From 6b23f8373efb5ed55c992f4ea8e436ef5ff80e64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Sat, 6 Oct 2018 04:48:04 +0100 Subject: [PATCH] Update to 2.1.0 --- .gitignore | 1 + ...-number-of-channel-assertions-with-r.patch | 128 ------------------ ...ze-check-for-WAV-header-block-lengh-.patch | 40 ------ ...File-header-fact-not-too-small-check.patch | 58 -------- ...File-header-fact-not-too-small-check.patch | 34 ----- cve-2017-92xx.patch | 36 ----- soundtouch.spec | 16 +-- sources | 2 +- 8 files changed, 9 insertions(+), 306 deletions(-) delete mode 100644 0001-Replaced-illegal-number-of-channel-assertions-with-r.patch delete mode 100644 0002-Added-minimum-size-check-for-WAV-header-block-lengh-.patch delete mode 100644 0003-Fixed-WavFile-header-fact-not-too-small-check.patch delete mode 100644 0004-Improved-WavFile-header-fact-not-too-small-check.patch delete mode 100644 cve-2017-92xx.patch diff --git a/.gitignore b/.gitignore index 28159dd..a4b61a9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ soundtouch-1.4.0.tar.gz /soundtouch-1.9.2.tar.gz /soundtouch-2.0.0.tar.gz +/soundtouch-2.1.0.tar.gz diff --git a/0001-Replaced-illegal-number-of-channel-assertions-with-r.patch b/0001-Replaced-illegal-number-of-channel-assertions-with-r.patch deleted file mode 100644 index 4ca62eb..0000000 --- a/0001-Replaced-illegal-number-of-channel-assertions-with-r.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001 -From: oparviainen -Date: Sun, 12 Aug 2018 20:00:56 +0300 -Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time - exception - ---- - include/FIFOSamplePipe.h | 12 ++++++++++++ - include/STTypes.h | 3 +++ - source/SoundTouch/FIFOSampleBuffer.cpp | 3 ++- - source/SoundTouch/RateTransposer.cpp | 5 ++--- - source/SoundTouch/SoundTouch.cpp | 8 ++------ - source/SoundTouch/TDStretch.cpp | 5 ++--- - 6 files changed, 23 insertions(+), 13 deletions(-) - -diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h -index 4ec9275..b08f836 100644 ---- a/include/FIFOSamplePipe.h -+++ b/include/FIFOSamplePipe.h -@@ -51,6 +51,18 @@ namespace soundtouch - /// Abstract base class for FIFO (first-in-first-out) sample processing classes. - class FIFOSamplePipe - { -+protected: -+ -+ bool verifyNumberOfChannels(int nChannels) const -+ { -+ if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS)) -+ { -+ return true; -+ } -+ ST_THROW_RT_ERROR("Error: Illegal number of channels"); -+ return false; -+ } -+ - public: - // virtual default destructor - virtual ~FIFOSamplePipe() {} -diff --git a/include/STTypes.h b/include/STTypes.h -index 03e7e07..862505e 100644 ---- a/include/STTypes.h -+++ b/include/STTypes.h -@@ -56,6 +56,9 @@ typedef unsigned long ulong; - - namespace soundtouch - { -+ /// Max allowed number of channels -+ #define SOUNDTOUCH_MAX_CHANNELS 16 -+ - /// Activate these undef's to overrule the possible sampletype - /// setting inherited from some other header file: - //#undef SOUNDTOUCH_INTEGER_SAMPLES -diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp -index f0d5e42..706e869 100644 ---- a/source/SoundTouch/FIFOSampleBuffer.cpp -+++ b/source/SoundTouch/FIFOSampleBuffer.cpp -@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels) - { - uint usedBytes; - -- assert(numChannels > 0); -+ if (!verifyNumberOfChannels(numChannels)) return; -+ - usedBytes = channels * samplesInBuffer; - channels = (uint)numChannels; - samplesInBuffer = usedBytes / channels; -diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp -index 8b66be3..d115a4c 100644 ---- a/source/SoundTouch/RateTransposer.cpp -+++ b/source/SoundTouch/RateTransposer.cpp -@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples) - // Sets the number of channels, 1 = mono, 2 = stereo - void RateTransposer::setChannels(int nChannels) - { -- assert(nChannels > 0); -+ if (!verifyNumberOfChannels(nChannels) || -+ (pTransposer->numChannels == nChannels)) return; - -- if (pTransposer->numChannels == nChannels) return; - pTransposer->setChannels(nChannels); -- - inputBuffer.setChannels(nChannels); - midBuffer.setChannels(nChannels); - outputBuffer.setChannels(nChannels); -diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp -index 7b6756b..06bdd56 100644 ---- a/source/SoundTouch/SoundTouch.cpp -+++ b/source/SoundTouch/SoundTouch.cpp -@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId() - // Sets the number of channels, 1 = mono, 2 = stereo - void SoundTouch::setChannels(uint numChannels) - { -- /*if (numChannels != 1 && numChannels != 2) -- { -- //ST_THROW_RT_ERROR("Illegal number of channels"); -- return; -- }*/ -+ if (!verifyNumberOfChannels(numChannels)) return; -+ - channels = numChannels; - pRateTransposer->setChannels((int)numChannels); - pTDStretch->setChannels((int)numChannels); - } - - -- - // Sets new rate control value. Normal rate = 1.0, smaller values - // represent slower rate, larger faster rates. - void SoundTouch::setRate(double newRate) -diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp -index 149cdb9..be2dc88 100644 ---- a/source/SoundTouch/TDStretch.cpp -+++ b/source/SoundTouch/TDStretch.cpp -@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo) - // Sets the number of channels, 1 = mono, 2 = stereo - void TDStretch::setChannels(int numChannels) - { -- assert(numChannels > 0); -- if (channels == numChannels) return; --// assert(numChannels == 1 || numChannels == 2); -+ if (!verifyNumberOfChannels(numChannels) || -+ (channels == numChannels)) return; - - channels = numChannels; - inputBuffer.setChannels(channels); --- -2.18.0 - diff --git a/0002-Added-minimum-size-check-for-WAV-header-block-lengh-.patch b/0002-Added-minimum-size-check-for-WAV-header-block-lengh-.patch deleted file mode 100644 index ea69438..0000000 --- a/0002-Added-minimum-size-check-for-WAV-header-block-lengh-.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001 -From: oparviainen -Date: Sun, 12 Aug 2018 20:24:37 +0300 -Subject: [PATCH] Added minimum size check for WAV header block lengh values - ---- - source/SoundStretch/WavFile.cpp | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp -index 7e7ade2..68818c9 100644 ---- a/source/SoundStretch/WavFile.cpp -+++ b/source/SoundStretch/WavFile.cpp -@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock() - // read length of the format field - if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1; - // swap byte order if necessary -- _swap32(nLen); // int format_len; -+ _swap32(nLen); -+ -+ // verify that header length isn't smaller than expected -+ if (nLen < sizeof(header.format) - 8) return -1; -+ - header.format.format_len = nLen; - - // calculate how much length differs from expected -@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock() - if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1; - // swap byte order if necessary - _swap32(nLen); // int fact_len; -+ -+ // verify that fact length isn't smaller than expected -+ if (nLen < sizeof(header.fact) - 8) return -1; -+ - header.fact.fact_len = nLen; - - // calculate how much length differs from expected --- -2.18.0 - diff --git a/0003-Fixed-WavFile-header-fact-not-too-small-check.patch b/0003-Fixed-WavFile-header-fact-not-too-small-check.patch deleted file mode 100644 index 4f4d60f..0000000 --- a/0003-Fixed-WavFile-header-fact-not-too-small-check.patch +++ /dev/null @@ -1,58 +0,0 @@ -From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001 -From: oparviainen -Date: Mon, 13 Aug 2018 19:16:16 +0300 -Subject: [PATCH 3/4] Fixed WavFile header/fact not-too-small check - ---- - source/SoundStretch/WavFile.cpp | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp -index 4af7a4c..3421bca 100644 ---- a/source/SoundStretch/WavFile.cpp -+++ b/source/SoundStretch/WavFile.cpp -@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock() - // swap byte order if necessary - _swap32(nLen); - -- // verify that header length isn't smaller than expected -- if (nLen < sizeof(header.format) - 8) return -1; -+ // calculate how much length differs from expected -+ nDump = nLen - ((int)sizeof(header.format) - 8); - -- header.format.format_len = nLen; -+ // verify that header length isn't smaller than expected structure -+ if (nDump < 0) return -1; - -- // calculate how much length differs from expected -- nDump = nLen - ((int)sizeof(header.format) - 8); -+ header.format.format_len = nLen; - - // if format_len is larger than expected, read only as much data as we've space for - if (nDump > 0) -@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock() - // read length of the fact field - if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1; - // swap byte order if necessary -- _swap32(nLen); // int fact_len; -- -- // verify that fact length isn't smaller than expected -- if (nLen < sizeof(header.fact) - 8) return -1; -- -- header.fact.fact_len = nLen; -+ _swap32(nLen); - - // calculate how much length differs from expected - nDump = nLen - ((int)sizeof(header.fact) - 8); - -+ // verify that fact length isn't smaller than expected structure -+ if (nDump < 0) return -1; -+ -+ header.fact.fact_len = nLen; -+ - // if format_len is larger than expected, read only as much data as we've space for - if (nDump > 0) - { --- -2.18.0 - diff --git a/0004-Improved-WavFile-header-fact-not-too-small-check.patch b/0004-Improved-WavFile-header-fact-not-too-small-check.patch deleted file mode 100644 index 23ece2c..0000000 --- a/0004-Improved-WavFile-header-fact-not-too-small-check.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001 -From: olli -Date: Mon, 13 Aug 2018 19:42:58 +0300 -Subject: [PATCH 4/4] Improved WavFile header/fact not-too-small check - ---- - source/SoundStretch/WavFile.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp -index 3421bca..9d90b8a 100644 ---- a/source/SoundStretch/WavFile.cpp -+++ b/source/SoundStretch/WavFile.cpp -@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock() - nDump = nLen - ((int)sizeof(header.format) - 8); - - // verify that header length isn't smaller than expected structure -- if (nDump < 0) return -1; -+ if ((nLen < 0) || (nDump < 0)) return -1; - - header.format.format_len = nLen; - -@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock() - nDump = nLen - ((int)sizeof(header.fact) - 8); - - // verify that fact length isn't smaller than expected structure -- if (nDump < 0) return -1; -+ if ((nLen < 0) || (nDump < 0)) return -1; - - header.fact.fact_len = nLen; - --- -2.18.0 - diff --git a/cve-2017-92xx.patch b/cve-2017-92xx.patch deleted file mode 100644 index 0e475a3..0000000 --- a/cve-2017-92xx.patch +++ /dev/null @@ -1,36 +0,0 @@ -Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 - Based on an upstream commit, original commit message was: "Added sanity - checks against illegal input audio stream parameters e.g. wildly excessive - samplerate". - . - There is no reference to CVEs or bugs, the commit was made after disclosure - of the CVEs and all three proofs of concept (crafted wav files) fail after - this commit. - . - The commit was made after version 2.0.0, so that version is also vulnerable. - . - Unrelated changes were stripped away by patch author, upstream commit author - is Olli Parviainen . -Author: Gabor Karsay -Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/ -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/source/SoundTouch/TDStretch.cpp -+++ b/source/SoundTouch/TDStretch.cpp -@@ -128,7 +128,12 @@ - int aSeekWindowMS, int aOverlapMS) - { - // accept only positive parameter values - if zero or negative, use old values instead -- if (aSampleRate > 0) this->sampleRate = aSampleRate; -+ if (aSampleRate > 0) -+ { -+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate"); -+ this->sampleRate = aSampleRate; -+ } -+ - if (aOverlapMS > 0) this->overlapMs = aOverlapMS; - - if (aSequenceMS > 0) diff --git a/soundtouch.spec b/soundtouch.spec index e2015b5..70e731f 100644 --- a/soundtouch.spec +++ b/soundtouch.spec @@ -1,16 +1,11 @@ Name: soundtouch -Version: 2.0.0 -Release: 6%{?dist} +Version: 2.1.0 +Release: 1%{?dist} Summary: Audio Processing library for changing Tempo, Pitch and Playback Rates License: LGPLv2+ Group: System Environment/Libraries URL: http://www.surina.net/soundtouch/ -Source0: http://www.surina.net/soundtouch/%{name}-%{version}.tar.gz -Patch0: cve-2017-92xx.patch -Patch1: 0001-Replaced-illegal-number-of-channel-assertions-with-r.patch -Patch2: 0002-Added-minimum-size-check-for-WAV-header-block-lengh-.patch -Patch3: 0003-Fixed-WavFile-header-fact-not-too-small-check.patch -Patch4: 0004-Improved-WavFile-header-fact-not-too-small-check.patch +Source0: https://gitlab.com/soundtouch/soundtouch/-/archive/%{version}/%{name}-%{version}.tar.gz BuildRequires: gcc-c++ BuildRequires: autoconf automake libtool @@ -37,7 +32,7 @@ Libraries, include files, etc you can use to develop soundtouch applications. %prep -%autosetup -p1 -n %{name} +%autosetup -p1 # Remove -O3 because we have our default optimizations. sed -i 's|-O3||' source/SoundTouch/Makefile.* sed -i 's|-O3||' source/SoundStretch/Makefile.* @@ -95,6 +90,9 @@ ln -s soundtouch.pc %{buildroot}%{_libdir}/pkgconfig/soundtouch-1.0.pc %changelog +* Sat Oct 06 2018 Sérgio Basto - 2.1.0-1 +- Update to 2.1.0 + * Tue Aug 14 2018 Hans de Goede - 2.0.0-6 - The last round of security fixes also fixes CVE-2018-14044, CVE-2018-14045 (rhbz#1601618, rhbz#1601620, rhbz#1601624, rhbz#1601625) diff --git a/sources b/sources index 6148146..507084a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (soundtouch-2.0.0.tar.gz) = c916bdd2cb3d7547f264b1caf09b739b48a161c8c6288c3893fc97379546ed6b41dafaf603b583fbf64ae91270fdeb90811e5b0df0e9c051dc9f6ddca4d319f9 +SHA512 (soundtouch-2.1.0.tar.gz) = bb21d42bb45ddfbda8bbb107c4c94d247721d8c8cc33ba0d570b36622b857e2a2cca92cfe885ce6892c0e4caaa26228a4fab28a97e47882e52f46fc57e1c5ec3