Skip to content

Commit

Permalink
media-libs/libsoundtouch: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-…
Browse files Browse the repository at this point in the history 
…9260

Bug: https://bugs.gentoo.org/626508
Package-Manager: Portage-2.3.48, Repoman-2.3.10
  • Loading branch information
@a17r
a17r committed Aug 22, 2018
1 parent f58c246 commit be07790
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 0 deletions.
36 changes: 36 additions & 0 deletions media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
Based on an upstream commit, original commit message was: "Added sanity
checks against illegal input audio stream parameters e.g. wildly excessive
samplerate".
.
There is no reference to CVEs or bugs, the commit was made after disclosure
of the CVEs and all three proofs of concept (crafted wav files) fail after
this commit.
.
The commit was made after version 2.0.0, so that version is also vulnerable.
.
Unrelated changes were stripped away by patch author, upstream commit author
is Olli Parviainen <[email protected]>.
Author: Gabor Karsay <[email protected]>
Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/source/SoundTouch/TDStretch.cpp
+++ b/source/SoundTouch/TDStretch.cpp
@@ -128,7 +128,12 @@
int aSeekWindowMS, int aOverlapMS)
{
// accept only positive parameter values - if zero or negative, use old values instead
- if (aSampleRate > 0) this->sampleRate = aSampleRate;
+ if (aSampleRate > 0)
+ {
+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
+ this->sampleRate = aSampleRate;
+ }
+
if (aOverlapMS > 0) this->overlapMs = aOverlapMS;

if (aSequenceMS > 0)
56 changes: 56 additions & 0 deletions media-libs/libsoundtouch/libsoundtouch-2.0.0-r1.ebuild
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

EAPI=6

MY_PN="${PN/lib}"
inherit autotools flag-o-matic multilib-minimal

DESCRIPTION="Audio processing library for changing tempo, pitch and playback rates"
HOMEPAGE="https://www.surina.net/soundtouch/"
SRC_URI="https://www.surina.net/soundtouch/${P/lib}.tar.gz"

LICENSE="LGPL-2.1"
# subslot = libSoundTouch.so soname
SLOT="0/1"
KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris"
IUSE="cpu_flags_x86_sse openmp static-libs"

DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"

S="${WORKDIR}/${MY_PN}"

PATCHES=( "${FILESDIR}/${P}-CVE-2017-92xx.patch" )

src_prepare() {
default
if use openmp ; then
tc-has-openmp || die "Please switch to an openmp compatible compiler"
fi
sed -i "s:^\(dist_doc_DATA=\)COPYING.TXT :\1:" Makefile.am || die
sed -i 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' configure.ac || die
eautoreconf
}

multilib_src_configure() {
local myeconfargs=(
--enable-shared
--disable-integer-samples
$(use_enable cpu_flags_x86_sse x86-optimizations)
$(use_enable openmp)
$(use_enable static-libs static)
)
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}

multilib_src_compile() {
emake CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}"
}

multilib_src_install() {
emake DESTDIR="${D}" pkgdocdir="${EPREFIX}"/usr/share/doc/${PF}/html install
}

multilib_src_install_all() {
find "${D}" -name '*.la' -delete || die
}

0 comments on commit be07790

Please sign in to comment.