Accepting request 645209 from home:mcalabkova:branches:multimedia:libs

- Update to version 2.1.0
  * Disable anti-alias filter when switch 
    SOUNDTOUCH_PREVENT_CLICK_AT_RATE_CROSSOVER defined
  * Added script for building SoundTouchDll dynamic-link-library for 
    GNU platforms
  * Rewrote Beats-per-Minute analysis algorithm for more reliable 
    BPM detection
  * Added BPM functions to SoundTouchDll API
  * Migrated Visual Studio project files to MSVC 201x format
  * Replaced function parameter value asserts with runtime exceptions
- Fixed bugs:
  * CVE-2018-17098 (bsc#1108632) -- remote denial of service
  * CVE-2018-17097 (bsc#1108631) -- remote denial of service (double free)
  * CVE-2018-17096 (bsc#1108630) -- remote denial of service 
    in BPMDetect.cpp
  * boo#1113134 -- out of date package
- Removed obsolete patch fix-buffer-overflow.patch

OBS-URL: https://build.opensuse.org/request/show/645209
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/soundtouch?expand=0&rev=30
This commit is contained in:
Ismail Dönmez 2018-10-29 10:18:50 +00:00 committed by Git OBS Bridge
parent f4cb7977c0
commit 14b9a5af95
5 changed files with 28 additions and 53 deletions

View File

@ -1,44 +0,0 @@
Index: soundtouch/source/SoundStretch/WavFile.cpp
===================================================================
--- soundtouch.orig/source/SoundStretch/WavFile.cpp
+++ soundtouch/source/SoundStretch/WavFile.cpp
@@ -528,12 +528,16 @@ int WavInFile::readHeaderBlock()
// read length of the format field
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
// swap byte order if necessary
- _swap32(nLen); // int format_len;
- header.format.format_len = nLen;
+ _swap32(nLen);
- // calculate how much length differs from expected
+ // calculate how much length differs from expected
nDump = nLen - ((int)sizeof(header.format) - 8);
+ // verify that header length isn't smaller than expected structure
+ if ((nLen < 0) || (nDump < 0)) return -1;
+
+ header.format.format_len = nLen;
+
// if format_len is larger than expected, read only as much data as we've space for
if (nDump > 0)
{
@@ -569,12 +573,16 @@ int WavInFile::readHeaderBlock()
// read length of the fact field
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
// swap byte order if necessary
- _swap32(nLen); // int fact_len;
- header.fact.fact_len = nLen;
+ _swap32(nLen);
// calculate how much length differs from expected
nDump = nLen - ((int)sizeof(header.fact) - 8);
+ // verify that fact length isn't smaller than expected structure
+ if ((nLen < 0) || (nDump < 0)) return -1;
+
+ header.fact.fact_len = nLen;
+
// if format_len is larger than expected, read only as much data as we've space for
if (nDump > 0)
{

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d224f7d1421b5f8e74a74c85741345bd9802618a40ae30ce5b427a5705c89d25
size 455148

3
soundtouch-2.1.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:454712b08bf758f6a4c0df8821350c323e5b274443a20e21d193d17c5dc3d0d5
size 458371

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Mon Oct 29 09:31:51 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>
- Update to version 2.1.0
* Disable anti-alias filter when switch
SOUNDTOUCH_PREVENT_CLICK_AT_RATE_CROSSOVER defined
* Added script for building SoundTouchDll dynamic-link-library for
GNU platforms
* Rewrote Beats-per-Minute analysis algorithm for more reliable
BPM detection
* Added BPM functions to SoundTouchDll API
* Migrated Visual Studio project files to MSVC 201x format
* Replaced function parameter value asserts with runtime exceptions
- Fixed bugs:
* CVE-2018-17098 (bsc#1108632) -- remote denial of service
* CVE-2018-17097 (bsc#1108631) -- remote denial of service (double free)
* CVE-2018-17096 (bsc#1108630) -- remote denial of service
in BPMDetect.cpp
* boo#1113134 -- out of date package
- Removed obsolete patch fix-buffer-overflow.patch
-------------------------------------------------------------------
Thu Sep 6 12:29:20 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>

View File

@ -12,19 +12,19 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define sover 1
Name: soundtouch
Version: 2.0.0
Version: 2.1.0
Release: 0
Summary: Audio Processing Library
License: LGPL-2.1-or-later
Group: Productivity/Multimedia/Sound/Editors and Convertors
Url: https://www.surina.net/soundtouch
Source: https://www.surina.net/soundtouch/%{name}-%{version}.tar.gz
Source: https://gitlab.com/soundtouch/soundtouch/-/archive/%{version}/%{name}-%{version}.tar.gz
Source1: https://salsa.debian.org/multimedia-team/soundtouch/raw/master/debian/soundstretch.1
Source99: baselibs.conf
BuildRequires: autoconf
@ -32,7 +32,6 @@ BuildRequires: automake
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: pkgconfig
Patch0: fix-buffer-overflow.patch
%description
SoundTouch is a C++ audio processing library that allows
@ -70,11 +69,10 @@ This subpackage contains the header files for building programs with
SoundTouch.
%prep
%setup -q -n %{name}
%setup -q -n %{name}-%{version}
tr -d '\r' <README.html >README.html~
touch -r README.html README.html~
mv README.html~ README.html
%patch0 -p1
%build
./bootstrap