rpms/soundtouch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 (rhbz#1475759)

Browse Source
This commit is contained in:
Hans de Goede 2018-07-05 20:56:29 +02:00
parent a035dd8283
commit 2ac883cf37
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cve-2017-92xx.patch Normal file
View File

@ -0,0 +1,36 @@
Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
Based on an upstream commit, original commit message was: "Added sanity
checks against illegal input audio stream parameters e.g. wildly excessive
samplerate".
.
There is no reference to CVEs or bugs, the commit was made after disclosure
of the CVEs and all three proofs of concept (crafted wav files) fail after
this commit.
.
The commit was made after version 2.0.0, so that version is also vulnerable.
.
Unrelated changes were stripped away by patch author, upstream commit author
is Olli Parviainen <oparviai@iki.fi>.
Author: Gabor Karsay <gabor.karsay@gmx.at>
Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/source/SoundTouch/TDStretch.cpp
+++ b/source/SoundTouch/TDStretch.cpp
@@ -128,7 +128,12 @@
int aSeekWindowMS, int aOverlapMS)
{
// accept only positive parameter values - if zero or negative, use old values instead
- if (aSampleRate > 0) this->sampleRate = aSampleRate;
+ if (aSampleRate > 0)
+ {
+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
+ this->sampleRate = aSampleRate;
+ }
+
if (aOverlapMS > 0) this->overlapMs = aOverlapMS;
if (aSequenceMS > 0)

7
soundtouch.spec
View File

@ -1,12 +1,13 @@
Name: soundtouch Name: soundtouch
Version: 2.0.0 Version: 2.0.0
Release: 2%{?dist} Release: 3%{?dist}
Summary: Audio Processing library for changing Tempo, Pitch and Playback Rates Summary: Audio Processing library for changing Tempo, Pitch and Playback Rates
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.surina.net/soundtouch/ URL: http://www.surina.net/soundtouch/
Source0: http://www.surina.net/soundtouch/%{name}-%{version}.tar.gz Source0: http://www.surina.net/soundtouch/%{name}-%{version}.tar.gz
Patch0: soundtouch-1.4.0-x86_64-asm-broken.patch Patch0: soundtouch-1.4.0-x86_64-asm-broken.patch
Patch1: cve-2017-92xx.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
@ -40,6 +41,7 @@ sed -i 's|-O3||' source/SoundStretch/Makefile.*
autoreconf -iv autoreconf -iv
#why not in x86_64 !? #why not in x86_64 !?
#patch0 -p1 #patch0 -p1
%patch1 -p1
# set correct version for .so build # set correct version for .so build
%define ltversion %(echo %{version} | tr '.' ':') %define ltversion %(echo %{version} | tr '.' ':')
@ -95,6 +97,9 @@ ln -s soundtouch.pc %{buildroot}%{_libdir}/pkgconfig/soundtouch-1.0.pc
%changelog %changelog
* Thu Jul 05 2018 Hans de Goede <hdegoede@redhat.com> 2.0.0-3
- Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 (rhbz#1475759)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-2 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild