From fc1ca4a8f9195f88cab7c19f55be2e5f4efca1b1 Mon Sep 17 00:00:00 2001 From: Ozkan Sezer Date: Sat, 2 Nov 2024 20:47:20 +0300 Subject: [PATCH] mpg123-1.32.9 --- NEWS | 12 +++++++++- TODO | 3 +++ configure | 22 ++++++++--------- mpg123.spec | 2 +- src/compat/compat.c | 8 +++++-- src/compat/compat.h | 35 +++++++++++++++++++++++++++ src/include/mpg123.h | 2 +- src/libmpg123/lfs_wrap.c | 51 ++++++++++++++++++++++++++++++---------- src/version.h | 2 +- 9 files changed, 107 insertions(+), 30 deletions(-) diff --git a/NEWS b/NEWS index 2f2a604..f43a3ca 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,13 @@ +1.32.9 +------ +- libmpg123: +-- enable 64 bit offset path for MSVCRT and avoid warnings about + MS's game about POSIX API with and without underscores (bug 373). +-- Increase the library patchlevel, as was forgotten on previous + release. Now you can check for distversion >= 1.32.8 or + mpg123 libversion >= 48 patchlevel 3 to see if you're vulnerable + to CVE-2024-10573. + 1.32.8 ------ - libmpg123: @@ -6,7 +16,7 @@ (github PR 15). -- Prevent premature application of header info into decoding structure, at worst having triggered out-of-bounds writes of decoded PCM data - (bug 322, again). + (bug 322, again). The bug got named CVE-2024-10573. - out123: Show --quiet in --longhelp. 1.32.7 diff --git a/TODO b/TODO index 1290e6d..4292797 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,6 @@ +One current thing: Cleanup mpg123_noise() ... remove that accidentally public symbol +or make it official. The functionality is in syn123 and it was never documented. + Things that need to be done... ... as always, mostly outdated. diff --git a/configure b/configure index 6110afd..fa80ce1 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for mpg123 1.32.8. +# Generated by GNU Autoconf 2.71 for mpg123 1.32.9. # # Report bugs to . # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='mpg123' PACKAGE_TARNAME='mpg123' -PACKAGE_VERSION='1.32.8' -PACKAGE_STRING='mpg123 1.32.8' +PACKAGE_VERSION='1.32.9' +PACKAGE_STRING='mpg123 1.32.9' PACKAGE_BUGREPORT='maintainer@mpg123.org' PACKAGE_URL='' @@ -1727,7 +1727,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures mpg123 1.32.8 to adapt to many kinds of systems. +\`configure' configures mpg123 1.32.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1798,7 +1798,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of mpg123 1.32.8:";; + short | recursive ) echo "Configuration of mpg123 1.32.9:";; esac cat <<\_ACEOF @@ -2076,7 +2076,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -mpg123 configure 1.32.8 +mpg123 configure 1.32.9 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2621,7 +2621,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by mpg123 $as_me 1.32.8, which was +It was created by mpg123 $as_me 1.32.9, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3390,7 +3390,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -LIBMPG123_VERSION=48:2:48 +LIBMPG123_VERSION=48:3:48 LIBOUT123_VERSION=5:1:5 LIBSYN123_VERSION=2:3:2 @@ -3991,7 +3991,7 @@ fi # Define the identity of the package. PACKAGE='mpg123' - VERSION='1.32.8' + VERSION='1.32.9' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -22453,7 +22453,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by mpg123 $as_me 1.32.8, which was +This file was extended by mpg123 $as_me 1.32.9, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22521,7 +22521,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -mpg123 config.status 1.32.8 +mpg123 config.status 1.32.9 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/mpg123.spec b/mpg123.spec index 70c5092..9076790 100644 --- a/mpg123.spec +++ b/mpg123.spec @@ -3,7 +3,7 @@ # - devel packages for alsa, sdl, etc... to build the respective output modules. Summary: The fast console mpeg audio decoder/player. Name: mpg123 -Version: 1.32.8 +Version: 1.32.9 Release: 1 URL: http://www.mpg123.org/ License: GPL diff --git a/src/compat/compat.c b/src/compat/compat.c index b66fe7e..09983ca 100644 --- a/src/compat/compat.c +++ b/src/compat/compat.c @@ -88,7 +88,7 @@ int INT123_compat_open(const char *filename, int flags) open_fallback: #endif -#if (defined(WIN32) && !defined (__CYGWIN__)) +#if defined(MPG123_COMPAT_MSVCRT_IO) /* MSDN says POSIX function is deprecated beginning in Visual C++ 2005 */ /* Try plain old _open(), if it fails, do nothing */ ret = _open(filename, flags|_O_BINARY, _S_IREAD | _S_IWRITE); @@ -138,12 +138,16 @@ fopen_ok: FILE* INT123_compat_fdopen(int fd, const char *mode) { +#if defined(MPG123_COMPAT_MSVCRT_IO) + return _fdopen(fd, mode); +#else return fdopen(fd, mode); +#endif } int INT123_compat_close(int infd) { -#if (defined(WIN32) && !defined (__CYGWIN__)) /* MSDN says POSIX function is deprecated beginning in Visual C++ 2005 */ +#if defined(MPG123_COMPAT_MSVCRT_IO) return _close(infd); #else return close(infd); diff --git a/src/compat/compat.h b/src/compat/compat.h index dee811f..23df921 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -110,7 +110,42 @@ typedef unsigned char byte; +#if (defined(_UCRT) || defined(_MSC_VER) || (defined(__MINGW32__) || defined(__MINGW64__)) || (defined(__WATCOMC__) && defined(__NT__))) && !defined(__CYGWIN__) +#define MPG123_COMPAT_MSVCRT_IO +#endif + +#if defined(MPG123_COMPAT_MSVCRT_IO) +#if defined(_UCRT) +// needs to get checked separately from MSVC and MinGW becuase it is also used by native Clang on Windows +#ifndef MPG123_COMPAT_MSVCRT_IO_64 +#define MPG123_COMPAT_MSVCRT_IO_64 +#endif +#endif #if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +// >= VC6 +#ifndef MPG123_COMPAT_MSVCRT_IO_64 +#define MPG123_COMPAT_MSVCRT_IO_64 +#endif +#endif +#endif +#if defined(__MINGW32__) || defined(__MINGW64__) +#if (defined(__MSVCRT__) || defined(_UCRT)) && !defined(__CRTDLL__) +#ifndef MPG123_COMPAT_MSVCRT_IO_64 +#define MPG123_COMPAT_MSVCRT_IO_64 +#endif +#endif +#endif +#if defined(__WATCOMC__) && defined(__NT__) +#if (__WATCOMC__ >= 1100) +#ifndef MPG123_COMPAT_MSVCRT_IO_64 +#define MPG123_COMPAT_MSVCRT_IO_64 +#endif +#endif +#endif +#endif + +#if defined(HAVE__SETMODE) || defined(HAVE_SETMODE) || defined(MPG123_COMPAT_MSVCRT_IO) // For _setmode(), at least. #include #endif diff --git a/src/include/mpg123.h b/src/include/mpg123.h index bc89d4b..6131d8a 100644 --- a/src/include/mpg123.h +++ b/src/include/mpg123.h @@ -19,7 +19,7 @@ */ #define MPG123_API_VERSION 48 /** library patch level at client build time */ -#define MPG123_PATCHLEVEL 2 +#define MPG123_PATCHLEVEL 3 #ifndef MPG123_EXPORT /** Defines needed for MS Visual Studio(tm) DLL builds. diff --git a/src/libmpg123/lfs_wrap.c b/src/libmpg123/lfs_wrap.c index 4a7b8b6..62cd674 100644 --- a/src/libmpg123/lfs_wrap.c +++ b/src/libmpg123/lfs_wrap.c @@ -137,7 +137,11 @@ static void wrap_io_cleanup(void *handle) if(ioh->my_fd >= 0) { mdebug("closing my fd %d", ioh->my_fd); +#if defined(MPG123_COMPAT_MSVCRT_IO) + _close(ioh->my_fd); +#else close(ioh->my_fd); +#endif ioh->my_fd = -1; } } @@ -699,6 +703,35 @@ static int64_t wrap_lseek(void *handle, int64_t offset, int whence) return -1; } +// Defining a wrapper to the native read to be sure the prototype matches. +// There are platforms where it is read(int, void*, unsigned int). +// We know that we read small chunks where the difference does not matter. Could +// apply specific hackery, use a common compat_read() (INT123_unintr_read()?) with system +// specifics. +static mpg123_ssize_t fallback_read(int fd, void *buf, size_t count) +{ +#if defined(MPG123_COMPAT_MSVCRT_IO) + if(count > UINT_MAX) + { + errno = EOVERFLOW; + return -1; + } + return _read(fd, buf, (unsigned int)count); +#else + return read(fd, buf, count); +#endif +} + +static off_t fallback_lseek(int fd, off_t offset, int whence) +{ +#if defined(MPG123_COMPAT_MSVCRT_IO) + // Off_t is 32 bit and does fit into long. We know that. + return _lseek(fd, (long)offset, whence); +#else + return lseek(fd, offset, whence); +#endif +} + // This is assuming an internally opened file, which usually will be // using 64 bit offsets. It keeps reading on on trivial interruptions. // I guess any file descriptor that matches the libc should work fine. @@ -730,7 +763,7 @@ static int internal_read64(void *handle, void *buf, size_t bytes, size_t *got_by } #endif errno = 0; - ptrdiff_t part = read(fd, (char*)buf+got, bytes); + ptrdiff_t part = fallback_read(fd, (char*)buf+got, bytes); if(part > 0) // == 0 is end of file { SATURATE_SUB(bytes, part, 0) @@ -755,13 +788,15 @@ static int64_t internal_lseek64(void *handle, int64_t offset, int whence) struct wrap_data* ioh = handle; #ifdef LFS_LARGEFILE_64 return lseek64(ioh->fd, offset, whence); +#elif defined(MPG123_COMPAT_MSVCRT_IO_64) + return _lseeki64(ioh->fd, offset, whence); #else if(offset < OFF_MIN || offset > OFF_MAX) { errno = EOVERFLOW; return -1; } - return lseek(ioh->fd, (off_t)offset, whence); + return fallback_lseek(ioh->fd, (off_t)offset, whence); #endif } @@ -861,16 +896,6 @@ int INT123_wrap_open(mpg123_handle *mh, void *handle, const char *path, int fd, // So, native off_t reader replacement. -// Defining a wrapper to the native read to be sure the prototype matches. -// There are platforms where it is read(int, void*, unsigned int). -// We know that we read small chunks where the difference does not matter. Could -// apply specific hackery, use a common compat_read() (INT123_unintr_read()?) with system -// specifics. -static mpg123_ssize_t fallback_read(int fd, void *buf, size_t count) -{ - return read(fd, buf, count); -} - // In forced 64 bit offset mode, the only definitions of these are // the _64 ones. #ifdef FORCED_OFF_64 @@ -902,7 +927,7 @@ int attribute_align_arg mpg123_replace_reader(mpg123_handle *mh, mpg123_ssize_t ioh->iotype = IO_FD; ioh->fd = -1; /* On next mpg123_open_fd(), this gets a value. */ ioh->r_read = r_read != NULL ? r_read : fallback_read; - ioh->r_lseek = r_lseek != NULL ? r_lseek : lseek; + ioh->r_lseek = r_lseek != NULL ? r_lseek : fallback_lseek; } /* The real reader replacement will happen while opening. */ diff --git a/src/version.h b/src/version.h index e5c8a66..7356ed9 100644 --- a/src/version.h +++ b/src/version.h @@ -16,7 +16,7 @@ // only single spaces as separator to ease parsing by build scripts #define MPG123_MAJOR 1 #define MPG123_MINOR 32 -#define MPG123_PATCH 8 +#define MPG123_PATCH 9 // Don't get too wild with that to avoid confusing m4. No brackets. // Also, it should fit well into a sane file name for the tarball. #define MPG123_SUFFIX ""