From: Andreas Sturmlechner Date: Wed, 22 Aug 2018 16:54:40 +0000 (+0200) Subject: media-libs/libsoundtouch: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=be07790f921931e836b513eed0f298aa3be0934f;p=gentoo.git media-libs/libsoundtouch: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 Bug: https://bugs.gentoo.org/626508 Package-Manager: Portage-2.3.48, Repoman-2.3.10 --- diff --git a/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch b/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch new file mode 100644 index 000000000000..0e475a3e44e6 --- /dev/null +++ b/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch @@ -0,0 +1,36 @@ +Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 + Based on an upstream commit, original commit message was: "Added sanity + checks against illegal input audio stream parameters e.g. wildly excessive + samplerate". + . + There is no reference to CVEs or bugs, the commit was made after disclosure + of the CVEs and all three proofs of concept (crafted wav files) fail after + this commit. + . + The commit was made after version 2.0.0, so that version is also vulnerable. + . + Unrelated changes were stripped away by patch author, upstream commit author + is Olli Parviainen . +Author: Gabor Karsay +Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/source/SoundTouch/TDStretch.cpp ++++ b/source/SoundTouch/TDStretch.cpp +@@ -128,7 +128,12 @@ + int aSeekWindowMS, int aOverlapMS) + { + // accept only positive parameter values - if zero or negative, use old values instead +- if (aSampleRate > 0) this->sampleRate = aSampleRate; ++ if (aSampleRate > 0) ++ { ++ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate"); ++ this->sampleRate = aSampleRate; ++ } ++ + if (aOverlapMS > 0) this->overlapMs = aOverlapMS; + + if (aSequenceMS > 0) diff --git a/media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild b/media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild new file mode 100644 index 000000000000..5bbc35f45e01 --- /dev/null +++ b/media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +MY_PN="${PN/lib}" +inherit autotools flag-o-matic multilib-minimal + +DESCRIPTION="Audio processing library for changing tempo, pitch and playback rates" +HOMEPAGE="https://www.surina.net/soundtouch/" +SRC_URI="https://www.surina.net/soundtouch/${P/lib}.tar.gz" + +LICENSE="LGPL-2.1" +# subslot = libSoundTouch.so soname +SLOT="0/1" +KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris" +IUSE="cpu_flags_x86_sse openmp static-libs" + +DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]" + +S="${WORKDIR}/${MY_PN}" + +PATCHES=( "${FILESDIR}/${P}-CVE-2017-92xx.patch" ) + +src_prepare() { + default + if use openmp ; then + tc-has-openmp || die "Please switch to an openmp compatible compiler" + fi + sed -i "s:^\(dist_doc_DATA=\)COPYING.TXT :\1:" Makefile.am || die + sed -i 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' configure.ac || die + eautoreconf +} + +multilib_src_configure() { + local myeconfargs=( + --enable-shared + --disable-integer-samples + $(use_enable cpu_flags_x86_sse x86-optimizations) + $(use_enable openmp) + $(use_enable static-libs static) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" +} + +multilib_src_install() { + emake DESTDIR="${D}" pkgdocdir="${EPREFIX}"/usr/share/doc/${PF}/html install +} + +multilib_src_install_all() { + find "${D}" -name '*.la' -delete || die +}