summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/audio.scm16
-rw-r--r--gnu/packages/patches/soundtouch-CVE-2018-1000223.patch143
-rw-r--r--gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch138
4 files changed, 7 insertions, 292 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 18427de8c7..f79bfd8b93 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1270,8 +1270,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch	\
   %D%/packages/patches/sooperlooper-build-with-wx-30.patch 	\
   %D%/packages/patches/soundconverter-remove-gconf-dependency.patch	\
-  %D%/packages/patches/soundtouch-CVE-2018-14044-14045.patch 	\
-  %D%/packages/patches/soundtouch-CVE-2018-1000223.patch 	\
   %D%/packages/patches/sssd-curl-compat.patch			\
   %D%/packages/patches/steghide-fixes.patch			\
   %D%/packages/patches/streamlink-update-test.patch		\
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 7a79f4dcab..49fcc511e6 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -2691,18 +2691,16 @@ Tracker 3 S3M and Impulse Tracker IT files.")
 (define-public soundtouch
   (package
     (name "soundtouch")
-    (version "2.0.0")
+    (version "2.1.1")
     (source
      (origin
-       (method url-fetch)
-       (uri
-        (string-append
-         "http://www.surina.net/soundtouch/soundtouch-" version ".tar.gz"))
-       (patches (search-patches "soundtouch-CVE-2018-14044-14045.patch"
-                                "soundtouch-CVE-2018-1000223.patch"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://gitlab.com/soundtouch/soundtouch.git")
+             (commit version)))
+       (file-name (git-file-name name version))
        (sha256
-        (base32
-         "09cxr02mfyj2bg731bj0i9hh565x8l9p91aclxs8wpqv8b8zf96j"))))
+        (base32 "0p6jzgfgqw061702dmd2b6r4arz48ac3mmx2qkvvzf8s5jjzykdh"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
diff --git a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch b/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
deleted file mode 100644
index 961a183565..0000000000
--- a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-Fix CVE-2018-1000223:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223
-https://gitlab.com/soundtouch/soundtouch/issues/6
-
-Patches copied from upstream source repository:
-
-https://gitlab.com/soundtouch/soundtouch/commit/9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e
-https://gitlab.com/soundtouch/soundtouch/commit/e0240689056e4182fffdc2a16aa6e3425a15e275
-https://gitlab.com/soundtouch/soundtouch/commit/46531e5b92dd80dd9a7947463d6224fc7cb21967
-
-From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Sun, 12 Aug 2018 20:24:37 +0300
-Subject: [PATCH] Added minimum size check for WAV header block lengh values
-
----
- source/SoundStretch/WavFile.cpp | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 7e7ade2..68818c9 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock()
-         // read length of the format field

-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;

-         // swap byte order if necessary

--        _swap32(nLen); // int format_len;

-+        _swap32(nLen);

-+

-+        // verify that header length isn't smaller than expected

-+        if (nLen < sizeof(header.format) - 8) return -1;

-+

-         header.format.format_len = nLen;

- 

-         // calculate how much length differs from expected

-@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock()
-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;

-         // swap byte order if necessary

-         _swap32(nLen); // int fact_len;

-+

-+        // verify that fact length isn't smaller than expected

-+        if (nLen < sizeof(header.fact) - 8) return -1;

-+

-         header.fact.fact_len = nLen;

- 

-         // calculate how much length differs from expected

--- 
-2.18.0
-
-From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Mon, 13 Aug 2018 19:16:16 +0300
-Subject: [PATCH] Fixed WavFile header/fact not-too-small check
-
----
- source/SoundStretch/WavFile.cpp | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 4af7a4c..3421bca 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock()
-         // swap byte order if necessary

-         _swap32(nLen);

- 

--        // verify that header length isn't smaller than expected

--        if (nLen < sizeof(header.format) - 8) return -1;

-+        // calculate how much length differs from expected 

-+        nDump = nLen - ((int)sizeof(header.format) - 8);

- 

--        header.format.format_len = nLen;

-+        // verify that header length isn't smaller than expected structure

-+        if (nDump < 0) return -1;

- 

--        // calculate how much length differs from expected

--        nDump = nLen - ((int)sizeof(header.format) - 8);

-+        header.format.format_len = nLen;

- 

-         // if format_len is larger than expected, read only as much data as we've space for

-         if (nDump > 0)

-@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock()
-         // read length of the fact field

-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;

-         // swap byte order if necessary

--        _swap32(nLen); // int fact_len;

--

--        // verify that fact length isn't smaller than expected

--        if (nLen < sizeof(header.fact) - 8) return -1;

--

--        header.fact.fact_len = nLen;

-+        _swap32(nLen);

- 

-         // calculate how much length differs from expected

-         nDump = nLen - ((int)sizeof(header.fact) - 8);

- 

-+        // verify that fact length isn't smaller than expected structure

-+        if (nDump < 0) return -1;

-+

-+        header.fact.fact_len = nLen;

-+

-         // if format_len is larger than expected, read only as much data as we've space for

-         if (nDump > 0)

-         {

--- 
-2.18.0
-
-From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001
-From: olli <oparviai@iki.fi>
-Date: Mon, 13 Aug 2018 19:42:58 +0300
-Subject: [PATCH] Improved WavFile header/fact not-too-small check
-
----
- source/SoundStretch/WavFile.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 3421bca..9d90b8a 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock()
-         nDump = nLen - ((int)sizeof(header.format) - 8);

- 

-         // verify that header length isn't smaller than expected structure

--        if (nDump < 0) return -1;

-+        if ((nLen < 0) || (nDump < 0)) return -1;

- 

-         header.format.format_len = nLen;

- 

-@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock()
-         nDump = nLen - ((int)sizeof(header.fact) - 8);

- 

-         // verify that fact length isn't smaller than expected structure

--        if (nDump < 0) return -1;

-+        if ((nLen < 0) || (nDump < 0)) return -1;

- 

-         header.fact.fact_len = nLen;

- 

--- 
-2.18.0
-
diff --git a/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch b/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
deleted file mode 100644
index cc0282fc7b..0000000000
--- a/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-Fix CVE-2018-14044 and CVE-2018-14045:
-
-https://gitlab.com/soundtouch/soundtouch/issues/7
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260
-
-From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Sun, 12 Aug 2018 20:00:56 +0300
-Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time
- exception
-
----
- include/FIFOSamplePipe.h               | 12 ++++++++++++
- include/STTypes.h                      |  3 +++
- source/SoundTouch/FIFOSampleBuffer.cpp |  3 ++-
- source/SoundTouch/RateTransposer.cpp   |  5 ++---
- source/SoundTouch/SoundTouch.cpp       |  8 ++------
- source/SoundTouch/TDStretch.cpp        |  5 ++---
- 6 files changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h
-index 4ec9275..b08f836 100644
---- a/include/FIFOSamplePipe.h
-+++ b/include/FIFOSamplePipe.h
-@@ -51,6 +51,18 @@ namespace soundtouch
- /// Abstract base class for FIFO (first-in-first-out) sample processing classes.

- class FIFOSamplePipe

- {

-+protected:

-+

-+    bool verifyNumberOfChannels(int nChannels) const

-+    {

-+        if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))

-+        {

-+            return true;

-+        }

-+        ST_THROW_RT_ERROR("Error: Illegal number of channels");

-+        return false;

-+    }

-+

- public:

-     // virtual default destructor

-     virtual ~FIFOSamplePipe() {}

-diff --git a/include/STTypes.h b/include/STTypes.h
-index 03e7e07..862505e 100644
---- a/include/STTypes.h
-+++ b/include/STTypes.h
-@@ -56,6 +56,9 @@ typedef unsigned long   ulong;
- 

- namespace soundtouch

- {

-+    /// Max allowed number of channels

-+    #define SOUNDTOUCH_MAX_CHANNELS     16

-+

-     /// Activate these undef's to overrule the possible sampletype 

-     /// setting inherited from some other header file:

-     //#undef SOUNDTOUCH_INTEGER_SAMPLES

-diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp
-index f0d5e42..706e869 100644
---- a/source/SoundTouch/FIFOSampleBuffer.cpp
-+++ b/source/SoundTouch/FIFOSampleBuffer.cpp
-@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels)
- {

-     uint usedBytes;

- 

--    assert(numChannels > 0);

-+    if (!verifyNumberOfChannels(numChannels)) return;

-+

-     usedBytes = channels * samplesInBuffer;

-     channels = (uint)numChannels;

-     samplesInBuffer = usedBytes / channels;

-diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp
-index 8b66be3..d115a4c 100644
---- a/source/SoundTouch/RateTransposer.cpp
-+++ b/source/SoundTouch/RateTransposer.cpp
-@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples)
- // Sets the number of channels, 1 = mono, 2 = stereo

- void RateTransposer::setChannels(int nChannels)

- {

--    assert(nChannels > 0);

-+    if (!verifyNumberOfChannels(nChannels) ||

-+        (pTransposer->numChannels == nChannels)) return;

- 

--    if (pTransposer->numChannels == nChannels) return;

-     pTransposer->setChannels(nChannels);

--

-     inputBuffer.setChannels(nChannels);

-     midBuffer.setChannels(nChannels);

-     outputBuffer.setChannels(nChannels);

-diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp
-index 7b6756b..06bdd56 100644
---- a/source/SoundTouch/SoundTouch.cpp
-+++ b/source/SoundTouch/SoundTouch.cpp
-@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId()
- // Sets the number of channels, 1 = mono, 2 = stereo

- void SoundTouch::setChannels(uint numChannels)

- {

--    /*if (numChannels != 1 && numChannels != 2) 

--    {

--        //ST_THROW_RT_ERROR("Illegal number of channels");

--        return;

--    }*/

-+    if (!verifyNumberOfChannels(numChannels)) return;

-+

-     channels = numChannels;

-     pRateTransposer->setChannels((int)numChannels);

-     pTDStretch->setChannels((int)numChannels);

- }

- 

- 

--

- // Sets new rate control value. Normal rate = 1.0, smaller values

- // represent slower rate, larger faster rates.

- void SoundTouch::setRate(double newRate)

-diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp
-index 149cdb9..be2dc88 100644
---- a/source/SoundTouch/TDStretch.cpp
-+++ b/source/SoundTouch/TDStretch.cpp
-@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo)
- // Sets the number of channels, 1 = mono, 2 = stereo

- void TDStretch::setChannels(int numChannels)

- {

--    assert(numChannels > 0);

--    if (channels == numChannels) return;

--//    assert(numChannels == 1 || numChannels == 2);

-+    if (!verifyNumberOfChannels(numChannels) ||

-+        (channels == numChannels)) return;

- 

-     channels = numChannels;

-     inputBuffer.setChannels(channels);

--- 
-2.18.0
-