Bug#779083: wheezy-pu: package lame/3.99.5+repack1-3

[Fabian Greffrath]

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

Hi there,

please grant permission to upload an updated package for lame in
wheezy. The package will contain three patches that have been created
to cope with a couple of crashes that were detected by feeding fuzzed
wav file samples into the library. At least two of them appear to be
security-relevant, to say the least, and the third one fixes a nasty
crash in the frontend.

All three patches have been forwarded upstream by private mail to one
of the upstream developers. Please find a debdiff between the original
and the updated package attached.

Cheers,

Fabian

PS: I have set the distribution to wheezy-p-u. Is this correct or
should I rather set it to stable, or wheezy?


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru lame-3.99.5+repack1/debian/changelog lame-3.99.5+repack1/debian/changelog
--- lame-3.99.5+repack1/debian/changelog	2012-03-17 18:41:48.0 +0100
+++ lame-3.99.5+repack1/debian/changelog	2015-02-24 09:50:06.0 +0100
@@ -1,3 +1,18 @@
+lame (3.99.5+repack1-3wheezy1) stable-proposed-updates; urgency=medium
+
+  * Add check for invalid input sample rate, thanks Maks Naumov
+(Closes: #775959, #777160, #777161). Thanks Jakub Wilk and
+Brian Carpenter for the bug reports and test cases.
+  * Extend Maks Naumov's patch to also include a sanity check for
+a valid amount of input channels (Closes: #778703).
+  * Avoid malformed wav causing floating point exception in the
+frontend (Closes: #777159).
+  * Fix decision if sample rate ratio is an integer value or not
+(Closes: #778529). Thanks to Henri Salo for the bug reports
+and the fuzzed samples!
+
+ -- Fabian Greffrath   Tue, 24 Feb 2015 09:46:48 +0100
+
 lame (3.99.5+repack1-3) unstable; urgency=low
 
   * Handle case on setting CFLAGS for systems where dpkg-dev (<< 1.15.7)
diff -Nru lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch
--- lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch	1970-01-01 01:00:00.0 +0100
+++ lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch	2015-02-24 09:38:55.0 +0100
@@ -0,0 +1,25 @@
+From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
+From: Maks Naumov 
+Date: Thu, 22 Jan 2015 16:20:40 +0200
+Subject: [PATCH] Add check for invalid input sample rate
+
+Signed-off-by: Maks Naumov 
+---
+ libmp3lame/lame.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+--- a/libmp3lame/lame.c
 b/libmp3lame/lame.c
+@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp
+ }
+ #endif
+ 
++if (gfp->samplerate_in < 0 || gfp->num_channels < 0) {
++freegfc(gfc);
++gfp->internal_flags = NULL;
++return -1;
++}
++
+ cfg->disable_reservoir = gfp->disable_reservoir;
+ cfg->lowpassfreq = gfp->lowpassfreq;
+ cfg->highpassfreq = gfp->highpassfreq;
diff -Nru lame-3.99.5+repack1/debian/patches/bits_per_sample.patch lame-3.99.5+repack1/debian/patches/bits_per_sample.patch
--- lame-3.99.5+repack1/debian/patches/bits_per_sample.patch	1970-01-01 01:00:00.0 +0100
+++ lame-3.99.5+repack1/debian/patches/bits_per_sample.patch	2015-02-24 09:39:00.0 +0100
@@ -0,0 +1,17 @@
+Description: Avoid malformed wav causing floating point exception (integer divide by zero) 
+Author: Fabian Greffrath 
+Bug-Debian: https://bugs.debian.org/777159
+
+--- a/frontend/get_audio.c
 b/frontend/get_audio.c
+@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf
+ else {
+ (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate);
+ }
++/* avoid division by zero */
++if (bits_per_sample < 1)
++return -1;
++
+ global. pcmbitwidth = bits_per_sample;
+ global. pcm_is_unsigned_8bit = 1;
+ global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0);
diff -Nru lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch
--- lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch	1970-01-01 01:00:00.0 +0100
+++ lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch	2015-02-24 09:39:05.0 +0100
@@ -0,0 +1,29 @@
+Subject: Fix decision if sample rate ratio is an integer value or not
+ If the sample rate of the input file is sufficiently close to an
+ integer multiple of the output sample rate, the value of the int

Bug#779083: wheezy-pu: package lame/3.99.5+repack1-3

[Adam D. Barratt]

Control: tags -1 + confirmed

On 2015-02-24 10:59, Fabian Greffrath wrote:

please grant permission to upload an updated package for lame in
wheezy. The package will contain three patches that have been created
to cope with a couple of crashes that were detected by feeding fuzzed
wav file samples into the library. At least two of them appear to be
security-relevant, to say the least, and the third one fixes a nasty
crash in the frontend.

[...]

PS: I have set the distribution to wheezy-p-u. Is this correct or
should I rather set it to stable, or wheezy?


Please use 3.99.5+repack1-3+deb7u1 as the version number and feel free 
to upload. The current distribution of "stable-proposed-updates" will 
work, but "wheezy" is more self-documenting.


Regards,

Adam


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/abd09eeb243e9f17cdd03a8593dfb...@mail.adsl.funky-badger.org

Bug#779083: wheezy-pu: package lame/3.99.5+repack1-3

[Fabian Greffrath]

Am Dienstag, den 24.02.2015, 13:17 + schrieb Adam D. Barratt: 
> Please use 3.99.5+repack1-3+deb7u1 as the version number and feel free 
> to upload. The current distribution of "stable-proposed-updates" will 
> work, but "wheezy" is more self-documenting.

Done, thank you!

- Fabian


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1424792076.7599.0.ca...@greffrath.com

Bug#779083: wheezy-pu: package lame/3.99.5+repack1-3

[Adam D. Barratt]

Control: tags -1 + pending

On Tue, 2015-02-24 at 16:34 +0100, Fabian Greffrath wrote:
> Am Dienstag, den 24.02.2015, 13:17 + schrieb Adam D. Barratt: 
> > Please use 3.99.5+repack1-3+deb7u1 as the version number and feel free 
> > to upload. The current distribution of "stable-proposed-updates" will 
> > work, but "wheezy" is more self-documenting.
> 
> Done, thank you!

Flagged for acceptance, thanks.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1425145845.19763.6.ca...@adam-barratt.org.uk

Processed: Re: Bug#779083: wheezy-pu: package lame/3.99.5+repack1-3

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #779083 [release.debian.org] wheezy-pu: package lame/3.99.5+repack1-3
Added tag(s) confirmed.

-- 
779083: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779083
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b779083.142478384032040.transcr...@bugs.debian.org

Processed: Re: Bug#779083: wheezy-pu: package lame/3.99.5+repack1-3

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #779083 [release.debian.org] wheezy-pu: package lame/3.99.5+repack1-3
Added tag(s) pending.

-- 
779083: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779083
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b779083.142514585312434.transcr...@bugs.debian.org