mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 05:48:07 -05:00
gnu: soundtouch: Fix CVE-2018-{1000223,14044,14045}.
* gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch, gnu/packages/patches/soundtouch-CVE-2018-1000223.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/audio.scm (soundtouch)[source]: Use them.
This commit is contained in:
parent
eb88ccf711
commit
373a9fd4db
4 changed files with 285 additions and 0 deletions
|
@ -1139,6 +1139,8 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/slim-reset.patch \
|
%D%/packages/patches/slim-reset.patch \
|
||||||
%D%/packages/patches/slim-login.patch \
|
%D%/packages/patches/slim-login.patch \
|
||||||
%D%/packages/patches/sooperlooper-build-with-wx-30.patch \
|
%D%/packages/patches/sooperlooper-build-with-wx-30.patch \
|
||||||
|
%D%/packages/patches/soundtouch-CVE-2018-14044-14045.patch \
|
||||||
|
%D%/packages/patches/soundtouch-CVE-2018-1000223.patch \
|
||||||
%D%/packages/patches/steghide-fixes.patch \
|
%D%/packages/patches/steghide-fixes.patch \
|
||||||
%D%/packages/patches/superlu-dist-scotchmetis.patch \
|
%D%/packages/patches/superlu-dist-scotchmetis.patch \
|
||||||
%D%/packages/patches/swish-e-search.patch \
|
%D%/packages/patches/swish-e-search.patch \
|
||||||
|
|
|
@ -2589,6 +2589,8 @@ (define-public soundtouch
|
||||||
(uri
|
(uri
|
||||||
(string-append
|
(string-append
|
||||||
"http://www.surina.net/soundtouch/soundtouch-" version ".tar.gz"))
|
"http://www.surina.net/soundtouch/soundtouch-" version ".tar.gz"))
|
||||||
|
(patches (search-patches "soundtouch-CVE-2018-14044-14045.patch"
|
||||||
|
"soundtouch-CVE-2018-1000223.patch"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"09cxr02mfyj2bg731bj0i9hh565x8l9p91aclxs8wpqv8b8zf96j"))))
|
"09cxr02mfyj2bg731bj0i9hh565x8l9p91aclxs8wpqv8b8zf96j"))))
|
||||||
|
|
143
gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
Normal file
143
gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
Normal file
|
@ -0,0 +1,143 @@
|
||||||
|
Fix CVE-2018-1000223:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223
|
||||||
|
https://gitlab.com/soundtouch/soundtouch/issues/6
|
||||||
|
|
||||||
|
Patches copied from upstream source repository:
|
||||||
|
|
||||||
|
https://gitlab.com/soundtouch/soundtouch/commit/9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e
|
||||||
|
https://gitlab.com/soundtouch/soundtouch/commit/e0240689056e4182fffdc2a16aa6e3425a15e275
|
||||||
|
https://gitlab.com/soundtouch/soundtouch/commit/46531e5b92dd80dd9a7947463d6224fc7cb21967
|
||||||
|
|
||||||
|
From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001
|
||||||
|
From: oparviainen <oparviai@iki.fi>
|
||||||
|
Date: Sun, 12 Aug 2018 20:24:37 +0300
|
||||||
|
Subject: [PATCH] Added minimum size check for WAV header block lengh values
|
||||||
|
|
||||||
|
---
|
||||||
|
source/SoundStretch/WavFile.cpp | 10 +++++++++-
|
||||||
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
|
||||||
|
index 7e7ade2..68818c9 100644
|
||||||
|
--- a/source/SoundStretch/WavFile.cpp
|
||||||
|
+++ b/source/SoundStretch/WavFile.cpp
|
||||||
|
@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock()
|
||||||
|
// read length of the format field
|
||||||
|
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
|
||||||
|
// swap byte order if necessary
|
||||||
|
- _swap32(nLen); // int format_len;
|
||||||
|
+ _swap32(nLen);
|
||||||
|
+
|
||||||
|
+ // verify that header length isn't smaller than expected
|
||||||
|
+ if (nLen < sizeof(header.format) - 8) return -1;
|
||||||
|
+
|
||||||
|
header.format.format_len = nLen;
|
||||||
|
|
||||||
|
// calculate how much length differs from expected
|
||||||
|
@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock()
|
||||||
|
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
|
||||||
|
// swap byte order if necessary
|
||||||
|
_swap32(nLen); // int fact_len;
|
||||||
|
+
|
||||||
|
+ // verify that fact length isn't smaller than expected
|
||||||
|
+ if (nLen < sizeof(header.fact) - 8) return -1;
|
||||||
|
+
|
||||||
|
header.fact.fact_len = nLen;
|
||||||
|
|
||||||
|
// calculate how much length differs from expected
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
||||||
|
From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001
|
||||||
|
From: oparviainen <oparviai@iki.fi>
|
||||||
|
Date: Mon, 13 Aug 2018 19:16:16 +0300
|
||||||
|
Subject: [PATCH] Fixed WavFile header/fact not-too-small check
|
||||||
|
|
||||||
|
---
|
||||||
|
source/SoundStretch/WavFile.cpp | 22 +++++++++++-----------
|
||||||
|
1 file changed, 11 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
|
||||||
|
index 4af7a4c..3421bca 100644
|
||||||
|
--- a/source/SoundStretch/WavFile.cpp
|
||||||
|
+++ b/source/SoundStretch/WavFile.cpp
|
||||||
|
@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock()
|
||||||
|
// swap byte order if necessary
|
||||||
|
_swap32(nLen);
|
||||||
|
|
||||||
|
- // verify that header length isn't smaller than expected
|
||||||
|
- if (nLen < sizeof(header.format) - 8) return -1;
|
||||||
|
+ // calculate how much length differs from expected
|
||||||
|
+ nDump = nLen - ((int)sizeof(header.format) - 8);
|
||||||
|
|
||||||
|
- header.format.format_len = nLen;
|
||||||
|
+ // verify that header length isn't smaller than expected structure
|
||||||
|
+ if (nDump < 0) return -1;
|
||||||
|
|
||||||
|
- // calculate how much length differs from expected
|
||||||
|
- nDump = nLen - ((int)sizeof(header.format) - 8);
|
||||||
|
+ header.format.format_len = nLen;
|
||||||
|
|
||||||
|
// if format_len is larger than expected, read only as much data as we've space for
|
||||||
|
if (nDump > 0)
|
||||||
|
@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock()
|
||||||
|
// read length of the fact field
|
||||||
|
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
|
||||||
|
// swap byte order if necessary
|
||||||
|
- _swap32(nLen); // int fact_len;
|
||||||
|
-
|
||||||
|
- // verify that fact length isn't smaller than expected
|
||||||
|
- if (nLen < sizeof(header.fact) - 8) return -1;
|
||||||
|
-
|
||||||
|
- header.fact.fact_len = nLen;
|
||||||
|
+ _swap32(nLen);
|
||||||
|
|
||||||
|
// calculate how much length differs from expected
|
||||||
|
nDump = nLen - ((int)sizeof(header.fact) - 8);
|
||||||
|
|
||||||
|
+ // verify that fact length isn't smaller than expected structure
|
||||||
|
+ if (nDump < 0) return -1;
|
||||||
|
+
|
||||||
|
+ header.fact.fact_len = nLen;
|
||||||
|
+
|
||||||
|
// if format_len is larger than expected, read only as much data as we've space for
|
||||||
|
if (nDump > 0)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
||||||
|
From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001
|
||||||
|
From: olli <oparviai@iki.fi>
|
||||||
|
Date: Mon, 13 Aug 2018 19:42:58 +0300
|
||||||
|
Subject: [PATCH] Improved WavFile header/fact not-too-small check
|
||||||
|
|
||||||
|
---
|
||||||
|
source/SoundStretch/WavFile.cpp | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
|
||||||
|
index 3421bca..9d90b8a 100644
|
||||||
|
--- a/source/SoundStretch/WavFile.cpp
|
||||||
|
+++ b/source/SoundStretch/WavFile.cpp
|
||||||
|
@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock()
|
||||||
|
nDump = nLen - ((int)sizeof(header.format) - 8);
|
||||||
|
|
||||||
|
// verify that header length isn't smaller than expected structure
|
||||||
|
- if (nDump < 0) return -1;
|
||||||
|
+ if ((nLen < 0) || (nDump < 0)) return -1;
|
||||||
|
|
||||||
|
header.format.format_len = nLen;
|
||||||
|
|
||||||
|
@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock()
|
||||||
|
nDump = nLen - ((int)sizeof(header.fact) - 8);
|
||||||
|
|
||||||
|
// verify that fact length isn't smaller than expected structure
|
||||||
|
- if (nDump < 0) return -1;
|
||||||
|
+ if ((nLen < 0) || (nDump < 0)) return -1;
|
||||||
|
|
||||||
|
header.fact.fact_len = nLen;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
138
gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
Normal file
138
gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
Normal file
|
@ -0,0 +1,138 @@
|
||||||
|
Fix CVE-2018-14044 and CVE-2018-14045:
|
||||||
|
|
||||||
|
https://gitlab.com/soundtouch/soundtouch/issues/7
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260
|
||||||
|
|
||||||
|
From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001
|
||||||
|
From: oparviainen <oparviai@iki.fi>
|
||||||
|
Date: Sun, 12 Aug 2018 20:00:56 +0300
|
||||||
|
Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time
|
||||||
|
exception
|
||||||
|
|
||||||
|
---
|
||||||
|
include/FIFOSamplePipe.h | 12 ++++++++++++
|
||||||
|
include/STTypes.h | 3 +++
|
||||||
|
source/SoundTouch/FIFOSampleBuffer.cpp | 3 ++-
|
||||||
|
source/SoundTouch/RateTransposer.cpp | 5 ++---
|
||||||
|
source/SoundTouch/SoundTouch.cpp | 8 ++------
|
||||||
|
source/SoundTouch/TDStretch.cpp | 5 ++---
|
||||||
|
6 files changed, 23 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h
|
||||||
|
index 4ec9275..b08f836 100644
|
||||||
|
--- a/include/FIFOSamplePipe.h
|
||||||
|
+++ b/include/FIFOSamplePipe.h
|
||||||
|
@@ -51,6 +51,18 @@ namespace soundtouch
|
||||||
|
/// Abstract base class for FIFO (first-in-first-out) sample processing classes.
|
||||||
|
class FIFOSamplePipe
|
||||||
|
{
|
||||||
|
+protected:
|
||||||
|
+
|
||||||
|
+ bool verifyNumberOfChannels(int nChannels) const
|
||||||
|
+ {
|
||||||
|
+ if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))
|
||||||
|
+ {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+ ST_THROW_RT_ERROR("Error: Illegal number of channels");
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
public:
|
||||||
|
// virtual default destructor
|
||||||
|
virtual ~FIFOSamplePipe() {}
|
||||||
|
diff --git a/include/STTypes.h b/include/STTypes.h
|
||||||
|
index 03e7e07..862505e 100644
|
||||||
|
--- a/include/STTypes.h
|
||||||
|
+++ b/include/STTypes.h
|
||||||
|
@@ -56,6 +56,9 @@ typedef unsigned long ulong;
|
||||||
|
|
||||||
|
namespace soundtouch
|
||||||
|
{
|
||||||
|
+ /// Max allowed number of channels
|
||||||
|
+ #define SOUNDTOUCH_MAX_CHANNELS 16
|
||||||
|
+
|
||||||
|
/// Activate these undef's to overrule the possible sampletype
|
||||||
|
/// setting inherited from some other header file:
|
||||||
|
//#undef SOUNDTOUCH_INTEGER_SAMPLES
|
||||||
|
diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp
|
||||||
|
index f0d5e42..706e869 100644
|
||||||
|
--- a/source/SoundTouch/FIFOSampleBuffer.cpp
|
||||||
|
+++ b/source/SoundTouch/FIFOSampleBuffer.cpp
|
||||||
|
@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels)
|
||||||
|
{
|
||||||
|
uint usedBytes;
|
||||||
|
|
||||||
|
- assert(numChannels > 0);
|
||||||
|
+ if (!verifyNumberOfChannels(numChannels)) return;
|
||||||
|
+
|
||||||
|
usedBytes = channels * samplesInBuffer;
|
||||||
|
channels = (uint)numChannels;
|
||||||
|
samplesInBuffer = usedBytes / channels;
|
||||||
|
diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp
|
||||||
|
index 8b66be3..d115a4c 100644
|
||||||
|
--- a/source/SoundTouch/RateTransposer.cpp
|
||||||
|
+++ b/source/SoundTouch/RateTransposer.cpp
|
||||||
|
@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples)
|
||||||
|
// Sets the number of channels, 1 = mono, 2 = stereo
|
||||||
|
void RateTransposer::setChannels(int nChannels)
|
||||||
|
{
|
||||||
|
- assert(nChannels > 0);
|
||||||
|
+ if (!verifyNumberOfChannels(nChannels) ||
|
||||||
|
+ (pTransposer->numChannels == nChannels)) return;
|
||||||
|
|
||||||
|
- if (pTransposer->numChannels == nChannels) return;
|
||||||
|
pTransposer->setChannels(nChannels);
|
||||||
|
-
|
||||||
|
inputBuffer.setChannels(nChannels);
|
||||||
|
midBuffer.setChannels(nChannels);
|
||||||
|
outputBuffer.setChannels(nChannels);
|
||||||
|
diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp
|
||||||
|
index 7b6756b..06bdd56 100644
|
||||||
|
--- a/source/SoundTouch/SoundTouch.cpp
|
||||||
|
+++ b/source/SoundTouch/SoundTouch.cpp
|
||||||
|
@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId()
|
||||||
|
// Sets the number of channels, 1 = mono, 2 = stereo
|
||||||
|
void SoundTouch::setChannels(uint numChannels)
|
||||||
|
{
|
||||||
|
- /*if (numChannels != 1 && numChannels != 2)
|
||||||
|
- {
|
||||||
|
- //ST_THROW_RT_ERROR("Illegal number of channels");
|
||||||
|
- return;
|
||||||
|
- }*/
|
||||||
|
+ if (!verifyNumberOfChannels(numChannels)) return;
|
||||||
|
+
|
||||||
|
channels = numChannels;
|
||||||
|
pRateTransposer->setChannels((int)numChannels);
|
||||||
|
pTDStretch->setChannels((int)numChannels);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-
|
||||||
|
// Sets new rate control value. Normal rate = 1.0, smaller values
|
||||||
|
// represent slower rate, larger faster rates.
|
||||||
|
void SoundTouch::setRate(double newRate)
|
||||||
|
diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp
|
||||||
|
index 149cdb9..be2dc88 100644
|
||||||
|
--- a/source/SoundTouch/TDStretch.cpp
|
||||||
|
+++ b/source/SoundTouch/TDStretch.cpp
|
||||||
|
@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo)
|
||||||
|
// Sets the number of channels, 1 = mono, 2 = stereo
|
||||||
|
void TDStretch::setChannels(int numChannels)
|
||||||
|
{
|
||||||
|
- assert(numChannels > 0);
|
||||||
|
- if (channels == numChannels) return;
|
||||||
|
-// assert(numChannels == 1 || numChannels == 2);
|
||||||
|
+ if (!verifyNumberOfChannels(numChannels) ||
|
||||||
|
+ (channels == numChannels)) return;
|
||||||
|
|
||||||
|
channels = numChannels;
|
||||||
|
inputBuffer.setChannels(channels);
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
Loading…
Reference in a new issue