%D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \
%D%/packages/patches/sooperlooper-build-with-wx-30.patch \
%D%/packages/patches/soundconverter-remove-gconf-dependency.patch \
- %D%/packages/patches/soundtouch-CVE-2018-14044-14045.patch \
- %D%/packages/patches/soundtouch-CVE-2018-1000223.patch \
%D%/packages/patches/sssd-curl-compat.patch \
%D%/packages/patches/steghide-fixes.patch \
%D%/packages/patches/streamlink-update-test.patch \
(define-public soundtouch
(package
(name "soundtouch")
- (version "2.0.0")
+ (version "2.1.1")
(source
(origin
- (method url-fetch)
- (uri
- (string-append
- "http://www.surina.net/soundtouch/soundtouch-" version ".tar.gz"))
- (patches (search-patches "soundtouch-CVE-2018-14044-14045.patch"
- "soundtouch-CVE-2018-1000223.patch"))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.com/soundtouch/soundtouch.git")
+ (commit version)))
+ (file-name (git-file-name name version))
(sha256
- (base32
- "09cxr02mfyj2bg731bj0i9hh565x8l9p91aclxs8wpqv8b8zf96j"))))
+ (base32 "0p6jzgfgqw061702dmd2b6r4arz48ac3mmx2qkvvzf8s5jjzykdh"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
+++ /dev/null
-Fix CVE-2018-1000223:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223
-https://gitlab.com/soundtouch/soundtouch/issues/6
-
-Patches copied from upstream source repository:
-
-https://gitlab.com/soundtouch/soundtouch/commit/9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e
-https://gitlab.com/soundtouch/soundtouch/commit/e0240689056e4182fffdc2a16aa6e3425a15e275
-https://gitlab.com/soundtouch/soundtouch/commit/46531e5b92dd80dd9a7947463d6224fc7cb21967
-
-From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Sun, 12 Aug 2018 20:24:37 +0300
-Subject: [PATCH] Added minimum size check for WAV header block lengh values
-
----
- source/SoundStretch/WavFile.cpp | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 7e7ade2..68818c9 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock()
- // read length of the format field\r
- if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;\r
- // swap byte order if necessary\r
-- _swap32(nLen); // int format_len;\r
-+ _swap32(nLen);\r
-+\r
-+ // verify that header length isn't smaller than expected\r
-+ if (nLen < sizeof(header.format) - 8) return -1;\r
-+\r
- header.format.format_len = nLen;\r
- \r
- // calculate how much length differs from expected\r
-@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock()
- if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;\r
- // swap byte order if necessary\r
- _swap32(nLen); // int fact_len;\r
-+\r
-+ // verify that fact length isn't smaller than expected\r
-+ if (nLen < sizeof(header.fact) - 8) return -1;\r
-+\r
- header.fact.fact_len = nLen;\r
- \r
- // calculate how much length differs from expected\r
---
-2.18.0
-
-From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Mon, 13 Aug 2018 19:16:16 +0300
-Subject: [PATCH] Fixed WavFile header/fact not-too-small check
-
----
- source/SoundStretch/WavFile.cpp | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 4af7a4c..3421bca 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock()
- // swap byte order if necessary\r
- _swap32(nLen);\r
- \r
-- // verify that header length isn't smaller than expected\r
-- if (nLen < sizeof(header.format) - 8) return -1;\r
-+ // calculate how much length differs from expected \r
-+ nDump = nLen - ((int)sizeof(header.format) - 8);\r
- \r
-- header.format.format_len = nLen;\r
-+ // verify that header length isn't smaller than expected structure\r
-+ if (nDump < 0) return -1;\r
- \r
-- // calculate how much length differs from expected\r
-- nDump = nLen - ((int)sizeof(header.format) - 8);\r
-+ header.format.format_len = nLen;\r
- \r
- // if format_len is larger than expected, read only as much data as we've space for\r
- if (nDump > 0)\r
-@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock()
- // read length of the fact field\r
- if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;\r
- // swap byte order if necessary\r
-- _swap32(nLen); // int fact_len;\r
--\r
-- // verify that fact length isn't smaller than expected\r
-- if (nLen < sizeof(header.fact) - 8) return -1;\r
--\r
-- header.fact.fact_len = nLen;\r
-+ _swap32(nLen);\r
- \r
- // calculate how much length differs from expected\r
- nDump = nLen - ((int)sizeof(header.fact) - 8);\r
- \r
-+ // verify that fact length isn't smaller than expected structure\r
-+ if (nDump < 0) return -1;\r
-+\r
-+ header.fact.fact_len = nLen;\r
-+\r
- // if format_len is larger than expected, read only as much data as we've space for\r
- if (nDump > 0)\r
- {\r
---
-2.18.0
-
-From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001
-From: olli <oparviai@iki.fi>
-Date: Mon, 13 Aug 2018 19:42:58 +0300
-Subject: [PATCH] Improved WavFile header/fact not-too-small check
-
----
- source/SoundStretch/WavFile.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 3421bca..9d90b8a 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock()
- nDump = nLen - ((int)sizeof(header.format) - 8);\r
- \r
- // verify that header length isn't smaller than expected structure\r
-- if (nDump < 0) return -1;\r
-+ if ((nLen < 0) || (nDump < 0)) return -1;\r
- \r
- header.format.format_len = nLen;\r
- \r
-@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock()
- nDump = nLen - ((int)sizeof(header.fact) - 8);\r
- \r
- // verify that fact length isn't smaller than expected structure\r
-- if (nDump < 0) return -1;\r
-+ if ((nLen < 0) || (nDump < 0)) return -1;\r
- \r
- header.fact.fact_len = nLen;\r
- \r
---
-2.18.0
-
+++ /dev/null
-Fix CVE-2018-14044 and CVE-2018-14045:
-
-https://gitlab.com/soundtouch/soundtouch/issues/7
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260
-
-From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Sun, 12 Aug 2018 20:00:56 +0300
-Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time
- exception
-
----
- include/FIFOSamplePipe.h | 12 ++++++++++++
- include/STTypes.h | 3 +++
- source/SoundTouch/FIFOSampleBuffer.cpp | 3 ++-
- source/SoundTouch/RateTransposer.cpp | 5 ++---
- source/SoundTouch/SoundTouch.cpp | 8 ++------
- source/SoundTouch/TDStretch.cpp | 5 ++---
- 6 files changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h
-index 4ec9275..b08f836 100644
---- a/include/FIFOSamplePipe.h
-+++ b/include/FIFOSamplePipe.h
-@@ -51,6 +51,18 @@ namespace soundtouch
- /// Abstract base class for FIFO (first-in-first-out) sample processing classes.\r
- class FIFOSamplePipe\r
- {\r
-+protected:\r
-+\r
-+ bool verifyNumberOfChannels(int nChannels) const\r
-+ {\r
-+ if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))\r
-+ {\r
-+ return true;\r
-+ }\r
-+ ST_THROW_RT_ERROR("Error: Illegal number of channels");\r
-+ return false;\r
-+ }\r
-+\r
- public:\r
- // virtual default destructor\r
- virtual ~FIFOSamplePipe() {}\r
-diff --git a/include/STTypes.h b/include/STTypes.h
-index 03e7e07..862505e 100644
---- a/include/STTypes.h
-+++ b/include/STTypes.h
-@@ -56,6 +56,9 @@ typedef unsigned long ulong;
- \r
- namespace soundtouch\r
- {\r
-+ /// Max allowed number of channels\r
-+ #define SOUNDTOUCH_MAX_CHANNELS 16\r
-+\r
- /// Activate these undef's to overrule the possible sampletype \r
- /// setting inherited from some other header file:\r
- //#undef SOUNDTOUCH_INTEGER_SAMPLES\r
-diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp
-index f0d5e42..706e869 100644
---- a/source/SoundTouch/FIFOSampleBuffer.cpp
-+++ b/source/SoundTouch/FIFOSampleBuffer.cpp
-@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels)
- {\r
- uint usedBytes;\r
- \r
-- assert(numChannels > 0);\r
-+ if (!verifyNumberOfChannels(numChannels)) return;\r
-+\r
- usedBytes = channels * samplesInBuffer;\r
- channels = (uint)numChannels;\r
- samplesInBuffer = usedBytes / channels;\r
-diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp
-index 8b66be3..d115a4c 100644
---- a/source/SoundTouch/RateTransposer.cpp
-+++ b/source/SoundTouch/RateTransposer.cpp
-@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples)
- // Sets the number of channels, 1 = mono, 2 = stereo\r
- void RateTransposer::setChannels(int nChannels)\r
- {\r
-- assert(nChannels > 0);\r
-+ if (!verifyNumberOfChannels(nChannels) ||\r
-+ (pTransposer->numChannels == nChannels)) return;\r
- \r
-- if (pTransposer->numChannels == nChannels) return;\r
- pTransposer->setChannels(nChannels);\r
--\r
- inputBuffer.setChannels(nChannels);\r
- midBuffer.setChannels(nChannels);\r
- outputBuffer.setChannels(nChannels);\r
-diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp
-index 7b6756b..06bdd56 100644
---- a/source/SoundTouch/SoundTouch.cpp
-+++ b/source/SoundTouch/SoundTouch.cpp
-@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId()
- // Sets the number of channels, 1 = mono, 2 = stereo\r
- void SoundTouch::setChannels(uint numChannels)\r
- {\r
-- /*if (numChannels != 1 && numChannels != 2) \r
-- {\r
-- //ST_THROW_RT_ERROR("Illegal number of channels");\r
-- return;\r
-- }*/\r
-+ if (!verifyNumberOfChannels(numChannels)) return;\r
-+\r
- channels = numChannels;\r
- pRateTransposer->setChannels((int)numChannels);\r
- pTDStretch->setChannels((int)numChannels);\r
- }\r
- \r
- \r
--\r
- // Sets new rate control value. Normal rate = 1.0, smaller values\r
- // represent slower rate, larger faster rates.\r
- void SoundTouch::setRate(double newRate)\r
-diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp
-index 149cdb9..be2dc88 100644
---- a/source/SoundTouch/TDStretch.cpp
-+++ b/source/SoundTouch/TDStretch.cpp
-@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo)
- // Sets the number of channels, 1 = mono, 2 = stereo\r
- void TDStretch::setChannels(int numChannels)\r
- {\r
-- assert(numChannels > 0);\r
-- if (channels == numChannels) return;\r
--// assert(numChannels == 1 || numChannels == 2);\r
-+ if (!verifyNumberOfChannels(numChannels) ||\r
-+ (channels == numChannels)) return;\r
- \r
- channels = numChannels;\r
- inputBuffer.setChannels(channels);\r
---
-2.18.0
-