From 3cd959a4293b991bf74e5c5aa45a5dd6b3e0d378 Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Mon, 3 Apr 2017 10:59:16 +0200 Subject: gnu: libsndfile: Update to 1.0.28. * gnu/packages/pulseaudio.scm (libsndfile): Update to 1.0.28. --- gnu/packages/pulseaudio.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index a12f8d8494..16c77f1f28 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus +;;; Copyright © 2017 Thomas Danckaert ;;; ;;; This file is part of GNU Guix. ;;; @@ -42,14 +43,14 @@ (define-module (gnu packages pulseaudio) (define-public libsndfile (package (name "libsndfile") - (version "1.0.27") + (version "1.0.28") (source (origin (method url-fetch) (uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-" version ".tar.gz")) (sha256 (base32 - "1h7s61nhf7vklh9sdsbbqzb6x287q4x4j1jc5gmjragl4wprb4d3")))) + "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz")))) (build-system gnu-build-system) (inputs `(("libvorbis" ,libvorbis) -- cgit v1.2.3 From e1f68c96685fd607fcf00f08edd2f9cdfafabe2e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 12 Apr 2017 17:34:09 +0200 Subject: gnu: libsamplerate: Update to 0.1.9. * gnu/packages/pulseaudio.scm (libsamplerate): Update to 0.1.9. --- gnu/packages/pulseaudio.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index 16c77f1f28..578a2a31ff 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -76,14 +76,14 @@ (define-public libsndfile (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) - (version "0.1.8") + (version "0.1.9") (source (origin (method url-fetch) (uri (string-append "http://www.mega-nerd.com/SRC/libsamplerate-" version ".tar.gz")) (sha256 (base32 - "01hw5xjbjavh412y63brcslj5hi9wdgkjd3h9csx5rnm8vglpdck")))) + "1ha46i0nbibq0pl0pjwcqiyny4hj8lp1bnl4dpxm64zjw9lb2zha")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit v1.2.3 From efc95e7bc6bfd97425b9f2fdb5eebac6b99aac6b Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 12 Apr 2017 22:28:09 -0400 Subject: gnu: libsamplerate: Update to 0.1.9 [fixes CVE-2017-7697]. * gnu/packages/pulseaudio.scm (libsamplerate)[replacement]: New field. (libsamplerate-0.1.9): New variable. --- gnu/packages/pulseaudio.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index a12f8d8494..e306bdf3ad 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus +;;; Copyright © 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -75,6 +76,7 @@ (define-public libsndfile (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) + (replacement libsamplerate-0.1.9) (version "0.1.8") (source (origin (method url-fetch) @@ -110,6 +112,19 @@ (define-public libsamplerate rates.") (license l:gpl2+))) +(define libsamplerate-0.1.9 + (package + (inherit libsamplerate) + (version "0.1.9") + (source + (origin + (method url-fetch) + (uri (string-append "http://www.mega-nerd.com/SRC/libsamplerate-" + version ".tar.gz")) + (sha256 + (base32 + "1ha46i0nbibq0pl0pjwcqiyny4hj8lp1bnl4dpxm64zjw9lb2zha")))))) + (define-public pulseaudio (package (name "pulseaudio") -- cgit v1.2.3 From 2e3744730777dc4e988675be369692d2be6fa1e2 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 12 Apr 2017 22:37:23 -0400 Subject: gnu: libsndfile: Update to 1.0.28 [fixes CVE-2017-{7585,7586,7741,7742}]. * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field. (libsndfile-1.0.28): New variable. --- gnu/packages/pulseaudio.scm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index e306bdf3ad..71fcc3f827 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -43,6 +43,7 @@ (define-module (gnu packages pulseaudio) (define-public libsndfile (package (name "libsndfile") + (replacement libsndfile-1.0.28) (version "1.0.27") (source (origin (method url-fetch) @@ -73,6 +74,19 @@ (define-public libsndfile for reading and writing new sound file formats.") (license l:gpl2+))) +(define libsndfile-1.0.28 + (package + (inherit libsndfile) + (version "1.0.28") + (source + (origin + (method url-fetch) + (uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-" + version ".tar.gz")) + (sha256 + (base32 + "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz")))))) + (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) -- cgit v1.2.3 From 05bdb5e64dea826552510cfeba8c63bcf487dcad Mon Sep 17 00:00:00 2001 From: Stefan Reichoer Date: Mon, 17 Apr 2017 21:35:33 +0200 Subject: gnu: Add ponymix. * gnu/packages/pulseaudio.scm (ponymix): New variable. Signed-off-by: Leo Famulari --- gnu/packages/pulseaudio.scm | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index 71fcc3f827..d258c59fa5 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2017 Leo Famulari +;;; Copyright © 2017 Stefan Reichör ;;; ;;; This file is part of GNU Guix. ;;; @@ -247,3 +248,38 @@ (define-public pavucontrol graphical user interface to connect to a PulseAudio server and easily control the volume of all clients, sinks, etc.") (license l:gpl2+))) + +(define-public ponymix + (package + (name "ponymix") + (version "5") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/falconindy/ponymix/" + "archive/" version ".tar.gz")) + (sha256 + (base32 + "1c0ch98zry3c4ixywwynjid1n1nh4xl4l1p548giq2w3zwflaghn")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; There is no test suite. + #:make-flags (let ((out (assoc-ref %outputs "out"))) + (list (string-append "DESTDIR=" out))) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-paths + (lambda _ + (substitute* "Makefile" + (("/usr") "")))) + (delete 'configure)))) ; There's no configure phase. + (inputs + `(("pulseaudio" ,pulseaudio))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://github.com/falconindy/ponymix") + (synopsis "Console-based PulseAudio mixer") + (description "Ponymix is a PulseAudio mixer and volume controller with a +command-line interface. In addition, it is possible to use named sources and +sinks.") + (license l:expat))) -- cgit v1.2.3 From fbdd3526a1cab61602da1fcbfbc3ff02d99b23fe Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 18 Apr 2017 17:52:21 +0200 Subject: gnu: libsndfile: Fix build failure on armhf. * gnu/packages/patches/libsndfile-armhf-type-checks.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pulseaudio.scm (libsndfile)[source]: Use it. --- gnu/local.mk | 1 + .../patches/libsndfile-armhf-type-checks.patch | 42 ++++++++++++++++++++++ gnu/packages/pulseaudio.scm | 1 + 3 files changed, 44 insertions(+) create mode 100644 gnu/packages/patches/libsndfile-armhf-type-checks.patch (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 552dd05498..e6dee58397 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -710,6 +710,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ + %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/patches/libsndfile-armhf-type-checks.patch b/gnu/packages/patches/libsndfile-armhf-type-checks.patch new file mode 100644 index 0000000000..7e0c71c3f6 --- /dev/null +++ b/gnu/packages/patches/libsndfile-armhf-type-checks.patch @@ -0,0 +1,42 @@ +This is a regression in 1.0.28 that causes a test failure on armhf. + +Upstream bug URL: + +https://github.com/erikd/libsndfile/issues/229 + +Patch copied from upstream source repository: + +https://github.com/erikd/libsndfile/commit/9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5 + +From 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Sun, 16 Apr 2017 17:54:17 +1000 +Subject: [PATCH] src/rf64.c: Fix varargs related bug + +C's functionality isn't type checked so that passing an +`sf_count_t` (64 bits) by mistake in place of a `unit32_t` can cause +errors. This would be fine if it was an error on every architecture +and platform, but its not. This particular problem only manifested +on armhf and some other Arm architectures. It was not an issue on +32 bit x86. + +I have now fixed variants of this same bug several times. + +Closes: https://github.com/erikd/libsndfile/issues/229 +--- + src/rf64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rf64.c b/src/rf64.c +index b3d637f..02dd904 100644 +--- a/src/rf64.c ++++ b/src/rf64.c +@@ -742,7 +742,7 @@ rf64_write_header (SF_PRIVATE *psf, int calc_length) + + pad_size = psf->dataoffset - 16 - psf->header.indx ; + if (pad_size >= 0) +- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ; ++ psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ; + + if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES)) + psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ; diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index cd796525c0..8231ce07ec 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -50,6 +50,7 @@ (define-public libsndfile (method url-fetch) (uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-" version ".tar.gz")) + (patches (search-patches "libsndfile-armhf-type-checks.patch")) (sha256 (base32 "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz")))) -- cgit v1.2.3 From 0802f3a034815576bf0e28c59c968400566b418b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 21 Apr 2017 16:05:31 +0200 Subject: gnu: libsamplerate: Correct license after 0.1.9 update. This is a followup to e1f68c96685fd607fcf00f08edd2f9cdfafabe2e. * gnu/packages/pulseaudio.scm (libsamplerate)[license]: Change GPL2+ to BSD-2. --- gnu/packages/pulseaudio.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index 8231ce07ec..c52f265cc1 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -112,7 +112,7 @@ (define-public libsamplerate signal-to-noise ratio of 145dB with -3dB passband extending from DC to 96% of the theoretical best bandwidth for a given pair of input and output sample rates.") - (license l:gpl2+))) + (license l:bsd-2))) (define-public pulseaudio (package -- cgit v1.2.3 From 1c4a500aae53b8cd33d1266eb3809b859ae2555d Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 1 May 2017 14:24:50 -0400 Subject: gnu: libsndfile: Fix CVE-2017-{8361,8362,8363,8365}. * gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch, gnu/packages/patches/libsndfile-CVE-2017-8362.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field. (libsndfile/fixed): New variable. --- gnu/local.mk | 2 + .../libsndfile-CVE-2017-8361-8363-8365.patch | 77 ++++++++++++++++++++++ .../patches/libsndfile-CVE-2017-8362.patch | 61 +++++++++++++++++ gnu/packages/pulseaudio.scm | 13 ++++ 4 files changed, 153 insertions(+) create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-8362.patch (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/local.mk b/gnu/local.mk index f5574ecd80..52000a2c53 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -719,6 +719,8 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ + %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ + %D%/packages/patches/libsndfile-CVE-2017-8362.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch new file mode 100644 index 0000000000..5f63231af0 --- /dev/null +++ b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch @@ -0,0 +1,77 @@ +Fix CVE-2017-{8361,8363,8365}: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8361 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8363 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8365 + +Patch copied from upstream source repository: + +https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 + +From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Wed, 12 Apr 2017 19:45:30 +1000 +Subject: [PATCH] FLAC: Fix a buffer read overrun + +Buffer read overrun occurs when reading a FLAC file that switches +from 2 channels to one channel mid-stream. Only option is to +abort the read. + +Closes: https://github.com/erikd/libsndfile/issues/230 +--- + src/common.h | 1 + + src/flac.c | 13 +++++++++++++ + src/sndfile.c | 1 + + 3 files changed, 15 insertions(+) + +diff --git a/src/common.h b/src/common.h +index 0bd810c3..e2669b6a 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -725,6 +725,7 @@ enum + SFE_FLAC_INIT_DECODER, + SFE_FLAC_LOST_SYNC, + SFE_FLAC_BAD_SAMPLE_RATE, ++ SFE_FLAC_CHANNEL_COUNT_CHANGED, + SFE_FLAC_UNKOWN_ERROR, + + SFE_WVE_NOT_WVE, +diff --git a/src/flac.c b/src/flac.c +index 84de0e26..986a7b8f 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ + + switch (metadata->type) + { case FLAC__METADATA_TYPE_STREAMINFO : ++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) ++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" ++ "Nothing to be but to error out.\n" , ++ psf->sf.channels, metadata->data.stream_info.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return ; ++ } ; ++ ++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate) ++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n" ++ "Carrying on as if nothing happened.", ++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ; ++ } ; + psf->sf.channels = metadata->data.stream_info.channels ; + psf->sf.samplerate = metadata->data.stream_info.sample_rate ; + psf->sf.frames = metadata->data.stream_info.total_samples ; +diff --git a/src/sndfile.c b/src/sndfile.c +index 41875610..e2a87be8 100644 +--- a/src/sndfile.c ++++ b/src/sndfile.c +@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] = + { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." }, + { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." }, + { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." }, ++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." }, + { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." }, + + { SFE_WVE_NOT_WVE , "Error : not a WVE file." }, +-- +2.12.2 + diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8362.patch b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch new file mode 100644 index 0000000000..5fc52a377a --- /dev/null +++ b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch @@ -0,0 +1,61 @@ +Fix CVE-2017-8362: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362 + +Patch copied from upstream source repository: + +https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808 + +From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Fri, 14 Apr 2017 15:19:16 +1000 +Subject: [PATCH] src/flac.c: Fix a buffer read overflow + +A file (generated by a fuzzer) which increased the number of channels +from one frame to the next could cause a read beyond the end of the +buffer provided by libFLAC. Only option is to abort the read. + +Closes: https://github.com/erikd/libsndfile/issues/231 +--- + src/flac.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/flac.c b/src/flac.c +index 5a4f8c21..e4f9aaa0 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf) + const int32_t* const *buffer = pflac->wbuffer ; + unsigned i = 0, j, offset, channels, len ; + ++ if (psf->sf.channels != (int) frame->header.channels) ++ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n" ++ "Nothing to do but to error out.\n" , ++ psf->sf.channels, frame->header.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return 0 ; ++ } ; ++ + /* + ** frame->header.blocksize is variable and we're using a constant blocksize + ** of FLAC__MAX_BLOCK_SIZE. +@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf) + return 0 ; + } ; + +- + len = SF_MIN (pflac->len, frame->header.blocksize) ; + + if (pflac->remain % channels != 0) +@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ + { case FLAC__METADATA_TYPE_STREAMINFO : + if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) + { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" +- "Nothing to be but to error out.\n" , ++ "Nothing to do but to error out.\n" , + psf->sf.channels, metadata->data.stream_info.channels) ; + psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; + return ; +-- +2.12.2 + diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index c52f265cc1..92ebe6f3eb 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -45,6 +45,7 @@ (define-module (gnu packages pulseaudio) (define-public libsndfile (package (name "libsndfile") + (replacement libsndfile/fixed) (version "1.0.28") (source (origin (method url-fetch) @@ -76,6 +77,18 @@ (define-public libsndfile for reading and writing new sound file formats.") (license l:gpl2+))) +(define libsndfile/fixed + (package + (inherit libsndfile) + (source + (origin + (inherit (package-source libsndfile)) + (patches + (append + (origin-patches (package-source libsndfile)) + (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch" + "libsndfile-CVE-2017-8362.patch"))))))) + (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) -- cgit v1.2.3