GNU bug report logs -
#47194
[PATCH] gnu: mpg321: Fix CVE-2019-14247.
Previous Next
Reported by: Kei Kebreau <kkebreau <at> posteo.net>
Date: Tue, 16 Mar 2021 16:04:02 UTC
Severity: normal
Tags: patch
Done: Léo Le Bouter <lle-bout <at> zaclys.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47194 in the body.
You can then email your comments to 47194 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#47194; Package
guix-patches.
(Tue, 16 Mar 2021 16:04:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 16 Mar 2021 16:04:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/mpg321-CVE-2019-14247.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/mp3.scm (mpg321)[source]: Apply it.
---
gnu/local.mk | 1 +
gnu/packages/mp3.scm | 4 +++-
.../patches/mpg321-CVE-2019-14247.patch | 23 +++++++++++++++++++
3 files changed, 27 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/mpg321-CVE-2019-14247.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index cf8849cf59..abb1e2140d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1404,6 +1404,7 @@ dist_patch_DATA = \
%D%/packages/patches/mit-krb5-hurd.patch \
%D%/packages/patches/mit-krb5-qualify-short-hostnames.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
+ %D%/packages/patches/mpg321-CVE-2019-14247.patch \
%D%/packages/patches/module-init-tools-moduledir.patch \
%D%/packages/patches/monero-use-system-miniupnpc.patch \
%D%/packages/patches/mono-mdoc-timestamping.patch \
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 34390d3696..dba3e17558 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -408,7 +408,9 @@ command-line tool as well as a C library, libmpg123.")
version "/mpg321-" version ".tar.gz"))
(sha256
(base32
- "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"))))
+ "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"))
+ (patches
+ (search-patches "mpg321-CVE-2019-14247.patch"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--disable-alsa")))
(inputs
diff --git a/gnu/packages/patches/mpg321-CVE-2019-14247.patch b/gnu/packages/patches/mpg321-CVE-2019-14247.patch
new file mode 100644
index 0000000000..03afaccc67
--- /dev/null
+++ b/gnu/packages/patches/mpg321-CVE-2019-14247.patch
@@ -0,0 +1,23 @@
+This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and
+fixes CVE-2019-14247.
+
+Description: Handle illegal bitrate value
+Author: Chrysostomos Nanakos <cnanakos <at> debian.org>
+Bug-Debian: https://bugs.debian.org/870406
+Bug-Debian: https://bugs.debian.org/887057
+
+--- mpg321-0.3.2.orig/mad.c
++++ mpg321-0.3.2/mad.c
+@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
+
+ if (!is_vbr)
+ {
++ if (header.bitrate <= 0)
++ {
++ fprintf(stderr, "Illegal bit allocation value\n");
++ return;
++ }
++
+ double time = (len * 8.0) / (header.bitrate); /* time in seconds */
+ double timefrac = (double)time - ((long)(time));
+ long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */
--
2.30.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#47194; Package
guix-patches.
(Tue, 16 Mar 2021 18:00:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 47194 <at> debbugs.gnu.org (full text, mbox):
On Tue, Mar 16, 2021 at 12:03:12PM -0400, Kei Kebreau wrote:
> * gnu/packages/patches/mpg321-CVE-2019-14247.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/mp3.scm (mpg321)[source]: Apply it.
Thanks! Please push.
Information forwarded
to
guix-patches <at> gnu.org:
bug#47194; Package
guix-patches.
(Tue, 16 Mar 2021 18:11:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 47194 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
LGTM!
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Léo Le Bouter <lle-bout <at> zaclys.net>:
You have taken responsibility.
(Tue, 16 Mar 2021 18:17:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
bug acknowledged by developer.
(Tue, 16 Mar 2021 18:17:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 47194-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Pushed as 109f58444beecd1b9b7c502f2a687a6b91c62dc0
Thanks
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 14 Apr 2021 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 127 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.