[MIR] opus (b-d of jackd2)

I reviewed opus version 1.0.1-0ubuntu1 as checked into Saucy. This should
not be considered a full security audit, but a quick gauge of code
quality.

- opus is a low-latency audio codec, it provides a library that can be
  used by applications needing RFC 6716 support
- No cryptography
- Does not itself perform networking, input may be from a network
- Build-Depends on doxygen
- Does not daemonize
- May run as a system user if linked into an appropriate application
- No initscripts
- No dbus
- No setuid
- No privileged portions of code
- No udev rules
- No sudo fragments
- No cron jobs
- Good test suite run at build, malloc check and valgrind integration
  available
- Clean build logs

Lintian warnings:
W: libopus0: possible-new-upstream-release-without-new-version
W: libopus-doc: possible-new-upstream-release-without-new-version
W: libopus-doc: embedded-javascript-library usr/share/doc/libopus-doc/html/jquery.js
W: opus source: outdated-autotools-helper-file config.guess 2012-01-01
W: opus source: outdated-autotools-helper-file config.sub 2012-01-01
W: opus source: out-of-date-standards-version 3.9.3.1 (current is 3.9.4)

- No subprocesses spawned
- Extensive explicit memory management, most of it looked safe, some
  aspects of relying upon codec state for size of data copies isn't
  wonderful, as finding the amount of data being copied may be quite
  difficult to discover when performing maintenance
- Encouraging assert() macros throughout much of the codebase
- Demo programs do file IO only on command-line argument files
- Logging looked safe
- Environment variables used only during test suites, not investigated
- No privileged portions of code
- No cryptography
- No networking
- No temporary file handling
- No webkit
- No qtjsbackend
- No policykit

While the coding style of this library was at times grating, it looked
well-programmed with good defensive checks throughout, and the test suite
looked extensive.

As a codec, it does depend heavily upon expert knowledge to fix
codec-level bugs, so we would be reliant upon upstream for many potential
fixes.

Some notes I took while reading the code, in the hopes that someone finds
them useful:

- opus_demo.c casts return value from malloc(3), disabling warnings
- ./celt/opus_custom_demo.c integer overflows and unchecked malloc(3)
  returns:
   in = (opus_int16*)malloc(frame_size*channels*sizeof(opus_int16));
   out = (opus_int16*)malloc(frame_size*channels*sizeof(opus_int16));
- Casts in opus_fft_free() appear to defeat const-correctness, why?

Security team ACK for including in main.

Thanks

Override component to main
opus 1.0.1-0ubuntu1 in saucy: universe/sound -> main
libopus-dbg 1.0.1-0ubuntu1 in saucy amd64: universe/debug/extra/100% -> main
libopus-dbg 1.0.1-0ubuntu1 in saucy armhf: universe/debug/extra/100% -> main
libopus-dbg 1.0.1-0ubuntu1 in saucy i386: universe/debug/extra/100% -> main
libopus-dbg 1.0.1-0ubuntu1 in saucy powerpc: universe/debug/extra/100% -> main
libopus-dev 1.0.1-0ubuntu1 in saucy amd64: universe/libdevel/optional/100% -> main
libopus-dev 1.0.1-0ubuntu1 in saucy armhf: universe/libdevel/optional/100% -> main
libopus-dev 1.0.1-0ubuntu1 in saucy i386: universe/libdevel/optional/100% -> main
libopus-dev 1.0.1-0ubuntu1 in saucy powerpc: universe/libdevel/optional/100% -> main
libopus-doc 1.0.1-0ubuntu1 in saucy amd64: universe/doc/optional/100% -> main
libopus-doc 1.0.1-0ubuntu1 in saucy arm64: universe/doc/optional/100% -> main
libopus-doc 1.0.1-0ubuntu1 in saucy armhf: universe/doc/optional/100% -> main
libopus-doc 1.0.1-0ubuntu1 in saucy i386: universe/doc/optional/100% -> main
libopus-doc 1.0.1-0ubuntu1 in saucy powerpc: universe/doc/optional/100% -> main
libopus0 1.0.1-0ubuntu1 in saucy amd64: universe/libs/optional/100% -> main
libopus0 1.0.1-0ubuntu1 in saucy armhf: universe/libs/optional/100% -> main
libopus0 1.0.1-0ubuntu1 in saucy i386: universe/libs/optional/100% -> main
libopus0 1.0.1-0ubuntu1 in saucy powerpc: universe/libs/optional/100% -> main
18 publications overridden.