aubio: fix a few CVEs

Fixes:
  CVE-2017-17054
  CVE-2017-17554
  CVE-2017-17555
  CVE-2018-14521
  CVE-2018-14522
  CVE-2018-14523

srcpkgs/aubio/patches/CVE-2017-17054.patch

@@ -0,0 +1,42 @@
+From 25ecb7338cebc5b8c79092347839c78349ec33f1 Mon Sep 17 00:00:00 2001
+From: Paul Brossier <piem@piem.org>
+Date: Tue, 6 Feb 2018 22:32:59 +0100
+Subject: [PATCH] src/io/source_wavread.c: add some input validation (closes:
+ #158)
+
+---
+ src/io/source_wavread.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
+index 640201bb..b91eb5cd 100644
+--- src/io/source_wavread.c
++++ src/io/source_wavread.c
+@@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa
+   // BitsPerSample
+   bytes_read += fread(buf, 1, 2, s->fid);
+   bitspersample = read_little_endian(buf, 2);
++
++  if ( channels == 0 ) {
++    AUBIO_ERR("source_wavread: Failed opening %s (number of channels can not be 0)\n", s->path);
++    goto beach;
++  }
++
++  if ( sr == 0 ) {
++    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path);
++    goto beach;
++  }
++
++  if ( byterate == 0 ) {
++    AUBIO_ERR("source_wavread: Failed opening %s (byterate can not be 0)\n", s->path);
++    goto beach;
++  }
++
++  if ( bitspersample == 0 ) {
++    AUBIO_ERR("source_wavread: Failed opening %s (bitspersample can not be 0)\n", s->path);
++    goto beach;
++  }
+ #if 0
+   if ( bitspersample != 16 ) {
+     AUBIO_ERR("source_wavread: can not process %dbit file %s\n",
+

srcpkgs/aubio/patches/CVE-2017-17554-CVE-2018-14521.patch

@@ -0,0 +1,24 @@
+From a81b12a3b4174953b3bc7ef4c37103f4d5636740 Mon Sep 17 00:00:00 2001
+From: Paul Brossier <piem@piem.org>
+Date: Mon, 6 Aug 2018 14:58:27 +0200
+Subject: [PATCH] src/io/source_avcodec.c: give up if resampling context failed
+ opening (see #137, closes #187)
+
+---
+ src/io/source_avcodec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c
+index 8197445c..6d8efa79 100644
+--- src/io/source_avcodec.c
++++ src/io/source_avcodec.c
+@@ -275,6 +275,8 @@ aubio_source_avcodec_t * new_aubio_source_avcodec(const char_t * path, uint_t sa
+   // default to mono output
+   aubio_source_avcodec_reset_resampler(s, 0);
+ 
++  if (s->avr == NULL) goto beach;
++
+   s->eof = 0;
+   s->multi = 0;
+ 
+

srcpkgs/aubio/patches/CVE-2017-17555.patch

@@ -0,0 +1,29 @@
+From 265fe9a2ca606f8b9ae4a110390f26c139c01ad7 Mon Sep 17 00:00:00 2001
+From: Paul Brossier <piem@piem.org>
+Date: Mon, 6 Aug 2018 15:54:37 +0200
+Subject: [PATCH] src/io/source_avcodec.c: give up reading file if number of
+ channel changes during stream (closes #137)
+
+---
+ src/io/source_avcodec.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/io/source_avcodec.c b/src/io/source_avcodec.c
+index 6d8efa79..7082bc2e 100644
+--- src/io/source_avcodec.c
++++ src/io/source_avcodec.c
+@@ -425,6 +425,13 @@ void aubio_source_avcodec_readframe(aubio_source_avcodec_t *s, uint_t * read_sam
+     goto beach;
+   }
+ 
++  if (avFrame->channels != (sint_t)s->input_channels) {
++    AUBIO_WRN ("source_avcodec: trying to read from %d channel(s),"
++        "but configured for %d; is '%s' corrupt?\n", avFrame->channels,
++        s->input_channels, s->path);
++    goto beach;
++  }
++
+ #ifdef HAVE_AVRESAMPLE
+   in_linesize = 0;
+   av_samples_get_buffer_size(&in_linesize, avCodecCtx->channels,
+

srcpkgs/aubio/patches/CVE-2018-14522.patch

@@ -0,0 +1,26 @@
+From 99c7aa2e3efec988a5f81018b48d9388ff24bba1 Mon Sep 17 00:00:00 2001
+From: Paul Brossier <piem@piem.org>
+Date: Mon, 6 Aug 2018 14:04:48 +0200
+Subject: [PATCH] src/io/source_wavread.c: also exit if samplerate is negative
+ (closes #188)
+
+---
+ src/io/source_wavread.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
+index b91eb5cd..90638af8 100644
+--- src/io/source_wavread.c
++++ src/io/source_wavread.c
+@@ -195,8 +195,8 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa
+     goto beach;
+   }
+ 
+-  if ( sr == 0 ) {
+-    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path);
++  if ( (sint_t)sr <= 0 ) {
++    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be <= 0)\n", s->path);
+     goto beach;
+   }
+ 
+

srcpkgs/aubio/patches/CVE-2018-14523.patch

@@ -0,0 +1,34 @@
+From af4f9e6a93b629fb6defa2a229ec828885b9d187 Mon Sep 17 00:00:00 2001
+From: Paul Brossier <piem@piem.org>
+Date: Mon, 6 Aug 2018 13:41:52 +0200
+Subject: [PATCH] src/pitch/pitchyinfft.c: fix out of bound read when
+ samplerate > 50kHz (closes: #189)
+
+---
+ src/pitch/pitchyinfft.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/pitch/pitchyinfft.c b/src/pitch/pitchyinfft.c
+index f213ef24..493ca08d 100644
+--- src/pitch/pitchyinfft.c
++++ src/pitch/pitchyinfft.c
+@@ -44,7 +44,7 @@ static const smpl_t freqs[] = {
+      0.,    20.,    25.,   31.5,    40.,    50.,    63.,    80.,   100.,   125.,
+    160.,   200.,   250.,   315.,   400.,   500.,   630.,   800.,  1000.,  1250.,
+   1600.,  2000.,  2500.,  3150.,  4000.,  5000.,  6300.,  8000.,  9000., 10000.,
+- 12500., 15000., 20000., 25100
++ 12500., 15000., 20000., 25100., -1.
+ };
+ 
+ static const smpl_t weight[] = {
+@@ -72,7 +72,8 @@ new_aubio_pitchyinfft (uint_t samplerate, uint_t bufsize)
+   p->weight = new_fvec (bufsize / 2 + 1);
+   for (i = 0; i < p->weight->length; i++) {
+     freq = (smpl_t) i / (smpl_t) bufsize *(smpl_t) samplerate;
+-    while (freq > freqs[j]) {
++    while (freq > freqs[j] && freqs[j] > 0) {
++      AUBIO_DBG("freq %3.5f > %3.5f \tsamplerate %d (Hz) \t(weight length %d, bufsize %d) %d %d\n", freq, freqs[j], samplerate, p->weight->length, bufsize, i, j);
+       j += 1;
+     }
+     a0 = weight[j - 1];
+

srcpkgs/aubio/template

@@ -1,14 +1,14 @@
 # Template file for 'aubio'
 pkgname=aubio
 version=0.4.6
-revision=1
+revision=2
 build_style=waf
 # XXX lash, pure and swig support.
 hostmakedepends="python pkg-config"
 makedepends="libsamplerate-devel fftw-devel jack-devel"
 short_desc="A library for audio labelling"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
-license="GPL-2"
+license="GPL-3.0-or-later"
 homepage="http://aubio.org"
 distfiles="${homepage}/pub/${pkgname}-${version}.tar.bz2"
 checksum=bdc73be1f007218d3ea6d2a503b38a217815a0e2ccc4ed441f6e850ed5d47cfb