summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorTanu Kaskinen <tanuk@iki.fi>2017-11-27 18:39:30 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-12-10 22:45:18 +0000
commite310fbff97490615f8ab46dd8029092abe461616 (patch)
treefc3c08d970bfec041457403759114eb35dfc10a8 /meta
parent7e1ee95d1aca9320090912e88a606fb4815a8d08 (diff)
downloadpoky-e310fbff97490615f8ab46dd8029092abe461616.tar.gz
lame: 3.99.5 -> 3.100
Release notes: http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/history.html?revision=1.154 Dropped patches that are included in the release: - lame-3.99.5_fix_for_automake-1.12.x.patch - CVE-2017-13712.patch The CACHED_CONFIGUREVARS thing to disable SSE code on x86 isn't needed anymore. The build system now correctly detects when SSE isn't available. Note for stable branch maintainers: This release includes several fixes for bugs that have a CVE number associated with them. The bugs (or at least most of them) are crashes that seem to be considered "remote DoS" vulnerabilities, probably because it's easy to imagine lame being used with untrusted audio files from remote sources. If you want to backport "all sercurity fixes" to the stable brances, that task seems pretty difficult. The release notes explicitly mention three CVE numbers, but there are more: for example, OE had a fix for CVE-2017-13712, which is not mentioned in the release notes but is fixed in the release. The commit log doesn't keep any track of CVE numbers either. Maybe it would be best to just upgrade lame to 3.100 also in the stable branches. (From OE-Core rev: 930f8873e0e180da7242f65bfd5c60f9d6c19424) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch309
-rw-r--r--meta/recipes-multimedia/lame/lame/lame-3.99.5_fix_for_automake-1.12.x.patch59
-rw-r--r--meta/recipes-multimedia/lame/lame_3.100.bb (renamed from meta/recipes-multimedia/lame/lame_3.99.5.bb)9
3 files changed, 2 insertions, 375 deletions
diff --git a/meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch b/meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch
deleted file mode 100644
index f9ec7665ff..0000000000
--- a/meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch
+++ /dev/null
@@ -1,309 +0,0 @@
1Upstream-Status: Backport [http://lame.cvs.sourceforge.net/viewvc/lame/lame/libmp3lame/id3tag.c?r1=1.79&r2=1.80]
2
3Backport patch to fix CVE-2017-13712 for lame.
4
5Signed-off-by: Kai Kang <kai.kang@windriver.com>
6---
7--- a/libmp3lame/id3tag.c 2017/08/22 19:44:05 1.79
8+++ b/libmp3lame/id3tag.c 2017/08/28 15:39:51 1.80
9@@ -194,7 +194,11 @@
10 }
11 #endif
12
13-
14+static int
15+is_lame_internal_flags_null(lame_t gfp)
16+{
17+ return (gfp && gfp->internal_flags) ? 0 : 1;
18+}
19
20 static int
21 id3v2_add_ucs2_lng(lame_t gfp, uint32_t frame_id, unsigned short const *desc, unsigned short const *text);
22@@ -238,8 +242,7 @@
23 static void
24 id3v2AddAudioDuration(lame_t gfp, double ms)
25 {
26- lame_internal_flags *gfc = gfp != 0 ? gfp->internal_flags : 0;
27- SessionConfig_t const *const cfg = &gfc->cfg;
28+ SessionConfig_t const *const cfg = &gfp->internal_flags->cfg; /* caller checked pointers */
29 char buffer[1024];
30 double const max_ulong = MAX_U_32_NUM;
31 unsigned long playlength_ms;
32@@ -280,7 +283,12 @@
33 void
34 id3tag_init(lame_t gfp)
35 {
36- lame_internal_flags *gfc = gfp->internal_flags;
37+ lame_internal_flags *gfc = 0;
38+
39+ if (is_lame_internal_flags_null(gfp)) {
40+ return;
41+ }
42+ gfc = gfp->internal_flags;
43 free_id3tag(gfc);
44 memset(&gfc->tag_spec, 0, sizeof gfc->tag_spec);
45 gfc->tag_spec.genre_id3v1 = GENRE_NUM_UNKNOWN;
46@@ -293,7 +301,12 @@
47 void
48 id3tag_add_v2(lame_t gfp)
49 {
50- lame_internal_flags *gfc = gfp->internal_flags;
51+ lame_internal_flags *gfc = 0;
52+
53+ if (is_lame_internal_flags_null(gfp)) {
54+ return;
55+ }
56+ gfc = gfp->internal_flags;
57 gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
58 gfc->tag_spec.flags |= ADD_V2_FLAG;
59 }
60@@ -301,7 +314,12 @@
61 void
62 id3tag_v1_only(lame_t gfp)
63 {
64- lame_internal_flags *gfc = gfp->internal_flags;
65+ lame_internal_flags *gfc = 0;
66+
67+ if (is_lame_internal_flags_null(gfp)) {
68+ return;
69+ }
70+ gfc = gfp->internal_flags;
71 gfc->tag_spec.flags &= ~(ADD_V2_FLAG | V2_ONLY_FLAG);
72 gfc->tag_spec.flags |= V1_ONLY_FLAG;
73 }
74@@ -309,7 +327,12 @@
75 void
76 id3tag_v2_only(lame_t gfp)
77 {
78- lame_internal_flags *gfc = gfp->internal_flags;
79+ lame_internal_flags *gfc = 0;
80+
81+ if (is_lame_internal_flags_null(gfp)) {
82+ return;
83+ }
84+ gfc = gfp->internal_flags;
85 gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
86 gfc->tag_spec.flags |= V2_ONLY_FLAG;
87 }
88@@ -317,7 +340,12 @@
89 void
90 id3tag_space_v1(lame_t gfp)
91 {
92- lame_internal_flags *gfc = gfp->internal_flags;
93+ lame_internal_flags *gfc = 0;
94+
95+ if (is_lame_internal_flags_null(gfp)) {
96+ return;
97+ }
98+ gfc = gfp->internal_flags;
99 gfc->tag_spec.flags &= ~V2_ONLY_FLAG;
100 gfc->tag_spec.flags |= SPACE_V1_FLAG;
101 }
102@@ -331,7 +359,12 @@
103 void
104 id3tag_set_pad(lame_t gfp, size_t n)
105 {
106- lame_internal_flags *gfc = gfp->internal_flags;
107+ lame_internal_flags *gfc = 0;
108+
109+ if (is_lame_internal_flags_null(gfp)) {
110+ return;
111+ }
112+ gfc = gfp->internal_flags;
113 gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
114 gfc->tag_spec.flags |= PAD_V2_FLAG;
115 gfc->tag_spec.flags |= ADD_V2_FLAG;
116@@ -583,22 +616,29 @@
117 int
118 id3tag_set_albumart(lame_t gfp, const char *image, size_t size)
119 {
120- int mimetype = 0;
121- unsigned char const *data = (unsigned char const *) image;
122- lame_internal_flags *gfc = gfp->internal_flags;
123-
124- /* determine MIME type from the actual image data */
125- if (2 < size && data[0] == 0xFF && data[1] == 0xD8) {
126- mimetype = MIMETYPE_JPEG;
127- }
128- else if (4 < size && data[0] == 0x89 && strncmp((const char *) &data[1], "PNG", 3) == 0) {
129- mimetype = MIMETYPE_PNG;
130- }
131- else if (4 < size && strncmp((const char *) data, "GIF8", 4) == 0) {
132- mimetype = MIMETYPE_GIF;
133+ int mimetype = MIMETYPE_NONE;
134+ lame_internal_flags *gfc = 0;
135+
136+ if (is_lame_internal_flags_null(gfp)) {
137+ return 0;
138 }
139- else {
140- return -1;
141+ gfc = gfp->internal_flags;
142+
143+ if (image != 0) {
144+ unsigned char const *data = (unsigned char const *) image;
145+ /* determine MIME type from the actual image data */
146+ if (2 < size && data[0] == 0xFF && data[1] == 0xD8) {
147+ mimetype = MIMETYPE_JPEG;
148+ }
149+ else if (4 < size && data[0] == 0x89 && strncmp((const char *) &data[1], "PNG", 3) == 0) {
150+ mimetype = MIMETYPE_PNG;
151+ }
152+ else if (4 < size && strncmp((const char *) data, "GIF8", 4) == 0) {
153+ mimetype = MIMETYPE_GIF;
154+ }
155+ else {
156+ return -1;
157+ }
158 }
159 if (gfc->tag_spec.albumart != 0) {
160 free(gfc->tag_spec.albumart);
161@@ -606,7 +646,7 @@
162 gfc->tag_spec.albumart_size = 0;
163 gfc->tag_spec.albumart_mimetype = MIMETYPE_NONE;
164 }
165- if (size < 1) {
166+ if (size < 1 || mimetype == MIMETYPE_NONE) {
167 return 0;
168 }
169 gfc->tag_spec.albumart = lame_calloc(unsigned char, size);
170@@ -959,6 +999,9 @@
171 if (frame_id == 0) {
172 return -1;
173 }
174+ if (is_lame_internal_flags_null(gfp)) {
175+ return 0;
176+ }
177 if (text == 0) {
178 return 0;
179 }
180@@ -1008,6 +1051,9 @@
181 if (frame_id == 0) {
182 return -1;
183 }
184+ if (is_lame_internal_flags_null(gfp)) {
185+ return 0;
186+ }
187 if (text == 0) {
188 return 0;
189 }
190@@ -1037,6 +1083,9 @@
191 int
192 id3tag_set_comment_latin1(lame_t gfp, char const *lang, char const *desc, char const *text)
193 {
194+ if (is_lame_internal_flags_null(gfp)) {
195+ return 0;
196+ }
197 return id3v2_add_latin1(gfp, ID_COMMENT, lang, desc, text);
198 }
199
200@@ -1044,6 +1093,9 @@
201 int
202 id3tag_set_comment_utf16(lame_t gfp, char const *lang, unsigned short const *desc, unsigned short const *text)
203 {
204+ if (is_lame_internal_flags_null(gfp)) {
205+ return 0;
206+ }
207 return id3v2_add_ucs2(gfp, ID_COMMENT, lang, desc, text);
208 }
209
210@@ -1054,6 +1106,9 @@
211 int
212 id3tag_set_comment_ucs2(lame_t gfp, char const *lang, unsigned short const *desc, unsigned short const *text)
213 {
214+ if (is_lame_internal_flags_null(gfp)) {
215+ return 0;
216+ }
217 return id3tag_set_comment_utf16(gfp, lang, desc, text);
218 }
219
220@@ -1244,9 +1299,9 @@
221 int
222 id3tag_set_genre(lame_t gfp, const char *genre)
223 {
224- lame_internal_flags *gfc = gfp->internal_flags;
225+ lame_internal_flags *gfc = gfp != 0 ? gfp->internal_flags : 0;
226 int ret = 0;
227- if (genre && *genre) {
228+ if (gfc && genre && *genre) {
229 int const num = lookupGenre(genre);
230 if (num == -1) return num;
231 gfc->tag_spec.flags |= CHANGED_FLAG;
232@@ -1539,6 +1594,9 @@
233 int
234 id3tag_set_fieldvalue(lame_t gfp, const char *fieldvalue)
235 {
236+ if (is_lame_internal_flags_null(gfp)) {
237+ return 0;
238+ }
239 if (fieldvalue && *fieldvalue) {
240 if (strlen(fieldvalue) < 5 || fieldvalue[4] != '=') {
241 return -1;
242@@ -1551,6 +1609,9 @@
243 int
244 id3tag_set_fieldvalue_utf16(lame_t gfp, const unsigned short *fieldvalue)
245 {
246+ if (is_lame_internal_flags_null(gfp)) {
247+ return 0;
248+ }
249 if (fieldvalue && *fieldvalue) {
250 size_t dx = hasUcs2ByteOrderMarker(fieldvalue[0]);
251 unsigned short const separator = fromLatin1Char(fieldvalue, '=');
252@@ -1581,20 +1642,21 @@
253 int
254 id3tag_set_fieldvalue_ucs2(lame_t gfp, const unsigned short *fieldvalue)
255 {
256+ if (is_lame_internal_flags_null(gfp)) {
257+ return 0;
258+ }
259 return id3tag_set_fieldvalue_utf16(gfp, fieldvalue);
260 }
261
262 size_t
263 lame_get_id3v2_tag(lame_t gfp, unsigned char *buffer, size_t size)
264 {
265- lame_internal_flags *gfc;
266- if (gfp == 0) {
267+ lame_internal_flags *gfc = 0;
268+
269+ if (is_lame_internal_flags_null(gfp)) {
270 return 0;
271 }
272 gfc = gfp->internal_flags;
273- if (gfc == 0) {
274- return 0;
275- }
276 if (test_tag_spec_flags(gfc, V1_ONLY_FLAG)) {
277 return 0;
278 }
279@@ -1736,7 +1798,12 @@
280 int
281 id3tag_write_v2(lame_t gfp)
282 {
283- lame_internal_flags *gfc = gfp->internal_flags;
284+ lame_internal_flags *gfc = 0;
285+
286+ if (is_lame_internal_flags_null(gfp)) {
287+ return 0;
288+ }
289+ gfc = gfp->internal_flags;
290 #if 0
291 debug_tag_spec_flags(gfc, "write v2");
292 #endif
293@@ -1837,10 +1904,15 @@
294 int
295 id3tag_write_v1(lame_t gfp)
296 {
297- lame_internal_flags *const gfc = gfp->internal_flags;
298+ lame_internal_flags* gfc = 0;
299 size_t i, n, m;
300 unsigned char tag[128];
301
302+ if (is_lame_internal_flags_null(gfp)) {
303+ return 0;
304+ }
305+ gfc = gfp->internal_flags;
306+
307 m = sizeof(tag);
308 n = lame_get_id3v1_tag(gfp, tag, m);
309 if (n > m) {
diff --git a/meta/recipes-multimedia/lame/lame/lame-3.99.5_fix_for_automake-1.12.x.patch b/meta/recipes-multimedia/lame/lame/lame-3.99.5_fix_for_automake-1.12.x.patch
deleted file mode 100644
index 51baef26f2..0000000000
--- a/meta/recipes-multimedia/lame/lame/lame-3.99.5_fix_for_automake-1.12.x.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1Upstream-Status: Pending
2
3Fix this kind of errors with automake 1.12.x:
4| doc/man/Makefile.am:3: error: automatic de-ANSI-fication support has been removed
5| autoreconf: automake failed with exit status: 1
6
7Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
82012/07/13
9
10Index: lame-3.99.5/configure.in
11===================================================================
12--- lame-3.99.5.orig/configure.in
13+++ lame-3.99.5/configure.in
14@@ -77,9 +77,6 @@ if test "${GCC}" = "yes"; then
15 AC_MSG_RESULT(${GCC_version})
16 fi
17
18-dnl more automake stuff
19-AM_C_PROTOTYPES
20-
21 AC_CHECK_HEADER(dmalloc.h)
22 if test "${ac_cv_header_dmalloc_h}" = "yes"; then
23 AM_WITH_DMALLOC
24Index: lame-3.99.5/doc/html/Makefile.am
25===================================================================
26--- lame-3.99.5.orig/doc/html/Makefile.am
27+++ lame-3.99.5/doc/html/Makefile.am
28@@ -1,6 +1,6 @@
29 ## $Id: Makefile.am,v 1.7 2010/09/30 20:58:40 jaz001 Exp $
30
31-AUTOMAKE_OPTIONS = foreign ansi2knr
32+AUTOMAKE_OPTIONS = foreign
33
34 docdir = $(datadir)/doc
35 pkgdocdir = $(docdir)/$(PACKAGE)
36Index: lame-3.99.5/libmp3lame/i386/Makefile.am
37===================================================================
38--- lame-3.99.5.orig/libmp3lame/i386/Makefile.am
39+++ lame-3.99.5/libmp3lame/i386/Makefile.am
40@@ -1,6 +1,6 @@
41 ## $Id: Makefile.am,v 1.26 2011/04/04 09:42:34 aleidinger Exp $
42
43-AUTOMAKE_OPTIONS = foreign $(top_srcdir)/ansi2knr
44+AUTOMAKE_OPTIONS = foreign
45
46 DEFS = @DEFS@ @CONFIG_DEFS@
47
48Index: lame-3.99.5/doc/man/Makefile.am
49===================================================================
50--- lame-3.99.5.orig/doc/man/Makefile.am
51+++ lame-3.99.5/doc/man/Makefile.am
52@@ -1,6 +1,6 @@
53 ## $Id: Makefile.am,v 1.1 2000/10/22 11:39:44 aleidinger Exp $
54
55-AUTOMAKE_OPTIONS = foreign ansi2knr
56+AUTOMAKE_OPTIONS = foreign
57
58 man_MANS = lame.1
59 EXTRA_DIST = ${man_MANS}
diff --git a/meta/recipes-multimedia/lame/lame_3.99.5.bb b/meta/recipes-multimedia/lame/lame_3.100.bb
index e5321bb9d8..ff6ac7efb2 100644
--- a/meta/recipes-multimedia/lame/lame_3.99.5.bb
+++ b/meta/recipes-multimedia/lame/lame_3.100.bb
@@ -10,16 +10,13 @@ DEPENDS = "ncurses gettext-native"
10LIC_FILES_CHKSUM = "file://COPYING;md5=c46bda00ffbb0ba1dac22f8d087f54d9 \ 10LIC_FILES_CHKSUM = "file://COPYING;md5=c46bda00ffbb0ba1dac22f8d087f54d9 \
11 file://include/lame.h;beginline=1;endline=20;md5=a2258182c593c398d15a48262130a92b \ 11 file://include/lame.h;beginline=1;endline=20;md5=a2258182c593c398d15a48262130a92b \
12" 12"
13PR = "r1"
14 13
15SRC_URI = "${SOURCEFORGE_MIRROR}/lame/lame-${PV}.tar.gz \ 14SRC_URI = "${SOURCEFORGE_MIRROR}/lame/lame-${PV}.tar.gz \
16 file://no-gtk1.patch \ 15 file://no-gtk1.patch \
17 file://lame-3.99.5_fix_for_automake-1.12.x.patch \
18 file://CVE-2017-13712.patch \
19 " 16 "
20 17
21SRC_URI[md5sum] = "84835b313d4a8b68f5349816d33e07ce" 18SRC_URI[md5sum] = "83e260acbe4389b54fe08e0bdbf7cddb"
22SRC_URI[sha256sum] = "24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff" 19SRC_URI[sha256sum] = "ddfe36cab873794038ae2c1210557ad34857a4b6bdc515785d1da9e175b1da1e"
23 20
24inherit autotools pkgconfig 21inherit autotools pkgconfig
25 22
@@ -28,5 +25,3 @@ FILES_${PN} = "${bindir}/lame"
28FILES_libmp3lame = "${libdir}/libmp3lame.so.*" 25FILES_libmp3lame = "${libdir}/libmp3lame.so.*"
29FILES_libmp3lame-dev = "${includedir} ${libdir}/*" 26FILES_libmp3lame-dev = "${includedir} ${libdir}/*"
30FILES_${PN}-dev = "" 27FILES_${PN}-dev = ""
31
32CACHED_CONFIGUREVARS_append_x86 = " ac_cv_header_emmintrin_h=no ac_cv_header_xmmintrin_h=no"