Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
Ivo De Decker wrote: Unblocked. Thanks! :-) Martin -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5485f1d1.2070...@steghoefer.eu
Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
tags 772137 - moreinfo thanks Ivo De Decker wrote: If the package is uploaded before Monday Dec 8th, it can still be unblocked. Otherwise, it's too late for jessie. Remove the moreinfo tag once it's in unstable. Thank you for your efforts! The package just got uploaded and will shortly appear in unstable. Cheers, Martin -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5484defa.9090...@steghoefer.eu
Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
Ivo De Decker wrote: This package is not in unstable, so it can't be unblocked. Thanks for the reply! The changes are in our git repository, but I don't have upload permissions and the only member of our team who does hasn't gotten around to uploading it yet. So I tried to get the changes approved before the 5th December deadline. Can it be preapproved? Cheers, Martin -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5483384a.4010...@steghoefer.eu
Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package vorbis-tools. The version 1.4.0-6, about to be
uploaded to unstable, fixes the following two bugs, both having severity
important:
* #771363 is about a crash on closing input files of type raw.
Although the crash happened only after correctly encoding the file, it
can severely affect the tool's usability regarding encoding of multiple
files. The bug was fixed by backporting a commit from the upstream SVN
repository.
* #763338 is about faulty processing of input parameters in the script
vorbistagedit, which makes it impossible to use the script with
filenames containing spaces.
The changlog entry for 1.4.0-6:
[ Martin Steghöfer ]
* Fix oggenc crash on closing raw input files by backporting r19117
from upstream
(Closes: #771363)
* Fix vorbistagedit: Correctly process input files containing spaces
(Closes: #763338)
Please find attached a debdiff between the version in testing (1.4.0-5)
and the version about to be uploaded (1.4.0-6).
Thanks!
Martin
unblock vorbis-tools/1.4.0-6
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru vorbis-tools-1.4.0/debian/changelog
vorbis-tools-1.4.0/debian/changelog
--- vorbis-tools-1.4.0/debian/changelog 2014-11-11 21:49:04.0 +0100
+++ vorbis-tools-1.4.0/debian/changelog 2014-12-05 13:16:04.0 +0100
@@ -1,3 +1,13 @@
+vorbis-tools (1.4.0-6) UNRELEASED; urgency=medium
+
+ [ Martin Steghöfer ]
+ * Fix oggenc crash on closing raw input files by backporting r19117 from
upstream
+(Closes: #771363)
+ * Fix vorbistagedit: Correctly process input files containing spaces
+(Closes: #763338)
+
+ -- Martin Steghöfer mar...@steghoefer.eu Fri, 05 Dec 2014 13:14:24 +0100
+
vorbis-tools (1.4.0-5) unstable; urgency=low
[ Martin Steghöfer ]
diff -Nru vorbis-tools-1.4.0/debian/extra/vorbistagedit
vorbis-tools-1.4.0/debian/extra/vorbistagedit
--- vorbis-tools-1.4.0/debian/extra/vorbistagedit 2014-11-11
21:49:04.0 +0100
+++ vorbis-tools-1.4.0/debian/extra/vorbistagedit 2014-12-05
13:16:04.0 +0100
@@ -32,7 +32,13 @@
exit 1
fi
-for opt in $(getopt -n $ME -l version,help -o Vh? -- $@); do
+# process and reorder arguments using getopt
+eval set -- $(getopt -s sh -n $ME -l version,help -o Vh? -- $@)
+
+# process the options (not the filenames yet) and remove them from the
argument array
+while [ $# -gt 0 ]
+do
+ opt=$1
case $opt in
--version|-V)
versioninfo
@@ -40,13 +46,23 @@
--help|-h|-\?)
usage
exit 0;;
---) :;;
--*)
+--)
+ # found --, which separates options and filenames in getopt output;
+ # so we are done parsing the options
+
+ # remove the --
+ shift
+
+ # now there are only filenames in the argument array = stop processing
+ break;;
+*)
echo E: $ME: invalid argument: $opt 2
usage
exit 1;;
-*) :;;
esac
+
+ # remove the processed option from the argument array
+ shift
done
if ! command -v vorbiscomment /dev/null; then
diff -Nru
vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch
vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch
---
vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch
1970-01-01 01:00:00.0 +0100
+++
vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch
2014-12-05 13:16:04.0 +0100
@@ -0,0 +1,37 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= mar...@steghoefer.eu
+Date: Sat, 29 Nov 2014 10:57:11 +0100
+Subject: Fix oggenc crash on closing raw input files
+
+Origin: backport,
https://trac.xiph.org/changeset/19117/trunk/vorbis-tools/oggenc
+Author: Gregory Maxwell g...@xiph.org
+Bug-Debian: https://bugs.debian.org/771363
+
+Fixes a crash of oggenc on closing of any raw input file. The problem was
+a function call using a function pointer that had become invalid when
+a variable that was still referenced by a pointer ran out of scope.
+---
+ oggenc/oggenc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c
+index 5c36fea..7ad9303 100644
+--- a/oggenc/oggenc.c
b/oggenc/oggenc.c
+@@ -97,6 +97,8 @@ int main(int argc, char **argv)
+ .3,-1,
+ 0,0,0.f,
+ 0, 0, 0, 0, 0};
++input_format raw_format = {NULL, 0, raw_open, wav_close, raw,
++ N_(RAW file reader)};
+
+ int i;
+
+@@ -239,8 +241,6 @@ int main(int argc, char **argv)
+
+ if(opt.rawmode)
+ {
+-input_format
Bug#769479: unblock: libvorbis/1.3.4-2 (fix invalid memory access)
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package libvorbis. The version 1.3.4-2, currently in
unstable, fixes bug #716613, which is about an access to invalid memory
by the encoding library of libvorbis. The bug has the potential to crash
applications that use libvorbis with a segfault, if the application
doesn't have additional sanity checks in place that go beyond checking
libvorbis' return values.
The changlog entry for 1.3.4-2:
[ Martin Steghöfer ]
* Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716613)
Please find attached a debdiff between the version in testing (1.3.4-1)
and the version to unblock (1.3.4-2).
Thanks!
Martin
unblock libvorbis/1.3.4-2
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru libvorbis-1.3.4/debian/changelog libvorbis-1.3.4/debian/changelog
--- libvorbis-1.3.4/debian/changelog2014-10-24 20:15:54.0 +0200
+++ libvorbis-1.3.4/debian/changelog2014-11-04 12:09:32.0 +0100
@@ -1,3 +1,11 @@
+libvorbis (1.3.4-2) unstable; urgency=low
+
+ [ Martin Steghöfer ]
+ * Add sampling rate sanity check to avoid invalid memory access.
+(Closes: #716613)
+
+ -- Petter Reinholdtsen p...@debian.org Mon, 03 Nov 2014 09:08:25 +0100
+
libvorbis (1.3.4-1) unstable; urgency=medium
[ Martin Steghöfer ]
diff -Nru
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
---
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
1970-01-01 01:00:00.0 +0100
+++
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
2014-11-04 12:09:32.0 +0100
@@ -0,0 +1,38 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= mar...@steghoefer.eu
+Date: Mon, 27 Oct 2014 22:06:15 +0100
+Subject: Add sampling rate sanity check to avoid invalid memory access.
+
+Bug-Debian: https://bugs.debian.org/716613
+
+Input files with sampling rate 0 are useless and can make
+libvorbis access invalid memory because the logic in
+_vp_psy_init (and probably other functions) isn't prepared for
+it. A sanity check lets the library refuse those inputs
+gracefully in the initialization functions before they can
+do harm.
+---
+ lib/vorbisenc.c | 4
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index f0f7c08..afd1bff 100644
+--- a/lib/vorbisenc.c
b/lib/vorbisenc.c
+@@ -903,6 +903,8 @@ int vorbis_encode_setup_vbr(vorbis_info *vi,
+ long channels,
+ long rate,
+ float quality){
++ if(rate = 0) return OV_EINVAL;
++
+ codec_setup_info *ci=vi-codec_setup;
+ highlevel_encode_setup *hi=ci-hi;
+
+@@ -948,6 +950,8 @@ int vorbis_encode_setup_managed(vorbis_info *vi,
+ long nominal_bitrate,
+ long min_bitrate){
+
++ if(rate = 0) return OV_EINVAL;
++
+ codec_setup_info *ci=vi-codec_setup;
+ highlevel_encode_setup *hi=ci-hi;
+ double tnominal=nominal_bitrate;
diff -Nru libvorbis-1.3.4/debian/patches/series
libvorbis-1.3.4/debian/patches/series
--- libvorbis-1.3.4/debian/patches/series 2014-10-24 20:15:54.0
+0200
+++ libvorbis-1.3.4/debian/patches/series 2014-11-04 12:09:32.0
+0100
@@ -1,3 +1,4 @@
0001-Fix-build-failure-with-DSO-link-changes.patch
0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch
0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch
+0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
