mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

lame: 3.99.5 -> 3.100

Browse Source 
Release notes:
http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/history.html?revision=1.154

Dropped patches that are included in the release:
 - lame-3.99.5_fix_for_automake-1.12.x.patch
 - CVE-2017-13712.patch

The CACHED_CONFIGUREVARS thing to disable SSE code on x86 isn't needed
anymore. The build system now correctly detects when SSE isn't
available.

Note for stable branch maintainers: This release includes several fixes
for bugs that have a CVE number associated with them. The bugs (or at
least most of them) are crashes that seem to be considered "remote DoS"
vulnerabilities, probably because it's easy to imagine lame being used
with untrusted audio files from remote sources. If you want to backport
"all sercurity fixes" to the stable brances, that task seems pretty
difficult. The release notes explicitly mention three CVE numbers, but
there are more: for example, OE had a fix for CVE-2017-13712, which is
not mentioned in the release notes but is fixed in the release. The
commit log doesn't keep any track of CVE numbers either. Maybe it would
be best to just upgrade lame to 3.100 also in the stable branches.

(From OE-Core rev: 930f8873e0e180da7242f65bfd5c60f9d6c19424)

Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Tanu Kaskinen
2017-11-27 18:39:30 +02:00
committed by Richard Purdie
parent 7e1ee95d1a
commit e310fbff97
3 changed files with 2 additions and 375 deletions
Download Patch File Download Diff File Expand all files Collapse all files

309
meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch
View File

@@ -1,309 +0,0 @@
Upstream-Status: Backport [http://lame.cvs.sourceforge.net/viewvc/lame/lame/libmp3lame/id3tag.c?r1=1.79&r2=1.80]
Backport patch to fix CVE-2017-13712 for lame.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
--- a/libmp3lame/id3tag.c 2017/08/22 19:44:05 1.79
+++ b/libmp3lame/id3tag.c 2017/08/28 15:39:51 1.80
@@ -194,7 +194,11 @@
}
#endif
-
+static int
+is_lame_internal_flags_null(lame_t gfp)
+{
+ return (gfp && gfp->internal_flags) ? 0 : 1;
+}
static int
id3v2_add_ucs2_lng(lame_t gfp, uint32_t frame_id, unsigned short const *desc, unsigned short const *text);
@@ -238,8 +242,7 @@
static void
id3v2AddAudioDuration(lame_t gfp, double ms)
{
- lame_internal_flags *gfc = gfp != 0 ? gfp->internal_flags : 0;
- SessionConfig_t const *const cfg = &gfc->cfg;
+ SessionConfig_t const *const cfg = &gfp->internal_flags->cfg; /* caller checked pointers */
char buffer[1024];
double const max_ulong = MAX_U_32_NUM;
unsigned long playlength_ms;
@@ -280,7 +283,12 @@
void
id3tag_init(lame_t gfp)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return;
+ }
+ gfc = gfp->internal_flags;
free_id3tag(gfc);
memset(&gfc->tag_spec, 0, sizeof gfc->tag_spec);
gfc->tag_spec.genre_id3v1 = GENRE_NUM_UNKNOWN;
@@ -293,7 +301,12 @@
void
id3tag_add_v2(lame_t gfp)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return;
+ }
+ gfc = gfp->internal_flags;
gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
gfc->tag_spec.flags |= ADD_V2_FLAG;
}
@@ -301,7 +314,12 @@
void
id3tag_v1_only(lame_t gfp)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return;
+ }
+ gfc = gfp->internal_flags;
gfc->tag_spec.flags &= ~(ADD_V2_FLAG | V2_ONLY_FLAG);
gfc->tag_spec.flags |= V1_ONLY_FLAG;
}
@@ -309,7 +327,12 @@
void
id3tag_v2_only(lame_t gfp)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return;
+ }
+ gfc = gfp->internal_flags;
gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
gfc->tag_spec.flags |= V2_ONLY_FLAG;
}
@@ -317,7 +340,12 @@
void
id3tag_space_v1(lame_t gfp)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return;
+ }
+ gfc = gfp->internal_flags;
gfc->tag_spec.flags &= ~V2_ONLY_FLAG;
gfc->tag_spec.flags |= SPACE_V1_FLAG;
}
@@ -331,7 +359,12 @@
void
id3tag_set_pad(lame_t gfp, size_t n)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return;
+ }
+ gfc = gfp->internal_flags;
gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
gfc->tag_spec.flags |= PAD_V2_FLAG;
gfc->tag_spec.flags |= ADD_V2_FLAG;
@@ -583,22 +616,29 @@
int
id3tag_set_albumart(lame_t gfp, const char *image, size_t size)
{
- int mimetype = 0;
- unsigned char const *data = (unsigned char const *) image;
- lame_internal_flags *gfc = gfp->internal_flags;
-
- /* determine MIME type from the actual image data */
- if (2 < size && data[0] == 0xFF && data[1] == 0xD8) {
- mimetype = MIMETYPE_JPEG;
- }
- else if (4 < size && data[0] == 0x89 && strncmp((const char *) &data[1], "PNG", 3) == 0) {
- mimetype = MIMETYPE_PNG;
- }
- else if (4 < size && strncmp((const char *) data, "GIF8", 4) == 0) {
- mimetype = MIMETYPE_GIF;
+ int mimetype = MIMETYPE_NONE;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
}
- else {
- return -1;
+ gfc = gfp->internal_flags;
+
+ if (image != 0) {
+ unsigned char const *data = (unsigned char const *) image;
+ /* determine MIME type from the actual image data */
+ if (2 < size && data[0] == 0xFF && data[1] == 0xD8) {
+ mimetype = MIMETYPE_JPEG;
+ }
+ else if (4 < size && data[0] == 0x89 && strncmp((const char *) &data[1], "PNG", 3) == 0) {
+ mimetype = MIMETYPE_PNG;
+ }
+ else if (4 < size && strncmp((const char *) data, "GIF8", 4) == 0) {
+ mimetype = MIMETYPE_GIF;
+ }
+ else {
+ return -1;
+ }
}
if (gfc->tag_spec.albumart != 0) {
free(gfc->tag_spec.albumart);
@@ -606,7 +646,7 @@
gfc->tag_spec.albumart_size = 0;
gfc->tag_spec.albumart_mimetype = MIMETYPE_NONE;
}
- if (size < 1) {
+ if (size < 1 || mimetype == MIMETYPE_NONE) {
return 0;
}
gfc->tag_spec.albumart = lame_calloc(unsigned char, size);
@@ -959,6 +999,9 @@
if (frame_id == 0) {
return -1;
}
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
if (text == 0) {
return 0;
}
@@ -1008,6 +1051,9 @@
if (frame_id == 0) {
return -1;
}
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
if (text == 0) {
return 0;
}
@@ -1037,6 +1083,9 @@
int
id3tag_set_comment_latin1(lame_t gfp, char const *lang, char const *desc, char const *text)
{
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
return id3v2_add_latin1(gfp, ID_COMMENT, lang, desc, text);
}
@@ -1044,6 +1093,9 @@
int
id3tag_set_comment_utf16(lame_t gfp, char const *lang, unsigned short const *desc, unsigned short const *text)
{
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
return id3v2_add_ucs2(gfp, ID_COMMENT, lang, desc, text);
}
@@ -1054,6 +1106,9 @@
int
id3tag_set_comment_ucs2(lame_t gfp, char const *lang, unsigned short const *desc, unsigned short const *text)
{
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
return id3tag_set_comment_utf16(gfp, lang, desc, text);
}
@@ -1244,9 +1299,9 @@
int
id3tag_set_genre(lame_t gfp, const char *genre)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = gfp != 0 ? gfp->internal_flags : 0;
int ret = 0;
- if (genre && *genre) {
+ if (gfc && genre && *genre) {
int const num = lookupGenre(genre);
if (num == -1) return num;
gfc->tag_spec.flags |= CHANGED_FLAG;
@@ -1539,6 +1594,9 @@
int
id3tag_set_fieldvalue(lame_t gfp, const char *fieldvalue)
{
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
if (fieldvalue && *fieldvalue) {
if (strlen(fieldvalue) < 5 || fieldvalue[4] != '=') {
return -1;
@@ -1551,6 +1609,9 @@
int
id3tag_set_fieldvalue_utf16(lame_t gfp, const unsigned short *fieldvalue)
{
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
if (fieldvalue && *fieldvalue) {
size_t dx = hasUcs2ByteOrderMarker(fieldvalue[0]);
unsigned short const separator = fromLatin1Char(fieldvalue, '=');
@@ -1581,20 +1642,21 @@
int
id3tag_set_fieldvalue_ucs2(lame_t gfp, const unsigned short *fieldvalue)
{
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
return id3tag_set_fieldvalue_utf16(gfp, fieldvalue);
}
size_t
lame_get_id3v2_tag(lame_t gfp, unsigned char *buffer, size_t size)
{
- lame_internal_flags *gfc;
- if (gfp == 0) {
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
return 0;
}
gfc = gfp->internal_flags;
- if (gfc == 0) {
- return 0;
- }
if (test_tag_spec_flags(gfc, V1_ONLY_FLAG)) {
return 0;
}
@@ -1736,7 +1798,12 @@
int
id3tag_write_v2(lame_t gfp)
{
- lame_internal_flags *gfc = gfp->internal_flags;
+ lame_internal_flags *gfc = 0;
+
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
+ gfc = gfp->internal_flags;
#if 0
debug_tag_spec_flags(gfc, "write v2");
#endif
@@ -1837,10 +1904,15 @@
int
id3tag_write_v1(lame_t gfp)
{
- lame_internal_flags *const gfc = gfp->internal_flags;
+ lame_internal_flags* gfc = 0;
size_t i, n, m;
unsigned char tag[128];
+ if (is_lame_internal_flags_null(gfp)) {
+ return 0;
+ }
+ gfc = gfp->internal_flags;
+
m = sizeof(tag);
n = lame_get_id3v1_tag(gfp, tag, m);
if (n > m) {

59
meta/recipes-multimedia/lame/lame/lame-3.99.5_fix_for_automake-1.12.x.patch
View File

@@ -1,59 +0,0 @@
Upstream-Status: Pending
Fix this kind of errors with automake 1.12.x:
| doc/man/Makefile.am:3: error: automatic de-ANSI-fication support has been removed
| autoreconf: automake failed with exit status: 1
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
2012/07/13
Index: lame-3.99.5/configure.in
===================================================================
--- lame-3.99.5.orig/configure.in
+++ lame-3.99.5/configure.in
@@ -77,9 +77,6 @@ if test "${GCC}" = "yes"; then
AC_MSG_RESULT(${GCC_version})
fi
-dnl more automake stuff
-AM_C_PROTOTYPES
-
AC_CHECK_HEADER(dmalloc.h)
if test "${ac_cv_header_dmalloc_h}" = "yes"; then
AM_WITH_DMALLOC
Index: lame-3.99.5/doc/html/Makefile.am
===================================================================
--- lame-3.99.5.orig/doc/html/Makefile.am
+++ lame-3.99.5/doc/html/Makefile.am
@@ -1,6 +1,6 @@
## $Id: Makefile.am,v 1.7 2010/09/30 20:58:40 jaz001 Exp $
-AUTOMAKE_OPTIONS = foreign ansi2knr
+AUTOMAKE_OPTIONS = foreign
docdir = $(datadir)/doc
pkgdocdir = $(docdir)/$(PACKAGE)
Index: lame-3.99.5/libmp3lame/i386/Makefile.am
===================================================================
--- lame-3.99.5.orig/libmp3lame/i386/Makefile.am
+++ lame-3.99.5/libmp3lame/i386/Makefile.am
@@ -1,6 +1,6 @@
## $Id: Makefile.am,v 1.26 2011/04/04 09:42:34 aleidinger Exp $
-AUTOMAKE_OPTIONS = foreign $(top_srcdir)/ansi2knr
+AUTOMAKE_OPTIONS = foreign
DEFS = @DEFS@ @CONFIG_DEFS@
Index: lame-3.99.5/doc/man/Makefile.am
===================================================================
--- lame-3.99.5.orig/doc/man/Makefile.am
+++ lame-3.99.5/doc/man/Makefile.am
@@ -1,6 +1,6 @@
## $Id: Makefile.am,v 1.1 2000/10/22 11:39:44 aleidinger Exp $
-AUTOMAKE_OPTIONS = foreign ansi2knr
+AUTOMAKE_OPTIONS = foreign
man_MANS = lame.1
EXTRA_DIST = ${man_MANS}

9
meta/recipes-multimedia/lame/lame_3.99.5.bb → meta/recipes-multimedia/lame/lame_3.100.bb
View File

@@ -10,16 +10,13 @@ DEPENDS = "ncurses gettext-native"
LIC_FILES_CHKSUM = "file://COPYING;md5=c46bda00ffbb0ba1dac22f8d087f54d9 \
file://include/lame.h;beginline=1;endline=20;md5=a2258182c593c398d15a48262130a92b \
"
PR = "r1"
SRC_URI = "${SOURCEFORGE_MIRROR}/lame/lame-${PV}.tar.gz \
file://no-gtk1.patch \
file://lame-3.99.5_fix_for_automake-1.12.x.patch \
file://CVE-2017-13712.patch \
"
SRC_URI[md5sum] = "84835b313d4a8b68f5349816d33e07ce"
SRC_URI[sha256sum] = "24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff"
SRC_URI[md5sum] = "83e260acbe4389b54fe08e0bdbf7cddb"
SRC_URI[sha256sum] = "ddfe36cab873794038ae2c1210557ad34857a4b6bdc515785d1da9e175b1da1e"
inherit autotools pkgconfig
@@ -28,5 +25,3 @@ FILES_${PN} = "${bindir}/lame"
FILES_libmp3lame = "${libdir}/libmp3lame.so.*"
FILES_libmp3lame-dev = "${includedir} ${libdir}/*"
FILES_${PN}-dev = ""
CACHED_CONFIGUREVARS_append_x86 = " ac_cv_header_emmintrin_h=no ac_cv_header_xmmintrin_h=no"