doc_3.100-2_all.deb
c93d9884afed2409ea79929c5aa890afd4a688406fb27ab0e1e71fd2d95af210 6997
lame_3.100-2_amd64.buildinfo
946f6e028ee69c397275efe375a7f8feafe792a9dc8ef8a218043c887a6e6aea 280104
lame_3.100-2_amd64.deb
18dedfed434b19a3c1e543e2f38a6b56a0d6082776dcd972c9824795f4bd0e2e 388512
libmp3lame-dev_3.100-2_amd64.deb
5cefe8df3957613b18d82c86781ce607bb9660c2f882819efb9f402ef7d35dea 320506
libmp3lame0-dbgsym_3.100-2_amd64.deb
c4703482164abd48b65a9c5c53a33f64b694f29c3954f93a475114f0d95fbb70 366810
libmp3lame0_3.100-2_amd64.deb
Files:
3959c7a1b01faac560343f29dc80a8d3 2193 sound optional lame_3.100-2.dsc
68d578b4819cf2acdb4d603a56e31a77 12152 sound optional
lame_3.100-2.debian.tar.xz
3605355d1a9f4df301f44bda30775195 85768 debug optional
lame-dbgsym_3.100-2_amd64.deb
757d4fe44f4f795bc92dce842318fff9 295254 doc optional lame-doc_3.100-2_all.deb
0554778aee8774fef6104c50ca709eff 6997 sound optional
lame_3.100-2_amd64.buildinfo
e213fb838c9de7d72389bf068e7f18b0 280104 sound optional lame_3.100-2_amd64.deb
0225a40e4eedf7dbb9513f414edf9cb2 388512 libdevel optional
libmp3lame-dev_3.100-2_amd64.deb
9980ee0f677d24b30b58ea701303e64f 320506 debug optional
libmp3lame0-dbgsym_3.100-2_amd64.deb
e38882d8982dbbed5826359b7f6f0ae4 366810 libs optional
libmp3lame0_3.100-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEIsF2SKlSa4TfGRyWy+qOlwzNWd8FAlnrm8ESHGZhYmlhbkBk
ZWJpYW4ub3JnAAoJEMvqjpcMzVnfMdMQALF7cdfU485lbnyksOtBuqkR5Uo7Z0Dk
K8X29UeYiICufztV1bzQ3YPBNSJ2ygqk2+oVg7NzdS+E4Djzw8KNuuyB0GnvKXaL
BHyomM9zNDQNx1mJOTBkRGcMNqhBmEWMIiD20teUQGP3gWk6ABpyE8OfIClcaqOr
8SjXKgGIyvS3Z2D9iThX1EBa/mstTSOSy3wtuRLnt38R4bPiSWh3sZ0u5bWFdXZ3
xELK+IbeLJ99RgfOajxx0XZzquOZnel1YCMNTsA/XrdXPzKzVPEKOglfjNOVrPsi
tkcs+/cJ/DlY07dU3v+pJhZwIhOD5vCs456z51HIqf+IBS2rEcSz4Y/trMaMC8M6
sLp1c86fAPetT6kEdWS8LVjlCm8ceIQqJi1tijkFkIQN5StDlqt/34larJNImO7R
+BYwkC+aozXF4I8l2V106MmMct+vDwXx6CTt6D9i36l2ac7nzVD1mJjeAxS3MBuV
KCPHqjzTo8dv8O23sxMcD54iQM/zqvdLyx0X7R+yujl9zKp0JdPJUJb48jRLzGL3
w6FZzEscx6QuJqrhFfGRPo1EuW6IY5FRYaaMlXwAX8vx/cz1ztDzAe4HPnE91vbJ
cFl/7O8dToMxUt6D6s3jzMZ4ua0A3cCKcJIWyWWudprUiHiSPwtoXeHUuk7mnLR/
ZP3lmV50c0K2
=3P7f
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
