Accepting request 651383 from home:tiwai:branches:multimedia:libs

- Fix buffer overflow in sndfile-deinterleave, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
  CVE-2018-19432):
  sndfile-deinterlace-channels-check.patch

- Fix buffer overflow in sndfile-deinterleave, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
  CVE-2018-19432):

OBS-URL: https://build.opensuse.org/request/show/651383
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=70

libsndfile-progs.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jul  6 14:11:47 CEST 2018 - tiwai@suse.de
+
+- Fix buffer overflow in sndfile-deinterleave, which isn't really a
+  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
+  CVE-2018-19432):
+  sndfile-deinterlace-channels-check.patch
+
 -------------------------------------------------------------------
 Mon Apr 10 10:47:58 CEST 2017 - tiwai@suse.de
 

libsndfile-progs.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -26,6 +26,20 @@ Url:            http://www.mega-nerd.com/libsndfile/
 Source0:        http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
 Source1:        http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz.asc
 Source2:        libsndfile.keyring
+# PATCH-FIX-UPSTREAM
+Patch1:         0001-FLAC-Fix-a-buffer-read-overrun.patch
+Patch2:         0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+Patch10:        0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+Patch20:        0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
+Patch30:        0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
+# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317
+Patch31:        0031-sfe_copy_data_fp-check-value-of-max-variable.patch
+# not yet upstreamed
+Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
+Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
+Patch34:        sndfile-deinterlace-channels-check.patch
+# PATCH-FIX-OPENSUSE
+Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
 BuildRequires:  flac-devel
 BuildRequires:  gcc-c++
@@ -41,6 +55,16 @@ This package includes the example programs for libsndfile.
 
 %prep
 %setup -q -n libsndfile-%{version}
+%patch1 -p1
+%patch2 -p1
+%patch10 -p1
+%patch20 -p1
+%patch30 -p1
+%patch31 -p1
+%patch32 -p1
+%patch33 -p1
+%patch34 -p1
+%patch100 -p1
 
 %build
 %define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter

libsndfile.changes

@@ -1,8 +1,9 @@
 -------------------------------------------------------------------
 Fri Jul  6 14:11:47 CEST 2018 - tiwai@suse.de
 
-- Fix buffer overflow in sndfile-deinterlace, which isn't really a
-  security issue (bsc#1100167, CVE-2018-13139):
+- Fix buffer overflow in sndfile-deinterleave, which isn't really a
+  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
+  CVE-2018-19432):
   sndfile-deinterlace-channels-check.patch
 
 -------------------------------------------------------------------

libsndfile.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #