Accepting request 645209 from home:mcalabkova:branches:multimedia:libs

- Update to version 2.1.0
  * Disable anti-alias filter when switch 
    SOUNDTOUCH_PREVENT_CLICK_AT_RATE_CROSSOVER defined
  * Added script for building SoundTouchDll dynamic-link-library for 
    GNU platforms
  * Rewrote Beats-per-Minute analysis algorithm for more reliable 
    BPM detection
  * Added BPM functions to SoundTouchDll API
  * Migrated Visual Studio project files to MSVC 201x format
  * Replaced function parameter value asserts with runtime exceptions
- Fixed bugs:
  * CVE-2018-17098 (bsc#1108632) -- remote denial of service
  * CVE-2018-17097 (bsc#1108631) -- remote denial of service (double free)
  * CVE-2018-17096 (bsc#1108630) -- remote denial of service 
    in BPMDetect.cpp
  * boo#1113134 -- out of date package
- Removed obsolete patch fix-buffer-overflow.patch

OBS-URL: https://build.opensuse.org/request/show/645209
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/soundtouch?expand=0&rev=30

fix-buffer-overflow.patch

@@ -1,44 +0,0 @@
-	
-Index: soundtouch/source/SoundStretch/WavFile.cpp
-===================================================================
---- soundtouch.orig/source/SoundStretch/WavFile.cpp
-+++ soundtouch/source/SoundStretch/WavFile.cpp
-@@ -528,12 +528,16 @@ int WavInFile::readHeaderBlock()
-         // read length of the format field
-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
-         // swap byte order if necessary
--        _swap32(nLen); // int format_len;
--        header.format.format_len = nLen;
-+        _swap32(nLen);
- 
--        // calculate how much length differs from expected
-+        // calculate how much length differs from expected 
-         nDump = nLen - ((int)sizeof(header.format) - 8);
- 
-+        // verify that header length isn't smaller than expected structure
-+        if ((nLen < 0) || (nDump < 0)) return -1;
-+
-+        header.format.format_len = nLen;
-+
-         // if format_len is larger than expected, read only as much data as we've space for
-         if (nDump > 0)
-         {
-@@ -569,12 +573,16 @@ int WavInFile::readHeaderBlock()
-         // read length of the fact field
-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
-         // swap byte order if necessary
--        _swap32(nLen); // int fact_len;
--        header.fact.fact_len = nLen;
-+        _swap32(nLen);
- 
-         // calculate how much length differs from expected
-         nDump = nLen - ((int)sizeof(header.fact) - 8);
- 
-+        // verify that fact length isn't smaller than expected structure
-+        if ((nLen < 0) || (nDump < 0)) return -1;
-+
-+        header.fact.fact_len = nLen;
-+
-         // if format_len is larger than expected, read only as much data as we've space for
-         if (nDump > 0)
-         {

soundtouch-2.0.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d224f7d1421b5f8e74a74c85741345bd9802618a40ae30ce5b427a5705c89d25
-size 455148

soundtouch-2.1.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:454712b08bf758f6a4c0df8821350c323e5b274443a20e21d193d17c5dc3d0d5
+size 458371

soundtouch.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon Oct 29 09:31:51 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>
+
+- Update to version 2.1.0
+  * Disable anti-alias filter when switch 
+    SOUNDTOUCH_PREVENT_CLICK_AT_RATE_CROSSOVER defined
+  * Added script for building SoundTouchDll dynamic-link-library for 
+    GNU platforms
+  * Rewrote Beats-per-Minute analysis algorithm for more reliable 
+    BPM detection
+  * Added BPM functions to SoundTouchDll API
+  * Migrated Visual Studio project files to MSVC 201x format
+  * Replaced function parameter value asserts with runtime exceptions
+- Fixed bugs:
+  * CVE-2018-17098 (bsc#1108632) -- remote denial of service
+  * CVE-2018-17097 (bsc#1108631) -- remote denial of service (double free)
+  * CVE-2018-17096 (bsc#1108630) -- remote denial of service 
+    in BPMDetect.cpp
+  * boo#1113134 -- out of date package
+- Removed obsolete patch fix-buffer-overflow.patch
+
 -------------------------------------------------------------------
 Thu Sep  6 12:29:20 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>
 

soundtouch.spec

@@ -12,19 +12,19 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %define sover 1
 Name:           soundtouch
-Version:        2.0.0
+Version:        2.1.0
 Release:        0
 Summary:        Audio Processing Library
 License:        LGPL-2.1-or-later
 Group:          Productivity/Multimedia/Sound/Editors and Convertors
 Url:            https://www.surina.net/soundtouch
-Source:         https://www.surina.net/soundtouch/%{name}-%{version}.tar.gz
+Source:         https://gitlab.com/soundtouch/soundtouch/-/archive/%{version}/%{name}-%{version}.tar.gz
 Source1:        https://salsa.debian.org/multimedia-team/soundtouch/raw/master/debian/soundstretch.1
 Source99:       baselibs.conf
 BuildRequires:  autoconf
@@ -32,7 +32,6 @@ BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
-Patch0:         fix-buffer-overflow.patch	
 
 %description
 SoundTouch is a C++ audio processing library that allows
@@ -70,11 +69,10 @@ This subpackage contains the header files for building programs with
 SoundTouch.
 
 %prep
-%setup -q -n %{name}
+%setup -q -n %{name}-%{version}
 tr -d '\r' <README.html >README.html~
 touch -r README.html README.html~
 mv README.html~ README.html
-%patch0 -p1
 
 %build
 ./bootstrap