Bug 21138

Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated libsndfile packages fix security vulnerability:

In libsndfile, an error in the "aiff_read_chanmap()" function (aiff.c) can be
exploited to cause an out-of-bounds read memory access via a specially crafted
AIFF file (CVE-2017-6892).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6892
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPGQ7ITAOX2UX7RHZ7RWVB3N5YVUKWOP/
========================

Updated packages in core/updates_testing:
========================
libsndfile1-1.0.25-9.3.mga5
libsndfile-devel-1.0.25-9.3.mga5
libsndfile-static-devel-1.0.25-9.3.mga5
libsndfile-progs-1.0.25-9.3.mga5

from libsndfile-1.0.25-9.3.mga5.src.rpm

Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 5

Testing M5 x64 real hardware.
Using the same sequence as https://bugs.mageia.org/show_bug.cgi?id=20658#c13

Updated to:
 libsndfile-progs-1.0.25-9.3.mga5
 lib64sndfile1-1.0.25-9.3.mga5

 $ sndfile-info BachKBconcerto.ogg
 $ sndfile-info BachKBconcerto.wav
 $ sndfile-info track1.flac
all output good data.

 $ sndfile-info track2.mp3
 Version : libsndfile-1.0.25
 Error : Not able to open input file track2.mp3.
 File : track2.mp3
 Length : 3611989
 File contains data in an unknown format.
Same result as previously.

 $ sndfile-play BachKBconcerto.ogg
 $ sndfile-play BachKBconcerto.wav
 $ sndfile-play track1.flac
All played correctly.

 $ sndfile-convert BachKBconcerto.ogg ~/tmp/BachKBconcerto.aif
 Error : output file format is invalid (0x00020060).
 $ sndfile-convert BachKBconcerto.ogg ~/tmp/BachKBconcerto.flac
 Error : output file format is invalid (0x00170060).
 $ sndfile-convert BachKBconcerto.wav ~/tmp/BachKBconcerto.oga
 Error : output file format is invalid (0x00200002).
Exactly the same results as previously.

 $ sndfile-convert BachKBconcerto.wav ~/tmp/BachKBconcerto.aif
 $ sndfile-convert BachKBconcerto.wav ~/tmp/BachKBconcerto.ogg
Both converted files played correctly.

So this behaves correctly within its limits. Update deemed OK.

Whiteboard: (none) => MGA5-64-OK
CC: (none) => lewyssmith

mga5.1 i586 virtualbox Mate

Ran the tests listed in comment 3 on ogg, flac, wav and mp3 files.

sndfile-info and sndfile-play returned trackdata and played fine for flac, ogg and wav files but had problems with the mp3 format.

The conversions failed or succeeded in the same measure, but:
$ sndfile-convert Handel.wav Handel.mp3 
generated an MP3 file which could be played fine with sndfile-play.

Updated the four packages from Core Updates Testing and ran the same tests on the sample files.
$ sndfile-info CherryOhBaby.ogg
$ sndfile-info OrganConcerto_7.4_D_minor.wav
$ sndfile-info LaDansereye-TielmanSusato.flac
Version : libsndfile-1.0.25

========================================
File : LaDansereye-TielmanSusato.flac
Length : 35602942
FLAC Stream Metadata
  Channels    : 2
  Sample rate : 44100
  Frames      : 19790904
  Bit width   : 16
Cuesheet Metadata
Seektable Metadata
Vorbis Comment Metadata
  title      : Track 1
  artist     : Unknown Artist
  album      : Unknown Title
  tracknumber : 1
End

----------------------------------------
Sample Rate : 44100
Frames      : 19790904
Channels    : 2
Format      : 0x00170002
Sections    : 1
Seekable    : TRUE
Duration    : 00:07:28.773
Signal Max  : 31034 (-0.47 dB)

All three supplied this type of information but 
$ sndfile-info TheSingingGames.mp3
Version : libsndfile-1.0.25

Error : Not able to open input file TheSingingGames.mp3.
File : TheSingingGames.mp3
Length : 2716317

File contains data in an unknown format.

Converted a wav file to mp3:
$ sndfile-convert Handel.wav Handel_mp3_from_wav.mp3
$ ls -l Handel*
-rw-r--r-- 1 lcl lcl 180256148 Jun 28 17:12 Handel_mp3_from_wav.mp3
-rw-r--r-- 1 lcl lcl 120170780 Jun 28 16:04 Handel.wav
The increase in size is unexpected.
$ sndfile-info Handel_mp3_from_wav.mp3
..........................
File : Handel_mp3_from_wav.mp3
Length : 180256148
RIFF : 180256140
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
............................

So the indication is that the file was not actually converted to MP3 format.
The pseudo conversion file can be played.

$ sndfile-convert CherryOhBaby.ogg CherryOhBaby.aif
Error : output file format is invalid (0x00020060).
$ sndfile-convert CherryOhBaby.ogg CherryOhBaby.flac
Error : output file format is invalid (0x00170060).
$ sndfile-convert OrganConcerto_7.4_D_minor.wav OrganConcerto_7.4_D_minor.oga
Error : output file format is invalid (0x00200002).
$ sndfile-convert OrganConcerto_7.4_D_minor.wav OrganConcerto_7.4_D_minor.aif
$ sndfile-convert OrganConcerto_7.4_D_minor.wav OrganConcerto_7.4_D_minor.ogg
The last two played fine with maybe a slight loss of quality.

These tests agree with the 64-bit trial in comment 3 so within the limitations of sndfile this can be considered OK for 32-bits.

CC: (none) => tarazed25

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0197.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

MGA6-32 on Asus A6000VM MATE
no installation issues.
At CLI:
$ sndfile-play 01\ Welington\'s\ Sieg.wav
plays OK
$ sndfile-metadata-get 02\ Zapfenstreich.wav 
Description          : 
Originator           : 
Origination ref      : 
UMID                 : 
Origination date     : 
Origination time     : 
Coding history       : 
Name                 : Zapfenstreich
Copyright            : 
Artist               : Beethoven
Comment              : 
Create date          : 
Album                : 
License              : 
is OK as this a file created from a Philips cassette.
$ sndfile-play 02\ Zapfenstreich.wav 
plays OK
$ sndfile-info 01\ Welington\'s\ Sieg.wav 
========================================
File : 01 Welington's Sieg.wav
Length : 149110744
RIFF : 149110736
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 44100
  Block Align   : 4
  Bit Width     : 16
  Bytes/sec     : 176400
LIST : 48
  INFO
    INAM : Wellington's Sieg
    IART : Beethoven
data : 149110644
End

----------------------------------------
Sample Rate : 44100
Frames      : 37277661
Channels    : 2
Format      : 0x00010002
Sections    : 1
Seekable    : TRUE
Duration    : 00:14:05.298
Signal Max  : 32754 (-0.00 dB)
$ sndfile-convert 02\ Zapfenstreich.wav Zapf.mp3
[tester6@mach6 Muziek]$ ls -als
totaal 229580
     4 drwxr-xr-x  2 tester6 tester6      4096 sep 13 15:48 ./
     4 drwxr-x--- 30 tester6 tester6      4096 sep 13 15:01 ../
145616 -rw-r--r--  1 tester6 tester6 149110744 jun  4  2014 '01 Welington'\''s Sieg.wav'
 33584 -rw-r--r--  1 tester6 tester6  34387256 jun  4  2014 '02 Zapfenstreich.wav'
 50372 -rw-r--r--  1 tester6 tester6  51580836 sep 13 15:48 Zapf.mp3
same remark as Len above in Comment 4$ sndfile-info Zapf.mp3 
========================================
File : Zapf.mp3
Length : 51580836
RIFF : 51580828
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 44100
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 264600
LIST : 44
  INFO
    INAM : Zapfenstreich
    IART : Beethoven
data : 51580740
End

----------------------------------------
Sample Rate : 44100
Frames      : 8596790
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:03:14.939
Signal Max  : 8.38016e+06 (-0.01 dB)

Nothing broken so OK for me.

CC: (none) => herman.viaene
Whiteboard: MGA5-64-OK advisory MGA5-32-OK => MGA5-64-OK advisory MGA5-32-OK MGA6-32-OK

Sorry, updated the wrong bug, must be in bug 21618

Whiteboard: MGA5-64-OK advisory MGA5-32-OK MGA6-32-OK => MGA5-64-OK advisory MGA5-32-OK