Commit edfe8b82 authored by Natanael Copa's avatar Natanael Copa

community/soundtouch: security upgrade to 2.1.2

CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in
BPMDetect.cpp
CVE-2018-17097 soundtouch: Double free in WavFileBase class in
WavFile.cpp
CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in
WavFile.cpp

fixes #9881
parent 8b809c16
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=soundtouch
pkgver=2.0.0
pkgver=2.1.2
pkgrel=0
pkgdesc="Audio Processing library for changing Tempo, Pitch and Playback Rates"
url="http://www.surina.net/soundtouch/"
......@@ -11,8 +11,14 @@ depends_dev=""
makedepends="$depends_dev autoconf automake libtool"
install=""
subpackages="$pkgname-dev $pkgname-doc"
source="http://www.surina.net/$pkgname/$pkgname-$pkgver.tar.gz"
builddir="$srcdir"/soundtouch
source="https://gitlab.com/soundtouch/soundtouch/-/archive/$pkgver/soundtouch-$pkgver.tar.bz2"
builddir="$srcdir"/soundtouch-$pkgver
# secfixes:
# 2.1.2-r0:
# - CVE-2018-17096
# - CVE-2018-17097
# - CVE-2018-17098
prepare() {
default_prepare
......@@ -41,4 +47,4 @@ package() {
rm -rf "$pkgdir"/usr/doc
}
sha512sums="c916bdd2cb3d7547f264b1caf09b739b48a161c8c6288c3893fc97379546ed6b41dafaf603b583fbf64ae91270fdeb90811e5b0df0e9c051dc9f6ddca4d319f9 soundtouch-2.0.0.tar.gz"
sha512sums="d45cb0f94e3df32e9c76722a148f201277b2ddc3e390394c1f4ae1263f13557c6b664e90301b5f62d7561d743ab4903a44a34ab7248880b343d581cebd5f0cd9 soundtouch-2.1.2.tar.bz2"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment