diff --git a/cve-2017-92xx.patch b/cve-2017-92xx.patch new file mode 100644 index 0000000..0e475a3 --- /dev/null +++ b/cve-2017-92xx.patch @@ -0,0 +1,36 @@ +Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 + Based on an upstream commit, original commit message was: "Added sanity + checks against illegal input audio stream parameters e.g. wildly excessive + samplerate". + . + There is no reference to CVEs or bugs, the commit was made after disclosure + of the CVEs and all three proofs of concept (crafted wav files) fail after + this commit. + . + The commit was made after version 2.0.0, so that version is also vulnerable. + . + Unrelated changes were stripped away by patch author, upstream commit author + is Olli Parviainen . +Author: Gabor Karsay +Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/source/SoundTouch/TDStretch.cpp ++++ b/source/SoundTouch/TDStretch.cpp +@@ -128,7 +128,12 @@ + int aSeekWindowMS, int aOverlapMS) + { + // accept only positive parameter values - if zero or negative, use old values instead +- if (aSampleRate > 0) this->sampleRate = aSampleRate; ++ if (aSampleRate > 0) ++ { ++ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate"); ++ this->sampleRate = aSampleRate; ++ } ++ + if (aOverlapMS > 0) this->overlapMs = aOverlapMS; + + if (aSequenceMS > 0) diff --git a/soundtouch.spec b/soundtouch.spec index 93fec4e..0f45569 100644 --- a/soundtouch.spec +++ b/soundtouch.spec @@ -1,12 +1,13 @@ Name: soundtouch Version: 2.0.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Audio Processing library for changing Tempo, Pitch and Playback Rates License: LGPLv2+ Group: System Environment/Libraries URL: http://www.surina.net/soundtouch/ Source0: http://www.surina.net/soundtouch/%{name}-%{version}.tar.gz Patch0: soundtouch-1.4.0-x86_64-asm-broken.patch +Patch1: cve-2017-92xx.patch BuildRequires: gcc-c++ BuildRequires: autoconf automake libtool @@ -40,6 +41,7 @@ sed -i 's|-O3||' source/SoundStretch/Makefile.* autoreconf -iv #why not in x86_64 !? #patch0 -p1 +%patch1 -p1 # set correct version for .so build %define ltversion %(echo %{version} | tr '.' ':') @@ -95,6 +97,9 @@ ln -s soundtouch.pc %{buildroot}%{_libdir}/pkgconfig/soundtouch-1.0.pc %changelog +* Thu Jul 05 2018 Hans de Goede 2.0.0-3 +- Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 (rhbz#1475759) + * Fri Feb 09 2018 Fedora Release Engineering - 2.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild