Hello community, here is the log from the commit of package aubio for openSUSE:Factory checked in at 2018-08-08 14:53:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aubio (Old) and /work/SRC/openSUSE:Factory/.aubio.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aubio" Wed Aug 8 14:53:26 2018 rev:25 rq:627880 version:0.4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/aubio/aubio.changes 2018-06-26 10:37:13.499232611 +0200 +++ /work/SRC/openSUSE:Factory/.aubio.new/aubio.changes 2018-08-08 14:54:12.193619683 +0200 @@ -1,0 +2,13 @@ +Tue Aug 7 15:00:16 CEST 2018 - ti...@suse.de + +- Fix minor security issues leading to segfault or buffer overread + (CVE-2018-14522, bsc#1102359, CVE-2018-14523, bsc#1102364): + 0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch + 0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch + 0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch + 0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch +- Refresh the previous fixes from the upstream version + aubio-wavread-input-validation.patch + aubio-resampler-NULL-deref-fix.patch + +------------------------------------------------------------------- New: ---- 0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch 0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch 0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch 0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aubio.spec ++++++ --- /var/tmp/diff_new_pack.AfyOap/_old 2018-08-08 14:54:12.797620680 +0200 +++ /var/tmp/diff_new_pack.AfyOap/_new 2018-08-08 14:54:12.797620680 +0200 @@ -42,8 +42,16 @@ Source: http://aubio.org/pub/%{name}-%{version}.tar.bz2 Source1: http://aubio.org/pub/%{name}-%{version}.tar.bz2.asc Source99: baselibs.conf +# PATCH-FIX-UPSTREAM CVE-2017-17054 bsc#1070399 Patch1: aubio-wavread-input-validation.patch +# PATCH-FIX-UPSTREAM CVE-2017-17554 bsc#1072317 Patch2: aubio-resampler-NULL-deref-fix.patch +# PATCH-FIX-UPSTREAM CVE-2018-14523 bsc#1102364 +Patch3: 0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch +Patch4: 0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch +# PATCH-FIX-UPSTREAM CVE-2018-14522 bsc#1102359 +Patch5: 0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch +Patch6: 0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch Url: http://aubio.org BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libpkgname} = %{version}-%{release} @@ -87,6 +95,10 @@ %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 sed -e "s,/lib,/%_lib," src/wscript_build > src/wscript_build.new diff -u src/wscript_build src/wscript_build.new || : mv src/wscript_build.new src/wscript_build ++++++ 0001-src-notes-notes.c-bail-out-if-pitch-creation-failed-.patch ++++++ >From 25f280f347868fc0f4ecdcb0b45d5a9400f8f772 Mon Sep 17 00:00:00 2001 From: Paul Brossier <p...@piem.org> Date: Mon, 6 Aug 2018 14:03:48 +0200 Subject: [PATCH] src/notes/notes.c: bail out if pitch creation failed (see #188) --- src/notes/notes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/notes/notes.c b/src/notes/notes.c index f6b7d5673cff..343e5a00bc2f 100644 --- a/src/notes/notes.c +++ b/src/notes/notes.c @@ -83,6 +83,7 @@ aubio_notes_t * new_aubio_notes (const char_t * method, o->onset_output = new_fvec (1); o->pitch = new_aubio_pitch (pitch_method, o->pitch_buf_size, o->hop_size, o->samplerate); + if (o->pitch == NULL) goto fail; if (o->pitch_tolerance != 0.) aubio_pitch_set_tolerance (o->pitch, o->pitch_tolerance); aubio_pitch_set_unit (o->pitch, "midi"); o->pitch_output = new_fvec (1); -- 2.18.0 ++++++ 0001-src-pitch-pitchyinfft.c-fix-out-of-bound-read-when-s.patch ++++++ >From af4f9e6a93b629fb6defa2a229ec828885b9d187 Mon Sep 17 00:00:00 2001 From: Paul Brossier <p...@piem.org> Date: Mon, 6 Aug 2018 13:41:52 +0200 Subject: [PATCH] src/pitch/pitchyinfft.c: fix out of bound read when samplerate > 50kHz (closes: #189) --- src/pitch/pitchyinfft.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c index f213ef2406cf..493ca08d40e0 100644 --- a/src/pitch/pitchyinfft.c +++ b/src/pitch/pitchyinfft.c @@ -44,7 +44,7 @@ static const smpl_t freqs[] = { 0., 20., 25., 31.5, 40., 50., 63., 80., 100., 125., 160., 200., 250., 315., 400., 500., 630., 800., 1000., 1250., 1600., 2000., 2500., 3150., 4000., 5000., 6300., 8000., 9000., 10000., - 12500., 15000., 20000., 25100 + 12500., 15000., 20000., 25100., -1. }; static const smpl_t weight[] = { @@ -72,7 +72,8 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize) p->weight = new_fvec (bufsize / 2 + 1); for (i = 0; i < p->weight->length; i++) { freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate; - while (freq > freqs[j]) { + while (freq > freqs[j] && freqs[j] > 0) { + AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, i, j); j += 1; } a0 = weight[j - 1]; -- 2.18.0 ++++++ 0002-src-io-source_wavread.c-also-exit-if-samplerate-is-n.patch ++++++ >From 99c7aa2e3efec988a5f81018b48d9388ff24bba1 Mon Sep 17 00:00:00 2001 From: Paul Brossier <p...@piem.org> Date: Mon, 6 Aug 2018 14:04:48 +0200 Subject: [PATCH] src/io/source_wavread.c: also exit if samplerate is negative (closes #188) --- src/io/source_wavread.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c index b91eb5cd0f07..90638af88eae 100644 --- a/src/io/source_wavread.c +++ b/src/io/source_wavread.c @@ -195,8 +195,8 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa goto beach; } - if ( sr == 0 ) { - AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path); + if ( (sint_t)sr <= 0 ) { + AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be <= 0)\n", s->path); goto beach; } -- 2.18.0 ++++++ 0002-src-pitch-pitchyinfft.c-comment-out-debug-output.patch ++++++ >From 802e8abf5ce7152952bcf8c767b7a5433177c421 Mon Sep 17 00:00:00 2001 From: Paul Brossier <p...@piem.org> Date: Mon, 6 Aug 2018 16:09:48 +0200 Subject: [PATCH] src/pitch/pitchyinfft.c: comment out debug output --- src/pitch/pitchyinfft.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c index 493ca08d40e0..b613f60e45be 100644 --- a/src/pitch/pitchyinfft.c +++ b/src/pitch/pitchyinfft.c @@ -73,7 +73,9 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize) for (i = 0; i < p->weight->length; i++) { freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate; while (freq > freqs[j] && freqs[j] > 0) { - AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, i, j); + //AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t" + // "(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], + // samplerate, p->weight->length, bufsize, i, j); j += 1; } a0 = weight[j - 1]; -- 2.18.0 ++++++ aubio-resampler-NULL-deref-fix.patch ++++++ --- /var/tmp/diff_new_pack.AfyOap/_old 2018-08-08 14:54:12.849620766 +0200 +++ /var/tmp/diff_new_pack.AfyOap/_new 2018-08-08 14:54:12.849620766 +0200 @@ -1,30 +1,26 @@ -From: Takashi Iwai <ti...@suse.de> -Subject: Fix a NULl dereference in aubio_source_avcodec_readframe() -References: bsc#1072317 CVE-2017-17554 - -Signed-off-by: Takashi Iwai <ti...@suse.de> +From a81b12a3b4174953b3bc7ef4c37103f4d5636740 Mon Sep 17 00:00:00 2001 +From: Paul Brossier <p...@piem.org> +Date: Mon, 6 Aug 2018 14:58:27 +0200 +Subject: [PATCH] src/io/source_avcodec.c: give up if resampling context failed + opening (see #137, closes #187) --- - src/io/source_avcodec.c | 4 ++++ - 1 file changed, 4 insertions(+) + src/io/source_avcodec.c | 2 ++ + 1 file changed, 2 insertions(+) +diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c +index 8197445c0165..6d8efa79f685 100644 --- a/src/io/source_avcodec.c +++ b/src/io/source_avcodec.c -@@ -420,6 +420,8 @@ void aubio_source_avcodec_readframe(aubi - } +@@ -275,6 +275,8 @@ aubio_source_avcodec_t * new_aubio_source_avcodec(const char_t * path, uint_t sa + // default to mono output + aubio_source_avcodec_reset_resampler(s, 0); + ++ if (s->avr == NULL) goto beach; ++ + s->eof = 0; + s->multi = 0; - #ifdef HAVE_AVRESAMPLE -+ if (!avr) -+ goto beach; - in_linesize = 0; - av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels, - avFrame->nb_samples, avCodecCtx->sample_fmt, 1); -@@ -430,6 +432,8 @@ void aubio_source_avcodec_readframe(aubi - (uint8_t **)&output, out_linesize, max_out_samples, - (uint8_t **)avFrame->data, in_linesize, in_samples); - #elif defined(HAVE_SWRESAMPLE) -+ if (!avr) -+ goto beach; - in_samples = avFrame->nb_samples; - max_out_samples = AUBIO_AVCODEC_MAX_BUFFER_SIZE / avCodecCtx->channels; - out_samples = swr_convert( avr, +-- +2.18.0 + ++++++ aubio-wavread-input-validation.patch ++++++ --- /var/tmp/diff_new_pack.AfyOap/_old 2018-08-08 14:54:12.865620792 +0200 +++ /var/tmp/diff_new_pack.AfyOap/_new 2018-08-08 14:54:12.865620792 +0200 @@ -5,12 +5,14 @@ #158) --- - src/io/source_wavread.c | 20 ++++++++++++++++++++ + src/io/source_wavread.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) +diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c +index 640201bbbb19..b91eb5cd0f07 100644 --- a/src/io/source_wavread.c +++ b/src/io/source_wavread.c -@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_sourc +@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa // BitsPerSample bytes_read += fread(buf, 1, 2, s->fid); bitspersample = read_little_endian(buf, 2); @@ -37,3 +39,6 @@ #if 0 if ( bitspersample != 16 ) { AUBIO_ERR("source_wavread: can not process %dbit file %s\n", +-- +2.18.0 +
