Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
Ivo De Decker wrote: Unblocked. Thanks! :-) Martin -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5485f1d1.2070...@steghoefer.eu
Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
tags 772137 - moreinfo thanks Ivo De Decker wrote: If the package is uploaded before Monday Dec 8th, it can still be unblocked. Otherwise, it's too late for jessie. Remove the moreinfo tag once it's in unstable. Thank you for your efforts! The package just got uploaded and will shortly appear in unstable. Cheers, Martin -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5484defa.9090...@steghoefer.eu
Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
Ivo De Decker wrote: This package is not in unstable, so it can't be unblocked. Thanks for the reply! The changes are in our git repository, but I don't have upload permissions and the only member of our team who does hasn't gotten around to uploading it yet. So I tried to get the changes approved before the 5th December deadline. Can it be preapproved? Cheers, Martin -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5483384a.4010...@steghoefer.eu
Bug#772137: unblock: vorbis-tools/1.4.0-6 (fixing crash and faulty parameter parsing)
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package vorbis-tools. The version 1.4.0-6, about to be uploaded to unstable, fixes the following two bugs, both having severity important: * #771363 is about a crash on closing input files of type raw. Although the crash happened only after correctly encoding the file, it can severely affect the tool's usability regarding encoding of multiple files. The bug was fixed by backporting a commit from the upstream SVN repository. * #763338 is about faulty processing of input parameters in the script vorbistagedit, which makes it impossible to use the script with filenames containing spaces. The changlog entry for 1.4.0-6: [ Martin Steghöfer ] * Fix oggenc crash on closing raw input files by backporting r19117 from upstream (Closes: #771363) * Fix vorbistagedit: Correctly process input files containing spaces (Closes: #763338) Please find attached a debdiff between the version in testing (1.4.0-5) and the version about to be uploaded (1.4.0-6). Thanks! Martin unblock vorbis-tools/1.4.0-6 -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru vorbis-tools-1.4.0/debian/changelog vorbis-tools-1.4.0/debian/changelog --- vorbis-tools-1.4.0/debian/changelog 2014-11-11 21:49:04.0 +0100 +++ vorbis-tools-1.4.0/debian/changelog 2014-12-05 13:16:04.0 +0100 @@ -1,3 +1,13 @@ +vorbis-tools (1.4.0-6) UNRELEASED; urgency=medium + + [ Martin Steghöfer ] + * Fix oggenc crash on closing raw input files by backporting r19117 from upstream +(Closes: #771363) + * Fix vorbistagedit: Correctly process input files containing spaces +(Closes: #763338) + + -- Martin Steghöfer mar...@steghoefer.eu Fri, 05 Dec 2014 13:14:24 +0100 + vorbis-tools (1.4.0-5) unstable; urgency=low [ Martin Steghöfer ] diff -Nru vorbis-tools-1.4.0/debian/extra/vorbistagedit vorbis-tools-1.4.0/debian/extra/vorbistagedit --- vorbis-tools-1.4.0/debian/extra/vorbistagedit 2014-11-11 21:49:04.0 +0100 +++ vorbis-tools-1.4.0/debian/extra/vorbistagedit 2014-12-05 13:16:04.0 +0100 @@ -32,7 +32,13 @@ exit 1 fi -for opt in $(getopt -n $ME -l version,help -o Vh? -- $@); do +# process and reorder arguments using getopt +eval set -- $(getopt -s sh -n $ME -l version,help -o Vh? -- $@) + +# process the options (not the filenames yet) and remove them from the argument array +while [ $# -gt 0 ] +do + opt=$1 case $opt in --version|-V) versioninfo @@ -40,13 +46,23 @@ --help|-h|-\?) usage exit 0;; ---) :;; --*) +--) + # found --, which separates options and filenames in getopt output; + # so we are done parsing the options + + # remove the -- + shift + + # now there are only filenames in the argument array = stop processing + break;; +*) echo E: $ME: invalid argument: $opt 2 usage exit 1;; -*) :;; esac + + # remove the processed option from the argument array + shift done if ! command -v vorbiscomment /dev/null; then diff -Nru vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch --- vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch 1970-01-01 01:00:00.0 +0100 +++ vorbis-tools-1.4.0/debian/patches/0009-Fix-oggenc-crash-on-closing-raw-input-files.patch 2014-12-05 13:16:04.0 +0100 @@ -0,0 +1,37 @@ +From: =?utf-8?q?Martin_Stegh=C3=B6fer?= mar...@steghoefer.eu +Date: Sat, 29 Nov 2014 10:57:11 +0100 +Subject: Fix oggenc crash on closing raw input files + +Origin: backport, https://trac.xiph.org/changeset/19117/trunk/vorbis-tools/oggenc +Author: Gregory Maxwell g...@xiph.org +Bug-Debian: https://bugs.debian.org/771363 + +Fixes a crash of oggenc on closing of any raw input file. The problem was +a function call using a function pointer that had become invalid when +a variable that was still referenced by a pointer ran out of scope. +--- + oggenc/oggenc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c +index 5c36fea..7ad9303 100644 +--- a/oggenc/oggenc.c b/oggenc/oggenc.c +@@ -97,6 +97,8 @@ int main(int argc, char **argv) + .3,-1, + 0,0,0.f, + 0, 0, 0, 0, 0}; ++input_format raw_format = {NULL, 0, raw_open, wav_close, raw, ++ N_(RAW file reader)}; + + int i; + +@@ -239,8 +241,6 @@ int main(int argc, char **argv) + + if(opt.rawmode) + { +-input_format
Bug#769479: unblock: libvorbis/1.3.4-2 (fix invalid memory access)
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package libvorbis. The version 1.3.4-2, currently in unstable, fixes bug #716613, which is about an access to invalid memory by the encoding library of libvorbis. The bug has the potential to crash applications that use libvorbis with a segfault, if the application doesn't have additional sanity checks in place that go beyond checking libvorbis' return values. The changlog entry for 1.3.4-2: [ Martin Steghöfer ] * Add sampling rate sanity check to avoid invalid memory access. (Closes: #716613 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716613) Please find attached a debdiff between the version in testing (1.3.4-1) and the version to unblock (1.3.4-2). Thanks! Martin unblock libvorbis/1.3.4-2 -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru libvorbis-1.3.4/debian/changelog libvorbis-1.3.4/debian/changelog --- libvorbis-1.3.4/debian/changelog2014-10-24 20:15:54.0 +0200 +++ libvorbis-1.3.4/debian/changelog2014-11-04 12:09:32.0 +0100 @@ -1,3 +1,11 @@ +libvorbis (1.3.4-2) unstable; urgency=low + + [ Martin Steghöfer ] + * Add sampling rate sanity check to avoid invalid memory access. +(Closes: #716613) + + -- Petter Reinholdtsen p...@debian.org Mon, 03 Nov 2014 09:08:25 +0100 + libvorbis (1.3.4-1) unstable; urgency=medium [ Martin Steghöfer ] diff -Nru libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch --- libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch 1970-01-01 01:00:00.0 +0100 +++ libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch 2014-11-04 12:09:32.0 +0100 @@ -0,0 +1,38 @@ +From: =?utf-8?q?Martin_Stegh=C3=B6fer?= mar...@steghoefer.eu +Date: Mon, 27 Oct 2014 22:06:15 +0100 +Subject: Add sampling rate sanity check to avoid invalid memory access. + +Bug-Debian: https://bugs.debian.org/716613 + +Input files with sampling rate 0 are useless and can make +libvorbis access invalid memory because the logic in +_vp_psy_init (and probably other functions) isn't prepared for +it. A sanity check lets the library refuse those inputs +gracefully in the initialization functions before they can +do harm. +--- + lib/vorbisenc.c | 4 + 1 file changed, 4 insertions(+) + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index f0f7c08..afd1bff 100644 +--- a/lib/vorbisenc.c b/lib/vorbisenc.c +@@ -903,6 +903,8 @@ int vorbis_encode_setup_vbr(vorbis_info *vi, + long channels, + long rate, + float quality){ ++ if(rate = 0) return OV_EINVAL; ++ + codec_setup_info *ci=vi-codec_setup; + highlevel_encode_setup *hi=ci-hi; + +@@ -948,6 +950,8 @@ int vorbis_encode_setup_managed(vorbis_info *vi, + long nominal_bitrate, + long min_bitrate){ + ++ if(rate = 0) return OV_EINVAL; ++ + codec_setup_info *ci=vi-codec_setup; + highlevel_encode_setup *hi=ci-hi; + double tnominal=nominal_bitrate; diff -Nru libvorbis-1.3.4/debian/patches/series libvorbis-1.3.4/debian/patches/series --- libvorbis-1.3.4/debian/patches/series 2014-10-24 20:15:54.0 +0200 +++ libvorbis-1.3.4/debian/patches/series 2014-11-04 12:09:32.0 +0100 @@ -1,3 +1,4 @@ 0001-Fix-build-failure-with-DSO-link-changes.patch 0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch 0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch +0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch