summaryrefslogtreecommitdiff
path: root/media-libs/libsoundtouch
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/libsoundtouch')
-rw-r--r--media-libs/libsoundtouch/Manifest3
-rw-r--r--media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch36
-rw-r--r--media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild (renamed from media-libs/libsoundtouch/libsoundtouch-2.0.0.ebuild)10
3 files changed, 44 insertions, 5 deletions
diff --git a/media-libs/libsoundtouch/Manifest b/media-libs/libsoundtouch/Manifest
index 31bbaa8d280e..f643a2fb0b12 100644
--- a/media-libs/libsoundtouch/Manifest
+++ b/media-libs/libsoundtouch/Manifest
@@ -1,8 +1,9 @@
AUX libsoundtouch-1.7.0-flags.patch 651 BLAKE2B 92e136aaa85b88a3a90a5d966e316d48b9be3fd1637c8738173c09d10b3fdf9c5d4993162625e18b041463101d083aa43edd200269121ffb8cadf65208b84df7 SHA512 10ce7ad86d442430af3c2bee3cc1358f98e54ebe205c1eb50c817fb687da21dbfe2db4499a8b623ff5d2d2bbbf04d4d7d9c4856399bcd3934ac7f8b6b8369b60
+AUX libsoundtouch-2.0.0-CVE-2017-92xx.patch 1587 BLAKE2B 29cbb252a2a161e890a354291b6e83f0271ec83f2683bde43c56ca96eeb1dcca5eea3534777158939bfbec288acd2d4404bf8e70987663f43693c259a41dccb3 SHA512 aec797125ac6e0891baedf36552686342e83a2e362544e8d81ae960356227f275c5ec906f595f676497763dc411506b85de06a35e540f173c0d0e966451b1783
DIST soundtouch-1.8.0.tar.gz 106229 BLAKE2B 158a1e4f8c8cbdc550e310f1c2531ace208159c986abbb25aa9787089538308940b61793acd6c26c2937cfc725b5ad3a23849e37b9958d05c09f55045493cc7d SHA512 724e6ecc1727ee4c4f2503d183717dc1503ee2017b176677da6f0268e82254a7cca3ff9a27dbb9cab59e32d002797eec1b39d2b729f741e5f2ea77a147af4d39
DIST soundtouch-1.9.2.tar.gz 171369 BLAKE2B c60d06191a2e8268e7980bf30824676f4f3761357c5a41b1e376efa90f92153386f29447cdc9159c74acbd0a26d3cd4f8de51ee689cfe717cf422705e61f2e16 SHA512 d8f3f8970198a46ef3dc252719749bc19cbd2f8de5e00eeb2874565bfc421b60d94d400bacf702591293e595edf6c1c35917b6153fd395cad8d6b03115da7068
DIST soundtouch-2.0.0.tar.gz 455148 BLAKE2B e38358b0b773edc03a1b227222418d1e79a97f7a1c7abd22f2cb96bb2a7e3427802214775c908329eeec87710b4d199fba819ad7b99f3d58071749cf372991a1 SHA512 c916bdd2cb3d7547f264b1caf09b739b48a161c8c6288c3893fc97379546ed6b41dafaf603b583fbf64ae91270fdeb90811e5b0df0e9c051dc9f6ddca4d319f9
EBUILD libsoundtouch-1.8.0-r1.ebuild 1274 BLAKE2B fa21e1b1b979ed1ebb1e9db95f0b1d4567ae4a02c58d982642863c83c17de0e3c60b347503b1b70838b08e20219aa86a215dae1503000880040fd79f80ce956c SHA512 1ce547e6fadaae27978584b70efb7b9a5a1fe2fe9ec29c43d56a8f69621ce87ee045bec59c550793c71adfddffee8db72b520f6650d8354238fc54a7b75ce63b
EBUILD libsoundtouch-1.9.2.ebuild 1385 BLAKE2B 57891bc2c877ce225b2d4a8613d2545e8f509ac29ff2bea9753877b24fdcb08d310cd16fe3b07acce63f39680ac84a7421607877b03bcc93adcb3cc96a1ecaa8 SHA512 bb278dea26b3fdc73e598b7fe05ce7af5595bd64a894eb0746b5ba36fbba90fcbfcfc3d43e43d7406b60f3f8bed5034368644dc1563a2a275103e93db87cd72d
-EBUILD libsoundtouch-2.0.0.ebuild 1440 BLAKE2B c318072d1ce1a97fa83c06a0cc80d7dc4d8b30e844e68d475b7389a8a85a955f40f9c4c1fa72908843d90c36d73cf5b1400b9eba4e92d36236060661595841cf SHA512 5ba4d6220fb33c1defdcefa8e0f1bbc0ce5720ae0f0c3e58a2230f23862c7b93e6087cf63e78c98216695a9469a39d29e252ba0d62d3f86bbecabb7fbdeac472
+EBUILD libsoundtouch-2.0.0-r1.ebuild 1502 BLAKE2B 5a99374f2124bc512c1bff07030201b160522556baff1a9c4c0c4f0e2e6ec2cf61c3a431aa21dafec69e2b1e1a72e9c3396868e784cdc1d0c59a0d4f82a29c4b SHA512 313dfeeabba45d946d1ac11443bb4999bd8e182cf867714c0d68e48487112ac6f54ad6e99ff1df8310a4cdc3999299717bb644bab1b41e4ee60ae0565c121d94
MISC metadata.xml 253 BLAKE2B 6426153a5fa5bbad2aaffd28a6460f87a35678319768c57ac8dfae02b2229f6278dead4f564e6bc2bfd54d7143aed95c382abc2ee16c1073e9fbaf4f84cc0fef SHA512 78b724be3e1dbd6fc3c2e92cdbacc15ea4b0e8ee6fa22f76ebdd882b3a7bbedeaf8f80a29e36ec67e0432d2dfad3f57de4bc46480f92c8e544322755292df894
diff --git a/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch b/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch
new file mode 100644
index 000000000000..0e475a3e44e6
--- /dev/null
+++ b/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch
@@ -0,0 +1,36 @@
+Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
+ Based on an upstream commit, original commit message was: "Added sanity
+ checks against illegal input audio stream parameters e.g. wildly excessive
+ samplerate".
+ .
+ There is no reference to CVEs or bugs, the commit was made after disclosure
+ of the CVEs and all three proofs of concept (crafted wav files) fail after
+ this commit.
+ .
+ The commit was made after version 2.0.0, so that version is also vulnerable.
+ .
+ Unrelated changes were stripped away by patch author, upstream commit author
+ is Olli Parviainen <oparviai@iki.fi>.
+Author: Gabor Karsay <gabor.karsay@gmx.at>
+Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/source/SoundTouch/TDStretch.cpp
++++ b/source/SoundTouch/TDStretch.cpp
+@@ -128,7 +128,12 @@
+ int aSeekWindowMS, int aOverlapMS)
+ {
+ // accept only positive parameter values - if zero or negative, use old values instead
+- if (aSampleRate > 0) this->sampleRate = aSampleRate;
++ if (aSampleRate > 0)
++ {
++ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
++ this->sampleRate = aSampleRate;
++ }
++
+ if (aOverlapMS > 0) this->overlapMs = aOverlapMS;
+
+ if (aSequenceMS > 0)
diff --git a/media-libs/libsoundtouch/libsoundtouch-2.0.0.ebuild b/media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild
index c95ddf7bd4b3..cf33c842180e 100644
--- a/media-libs/libsoundtouch/libsoundtouch-2.0.0.ebuild
+++ b/media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild
@@ -1,10 +1,10 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
-inherit autotools flag-o-matic ltprune multilib-minimal
MY_PN="${PN/lib}"
+inherit autotools flag-o-matic multilib-minimal
DESCRIPTION="Audio processing library for changing tempo, pitch and playback rates"
HOMEPAGE="https://www.surina.net/soundtouch/"
@@ -13,13 +13,15 @@ SRC_URI="https://www.surina.net/soundtouch/${P/lib}.tar.gz"
LICENSE="LGPL-2.1"
# subslot = libSoundTouch.so soname
SLOT="0/1"
-KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris"
+KEYWORDS="amd64 ~arm ~hppa ~mips ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris"
IUSE="cpu_flags_x86_sse openmp static-libs"
DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
S="${WORKDIR}/${MY_PN}"
+PATCHES=( "${FILESDIR}/${P}-CVE-2017-92xx.patch" )
+
src_prepare() {
default
if use openmp ; then
@@ -50,5 +52,5 @@ multilib_src_install() {
}
multilib_src_install_all() {
- prune_libtool_files
+ find "${D}" -name '*.la' -delete || die
}