Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635014 - app-cdr/cdrdao-1.2.3-r4 w/ media-sound/lame-3.100 - :: utils :: toc2mp3 :: undefined reference to `bitrate_table'
Summary: app-cdr/cdrdao-1.2.3-r4 w/ media-sound/lame-3.100 - :: utils :: toc2mp3 :: un...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Sound Team
URL:
Whiteboard:
Keywords: PATCH
: 639718 641746 (view as bug list)
Depends on:
Blocks: CVE-2017-15045, CVE-2017-15046
  Show dependency tree
 
Reported: 2017-10-21 18:37 UTC by Manfred Knick
Modified: 2017-12-24 11:43 UTC (History)
44 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info (0_emerge--info.txt,6.05 KB, text/plain)
2017-10-22 11:24 UTC, Manfred Knick
Details
/var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/build.log (build.log,21.36 KB, text/x-log)
2017-10-22 11:27 UTC, Manfred Knick
Details
/var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/environment (environment,100.19 KB, text/plain)
2017-10-22 11:28 UTC, Manfred Knick
Details
emerge-info.txt (emerge-info.txt,15.71 KB, text/plain)
2017-10-26 16:33 UTC, Toralf Förster
Details
app-cdr:cdrdao-1.2.3-r4:20171025-224208.log (app-cdr:cdrdao-1.2.3-r4:20171025-224208.log,48.04 KB, text/plain)
2017-10-26 16:33 UTC, Toralf Förster
Details
emerge-history.txt (emerge-history.txt,63.60 KB, text/plain)
2017-10-26 16:33 UTC, Toralf Förster
Details
environment (environment,100.79 KB, text/plain)
2017-10-26 16:33 UTC, Toralf Förster
Details
etc.portage.tbz2 (etc.portage.tbz2,11.61 KB, application/x-bzip)
2017-10-26 16:33 UTC, Toralf Förster
Details
logs.tbz2 (logs.tbz2,8.97 KB, application/x-bzip)
2017-10-26 16:33 UTC, Toralf Förster
Details
temp.tbz2 (temp.tbz2,31.34 KB, application/x-bzip)
2017-10-26 16:33 UTC, Toralf Förster
Details
cdrdao-1.2.3-dlopen-lame.patch (cdrdao-1.2.3-dlopen-lame.patch,10.95 KB, patch)
2017-10-27 15:36 UTC, Marco Genasci
Details | Diff
lame-3.100-bitrate_table.patch (lame-3.100-bitrate_table.patch,939 bytes, patch)
2017-11-13 14:31 UTC, Jan Kobler
Details | Diff
cdrdao-1.2.3-bitrate_table.patch (cdrdao-1.2.3-bitrate_table.patch,737 bytes, patch)
2017-12-09 23:26 UTC, Michael Palimaka (kensington)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Manfred Knick 2017-10-21 18:40:34 UTC
cdrdao is being pulled in by k3b as RDEPEND.
Comment 2 Manfred Knick 2017-10-22 11:24:40 UTC
Created attachment 499632 [details]
emerge --info

emerge --info =app-cdr/cdrdao-1.2.3-r4::gentoo  > 0_emerge--info.txt
Comment 3 Manfred Knick 2017-10-22 11:27:02 UTC
Created attachment 499636 [details]
/var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/build.log

/var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/build.log
Comment 4 Manfred Knick 2017-10-22 11:28:08 UTC
Created attachment 499638 [details]
/var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/environment

/var/tmp/portage/app-cdr/cdrdao-1.2.3-r4/temp/environment
Comment 5 Manfred Knick 2017-10-22 11:28:57 UTC
# emerge -pqv =app-cdr/cdrdao-1.2.3-r4::gentoo

[ebuild   R   ] app-cdr/cdrdao-1.2.3-r4  USE="encode mad vorbis"
Comment 6 Andreas Sturmlechner gentoo-dev 2017-10-22 16:11:43 UTC
@Manfred, why should we add a debian dlopen hack?
Comment 7 Manfred Knick 2017-10-22 16:25:27 UTC
(In reply to Andreas Sturmlechner from comment #6)
> @Manfred, why should we add a debian dlopen hack?
Don't.

Sorry - should have elaborated:

. . . "Possibly contains example of fix // patch to toc2mp3" :

Line 40 ff:
. . . diff -Naurp cdrdao.orig/utils/toc2mp3.cc cdrdao/utils/toc2mp3.cc

Line 81 ff:
. . . +static int (*dl_bitrate_table)[3][16];

HTH.

Kind regards
Manfred
Comment 8 cyrillic 2017-10-22 22:56:15 UTC
media-sound/lame-3.100 is what breaks cdrdao
going back to media-sound/lame-3.99.5-r1 fixes this compile problem
Comment 9 Manfred Knick 2017-10-23 07:47:16 UTC
(In reply to cyrillic from comment #8)
> media-sound/lame-3.100 is what breaks cdrdao
> going back to media-sound/lame-3.99.5-r1 fixes this compile problem

Cyril, you are perfectly right.

Unfortunately, 3.99.5 dates back from February 28 2012
and contains three CVE vulnerabilities - besides others;
whereas 3.100 from October 13 2017  contains a series of fixes.
so in the (not sooo) long run this should be be sorted out somehow.

I still have the impression that

. . . "Don't include the debian directory as one that is needed during builds. 
. . .  Patch taken from Debian's packaging of lame."

should be taken note of ;-)


[ https://svn.code.sf.net/p/lame/svn/trunk/lame/doc/html/history.html ]
Comment 10 Manfred Knick 2017-10-23 08:03:15 UTC
@Cyril, @Andreas:

Not in the slightest I would mind closing this bug
and re-attributing the whole issue to

. . .  =media-sound/lame-3.100:0

instead;
gut instinct is expecting other packages to run into similar problems yet undetected.
Comment 11 cyrillic 2017-10-23 23:29:52 UTC
(In reply to Manfred Knick from comment #10)

> gut instinct is expecting other packages to run into similar problems yet
> undetected.

On my (limited) tinderbox, app-cdr/cdrdao was the only package affected by the media-sound/lame update, so this may not be too difficult to fix ...
Comment 12 Manfred Knick 2017-10-25 10:34:52 UTC
Bug 634598 (CVE-2017-15045, CVE-2017-15046) - 
<media-sound/lame-3.100: 
malformed mp3 input causes buffer overflow and heap over-read 
(CVE-2017-{15045,15046})


3.100 has gone stable now for amd64.

Until app-cdr/cdrdao-1.2.3-r4 gets fixed,
this implies the need to privately mask =media-sound/lame-3.100
re-introducing the CVE jsut fixed  (!)
which is not preferred ad all.
Comment 13 Toralf Förster gentoo-dev 2017-10-26 16:33:35 UTC
appeared recently at the tinderbox image 17.0-desktop-plasma-systemd_libressl_20171024-183948
Comment 14 Toralf Förster gentoo-dev 2017-10-26 16:33:38 UTC
Created attachment 500294 [details]
emerge-info.txt
Comment 15 Toralf Förster gentoo-dev 2017-10-26 16:33:41 UTC
Created attachment 500296 [details]
app-cdr:cdrdao-1.2.3-r4:20171025-224208.log
Comment 16 Toralf Förster gentoo-dev 2017-10-26 16:33:44 UTC
Created attachment 500298 [details]
emerge-history.txt
Comment 17 Toralf Förster gentoo-dev 2017-10-26 16:33:47 UTC
Created attachment 500300 [details]
environment
Comment 18 Toralf Förster gentoo-dev 2017-10-26 16:33:50 UTC
Created attachment 500302 [details]
etc.portage.tbz2
Comment 19 Toralf Förster gentoo-dev 2017-10-26 16:33:54 UTC
Created attachment 500304 [details]
logs.tbz2
Comment 20 Toralf Förster gentoo-dev 2017-10-26 16:33:57 UTC
Created attachment 500306 [details]
temp.tbz2
Comment 21 kaszynek 2017-10-26 18:43:51 UTC
Great advice, to downgrade lame:

media-sound/lame-3.99.5-r1:
 * This package has a configure.in file which has long been deprecated.  Please
 * update it to use configure.ac instead as newer versions of autotools will die
 * when it finds this file.  See https://bugs.gentoo.org/426262 for details.
 * Running autoconf -I . --force ...
 [ !! ]

 * Failed Running autoconf !

https://paste.pound-python.org/show/0UBpyiGW8tQOE5KSyKri/

On my system
kde-apps/kde-meta-17.08.2: depends
....
kde-apps/kdemultimedia-meta-17.08.2: depends on
kde-apps/k3b-17.08.2: depends on
app-cdr/cdrdao

So generally until something gets fixed, I cannot install kde.
Comment 22 Manfred Knick 2017-10-26 22:28:09 UTC
(In reply to kaszynek from comment #21)

A)

> Great advice, to downgrade lame:
Zynism, disdainfulness and disrespect?

Cyril's analysis and wording in comment #8 were absolutely correct:

> media-sound/lame-3.100 is what breaks cdrdao
> going back to media-sound/lame-3.99.5-r1 fixes this _compile_ problem
_Nobody_ ever has stated this as a possible 'final solution'.

A patch would be appreciated ...   ;-)

B)

As a courtesy for you, I just ran

. . . emerge -1 =media-sound/lame-3.99.5-r1:0

successfully with zero complaints.

So please, double-check - 
and in case, file a bug (respectfully - if possible)
against

. . . media-sound/lame-3.99.5-r1

supplying the usual info,
esp. including "emerge --info" disclosing your environment

and leave a cross-reference over here.

Thanks.
Comment 23 Manfred Knick 2017-10-27 10:08:23 UTC
# equery uses app-cdr/cdrdao
 ...
 + + encode : Add support for encoding of audio or video files
 ...

(Limiting) (temporary)

. . . WORKAROUND :

. . . USE="-encode" emerge -1 =app-cdr/cdrdao-1.2.3-r4


E.g., insert

. . . =app-cdr/cdrdao-1.2.3-r4     -encode

into your

. . . /etc/portage/package.use

until this bug is fixed.

Hth to calm the waves,
granting Brendan the time necessary for a proper solution.
Comment 24 Marco Genasci 2017-10-27 15:36:00 UTC
Created attachment 500350 [details, diff]
cdrdao-1.2.3-dlopen-lame.patch

A possible patch.

Reference:
https://github.com/dankamongmen/sprezzos-world/blob/master/packaging/cdrdao/debian/patches/08-dlopen-lame.patch
Comment 25 Brendan Horan 2017-11-02 01:37:10 UTC
Thanks Manfred for your efforts. 

Unsure best way forward at the moment.
Is the Debain patch that bad ?
I doubt there are many people using packages lame functions. (but who knows)
Comment 26 Manfred Knick 2017-11-02 09:54:07 UTC
(In reply to Brendan Horan from comment #25)

> Is the Debain patch that bad ?
In contrast to Andreas (comment 6),
I don't pre-suppose that Debian colleages just "hack".

In comment 9, I pointed to the reason for their separation / inclusion.


(In reply to Marco Genasci from comment #24)

Thanks to Marco!

Comparing the 'original' Debian to Marcos patch,

  you can skip over the differences caused by
- Reuben Thomas using "diff -Naurp"    ( -p, --show-c-function )  (Debian)
- Marco Genasci using "diff -Naur"     ( without -p            )  (Gentoo)

  but note the difference in
- library handling (line 28..31, 35..37)
- CXXFLAGS handling (line 39..40)

I created 
. . . /etc/portage/patches/app-cdr/cdrdao-1.2.3
and placed Marcos version
. . . cdrdao-1.2.3-dlopen-lame.patch
into it:
. . . WORKAROUND (comment #23) not needed any more
Running
. . . app-cdr/cdrdao-1.2.3-r4::gentoo  USE="encode mad vorbis" 
emerged like a charm.
                                Note:       ^^^^^^

(In reply to Brendan Horan from comment #25)

> I doubt there are many people using packages lame functions. (but who knows)
I would include Marcos version into /usr/portage/app-cdr/cdrdao/files/
and pull that patch in a new [~] cdrdao-1.2.3-r5
   PATCHES=(...)
demanding
   RDEPEND="...
       encode? ( >=media-sound/lame-3.100 )     <---  instead of buggy ".99"

We'll get first hints from tinderboxes,
but final judgement will be provided by further BUGs getting filed or not ;-)

Just my 2 cents ...
Comment 27 André Terpstra 2017-11-08 20:15:01 UTC
Confirm the bug and the workaround in https://bugs.gentoo.org/635014#c23
Comment 28 Manfred Knick 2017-11-09 17:52:36 UTC
(In reply to André Terpstra from comment #27)

> Confirm the bug and the workaround in https://bugs.gentoo.org/635014#c23


(In reply to Manfred Knick from comment #26)

> . . . WORKAROUND (comment #23) not needed any more


@ André :

Exploiting Marcos patch version
would be the superior solution   ;-)

Please, have a try.
Comment 29 Jan Kobler 2017-11-12 22:49:49 UTC
Just a quick and short info, because I think I have found a solution:

I have added the entry bitrate_table at the end of the file
work/lame-3.100/include/libmp3lame.sym

bitrate_table

and at the end of the file
work/lame-3.100/include/lame.def

bitrate_table  @2027

ebuild adds it then to 
work/lame-3.100-abi_x86_64.amd64/libmp3lame/.libs/libmp3lame.ver

cd /var/tmp/portage/media-sound/lame-3.100
egrep -R bitrate_table work --include=*.ver --include=*.h --include=*.sym --include=*.def

work/lame-3.100/include/libmp3lame.sym:bitrate_table
work/lame-3.100/include/lame.def:bitrate_table  @2027
work/lame-3.100-abi_x86_64.amd64/libmp3lame/.libs/libmp3lame.ver:bitrate_table;


rm /var/tmp/portage/media-sound/lame-3.100/.configured
ebuild /mnt/gauss/gentoo/portage-01/media-sound/lame/lame-3.100.ebuild install

cd /var/tmp/portage/media-sound/lame-3.100
objdump -t -T -r -R image/usr/lib64/libmp3lame.so 

contains

0000000000249f98 R_X86_64_GLOB_DAT  bitrate_table@@Base


ebuild /mnt/gauss/gentoo/portage-01/media-sound/lame/lame-3.100.ebuild qmerge


Then I have been able to build cdrdao

emerge -av1 cdrdao

ebuild   R    ] app-cdr/cdrdao-1.2.3-r1::gentoo  USE="encode mad vorbis (-gcdmaster)"

I have not tried this patch with app-cdr/cdrdao-1.2.3-r4 so far.
I hope this helps.
Comment 30 Jan Kobler 2017-11-13 14:31:50 UTC
Created attachment 503842 [details, diff]
lame-3.100-bitrate_table.patch

After applying the patch lame-3.100-bitrate_table.patch to lame-3.100, I am able to build cdrdao-1.2.3-r4.

# unpack
rm -rf /var/tmp/portage/media-sound/lame-3.100
ebuild /usr/portage/media-sound/lame/lame-3.100.ebuild unpack

# test patch
cd /var/tmp/portage/media-sound/lame-3.100/work/lame-3.100
patch --dry-run -p1 < lame-3.100-bitrate_table.patch

# apply patch
cd /var/tmp/portage/media-sound/lame-3.100/work/lame-3.100
patch -p1 < lame-3.100-bitrate_table.patch

ebuild /usr/portage/media-sound/lame/lame-3.100.ebuild merge

# bitrate_table is now a global symbol in libmp3lame.so
objdump -t -T -r -R /usr/lib64/libmp3lame.so | grep bitrate_table

000000000003bf80 g    DO .rodata        00000000000000c0  Base        bitrate_table
0000000000249f98 R_X86_64_GLOB_DAT  bitrate_table@@Base

# now I am able to build app-cdr/cdrdao-1.2.3-r4
emerge -av1 cdrdao

[ebuild     U  ] app-cdr/cdrdao-1.2.3-r4::gentoo [1.2.3-r1::gentoo] USE="encode mad vorbis (-gcdmaster%)" 0 KiB

I hope this helps.
Comment 31 Toralf Förster gentoo-dev 2017-11-19 19:15:30 UTC
seems to be gcc-6 related, ‎ I switched at my desktop to gcc-6 today and I'm now in the revdep-rebuild step, where this fallout apeared
Comment 32 Pavel Goran 2017-11-20 08:23:01 UTC
(In reply to Toralf Förster from comment #31)
> seems to be gcc-6 related, ‎ I switched at my desktop to gcc-6 today and I'm
> now in the revdep-rebuild step, where this fallout apeared

This doesn't see to be the case. I have this problem with gcc-5.
Comment 33 Frank Noack 2017-11-20 21:21:51 UTC
Thanks to Jan Kobler. Your lame-3.100-bitrate_table.patch works fine for me.
Comment 34 Bob Johnson 2017-11-24 06:37:13 UTC
Same here. Jan Kobler's patch fixes this on my stable amd64 system.
Comment 35 Andreas Sturmlechner gentoo-dev 2017-11-25 19:45:15 UTC
Nice find. Jan, did you propose your change to lame upstream already?

Re-assigning to lame maintainers.
Comment 36 Jan Kobler 2017-11-27 12:18:05 UTC
I have published the patch also at https://sourceforge.net/p/lame/patches/77/
Comment 37 Mark Knecht 2017-12-03 13:50:48 UTC
+1 on the problem. Only k3b on my system depends on it. Showed up here with the profile changes to version 17.
Comment 38 Manfred Knick 2017-12-03 15:45:50 UTC
CONFIRMATION:

Placing lame-3.100-bitrate_table.patch
into    /etc/portage/patches/media-sound/lame-3.100 ,

emerge of
- media-sound/lame-3.100
- app-cdr/cdrdao-1.2.3-r4
- kde-apps/k3b-17.08.3
succeeded 
after system-rebuild with
- "New 17.0 profiles in the Gentoo repository"
also.
Comment 39 Andreas Sturmlechner gentoo-dev 2017-12-04 07:11:12 UTC
*** Bug 639718 has been marked as a duplicate of this bug. ***
Comment 40 mercuriete 2017-12-09 20:04:26 UTC
It seems lame developers says makes more sense to patch cdrao

https://sourceforge.net/p/lame/patches/77/

they said: "it would be better to use the officel lame_get_bitrate function."

What about that?



Thanks for your effort :)
Comment 41 Michael Palimaka (kensington) gentoo-dev 2017-12-09 23:26:13 UTC
Created attachment 509168 [details, diff]
cdrdao-1.2.3-bitrate_table.patch

Attached patch didn't immediately make toc2mp3 explode, it would be nice though if somebody using this tool could verify.
Comment 42 shinydoofy 2017-12-10 12:18:18 UTC
(In reply to Michael Palimaka (kensington) from comment #41)
> Created attachment 509168 [details, diff] [details, diff]
> cdrdao-1.2.3-bitrate_table.patch
Compiles fine with gcc 7.2.0, thanks!
Comment 43 mercuriete 2017-12-10 20:22:55 UTC
compiles fine with gcc 6.4.0

didnt test because i dont have any cd audio to test toc2mp3. Ill try to get one.


toc2mp3 output:

$ toc2mp3 
ERROR: Missing toc-file name.
Usage: toc2mp3 [-v #] [-d target-dir ] [-c] { -V | toc-file }

Converts an audio CD disk image (.toc file) to mp3 files.
Each track will be written to a separate mp3 file.
Special care is taken that the mp3 files can be played in sequence
without having unwanted noise at the transition points.
CD-TEXT information (if available) is used to set ID3 (v2) tags and to
construct the name of the mp3 files.

Options:
  -h               Shows this help.
  -v <n>           Sets verbose level to <n> (0..2).
  -d <target-dir>  Specifies directory the mp3 files will be
                   written to.
  -c               Adds a sub-directory composed out of CD title
                   and author to <target-dir> specified with -d.
  -b <bit rate>    Sets bit rate used for encoding (default 192 kbit/s).
                   See below for supported bit rates.

LAME encoder version: 3.100
Supported bit rates: 0 32 40 48 56 64 80 96 112 128 160 192 224 256 320 




Check that Supported bit rates reports something.

Thanks for your work :)
Comment 44 myoung008 2017-12-11 17:53:27 UTC
Attachment 509168 [details, diff] works for me. x86_64

gcc 6.4.0.  I'm updating to Gentoo profile 17.0.

Thanks!
Comment 45 Michael Palimaka (kensington) gentoo-dev 2017-12-15 13:06:26 UTC
@Brendan, what do you think about the cdrdao patch? Can I commit it?
Comment 46 Manfred Knick 2017-12-15 14:13:35 UTC
(In reply to Michael Palimaka (kensington) from comment #45)

Hi, Michael, just to confirm:
Exploiting your 
. . . /etc/portage/patches/app-cdr/cdrdao/cdrdao-1.2.3-bitrate_table.patch,
building newly released kde-apps/k3b-17.12.0
as well as re-building 
- media-sound/lame-3.100
- app-cdr/cdrdao-1.2.3-r4
AFAICS, nothing breaks, k3b works.

$ toc2mp3 -h
  ...
LAME encoder version: 3.100
Supported bit rates: 0 32 40 48 56 64 80 96 112 128 160 192 224 256 320 

Anybody out there using toc2mp3 ?
Comment 47 Rob Tongue 2017-12-16 18:57:42 UTC
the lame-3.100-bitrate_table.patch worked for me as well.  Thank you.
Comment 48 Brendan Horan 2017-12-19 09:03:44 UTC
(In reply to Michael Palimaka (kensington) from comment #45)
> @Brendan, what do you think about the cdrdao patch? Can I commit it?

I've only just had a moment to test this, sorry for the delay.

No issues with the patch, thanks.
Comment 49 Émeric Maschino 2017-12-19 19:38:28 UTC
*** Bug 641746 has been marked as a duplicate of this bug. ***
Comment 50 Larry the Git Cow gentoo-dev 2017-12-19 22:44:15 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b91829596d09d210b12edc8eee0aacbb1291107

commit 0b91829596d09d210b12edc8eee0aacbb1291107
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2017-12-19 22:42:28 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-19 22:43:20 +0000

    app-cdr/cdrdao: Fix build with >=media-sound/lame-3.100
    
    Thanks-to: Michael Palimaka (kensington) <kensington@gentoo.org>
    Tested-by: Brendan Horan <brendan@horan.hk>
    Closes: https://bugs.gentoo.org/635014
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-cdr/cdrdao/cdrdao-1.2.3-r4.ebuild              | 13 +++++++-----
 app-cdr/cdrdao/files/cdrdao-1.2.3-lame-3.100.patch | 24 ++++++++++++++++++++++
 2 files changed, 32 insertions(+), 5 deletions(-)