gentoo resync : 04.05.2019

1 files changed, 0 insertions, 36 deletions

diff --git a/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch b/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch
deleted file mode 100644
index 0e475a3e44e6..000000000000
--- a/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260

- Based on an upstream commit, original commit message was: "Added sanity

- checks against illegal input audio stream parameters e.g. wildly excessive

- samplerate".

- . 

- There is no reference to CVEs or bugs, the commit was made after disclosure

- of the CVEs and all three proofs of concept (crafted wav files) fail after

- this commit.

- . 

- The commit was made after version 2.0.0, so that version is also vulnerable.

- .

- Unrelated changes were stripped away by patch author, upstream commit author

- is Olli Parviainen <oparviai@iki.fi>.

-Author: Gabor Karsay <gabor.karsay@gmx.at>

-Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/

-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854

-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856

-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857

----

-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/

---- a/source/SoundTouch/TDStretch.cpp
-+++ b/source/SoundTouch/TDStretch.cpp
-@@ -128,7 +128,12 @@
-                               int aSeekWindowMS, int aOverlapMS)

- {

-     // accept only positive parameter values - if zero or negative, use old values instead

--    if (aSampleRate > 0)   this->sampleRate = aSampleRate;

-+    if (aSampleRate > 0)

-+    {

-+        if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");

-+        this->sampleRate = aSampleRate;

-+    }

-+

-     if (aOverlapMS > 0)    this->overlapMs = aOverlapMS;

- 

-     if (aSequenceMS > 0)