{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Security fix for CVE-2004-2779 and CVE-2017-11550\n", "type": "security", "status": "stable", "request": null, "severity": "low", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-03-29 14:44:23", "date_modified": "2018-03-30 15:35:22", "date_approved": null, "date_testing": "2018-04-01 04:51:23", "date_stable": "2018-04-09 19:08:06", "alias": "FEDORA-2018-e06468b832", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2018-04-09 19:08:06", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2018-e06468b832", "title": "libid3tag-0.15.1b-26.fc27", "version_hash": "9f27ab90fab03ebb6bdcaec630ffda60b1df2e9c", "release": {"name": "F27", "long_name": "Fedora 27", "version": "27", "id_prefix": "FEDORA", "branch": "f27", "dist_tag": "f27", "stable_tag": "f27-updates", "testing_tag": "f27-updates-testing", "candidate_tag": "f27-updates-candidate", "pending_signing_tag": "f27-signing-pending", "pending_testing_tag": "f27-updates-testing-pending", "pending_stable_tag": "f27-updates-pending", "override_tag": "f27-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "amigadave", "email": "amigadave@amigadave.com", "id": 545, "avatar": "https://seccdn.libravatar.org/avatar/aed12a04608957ae5588a69eb02529be4012f55b05b05cd5ede2355bdf3e0b4e?s=24&d=retro", "openid": "amigadave.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "gnome-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by amigadave. ", "timestamp": "2018-03-29 14:44:23", "update_id": 111312, "user_id": 91, "id": 755613, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-03-29 17:59:29", "update_id": 111312, "user_id": 91, "id": 755826, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Looks good to me.", "timestamp": "2018-03-30 13:52:53", "update_id": 111312, "user_id": 2713, "id": 757082, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "sassam", "email": "thebeardedhermit@hotmail.com", "id": 2713, "avatar": "https://seccdn.libravatar.org/avatar/8cff9c928094ed16aea365b47b09471bdf6a66c91a73328b80c20afa03dbff6d?s=24&d=retro", "openid": "sassam.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "are you kidding me?\n\n[root@srv-rhsoft:~]$ /usr/bin/mpd --no-daemon --stderr\n/usr/bin/mpd: symbol lookup error: /lib64/libid3tag.so.0: undefined symbol: id3_compat_fixup\n\n2018-03-30T10:57:03Z INFO Upgraded: kid3-common-3.6.0-1.fc27.x86_64\n2018-03-30T10:57:03Z INFO Upgraded: kid3-3.6.0-1.fc27.x86_64\n2018-03-30T10:57:05Z INFO Upgraded: libid3tag-0.15.1b-25.fc27.x86_64\n\ni even re-compiled \"mpd\", stil don't work\n[root@srv-rhsoft:~]$ /usr/bin/mpd --no-daemon --stderr\n/usr/bin/mpd: symbol lookup error: /lib64/libid3tag.so.0: undefined symbol: id3_compat_fixup", "timestamp": "2018-03-30 14:15:40", "update_id": 111312, "user_id": 182, "id": 757143, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "hreindl", "email": "h.reindl@thelounge.net", "id": 182, "avatar": "https://seccdn.libravatar.org/avatar/664e0d25c0404b7a153b4dbc5dc1f3d1be6a2e9fd91115fbb929fe16a55d21d7?s=24&d=retro", "openid": "hreindl.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.", "timestamp": "2018-03-30 14:15:40", "update_id": 111312, "user_id": 91, "id": 757144, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "It looks to me like gperf is not a build requirement and with the patch to compat.gperf, the Makefile tries to use it to rebuild compat.c.  This fails and creates an empty compat.c.  Here's a snip from the build.log:\n\n```\nconfig.status: executing depfiles commands\n+ make -j48 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables'\ncd . &&  \\\ngperf -tCcTonD -K id -N id3_compat_lookup -s -3 -k '*'  \\\n\tcompat.gperf |  \\\nsed -e 's/\\(struct id3_compat\\);/\\1/' |  \\\nsed -e '/\\$''Id: /s/\\$//g' >compat.c\n/bin/sh: line 1: gperf: command not found\nmake  all-recursive\n```\n\nUnfortuantely, adding gperf causes the build to fail:\n\n```\ncompat.gperf:116:1: error: conflicting types for 'id3_compat_lookup'\n TSIZ, OBSOLETE  /* Size [obsolete] */\n ^~~~~~~~~~~~~~~~~\nIn file included from compat.gperf:37:0:\ncompat.h:36:26: note: previous declaration of 'id3_compat_lookup' was here\n struct id3_compat const *id3_compat_lookup(register char const *,\n                          ^~~~~~~~~~~~~~~~~\n```\n\nI haven't looked any further at how to resolve this yet, but thought I'd post what I've found in case someone else has time to work on this.", "timestamp": "2018-03-30 14:46:36", "update_id": 111312, "user_id": 136, "id": 757164, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "tmz", "email": "tmz@pobox.com", "id": 136, "avatar": "https://seccdn.libravatar.org/avatar/0ad6185a6acbd9fd4210c6d874b857b118e6373ea6e5fd3b56af40662c3a000b?s=24&d=retro", "openid": "tmz.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "web"}, {"name": "gitfedora-web"}, {"name": "git-maint"}, {"name": "gitkeychecker"}]}}, {"karma": 0, "karma_critpath": 0, "text": "FWIW, the dist.abicheck flags the removal of the 2 id3_compat_* symbols:\n\nhttps://taskotron.fedoraproject.org/artifacts/all/507ff11c-335f-11e8-a32b-525400fc9f92/tests.yml/libid3tag-0.15.1b-25.fc27.log", "timestamp": "2018-03-30 14:52:12", "update_id": 111312, "user_id": 136, "id": 757186, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "tmz", "email": "tmz@pobox.com", "id": 136, "avatar": "https://seccdn.libravatar.org/avatar/0ad6185a6acbd9fd4210c6d874b857b118e6373ea6e5fd3b56af40662c3a000b?s=24&d=retro", "openid": "tmz.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "web"}, {"name": "gitfedora-web"}, {"name": "git-maint"}, {"name": "gitkeychecker"}]}}, {"karma": 0, "karma_critpath": 0, "text": "amigadave edited this update.\n\nNew build(s):\n\n- libid3tag-0.15.1b-26.fc27\n\nRemoved build(s):\n\n- libid3tag-0.15.1b-25.fc27\n\nKarma has been reset.", "timestamp": "2018-03-30 15:35:17", "update_id": 111312, "user_id": 91, "id": 757237, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by amigadave. ", "timestamp": "2018-03-30 15:35:19", "update_id": 111312, "user_id": 91, "id": 757238, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-04-01 04:53:28", "update_id": 111312, "user_id": 91, "id": 758257, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2018-04-04 11:16:43", "update_id": 111312, "user_id": 491, "id": 760147, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2018-04-04 22:26:12", "update_id": 111312, "user_id": 124, "id": 760738, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "filiperosset", "email": "rosset.filipe@gmail.com", "id": 124, "avatar": "https://seccdn.libravatar.org/avatar/f4394b8fb4c9a99c4b534dc724912fe75a5b87fe15048985ece8388c2441d0ca?s=24&d=retro", "openid": "filiperosset.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "trust admins"}, {"name": "signed_fpca"}, {"name": "fedora-contributor"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "ipausers"}, {"name": "fedora-br"}, {"name": "fedorabugs"}, {"name": "ambassadors"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2018-04-08 06:00:16", "update_id": 111312, "user_id": 91, "id": 763027, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by amigadave. ", "timestamp": "2018-04-08 07:45:07", "update_id": 111312, "user_id": 91, "id": 763057, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2018-04-09 03:00:14", "update_id": 111312, "user_id": 91, "id": 763223, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2018-04-09 19:09:37", "update_id": 111312, "user_id": 91, "id": 763658, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "libid3tag-0.15.1b-26.fc27", "signed": true, "release_id": 17, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1478934, "title": "CVE-2017-11550 libid3tag: NULL Pointer Dereference in id3_ucs4_length function in ucs4.c", "security": true, "parent": true, "feedback": []}, {"bug_id": 1561983, "title": "CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop", "security": true, "parent": true, "feedback": []}, {"bug_id": 1561985, "title": "CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2018-e06468b832", "karma": 2, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}