Hello community,

here is the log from the commit of package aubio for openSUSE:Factory checked 
in at 2018-08-08 14:53:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/aubio (Old)
 and      /work/SRC/openSUSE:Factory/.aubio.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "aubio"

Wed Aug  8 14:53:26 2018 rev:25 rq:627880 version:0.4.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/aubio/aubio.changes      2018-06-26 
10:37:13.499232611 +0200
+++ /work/SRC/openSUSE:Factory/.aubio.new/aubio.changes 2018-08-08 
14:54:12.193619683 +0200
@@ -1,0 +2,13 @@
+Tue Aug  7 15:00:16 CEST 2018 - ti...@suse.de
+
+- Fix minor security issues leading to segfault or buffer overread
+  (CVE-2018-14522, bsc#1102359, CVE-2018-14523, bsc#1102364):
+  0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
+  0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch
+  0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
+  0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
+- Refresh the previous fixes from the upstream version
+  aubio-wavread-input-validation.patch
+  aubio-resampler-NULL-deref-fix.patch
+
+-------------------------------------------------------------------

New:
----
  0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
  0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
  0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
  0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ aubio.spec ++++++
--- /var/tmp/diff_new_pack.AfyOap/_old  2018-08-08 14:54:12.797620680 +0200
+++ /var/tmp/diff_new_pack.AfyOap/_new  2018-08-08 14:54:12.797620680 +0200
@@ -42,8 +42,16 @@
 Source:         http://aubio.org/pub/%{name}-%{version}.tar.bz2
 Source1:        http://aubio.org/pub/%{name}-%{version}.tar.bz2.asc
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM CVE-2017-17054 bsc#1070399
 Patch1:         aubio-wavread-input-validation.patch
+# PATCH-FIX-UPSTREAM CVE-2017-17554 bsc#1072317
 Patch2:         aubio-resampler-NULL-deref-fix.patch
+# PATCH-FIX-UPSTREAM CVE-2018-14523 bsc#1102364
+Patch3:         0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch
+Patch4:         0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch
+# PATCH-FIX-UPSTREAM CVE-2018-14522 bsc#1102359
+Patch5:         0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch
+Patch6:         0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch
 Url:            http://aubio.org
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define debug_package_requires %{libpkgname} = %{version}-%{release}
@@ -87,6 +95,10 @@
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
 sed -e "s,/lib,/%_lib," src/wscript_build > src/wscript_build.new
 diff -u src/wscript_build src/wscript_build.new || :
 mv src/wscript_build.new src/wscript_build

++++++ 0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch ++++++
>From 25f280f347868fc0f4ecdcb0b45d5a9400f8f772 Mon Sep 17 00:00:00 2001
From: Paul Brossier <p...@piem.org>
Date: Mon, 6 Aug 2018 14:03:48 +0200
Subject: [PATCH] src/notes/notes.c: bail out if pitch creation failed (see
 #188)

---
 src/notes/notes.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/notes/notes.c b/src/notes/notes.c
index f6b7d5673cff..343e5a00bc2f 100644
--- a/src/notes/notes.c
+++ b/src/notes/notes.c
@@ -83,6 +83,7 @@ aubio_notes_t * new_aubio_notes (const char_t * method,
   o->onset_output = new_fvec (1);
 
   o->pitch = new_aubio_pitch (pitch_method, o->pitch_buf_size, o->hop_size, 
o->samplerate);
+  if (o->pitch == NULL) goto fail;
   if (o->pitch_tolerance != 0.) aubio_pitch_set_tolerance (o->pitch, 
o->pitch_tolerance);
   aubio_pitch_set_unit (o->pitch, "midi");
   o->pitch_output = new_fvec (1);
-- 
2.18.0

++++++ 0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch ++++++
>From af4f9e6a93b629fb6defa2a229ec828885b9d187 Mon Sep 17 00:00:00 2001
From: Paul Brossier <p...@piem.org>
Date: Mon, 6 Aug 2018 13:41:52 +0200
Subject: [PATCH] src/pitch/pitchyinfft.c: fix out of bound read when
 samplerate > 50kHz (closes: #189)

---
 src/pitch/pitchyinfft.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c
index f213ef2406cf..493ca08d40e0 100644
--- a/src/pitch/pitchyinfft.c
+++ b/src/pitch/pitchyinfft.c
@@ -44,7 +44,7 @@ static const smpl_t freqs[] = {
      0.,    20.,    25.,   31.5,    40.,    50.,    63.,    80.,   100.,   
125.,
    160.,   200.,   250.,   315.,   400.,   500.,   630.,   800.,  1000.,  
1250.,
   1600.,  2000.,  2500.,  3150.,  4000.,  5000.,  6300.,  8000.,  9000., 
10000.,
- 12500., 15000., 20000., 25100
+ 12500., 15000., 20000., 25100., -1.
 };
 
 static const smpl_t weight[] = {
@@ -72,7 +72,8 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize)
   p->weight = new_fvec (bufsize / 2 + 1);
   for (i = 0; i < p->weight->length; i++) {
     freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate;
-    while (freq > freqs[j]) {
+    while (freq > freqs[j] && freqs[j] > 0) {
+      AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, 
bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, 
i, j);
       j += 1;
     }
     a0 = weight[j - 1];
-- 
2.18.0

++++++ 0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch ++++++
>From 99c7aa2e3efec988a5f81018b48d9388ff24bba1 Mon Sep 17 00:00:00 2001
From: Paul Brossier <p...@piem.org>
Date: Mon, 6 Aug 2018 14:04:48 +0200
Subject: [PATCH] src/io/source_wavread.c: also exit if samplerate is negative
 (closes #188)

---
 src/io/source_wavread.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
index b91eb5cd0f07..90638af88eae 100644
--- a/src/io/source_wavread.c
+++ b/src/io/source_wavread.c
@@ -195,8 +195,8 @@ aubio_source_wavread_t * new_aubio_source_wavread(const 
char_t * path, uint_t sa
     goto beach;
   }
 
-  if ( sr == 0 ) {
-    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", 
s->path);
+  if ( (sint_t)sr <= 0 ) {
+    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be <= 
0)\n", s->path);
     goto beach;
   }
 
-- 
2.18.0

++++++ 0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch ++++++
>From 802e8abf5ce7152952bcf8c767b7a5433177c421 Mon Sep 17 00:00:00 2001
From: Paul Brossier <p...@piem.org>
Date: Mon, 6 Aug 2018 16:09:48 +0200
Subject: [PATCH] src/pitch/pitchyinfft.c: comment out debug output

---
 src/pitch/pitchyinfft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c
index 493ca08d40e0..b613f60e45be 100644
--- a/src/pitch/pitchyinfft.c
+++ b/src/pitch/pitchyinfft.c
@@ -73,7 +73,9 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize)
   for (i = 0; i < p->weight->length; i++) {
     freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate;
     while (freq > freqs[j] && freqs[j] > 0) {
-      AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, 
bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, 
i, j);
+      //AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t"
+      //    "(weight length %d, bufsize %d) %d %d\n", freq, freqs[j],
+      //    samplerate, p->weight->length, bufsize, i, j);
       j += 1;
     }
     a0 = weight[j - 1];
-- 
2.18.0


++++++ aubio-resampler-NULL-deref-fix.patch ++++++
--- /var/tmp/diff_new_pack.AfyOap/_old  2018-08-08 14:54:12.849620766 +0200
+++ /var/tmp/diff_new_pack.AfyOap/_new  2018-08-08 14:54:12.849620766 +0200
@@ -1,30 +1,26 @@
-From: Takashi Iwai <ti...@suse.de>
-Subject: Fix a NULl dereference in aubio_source_avcodec_readframe()
-References: bsc#1072317 CVE-2017-17554 
-
-Signed-off-by: Takashi Iwai <ti...@suse.de>
+From a81b12a3b4174953b3bc7ef4c37103f4d5636740 Mon Sep 17 00:00:00 2001
+From: Paul Brossier <p...@piem.org>
+Date: Mon, 6 Aug 2018 14:58:27 +0200
+Subject: [PATCH] src/io/source_avcodec.c: give up if resampling context failed
+ opening (see #137, closes #187)
 
 ---
- src/io/source_avcodec.c |    4 ++++
- 1 file changed, 4 insertions(+)
+ src/io/source_avcodec.c | 2 ++
+ 1 file changed, 2 insertions(+)
 
+diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c
+index 8197445c0165..6d8efa79f685 100644
 --- a/src/io/source_avcodec.c
 +++ b/src/io/source_avcodec.c
-@@ -420,6 +420,8 @@ void aubio_source_avcodec_readframe(aubi
-   }
+@@ -275,6 +275,8 @@ aubio_source_avcodec_t * new_aubio_source_avcodec(const 
char_t * path, uint_t sa
+   // default to mono output
+   aubio_source_avcodec_reset_resampler(s, 0);
+ 
++  if (s->avr == NULL) goto beach;
++
+   s->eof = 0;
+   s->multi = 0;
  
- #ifdef HAVE_AVRESAMPLE
-+  if (!avr)
-+      goto beach;
-   in_linesize = 0;
-   av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels,
-       avFrame->nb_samples, avCodecCtx->sample_fmt, 1);
-@@ -430,6 +432,8 @@ void aubio_source_avcodec_readframe(aubi
-         (uint8_t **)&output, out_linesize, max_out_samples,
-         (uint8_t **)avFrame->data, in_linesize, in_samples);
- #elif defined(HAVE_SWRESAMPLE)
-+  if (!avr)
-+      goto beach;
-   in_samples = avFrame->nb_samples;
-   max_out_samples = AUBIO_AVCODEC_MAX_BUFFER_SIZE / avCodecCtx->channels;
-   out_samples = swr_convert( avr,
+-- 
+2.18.0
+

++++++ aubio-wavread-input-validation.patch ++++++
--- /var/tmp/diff_new_pack.AfyOap/_old  2018-08-08 14:54:12.865620792 +0200
+++ /var/tmp/diff_new_pack.AfyOap/_new  2018-08-08 14:54:12.865620792 +0200
@@ -5,12 +5,14 @@
  #158)
 
 ---
- src/io/source_wavread.c |   20 ++++++++++++++++++++
+ src/io/source_wavread.c | 20 ++++++++++++++++++++
  1 file changed, 20 insertions(+)
 
+diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
+index 640201bbbb19..b91eb5cd0f07 100644
 --- a/src/io/source_wavread.c
 +++ b/src/io/source_wavread.c
-@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_sourc
+@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_source_wavread(const 
char_t * path, uint_t sa
    // BitsPerSample
    bytes_read += fread(buf, 1, 2, s->fid);
    bitspersample = read_little_endian(buf, 2);
@@ -37,3 +39,6 @@
  #if 0
    if ( bitspersample != 16 ) {
      AUBIO_ERR("source_wavread: can not process %dbit file %s\n",
+-- 
+2.18.0
+


Reply via email to