Please c.f. https://github.com/dankamongmen/sprezzos-world/blob/master/packaging/cdrdao/debian/patches/08-dlopen-lame.patch
cdrdao is being pulled in by k3b as RDEPEND.
Created attachment 499632 [details] emerge --info emerge --info =app-cdr/cdrdao-1.2.3-r4::gentoo > 0_emerge--info.txt
Created attachment 499636 [details] /var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/build.log /var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/build.log
Created attachment 499638 [details] /var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/environment /var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/environment
# emerge -pqv =app-cdr/cdrdao-1.2.3-r4::gentoo [ebuild R ] app-cdr/cdrdao-1.2.3-r4 USE="encode mad vorbis"
@Manfred, why should we add a debian dlopen hack?
(In reply to Andreas Sturmlechner from comment #6) > @Manfred, why should we add a debian dlopen hack? Don't. Sorry - should have elaborated: . . . "Possibly contains example of fix // patch to toc2mp3" : Line 40 ff: . . . diff -Naurp cdrdao.orig/utils/toc2mp3.cc cdrdao/utils/toc2mp3.cc Line 81 ff: . . . +static int (*dl_bitrate_table)[3][16]; HTH. Kind regards Manfred
media-sound/lame-3.100 is what breaks cdrdao going back to media-sound/lame-3.99.5-r1 fixes this compile problem
(In reply to cyrillic from comment #8) > media-sound/lame-3.100 is what breaks cdrdao > going back to media-sound/lame-3.99.5-r1 fixes this compile problem Cyril, you are perfectly right. Unfortunately, 3.99.5 dates back from February 28 2012 and contains three CVE vulnerabilities - besides others; whereas 3.100 from October 13 2017 contains a series of fixes. so in the (not sooo) long run this should be be sorted out somehow. I still have the impression that . . . "Don't include the debian directory as one that is needed during builds. . . . Patch taken from Debian's packaging of lame." should be taken note of ;-) [ https://svn.code.sf.net/p/lame/svn/trunk/lame/doc/html/history.html ]
@Cyril, @Andreas: Not in the slightest I would mind closing this bug and re-attributing the whole issue to . . . =media-sound/lame-3.100:0 instead; gut instinct is expecting other packages to run into similar problems yet undetected.
(In reply to Manfred Knick from comment #10) > gut instinct is expecting other packages to run into similar problems yet > undetected. On my (limited) tinderbox, app-cdr/cdrdao was the only package affected by the media-sound/lame update, so this may not be too difficult to fix ...
Bug 634598 (CVE-2017-15045, CVE-2017-15046) - <media-sound/lame-3.100: malformed mp3 input causes buffer overflow and heap over-read (CVE-2017-{15045,15046}) 3.100 has gone stable now for amd64. Until app-cdr/cdrdao-1.2.3-r4 gets fixed, this implies the need to privately mask =media-sound/lame-3.100 re-introducing the CVE jsut fixed (!) which is not preferred ad all.
appeared recently at the tinderbox image 17.0-desktop-plasma-systemd_libressl_20171024-183948
Created attachment 500294 [details] emerge-info.txt
Created attachment 500296 [details] app-cdr:cdrdao-1.2.3-r4:20171025-224208.log
Created attachment 500298 [details] emerge-history.txt
Created attachment 500300 [details] environment
Created attachment 500302 [details] etc.portage.tbz2
Created attachment 500304 [details] logs.tbz2
Created attachment 500306 [details] temp.tbz2
Great advice, to downgrade lame: media-sound/lame-3.99.5-r1: * This package has a configure.in file which has long been deprecated. Please * update it to use configure.ac instead as newer versions of autotools will die * when it finds this file. See https://bugs.gentoo.org/426262 for details. * Running autoconf -I . --force ... [ !! ] * Failed Running autoconf ! https://paste.pound-python.org/show/0UBpyiGW8tQOE5KSyKri/ On my system kde-apps/kde-meta-17.08.2: depends .... kde-apps/kdemultimedia-meta-17.08.2: depends on kde-apps/k3b-17.08.2: depends on app-cdr/cdrdao So generally until something gets fixed, I cannot install kde.
(In reply to kaszynek from comment #21) A) > Great advice, to downgrade lame: Zynism, disdainfulness and disrespect? Cyril's analysis and wording in comment #8 were absolutely correct: > media-sound/lame-3.100 is what breaks cdrdao > going back to media-sound/lame-3.99.5-r1 fixes this _compile_ problem _Nobody_ ever has stated this as a possible 'final solution'. A patch would be appreciated ... ;-) B) As a courtesy for you, I just ran . . . emerge -1 =media-sound/lame-3.99.5-r1:0 successfully with zero complaints. So please, double-check - and in case, file a bug (respectfully - if possible) against . . . media-sound/lame-3.99.5-r1 supplying the usual info, esp. including "emerge --info" disclosing your environment and leave a cross-reference over here. Thanks.
# equery uses app-cdr/cdrdao ... + + encode : Add support for encoding of audio or video files ... (Limiting) (temporary) . . . WORKAROUND : . . . USE="-encode" emerge -1 =app-cdr/cdrdao-1.2.3-r4 E.g., insert . . . =app-cdr/cdrdao-1.2.3-r4 -encode into your . . . /etc/portage/package.use until this bug is fixed. Hth to calm the waves, granting Brendan the time necessary for a proper solution.
Created attachment 500350 [details, diff] cdrdao-1.2.3-dlopen-lame.patch A possible patch. Reference: https://github.com/dankamongmen/sprezzos-world/blob/master/packaging/cdrdao/debian/patches/08-dlopen-lame.patch
Thanks Manfred for your efforts. Unsure best way forward at the moment. Is the Debain patch that bad ? I doubt there are many people using packages lame functions. (but who knows)
(In reply to Brendan Horan from comment #25) > Is the Debain patch that bad ? In contrast to Andreas (comment 6), I don't pre-suppose that Debian colleages just "hack". In comment 9, I pointed to the reason for their separation / inclusion. (In reply to Marco Genasci from comment #24) Thanks to Marco! Comparing the 'original' Debian to Marcos patch, you can skip over the differences caused by - Reuben Thomas using "diff -Naurp" ( -p, --show-c-function ) (Debian) - Marco Genasci using "diff -Naur" ( without -p ) (Gentoo) but note the difference in - library handling (line 28..31, 35..37) - CXXFLAGS handling (line 39..40) I created . . . /etc/portage/patches/app-cdr/cdrdao-1.2.3 and placed Marcos version . . . cdrdao-1.2.3-dlopen-lame.patch into it: . . . WORKAROUND (comment #23) not needed any more Running . . . app-cdr/cdrdao-1.2.3-r4::gentoo USE="encode mad vorbis" emerged like a charm. Note: ^^^^^^ (In reply to Brendan Horan from comment #25) > I doubt there are many people using packages lame functions. (but who knows) I would include Marcos version into /usr/portage/app-cdr/cdrdao/files/ and pull that patch in a new [~] cdrdao-1.2.3-r5 PATCHES=(...) demanding RDEPEND="... encode? ( >=media-sound/lame-3.100 ) <--- instead of buggy ".99" We'll get first hints from tinderboxes, but final judgement will be provided by further BUGs getting filed or not ;-) Just my 2 cents ...
Confirm the bug and the workaround in https://bugs.gentoo.org/635014#c23
(In reply to André Terpstra from comment #27) > Confirm the bug and the workaround in https://bugs.gentoo.org/635014#c23 (In reply to Manfred Knick from comment #26) > . . . WORKAROUND (comment #23) not needed any more @ André : Exploiting Marcos patch version would be the superior solution ;-) Please, have a try.
Just a quick and short info, because I think I have found a solution: I have added the entry bitrate_table at the end of the file work/lame-3.100/include/libmp3lame.sym bitrate_table and at the end of the file work/lame-3.100/include/lame.def bitrate_table @2027 ebuild adds it then to work/lame-3.100-abi_x86_64.amd64/libmp3lame/.libs/libmp3lame.ver cd /var/tmp/portage/media-sound/lame-3.100 egrep -R bitrate_table work --include=*.ver --include=*.h --include=*.sym --include=*.def work/lame-3.100/include/libmp3lame.sym:bitrate_table work/lame-3.100/include/lame.def:bitrate_table @2027 work/lame-3.100-abi_x86_64.amd64/libmp3lame/.libs/libmp3lame.ver:bitrate_table; rm /var/tmp/portage/media-sound/lame-3.100/.configured ebuild /mnt/gauss/gentoo/portage-01/media-sound/lame/lame-3.100.ebuild install cd /var/tmp/portage/media-sound/lame-3.100 objdump -t -T -r -R image/usr/lib64/libmp3lame.so contains 0000000000249f98 R_X86_64_GLOB_DAT bitrate_table@@Base ebuild /mnt/gauss/gentoo/portage-01/media-sound/lame/lame-3.100.ebuild qmerge Then I have been able to build cdrdao emerge -av1 cdrdao ebuild R ] app-cdr/cdrdao-1.2.3-r1::gentoo USE="encode mad vorbis (-gcdmaster)" I have not tried this patch with app-cdr/cdrdao-1.2.3-r4 so far. I hope this helps.
Created attachment 503842 [details, diff] lame-3.100-bitrate_table.patch After applying the patch lame-3.100-bitrate_table.patch to lame-3.100, I am able to build cdrdao-1.2.3-r4. # unpack rm -rf /var/tmp/portage/media-sound/lame-3.100 ebuild /usr/portage/media-sound/lame/lame-3.100.ebuild unpack # test patch cd /var/tmp/portage/media-sound/lame-3.100/work/lame-3.100 patch --dry-run -p1 < lame-3.100-bitrate_table.patch # apply patch cd /var/tmp/portage/media-sound/lame-3.100/work/lame-3.100 patch -p1 < lame-3.100-bitrate_table.patch ebuild /usr/portage/media-sound/lame/lame-3.100.ebuild merge # bitrate_table is now a global symbol in libmp3lame.so objdump -t -T -r -R /usr/lib64/libmp3lame.so | grep bitrate_table 000000000003bf80 g DO .rodata 00000000000000c0 Base bitrate_table 0000000000249f98 R_X86_64_GLOB_DAT bitrate_table@@Base # now I am able to build app-cdr/cdrdao-1.2.3-r4 emerge -av1 cdrdao [ebuild U ] app-cdr/cdrdao-1.2.3-r4::gentoo [1.2.3-r1::gentoo] USE="encode mad vorbis (-gcdmaster%)" 0 KiB I hope this helps.
seems to be gcc-6 related, I switched at my desktop to gcc-6 today and I'm now in the revdep-rebuild step, where this fallout apeared
(In reply to Toralf Förster from comment #31) > seems to be gcc-6 related, I switched at my desktop to gcc-6 today and I'm > now in the revdep-rebuild step, where this fallout apeared This doesn't see to be the case. I have this problem with gcc-5.
Thanks to Jan Kobler. Your lame-3.100-bitrate_table.patch works fine for me.
Same here. Jan Kobler's patch fixes this on my stable amd64 system.
Nice find. Jan, did you propose your change to lame upstream already? Re-assigning to lame maintainers.
I have published the patch also at https://sourceforge.net/p/lame/patches/77/
+1 on the problem. Only k3b on my system depends on it. Showed up here with the profile changes to version 17.
CONFIRMATION: Placing lame-3.100-bitrate_table.patch into /etc/portage/patches/media-sound/lame-3.100 , emerge of - media-sound/lame-3.100 - app-cdr/cdrdao-1.2.3-r4 - kde-apps/k3b-17.08.3 succeeded after system-rebuild with - "New 17.0 profiles in the Gentoo repository" also.
*** Bug 639718 has been marked as a duplicate of this bug. ***
It seems lame developers says makes more sense to patch cdrao https://sourceforge.net/p/lame/patches/77/ they said: "it would be better to use the officel lame_get_bitrate function." What about that? Thanks for your effort :)
Created attachment 509168 [details, diff] cdrdao-1.2.3-bitrate_table.patch Attached patch didn't immediately make toc2mp3 explode, it would be nice though if somebody using this tool could verify.
(In reply to Michael Palimaka (kensington) from comment #41) > Created attachment 509168 [details, diff] [details, diff] > cdrdao-1.2.3-bitrate_table.patch Compiles fine with gcc 7.2.0, thanks!
compiles fine with gcc 6.4.0 didnt test because i dont have any cd audio to test toc2mp3. Ill try to get one. toc2mp3 output: $ toc2mp3 ERROR: Missing toc-file name. Usage: toc2mp3 [-v #] [-d target-dir ] [-c] { -V | toc-file } Converts an audio CD disk image (.toc file) to mp3 files. Each track will be written to a separate mp3 file. Special care is taken that the mp3 files can be played in sequence without having unwanted noise at the transition points. CD-TEXT information (if available) is used to set ID3 (v2) tags and to construct the name of the mp3 files. Options: -h Shows this help. -v <n> Sets verbose level to <n> (0..2). -d <target-dir> Specifies directory the mp3 files will be written to. -c Adds a sub-directory composed out of CD title and author to <target-dir> specified with -d. -b <bit rate> Sets bit rate used for encoding (default 192 kbit/s). See below for supported bit rates. LAME encoder version: 3.100 Supported bit rates: 0 32 40 48 56 64 80 96 112 128 160 192 224 256 320 Check that Supported bit rates reports something. Thanks for your work :)
Attachment 509168 [details, diff] works for me. x86_64 gcc 6.4.0. I'm updating to Gentoo profile 17.0. Thanks!
@Brendan, what do you think about the cdrdao patch? Can I commit it?
(In reply to Michael Palimaka (kensington) from comment #45) Hi, Michael, just to confirm: Exploiting your . . . /etc/portage/patches/app-cdr/cdrdao/cdrdao-1.2.3-bitrate_table.patch, building newly released kde-apps/k3b-17.12.0 as well as re-building - media-sound/lame-3.100 - app-cdr/cdrdao-1.2.3-r4 AFAICS, nothing breaks, k3b works. $ toc2mp3 -h ... LAME encoder version: 3.100 Supported bit rates: 0 32 40 48 56 64 80 96 112 128 160 192 224 256 320 Anybody out there using toc2mp3 ?
the lame-3.100-bitrate_table.patch worked for me as well. Thank you.
(In reply to Michael Palimaka (kensington) from comment #45) > @Brendan, what do you think about the cdrdao patch? Can I commit it? I've only just had a moment to test this, sorry for the delay. No issues with the patch, thanks.
*** Bug 641746 has been marked as a duplicate of this bug. ***
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b91829596d09d210b12edc8eee0aacbb1291107 commit 0b91829596d09d210b12edc8eee0aacbb1291107 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2017-12-19 22:42:28 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2017-12-19 22:43:20 +0000 app-cdr/cdrdao: Fix build with >=media-sound/lame-3.100 Thanks-to: Michael Palimaka (kensington) <kensington@gentoo.org> Tested-by: Brendan Horan <brendan@horan.hk> Closes: https://bugs.gentoo.org/635014 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-cdr/cdrdao/cdrdao-1.2.3-r4.ebuild | 13 +++++++----- app-cdr/cdrdao/files/cdrdao-1.2.3-lame-3.100.patch | 24 ++++++++++++++++++++++ 2 files changed, 32 insertions(+), 5 deletions(-)
