I have committed this.
Jan, do you want to stay listed as maintainer?
On 2022/03/29 08:46, Stuart Henderson wrote:
> CC'ing MAINTAINER, any comments?
>
> On 2022/03/28 23:54, Brad Smith wrote:
> > On Thu, Mar 17, 2022 at 01:40:12AM -0400, Brad Smith wrote:
> > > Here is an update to libsndfile 1.1.0beta2, plus two other fixes since the release.
> > >
> > > There are more security related bug fixes that have gone in between 1.0.31 and
> > > 1.1.0. I usually don't push beta releases but their release cycle is super slow
> > > due to lack of man power, but I think an update to this relase is worth it for
> > > the rollup of security fixes.
> > >
> > >
> > > ### Added
> > >
> > > * MPEG Encode/Decode Support.
> > >
> > > Uses libmpg123 for decode, liblame for encode. Encoding and decoding support
> > > is independent of each other and is split into separate files. MPEG support
> > > is generalized as subformats, `SF_FORMAT_MPEG_LAYER`(I,II,III) so that it
> > > might be used by other containers (`MPEG1WAVEFORMAT` for example), but also
> > > contains a major format `SF_FORMAT_MPEG` for 'mp3 files.'
> > >
> > > Encoding Status:
> > > * Layer III encoding
> > > * ID3v1 writing
> > > * ID3v2 writing
> > > * Lame/Xing Tag writing
> > > * Bitrate selection command
> > > * VBR or CBR
> > >
> > > Decoding Status:
> > > * Layers I/II/III decoding
> > > * ID3v1 reading
> > > * ID3v2 reading
> > > * Seeking
> > > * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
> > > * This `CHANGELOG.md`. All notable changes to this project will be documented in
> > > this file. The old `NEWS` file has been renamed to `NEWS.OLD` and is no longer
> > > updated.
> > > * Add support for decoding MPEG III Audio in WAV files.
> > > * `SECURITY.md` file to give people instructions for reporting security
> > > vulnerabilities, thanks @zidingz.
> > > * Support for [Vcpkg manifest mode](https://vcpkg.readthedocs.io/en/latest/users/manifests/).
> > >
> > > If you have problems with manifest mode, disable it with `VCPKG_MANIFEST_MODE`
> > > switch.
> > >
> > > ### Changed
> > >
> > > * `SFC_SET_DITHER_ON_READ` and `SFC_SET_DITHER_ON_WRITE` enums comments in
> > > public header, thanks @SmiVan (issue #677).
> > > * `ENABLE_SNDFILE_WINDOWS_PROTOTYPES` define is deprecated and not needed
> > > anymore.
> > >
> > > Previously, in order for the [`sf_wchar_open`()](http://libsndfile.github.io/libsndfile/api.html#open)
> > > function to become available on the Windows platform, it was required to
> > > perform certain actions:
> > >
> > > ```c
> > > #include <windows.h>
> > > #define ENABLE_SNDFILE_WINDOWS_PROTOTYPES 1
> > > #including <sndfile.h>
> > > ```
> > >
> > > These steps are no longer required and the `sf_wchar_open`() function is
> > > always available on the Windows platform.
> > > * Use UTF-8 as internal path encoding on Windows platform.
> > >
> > > This is an internal change to unify and simplify the handling of file paths.
> > >
> > > On the Windows platform, the file path is always converted to UTF-8 and
> > > converted to UTF-16 only for calls to WinAPI functions.
> > >
> > > The behavior of the functions for opening files on other platforms does not
> > > change.
> > > * Switch to .xz over .bz2 for release tarballs.
> > > * Disable static builds using Autotools by default. If you want static
> > > libraries, pass --enable-static to ./configure
> > >
> > > ### Fixed
> > >
> > > * Typo in `docs/index.md`.
> > > * Typo in `programs/sndfile-convert.c`, thanks @fjl.
> > > * Memory leak in `caf_read_header`(), credit to OSS-Fuzz ([issue 30375](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30375)).
> > > * Stack overflow in `guess_file_type`(), thanks @bobsayshilol, credit to
> > > OSS-Fuzz ([issue 29339](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29339)).
> > > * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
> > > ([issue 26257](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26257)).
> > > * Infinite loop in `svx_read_header`(), thanks @bobsayshilol, credit to OSS-Fuzz
> > > ([issue 25442](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25442)).
> > > * GCC and Clang pedantic warnings, thanks @bobsayshilol.
> > > * Normalisation issue when scaling floating point data to `int` in
> > > `replace_read_f2i`(), thanks @bobsayshilol, (issue #702).
> > > * Missing samples when doing a partial read of Ogg file from index till the end
> > > of file, thanks @arthurt (issue #643).
> > > * sndfile-salvage: Handle files > 4 GB on Windows OS
> > > * Undefined shift in `dyn_get_32bit`(), credit to OSS-Fuzz
> > > ([issue 27366](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27366)).
> > > * Integer overflow in `nms_adpcm_update`(), credit to OSS-Fuzz
> > > ([issue 25522](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25522)).
> > > * Integer overflow in `psf_log_printf`(), credit to OSS-Fuzz
> > > ([issue 28441](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28441)),
> > > ([issue 25624](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25624)).
> > > * ABI version incompatibility between Autotools and CMake build on Apple
> > > platforms.
> > >
> > > Now ABI must be compatible with Autotools builds. Note that this change
> > > requires CMake >= 3.17 for building dylib on Apple platforms.
> > >
> > > * Fix build with Autotools + MinGW toolchain on Windows platform.
> > >
> > > See https://github.com/msys2/MINGW-packages/issues/5803 for details.
> > >
> > > ### Security
> > >
> > > * Heap buffer overflow in `wavlike_ima_decode_block`(), thanks @bobsayshilol,
> > > credit to OSS-Fuzz ([issue 25530](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25530)).
> > > * Heap buffer overflow in `msadpcm_decode_block`(), thanks @bobsayshilol,
> > > credit to OSS-Fuzz ([issue 26803](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803)).
> > > * Heap buffer overflow in `psf_binheader_readf`(), thanks @bobsayshilol,
> > > credit to OSS-Fuzz ([issue 26026](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026)).
> > > * Index out of bounds in `psf_nms_adpcm_decode_block`(), credit to OSS-Fuzz
> > > ([issue 25561](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25561)).
> > > * Heap buffer overflow in `flac_buffer_copy`(), thanks @yuawn, @bobsayshilol.
> > > * Heap buffer overflow in `copyPredictorTo24`(), thanks @bobsayshilol,
> > > credit to OSS-Fuzz ([issue 27503](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27503)).
> > > * Uninitialized variable in `psf_binheader_readf`(), thanks @shao-hua-li,
> > > credit to OSS-Fuzz ([issue 25364](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25364)).
> >
> > And a final release was made a few days after I posted this with one small commit
> > for compiler warnings flag handling.
> >
>
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/audio/libsndfile/Makefile,v
> retrieving revision 1.40
> diff -u -p -u -p -r1.40 Makefile
> --- Makefile 16 Mar 2022 19:21:14 -0000 1.40
> +++ Makefile 29 Mar 2022 03:39:26 -0000
> @@ -1,14 +1,11 @@
> COMMENT= library to handle various audio file formats
>
> -VER= 1.0.31
> -DISTNAME= libsndfile-${VER}
> -CATEGORIES= audio
> GH_ACCOUNT= libsndfile
> GH_PROJECT= libsndfile
> -GH_TAGNAME= ${VER}
> -REVISION= 1
> +GH_TAGNAME= 1.1.0
> +CATEGORIES= audio
>
> -HOMEPAGE= https://github.com/libsndfile/libsndfile/
> +HOMEPAGE= https://libsndfile.github.io/libsndfile/
>
> MAINTAINER= Jan Stary <hans@stare.cz>
>
> @@ -17,7 +14,7 @@ SHARED_LIBS += sndfile 7.0
> # LGPLv2.1
> PERMIT_PACKAGE= Yes
>
> -WANTLIB= c m sndio FLAC ogg opus vorbis vorbisenc
> +WANTLIB= FLAC c m mp3lame mpg123 ogg opus sndio vorbis vorbisenc
>
> MODULES= devel/cmake \
> lang/python
> @@ -29,8 +26,12 @@ CONFIGURE_ARGS= -DBUILD_SHARED_LIBS:BOOL
> -DCMAKE_DISABLE_FIND_PACKAGE_SQLite3:BOOL=True
>
> LIB_DEPENDS= audio/flac \
> + audio/lame \
> audio/libogg \
> audio/libvorbis \
> + audio/mpg123 \
> audio/opus
> +
> +NO_TEST= Yes
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/audio/libsndfile/distinfo,v
> retrieving revision 1.19
> diff -u -p -u -p -r1.19 distinfo
> --- distinfo 24 Apr 2021 06:17:13 -0000 1.19
> +++ distinfo 29 Mar 2022 03:39:51 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (libsndfile-1.0.31.tar.gz) = jN7grLBrsKPBpspSRXVkPfix86VaCJO03Z+CnQgmN4U=
> -SIZE (libsndfile-1.0.31.tar.gz) = 662584
> +SHA256 (libsndfile-1.1.0.tar.gz) = ZCqHa9YbY/k0ZijbpfigNWo611DH9vQgGdJs5gumoVs=
> +SIZE (libsndfile-1.1.0.tar.gz) = 684409
> Index: patches/patch-src_caf_c
> ===================================================================
> RCS file: patches/patch-src_caf_c
> diff -N patches/patch-src_caf_c
> --- patches/patch-src_caf_c 11 Mar 2022 18:20:16 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,17 +0,0 @@
> -Fix memory leak in caf_read_header().
> -
> -Index: src/caf.c
> ---- src/caf.c.orig
> -+++ src/caf.c
> -@@ -416,6 +416,11 @@ caf_read_header (SF_PRIVATE *psf)
> - return SFE_CAF_BAD_PEAK ;
> - } ;
> -
> -+ if (psf->peak_info)
> -+ { psf_log_printf (psf, "*** Found existing peak info, using last one.\n") ;
> -+ free (psf->peak_info) ;
> -+ psf->peak_info = NULL ;
> -+ } ;
> - if ((psf->peak_info = peak_info_calloc (psf->sf.channels)) == NULL)
> - return SFE_MALLOC_FAILED ;
> -
> Index: patches/patch-src_flac_c
> ===================================================================
> RCS file: patches/patch-src_flac_c
> diff -N patches/patch-src_flac_c
> --- patches/patch-src_flac_c 16 Mar 2022 19:09:59 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,19 +0,0 @@
> -Fix heap overflow:
> -https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc
> -https://github.com/libsndfile/libsndfile/issues/731
> -
> -Index: src/flac.c
> ---- src/flac.c.orig
> -+++ src/flac.c
> -@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
> - /* Decode some more. */
> - while (pflac->pos < pflac->len)
> - { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
> -+ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
> -+ /* Current frame is busted, so NULL the pointer. */
> -+ pflac->frame = NULL ;
> - break ;
> -+ } ;
> - state = FLAC__stream_decoder_get_state (pflac->fsd) ;
> - if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
> - { psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
> Index: patches/patch-src_ima_adpcm_c
> ===================================================================
> RCS file: patches/patch-src_ima_adpcm_c
> diff -N patches/patch-src_ima_adpcm_c
> --- patches/patch-src_ima_adpcm_c 11 Mar 2022 18:20:16 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,19 +0,0 @@
> -Make sure that there's enough space to store decoded nibbles in when reading IMA ADPCM data.
> -
> -Index: src/ima_adpcm.c
> ---- src/ima_adpcm.c.orig
> -+++ src/ima_adpcm.c
> -@@ -182,7 +182,12 @@ ima_reader_init (SF_PRIVATE *psf, int blockalign, int
> - if (psf->file.mode != SFM_READ)
> - return SFE_BAD_MODE_RW ;
> -
> -- pimasize = sizeof (IMA_ADPCM_PRIVATE) + blockalign * psf->sf.channels + 3 * psf->sf.channels * samplesperblock ;
> -+ /*
> -+ ** Allocate enough space for 1 more than a multiple of 8 samples
> -+ ** to avoid having to branch when pulling apart the nibbles.
> -+ */
> -+ count = ((samplesperblock - 2) | 7) + 2 ;
> -+ pimasize = sizeof (IMA_ADPCM_PRIVATE) + psf->sf.channels * (blockalign + samplesperblock + sizeof(short) * count) ;
> -
> - if (! (pima = calloc (1, pimasize)))
> - return SFE_MALLOC_FAILED ;
> Index: patches/patch-src_ms_adpcm_c
> ===================================================================
> RCS file: patches/patch-src_ms_adpcm_c
> diff -N patches/patch-src_ms_adpcm_c
> --- patches/patch-src_ms_adpcm_c 16 Mar 2022 19:09:59 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,24 +0,0 @@
> -CVE-2021-3246:
> -https://security-tracker.debian.org/tracker/CVE-2021-3246
> -https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
> -
> -Index: src/ms_adpcm.c
> ---- src/ms_adpcm.c.orig
> -+++ src/ms_adpcm.c
> -@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign,
> - if (psf->file.mode == SFM_WRITE)
> - samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
> -
> -- if (blockalign < 7 * psf->sf.channels)
> -- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
> -+ /* There's 7 samples per channel in the preamble of each block */
> -+ if (samplesperblock < 7 * psf->sf.channels)
> -+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
> -+ return SFE_INTERNAL ;
> -+ } ;
> -+
> -+ if (2 * blockalign < samplesperblock * psf->sf.channels)
> -+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
> - return SFE_INTERNAL ;
> - } ;
> -
> Index: patches/patch-src_sndfile_c
> ===================================================================
> RCS file: patches/patch-src_sndfile_c
> diff -N patches/patch-src_sndfile_c
> --- patches/patch-src_sndfile_c 11 Mar 2022 18:20:16 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,22 +0,0 @@
> -Jump back to the start of guess_file_type() rather than recursing into it.
> -
> -Index: src/sndfile.c
> ---- src/sndfile.c.orig
> -+++ src/sndfile.c
> -@@ -2680,6 +2680,7 @@ static int
> - guess_file_type (SF_PRIVATE *psf)
> - { uint32_t buffer [3], format ;
> -
> -+retry:
> - if (psf_binheader_readf (psf, "b", &buffer, SIGNED_SIZEOF (buffer)) != SIGNED_SIZEOF (buffer))
> - { psf->error = SFE_BAD_FILE_READ ;
> - return 0 ;
> -@@ -2780,7 +2781,7 @@ guess_file_type (SF_PRIVATE *psf)
> - || buffer [0] == MAKE_MARKER ('I', 'D', '3', 4))
> - { psf_log_printf (psf, "Found 'ID3' marker.\n") ;
> - if (id3_skip (psf))
> -- return guess_file_type (psf) ;
> -+ goto retry ;
> - return 0 ;
> - } ;
> -
> Index: patches/patch-src_svx_c
> ===================================================================
> RCS file: patches/patch-src_svx_c
> diff -N patches/patch-src_svx_c
> --- patches/patch-src_svx_c 11 Mar 2022 18:20:16 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,15 +0,0 @@
> -Jump forwards to the next 4 byte aligned offset rather than always jumping backwards by 3 bytes.
> -
> -Index: src/svx.c
> ---- src/svx.c.orig
> -+++ src/svx.c
> -@@ -307,7 +307,8 @@ svx_read_header (SF_PRIVATE *psf)
> - if ((chunk_size = psf_ftell (psf)) & 0x03)
> - { psf_log_printf (psf, " Unknown chunk marker at position %d. Resynching.\n", chunk_size - 4) ;
> -
> -- psf_binheader_readf (psf, "j", -3) ;
> -+ chunk_size = chunk_size & 3 ;
> -+ psf_binheader_readf (psf, "j", 4 - chunk_size) ;
> - break ;
> - } ;
> - psf_log_printf (psf, "*** Unknown chunk marker (%X) at position %D. Exiting parser.\n", marker, psf_ftell (psf) - 8) ;
> Index: patches/patch-src_wavlike_c
> ===================================================================
> RCS file: patches/patch-src_wavlike_c
> diff -N patches/patch-src_wavlike_c
> --- patches/patch-src_wavlike_c 16 Mar 2022 19:09:59 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,20 +0,0 @@
> -CVE-2021-3246:
> -https://security-tracker.debian.org/tracker/CVE-2021-3246
> -https://github.com/libsndfile/libsndfile/commit/a9815b3f228df00086e0a40bcc43162fc19896a1
> -
> -Index: src/wavlike.c
> ---- src/wavlike.c.orig
> -+++ src/wavlike.c
> -@@ -830,7 +830,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf, uint32_t chu
> - return 0 ;
> - } ;
> -
> -- if (chunksize >= sizeof (SF_CART_INFO_16K))
> -+ /*
> -+ ** SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't part
> -+ ** of the chunk, so don't include it in the size check.
> -+ */
> -+ if (chunksize >= sizeof (SF_CART_INFO_16K) - 4)
> - { psf_log_printf (psf, "cart : %u too big to be handled\n", chunksize) ;
> - psf_binheader_readf (psf, "j", chunksize) ;
> - return 0 ;
>
No comments:
Post a Comment