diff --git a/0001-FLAC-Fix-a-buffer-read-overrun.patch b/0001-FLAC-Fix-a-buffer-read-overrun.patch deleted file mode 100644 index bbc0ecc..0000000 --- a/0001-FLAC-Fix-a-buffer-read-overrun.patch +++ /dev/null @@ -1,60 +0,0 @@ -From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001 -From: Erik de Castro Lopo -Date: Wed, 12 Apr 2017 19:45:30 +1000 -Subject: [PATCH] FLAC: Fix a buffer read overrun -References: CVE-2017-8361 CVE-2017-8363 CVE-2017-8365 bsc#1036944 bsc#1036945 bsc#1036946 - -Buffer read overrun occurs when reading a FLAC file that switches -from 2 channels to one channel mid-stream. Only option is to -abort the read. - -Closes: https://github.com/erikd/libsndfile/issues/230 - ---- - src/common.h | 1 + - src/flac.c | 13 +++++++++++++ - src/sndfile.c | 1 + - 3 files changed, 15 insertions(+) - ---- a/src/common.h -+++ b/src/common.h -@@ -725,6 +725,7 @@ enum - SFE_FLAC_INIT_DECODER, - SFE_FLAC_LOST_SYNC, - SFE_FLAC_BAD_SAMPLE_RATE, -+ SFE_FLAC_CHANNEL_COUNT_CHANGED, - SFE_FLAC_UNKOWN_ERROR, - - SFE_WVE_NOT_WVE, ---- a/src/flac.c -+++ b/src/flac.c -@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea - - switch (metadata->type) - { case FLAC__METADATA_TYPE_STREAMINFO : -+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) -+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" -+ "Nothing to be but to error out.\n" , -+ psf->sf.channels, metadata->data.stream_info.channels) ; -+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; -+ return ; -+ } ; -+ -+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate) -+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n" -+ "Carrying on as if nothing happened.", -+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ; -+ } ; - psf->sf.channels = metadata->data.stream_info.channels ; - psf->sf.samplerate = metadata->data.stream_info.sample_rate ; - psf->sf.frames = metadata->data.stream_info.total_samples ; ---- a/src/sndfile.c -+++ b/src/sndfile.c -@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] = - { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." }, - { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." }, - { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." }, -+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." }, - { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." }, - - { SFE_WVE_NOT_WVE , "Error : not a WVE file." }, diff --git a/0002-src-flac.c-Fix-a-buffer-read-overflow.patch b/0002-src-flac.c-Fix-a-buffer-read-overflow.patch deleted file mode 100644 index 32e3caf..0000000 --- a/0002-src-flac.c-Fix-a-buffer-read-overflow.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001 -From: Erik de Castro Lopo -Date: Fri, 14 Apr 2017 15:19:16 +1000 -Subject: [PATCH] src/flac.c: Fix a buffer read overflow -References: CVE-2017-8362 bsc#1036943 - -A file (generated by a fuzzer) which increased the number of channels -from one frame to the next could cause a read beyond the end of the -buffer provided by libFLAC. Only option is to abort the read. - -Closes: https://github.com/erikd/libsndfile/issues/231 - ---- - src/flac.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - ---- a/src/flac.c -+++ b/src/flac.c -@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf) - const int32_t* const *buffer = pflac->wbuffer ; - unsigned i = 0, j, offset, channels, len ; - -+ if (psf->sf.channels != (int) frame->header.channels) -+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n" -+ "Nothing to do but to error out.\n" , -+ psf->sf.channels, frame->header.channels) ; -+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; -+ return 0 ; -+ } ; -+ - /* - ** frame->header.blocksize is variable and we're using a constant blocksize - ** of FLAC__MAX_BLOCK_SIZE. -@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf) - return 0 ; - } ; - -- - len = SF_MIN (pflac->len, frame->header.blocksize) ; - - if (pflac->remain % channels != 0) -@@ -437,7 +444,7 @@ sf_flac_meta_callback (const FLAC__Strea - { case FLAC__METADATA_TYPE_STREAMINFO : - if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) - { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" -- "Nothing to be but to error out.\n" , -+ "Nothing to do but to error out.\n" , - psf->sf.channels, metadata->data.stream_info.channels) ; - psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; - return ; diff --git a/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch b/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch deleted file mode 100644 index 2c6d83d..0000000 --- a/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch +++ /dev/null @@ -1,23 +0,0 @@ -From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001 -From: Erik de Castro Lopo -Date: Tue, 23 May 2017 20:15:24 +1000 -Subject: [PATCH] src/aiff.c: Fix a buffer read overflow - -Secunia Advisory SA76717. - -Found by: Laurent Delosieres, Secunia Research at Flexera Software ---- - src/aiff.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/aiff.c -+++ b/src/aiff.c -@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns - psf_binheader_readf (psf, "j", dword - bytesread) ; - - if (map_info->channel_map != NULL) -- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ; -+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ; - - free (psf->channel_map) ; - diff --git a/0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch b/0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch deleted file mode 100644 index f90f9a3..0000000 --- a/0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch +++ /dev/null @@ -1,86 +0,0 @@ -From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= -Date: Wed, 14 Jun 2017 12:25:40 +0200 -Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings - in binheader - -Fixes the following problems: - 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. - 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the - big switch statement by an amount (16 bytes) which is enough for all cases - where only a single value gets added. Cases 's', 'S', 'p' however - additionally write an arbitrary length block of data and again enlarge the - buffer to the required amount. However, the required space calculation does - not take into account the size of the length field which gets output before - the data. - 3. Buffer size requirement calculation in case 'S' does not account for the - padding byte ("size += (size & 1) ;" happens after the calculation which - uses "size"). - 4. Case 'S' can overrun the header buffer by 1 byte when no padding is - involved - ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while - the buffer is only guaranteed to have "size" space available). - 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte - beyond the space which is guaranteed to be allocated in the header buffer. - 6. Case 's' can overrun the provided source string by 1 byte if padding is - involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" - where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, - plus optionally another 1 which is padding and not guaranteed to be - readable via the source string pointer). - -Closes: https://github.com/erikd/libsndfile/issues/292 ---- - src/common.c | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - ---- a/src/common.c -+++ b/src/common.c -@@ -675,16 +675,16 @@ psf_binheader_writef (SF_PRIVATE *psf, c - /* Write a C string (guaranteed to have a zero terminator). */ - strptr = va_arg (argptr, char *) ; - size = strlen (strptr) + 1 ; -- size += (size & 1) ; - -- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) -+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) - return count ; - - if (psf->rwf_endian == SF_ENDIAN_BIG) -- header_put_be_int (psf, size) ; -+ header_put_be_int (psf, size + (size & 1)) ; - else -- header_put_le_int (psf, size) ; -+ header_put_le_int (psf, size + (size & 1)) ; - memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; -+ size += (size & 1) ; - psf->header.indx += size ; - psf->header.ptr [psf->header.indx - 1] = 0 ; - count += 4 + size ; -@@ -697,16 +697,15 @@ psf_binheader_writef (SF_PRIVATE *psf, c - */ - strptr = va_arg (argptr, char *) ; - size = strlen (strptr) ; -- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) -+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) - return count ; - if (psf->rwf_endian == SF_ENDIAN_BIG) - header_put_be_int (psf, size) ; - else - header_put_le_int (psf, size) ; -- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; -+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; - size += (size & 1) ; - psf->header.indx += size ; -- psf->header.ptr [psf->header.indx] = 0 ; - count += 4 + size ; - break ; - -@@ -718,7 +717,7 @@ psf_binheader_writef (SF_PRIVATE *psf, c - size = (size & 1) ? size : size + 1 ; - size = (size > 254) ? 254 : size ; - -- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) -+ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) - return count ; - - header_put_byte (psf, size) ; diff --git a/0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch b/0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch deleted file mode 100644 index baf8536..0000000 --- a/0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001 -From: Fabian Greffrath -Date: Thu, 28 Sep 2017 12:15:04 +0200 -Subject: [PATCH] double64_init: Check psf->sf.channels against upper bound - -This prevents division by zero later in the code. - -While the trivial case to catch this (i.e. sf.channels < 1) has already -been covered, a crafted file may report a number of channels that is -so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets -miscalculated to zero (if this makes sense) in the determination of the -blockwidth. Since we only support a limited number of channels anyway, -make sure to check here as well. - -CVE-2017-14634 - -Closes: https://github.com/erikd/libsndfile/issues/318 -Signed-off-by: Erik de Castro Lopo ---- - src/double64.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/double64.c -+++ b/src/double64.c -@@ -91,7 +91,7 @@ int - double64_init (SF_PRIVATE *psf) - { static int double64_caps ; - -- if (psf->sf.channels < 1) -+ if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS) - { psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ; - return SFE_INTERNAL ; - } ; diff --git a/0031-sfe_copy_data_fp-check-value-of-max-variable.patch b/0031-sfe_copy_data_fp-check-value-of-max-variable.patch deleted file mode 100644 index 73d714f..0000000 --- a/0031-sfe_copy_data_fp-check-value-of-max-variable.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 2d54514a4f6437b67829717c05472d2e3300a258 Mon Sep 17 00:00:00 2001 -From: Fabian Greffrath -Date: Wed, 27 Sep 2017 14:46:17 +0200 -Subject: [PATCH] sfe_copy_data_fp: check value of "max" variable for being - normal - -and check elements of the data[] array for being finite. - -Both checks use functions provided by the header as declared -by the C99 standard. - -Fixes #317 -CVE-2017-14245 -CVE-2017-14246 ---- - programs/common.c | 20 ++++++++++++++++---- - programs/common.h | 2 +- - programs/sndfile-convert.c | 6 +++++- - 3 files changed, 22 insertions(+), 6 deletions(-) - ---- a/programs/common.c -+++ b/programs/common.c -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - - #include - -@@ -45,7 +46,7 @@ - - #define MIN(x, y) ((x) < (y) ? (x) : (y)) - --void -+int - sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) - { static double data [BUFFER_LEN], max ; - int frames, readcount, k ; -@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDF - readcount = frames ; - - sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ; -+ if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */ -+ return 1 ; - - if (!normalize && max < 1.0) - { while (readcount > 0) -@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDF - while (readcount > 0) - { readcount = sf_readf_double (infile, data, frames) ; - for (k = 0 ; k < readcount * channels ; k++) -- data [k] /= max ; -+ { data [k] /= max ; -+ -+ if (!isfinite (data [k])) /* infinite or NaN */ -+ return 1; -+ } - sf_writef_double (outfile, data, readcount) ; - } ; - } ; - -- return ; -+ return 0 ; - } /* sfe_copy_data_fp */ - - void -@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * - - /* If the input file is not the same as the output file, copy the data. */ - if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT)) -- sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ; -+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0) -+ { printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ; -+ error_code = 1 ; -+ goto cleanup_exit ; -+ } ; -+ } - else - sfe_copy_data_int (outfile, infile, sfinfo.channels) ; - } ; ---- a/programs/common.h -+++ b/programs/common.h -@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_ - - void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ; - --void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ; -+int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ; - - void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ; - ---- a/programs/sndfile-convert.c -+++ b/programs/sndfile-convert.c -@@ -335,7 +335,11 @@ main (int argc, char * argv []) - || (outfileminor == SF_FORMAT_DOUBLE) || (outfileminor == SF_FORMAT_FLOAT) - || (infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT) - || (infileminor == SF_FORMAT_VORBIS) || (outfileminor == SF_FORMAT_VORBIS)) -- sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) ; -+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0) -+ { printf ("Error : Not able to decode input file %s.\n", infilename) ; -+ return 1 ; -+ } ; -+ } - else - sfe_copy_data_int (outfile, infile, sfinfo.channels) ; - diff --git a/libsndfile-1.0.28.tar.gz b/libsndfile-1.0.28.tar.gz deleted file mode 100644 index b1a068a..0000000 --- a/libsndfile-1.0.28.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 -size 1202833 diff --git a/libsndfile-1.0.28.tar.gz.asc b/libsndfile-1.0.28.tar.gz.asc deleted file mode 100644 index b47e8ac..0000000 --- a/libsndfile-1.0.28.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEapGlzyLCTJmjXgE/z9z5H7JCrO0FAljgvHEACgkQz9z5H7JC -rO3hnA/9FXYT5fAI9efgrPbzlVes3HpWSlnyjXY/oK7JdUUK6jNhyR8LB70h1En1 -dTFIz2m5t+VcTTXjaJJ3sluHdPtIYT3lqGD1UtsHgclsCcXCZMttcCfe7S+sfk4b -jN5iMOvaIiVH4t3OqEPU61K7S6SQHdjdmfEEsrsp2j7TjnOJLrJm3/SH6EbGoK6v -CpbJjllfoSNiv/A0Q0wtO2nam/FS7R1OlVhzXjMOf/DJTNchpIPzhbTKiMRC9uBL -fC5msjtKm0jHYZLzzy3s0F1eOOHm3Mm3snSGXTDZeLOMKkhfKOVGO1V9zh3kku7U -viFL8fVxe/UQxzKL5V3xjaawbwBqS3U5JjnUGbz7KDgBk9dcJF69cLA+b2lv0Dbt -1cx4DeGPhJTG6hI5ZYgQs+n8b/IMS51uPy562y0CkxoB17g6pXo11x6D3UfZQq3p -z5xbFLUo2Hy/C78F1OunwRcA0awJxgWaOj9EPZk4xqRX5jeLuCEfWM8SylLkiXat -nTb5veejLzQ4ZFLAzwxzHjJTLt0nhqfp+O14jXQby+LFa6g3R5QTkZBZh6FGeqSP -TGNLtJIIOhpeUyLaZAuDGpn+EeKoZNrv7DJqQdNoyYxwCCvvZsEsKzKdpI87ssTr -Rg/PeZn36/Re7xaSomEbAgXAxo0ySj9KayG1FPLysPzix+sqvO4= -=tyOh ------END PGP SIGNATURE----- diff --git a/libsndfile-1.0.31.tar.bz2 b/libsndfile-1.0.31.tar.bz2 new file mode 100644 index 0000000..5fda9b3 --- /dev/null +++ b/libsndfile-1.0.31.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a8cfb1c09ea6e90eff4ca87322d4168cdbe5035cb48717b40bf77e751cc02163 +size 875335 diff --git a/libsndfile-1.0.31.tar.bz2.sig b/libsndfile-1.0.31.tar.bz2.sig new file mode 100644 index 0000000..f4f873e Binary files /dev/null and b/libsndfile-1.0.31.tar.bz2.sig differ diff --git a/libsndfile-CVE-2017-17456-alaw-range-check.patch b/libsndfile-CVE-2017-17456-alaw-range-check.patch deleted file mode 100644 index 2c6309b..0000000 --- a/libsndfile-CVE-2017-17456-alaw-range-check.patch +++ /dev/null @@ -1,55 +0,0 @@ ---- - src/alaw.c | 36 ++++++++++++++++++++++++++++-------- - 1 file changed, 28 insertions(+), 8 deletions(-) - ---- a/src/alaw.c -+++ b/src/alaw.c -@@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count, - static inline void - f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact) - { while (--count >= 0) -- { if (ptr [count] >= 0) -- buffer [count] = alaw_encode [lrintf (normfact * ptr [count])] ; -- else -- buffer [count] = 0x7F & alaw_encode [- lrintf (normfact * ptr [count])] ; -+ { int idx; -+ if (isnan (ptr [count])) { -+ buffer [count] = alaw_encode [0] ; -+ } else if (ptr [count] >= 0) { -+ idx = lrintf (normfact * ptr [count]) ; -+ if (idx > 2048) -+ idx = 2048; -+ buffer [count] = alaw_encode [idx] ; -+ } else { -+ idx = -lrintf (normfact * ptr [count]) ; -+ if (idx > 2048) -+ idx = 2048 ; -+ buffer [count] = 0x7F & alaw_encode [idx] ; -+ } - } ; - } /* f2alaw_array */ - - static inline void - d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact) - { while (--count >= 0) -- { if (ptr [count] >= 0) -- buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ; -- else -- buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ; -+ { int idx; -+ if (isnan (ptr [count])) { -+ buffer [count] = alaw_encode [0] ; -+ } else if (ptr [count] >= 0) { -+ idx = lrintf (normfact * ptr [count]) ; -+ if (idx > 2048) -+ idx = 2048; -+ buffer [count] = alaw_encode [idx] ; -+ } else { -+ idx = -lrintf (normfact * ptr [count]) ; -+ if (idx > 2048) -+ idx = 2048 ; -+ buffer [count] = 0x7F & alaw_encode [idx] ; -+ } - } ; - } /* d2alaw_array */ - diff --git a/libsndfile-CVE-2017-17457-ulaw-range-check.patch b/libsndfile-CVE-2017-17457-ulaw-range-check.patch deleted file mode 100644 index 9e9e8ac..0000000 --- a/libsndfile-CVE-2017-17457-ulaw-range-check.patch +++ /dev/null @@ -1,55 +0,0 @@ ---- - src/ulaw.c | 36 ++++++++++++++++++++++++++++-------- - 1 file changed, 28 insertions(+), 8 deletions(-) - ---- a/src/ulaw.c -+++ b/src/ulaw.c -@@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count, - static inline void - f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact) - { while (--count >= 0) -- { if (ptr [count] >= 0) -- buffer [count] = ulaw_encode [lrintf (normfact * ptr [count])] ; -- else -- buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact * ptr [count])] ; -+ { int idx; -+ if (isnan (ptr [count])) { -+ buffer [count] = ulaw_encode [0]; -+ } else if (ptr [count] >= 0) { -+ idx = lrint (normfact * ptr [count]); -+ if (idx > 8192) -+ idx = 8192; -+ buffer [count] = ulaw_encode [idx] ; -+ } else { -+ idx = -lrint (normfact * ptr [count]) ; -+ if (idx > 8192) -+ idx = 8192; -+ buffer [count] = 0x7F & ulaw_encode [idx] ; -+ } - } ; - } /* f2ulaw_array */ - - static inline void - d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact) - { while (--count >= 0) -- { if (ptr [count] >= 0) -- buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ; -- else -- buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ; -+ { int idx; -+ if (isnan (ptr [count])) { -+ buffer [count] = ulaw_encode [0]; -+ } else if (ptr [count] >= 0) { -+ idx = lrint (normfact * ptr [count]); -+ if (idx > 8192) -+ idx = 8192; -+ buffer [count] = ulaw_encode [idx] ; -+ } else { -+ idx = -lrint (normfact * ptr [count]) ; -+ if (idx > 8192) -+ idx = 8192; -+ buffer [count] = 0x7F & ulaw_encode [idx] ; -+ } - } ; - } /* d2ulaw_array */ - diff --git a/libsndfile-progs.changes b/libsndfile-progs.changes index 1a267e8..7011a3c 100644 --- a/libsndfile-progs.changes +++ b/libsndfile-progs.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Sun Mar 14 21:38:48 UTC 2021 - Dirk Müller + +- update to 1.0.31: + * documentation fixes and updates + * Change CMake's project name from sndfile to libsndfile as it should be. + * Fix memory leak in wav_read_smpl_chunk() function, credit to OSS-Fuzz. + * Fix aiff_read_header() memory leak(), credit to OSS-Fuzz. + * Fix leak in wav_read_header(), credit to OSS-Fuzz. + * Fix leak in wavlike_read_cart_chunk(), credit to OSS-Fuzz. + * Fix memory leak in wav_read_acid_chunk(), credit to OSS-Fuzz. + * Fix memory leak in aiff_read_basc_chunk(), credit to OSS-Fuzz. + * Fix memory leak in wavlike_read_peak_chunk(), credit to OSS-Fuzz. + * Fix memory leak in aiff_read_header(), credit to OSS-Fuzz. + * Fix use of uninitialized value in exif_subchunk_parse(), credit to OSS-Fuzz. + * Fix use of uninitialized value in endswap_int64_t_array(), credit to + * OSS-Fuzz. + * Fix up the fuzzer so that it can't under or overseek, + * thanks to Max Dymond cmeister2@gmail.com. + * Fix Autotools configure on macOS, thanks to @tmcguire and @nwh. + * Exclude repository-configuration from git-archive, thanks to @umlaeute. + * Use version-script when compiling with clang on Unix with Autotools, thanks + * to @tstellar. + * Improve handling of SMPL chunks in WAV files, thanks to @zodf0055980. +- update to 1.0.30: + * Move sndfile.h.in from src/ to include/ directory. + * Huge documentation update. + * Fix opus test failures on BE platforms + * Fix bug when sf_open_fd() function sometimes leaves filehandle open, even if close_desc parameter is TRUE, thanks to @umläute. + * Fix infinite loops on some pathological SD2 files + * Switch to GitHub Actions for continuous integration. + * Add OSS-Fuzz tests to GitHub Actions workflow + * Fix memory leak in wavlike_read_bext_chunk() function, credit to OSS-Fuzz. + * Fix undefined behavior in avr-read_header() function, credit to OSS-Fuzz. +- update to 1.0.29: + * Fixes for: CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832. + * Add BWF v2 loudness parameters. + * Wave64: Permit and skip arbitrary chunks prior to the data chunk. + * Fix ASAN crash in wavlike_ima_seek(). + * Fix IMA-ADPCM encoding for AIFF files. + * sndfile-convert: Handle gsm, vox and opus extensions the same way. + * Add SFC_SET_OGG_PAGE_LATENCY_MS command to get Ogg page latency for Ogg Opus files. + * Fix parsing of some SD2 files. + * Documentation updates. + * Minor bug fixes and improvements. +- drop libsndfile-CVE-2017-17456-alaw-range-check.patch + libsndfile-CVE-2017-17457-ulaw-range-check.patch + libsndfile-wav-loop-count-fix.patch + 0001-FLAC-Fix-a-buffer-read-overrun.patch + 0002-src-flac.c-Fix-a-buffer-read-overflow.patch + 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch + 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch + 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch + 0031-sfe_copy_data_fp-check-value-of-max-variable.patch: upstream + ------------------------------------------------------------------- Fri Jul 6 14:11:47 CEST 2018 - tiwai@suse.de diff --git a/libsndfile-progs.spec b/libsndfile-progs.spec index b636620..4d94a60 100644 --- a/libsndfile-progs.spec +++ b/libsndfile-progs.spec @@ -1,7 +1,7 @@ # # spec file for package libsndfile-progs # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,68 +17,42 @@ Name: libsndfile-progs -Version: 1.0.28 +Version: 1.0.31 Release: 0 Summary: Example Programs for libsndfile License: LGPL-2.1-or-later Group: System/Libraries -URL: http://www.mega-nerd.com/libsndfile/ -Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz -Source1: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz.asc +URL: https://libsndfile.github.io/libsndfile/ +Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2 +Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2.sig Source2: libsndfile.keyring -# PATCH-FIX-UPSTREAM -Patch1: 0001-FLAC-Fix-a-buffer-read-overrun.patch -Patch2: 0002-src-flac.c-Fix-a-buffer-read-overflow.patch -Patch10: 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch -Patch20: 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch -Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch -# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317 -Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch -# not yet upstreamed -Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch -Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch Patch34: sndfile-deinterlace-channels-check.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel +BuildRequires: cmake BuildRequires: flac-devel BuildRequires: gcc-c++ BuildRequires: libjack-devel BuildRequires: libtool BuildRequires: libvorbis-devel BuildRequires: pkgconfig -BuildRequires: sqlite-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: sqlite3-devel %description This package includes the example programs for libsndfile. %prep %setup -q -n libsndfile-%{version} -%patch1 -p1 -%patch2 -p1 -%patch10 -p1 -%patch20 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 %patch34 -p1 %patch100 -p1 %build -%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter -# autoreconf --force --install -CFLAGS="%{optflags} %{warn_flags}" -export CFLAGS -%configure --disable-silent-rules \ - --disable-static \ - --enable-sqlite \ - --with-pic -make %{?_smp_mflags} +%cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF +%cmake_build %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%cmake_install # remove unnecessary files rm -rf %{buildroot}%{_datadir}/doc/libsndfile @@ -87,8 +61,7 @@ rm -rf %{buildroot}%{_includedir} rm -rf %{buildroot}%{_datadir}/doc/libsndfile1-dev %files -%defattr(-, root, root) %{_bindir}/* -%doc %{_mandir}/man?/* +%{_mandir}/man?/* %changelog diff --git a/libsndfile-wav-loop-count-fix.patch b/libsndfile-wav-loop-count-fix.patch deleted file mode 100644 index b61ea15..0000000 --- a/libsndfile-wav-loop-count-fix.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Takashi Iwai -Subject: wav: Fix segfault due to invalid loop_count -References: CVE-2018-19758, bsc#1117954 - -The psf->instrument->loop_count can be over the actual loops array size, -and it leads to a segfault. - -Just add the loop size fix to address it. - -Signed-off-by: Takashi Iwai - ---- - src/wav.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/src/wav.c -+++ b/src/wav.c -@@ -1097,6 +1097,9 @@ wav_write_header (SF_PRIVATE *psf, int c - for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) - { int type ; - -+ if (tmp >= ARRAY_LEN (psf->instrument->loops)) -+ break; -+ - type = psf->instrument->loops [tmp].mode ; - type = (type == SF_LOOP_FORWARD ? 0 : type == SF_LOOP_BACKWARD ? 2 : type == SF_LOOP_ALTERNATING ? 1 : 32) ; - diff --git a/libsndfile.changes b/libsndfile.changes index a78a971..e6a4c0f 100644 --- a/libsndfile.changes +++ b/libsndfile.changes @@ -1,3 +1,64 @@ +------------------------------------------------------------------- +Wed Mar 17 08:09:51 UTC 2021 - Dominique Leuenberger + +- BuildRequire python3-base instead of the full python3 package: + manages to break a build cycle, is cheaper, and still sufficient. + +------------------------------------------------------------------- +Sun Mar 14 21:38:48 UTC 2021 - Dirk Müller + +- update to 1.0.31: + * documentation fixes and updates + * Change CMake's project name from sndfile to libsndfile as it should be. + * Fix memory leak in wav_read_smpl_chunk() function, credit to OSS-Fuzz. + * Fix aiff_read_header() memory leak(), credit to OSS-Fuzz. + * Fix leak in wav_read_header(), credit to OSS-Fuzz. + * Fix leak in wavlike_read_cart_chunk(), credit to OSS-Fuzz. + * Fix memory leak in wav_read_acid_chunk(), credit to OSS-Fuzz. + * Fix memory leak in aiff_read_basc_chunk(), credit to OSS-Fuzz. + * Fix memory leak in wavlike_read_peak_chunk(), credit to OSS-Fuzz. + * Fix memory leak in aiff_read_header(), credit to OSS-Fuzz. + * Fix use of uninitialized value in exif_subchunk_parse(), credit to OSS-Fuzz. + * Fix use of uninitialized value in endswap_int64_t_array(), credit to + * OSS-Fuzz. + * Fix up the fuzzer so that it can't under or overseek, + * thanks to Max Dymond cmeister2@gmail.com. + * Fix Autotools configure on macOS, thanks to @tmcguire and @nwh. + * Exclude repository-configuration from git-archive, thanks to @umlaeute. + * Use version-script when compiling with clang on Unix with Autotools, thanks + * to @tstellar. + * Improve handling of SMPL chunks in WAV files, thanks to @zodf0055980. +- update to 1.0.30: + * Move sndfile.h.in from src/ to include/ directory. + * Huge documentation update. + * Fix opus test failures on BE platforms + * Fix bug when sf_open_fd() function sometimes leaves filehandle open, even if close_desc parameter is TRUE, thanks to @umläute. + * Fix infinite loops on some pathological SD2 files + * Switch to GitHub Actions for continuous integration. + * Add OSS-Fuzz tests to GitHub Actions workflow + * Fix memory leak in wavlike_read_bext_chunk() function, credit to OSS-Fuzz. + * Fix undefined behavior in avr-read_header() function, credit to OSS-Fuzz. +- update to 1.0.29: + * Fixes for: CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832. + * Add BWF v2 loudness parameters. + * Wave64: Permit and skip arbitrary chunks prior to the data chunk. + * Fix ASAN crash in wavlike_ima_seek(). + * Fix IMA-ADPCM encoding for AIFF files. + * sndfile-convert: Handle gsm, vox and opus extensions the same way. + * Add SFC_SET_OGG_PAGE_LATENCY_MS command to get Ogg page latency for Ogg Opus files. + * Fix parsing of some SD2 files. + * Documentation updates. + * Minor bug fixes and improvements. +- drop libsndfile-CVE-2017-17456-alaw-range-check.patch + libsndfile-CVE-2017-17457-ulaw-range-check.patch + libsndfile-wav-loop-count-fix.patch + 0001-FLAC-Fix-a-buffer-read-overrun.patch + 0002-src-flac.c-Fix-a-buffer-read-overflow.patch + 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch + 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch + 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch + 0031-sfe_copy_data_fp-check-value-of-max-variable.patch: upstream + ------------------------------------------------------------------- Tue Dec 3 01:46:45 UTC 2019 - Stefan Brüns diff --git a/libsndfile.keyring b/libsndfile.keyring index 1dec7c8..1919648 100644 --- a/libsndfile.keyring +++ b/libsndfile.keyring @@ -1,52 +1,111 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 -mQINBFjgp8wBEAC/L//htBnj3cZWI/A6JMt7DHWoONr1B4AOk7NNleIWkFY5cqYJ -ENu9eesCxEjVqH8wUbFZ0NJbn+306guqDFTtZftiiv6ljZz2enZI8j5xVCgzkYBf -u08YU31jYjPuXV9YnAj4GnaI/AvKp9NilUhSLbEyif5+PI61n+OlaSMTiyl03iN/ -pxsPM+g/CyIvb/E9dyg2kZLoet0kIBiimpDV57RNviYcynh7n5kbamYGm0sD4t98 -Nnb7lk9vXk3XrXYWpVuF8NhfgEJLo9CU2vhHCZSSEs1uNYBXsxg5lCmzbQzkn3mq -A+0+tNvH1yhepmjG4DxsGKBkF2rccefndScFi5eAfQjBSFEcOOvzF1oBadrYgU1w -ayb7gta0bZqWG5TwoTLZlY6ML2+UlfRGDyaGvgzcicHDH6zbvPEr2npgSCq5LUeo -k6vvLn824/4ZNJww75HL1Tw9HzBX+/fVXFSanELYfISqwRAOcH7QbLK3YVBzMEer -vCnuzsxdI1LneBpdXhddOQdPPjOarHAZWNtc4jNAzok9O3DLtI4obWyWTZ/c1oM9 -eKDUNUt8zAf4scs8CvJO5dNd4XvJE0PbYP4vUX7Rhh9iUuUI9JeS04f/H/MPjxkG -o+HIAJIbJAXsNVTZTG6qmaeaIR8AUbKWQBODwHCtdgVIji5xvOSITPJbAwARAQAB -tClFcmlrIGRlIENhc3RybyBMb3BvIDxlcmlrZEBtZWdhLW5lcmQuY29tPokCTgQT -AQgAOBYhBGqRpc8iwkyZo14BP8/c+R+yQqztBQJY4KfMAhsDBQsJCAcCBhUICQoL -AgQWAgMBAh4BAheAAAoJEM/c+R+yQqztodMP/R23t9PL/CIzcJgAyrzmQNIple0E -Pbd9HuqwNZEwkTjtJ3zehkiUQJCU1U/26TvNDVMtvnqLVV6gWYCJQYthk+7dxa/l -WVb3o96ZZR1Pj1ouqRAhm788+bAFsW6kr7TxqF37InCnzbFaLgsUfD0XZfB1XJp6 -cx51TgKDBDJS+8nTUJoNXR3luAaWD/n4qcRiLxwA1XehWFD058Pm/vsFgfjewuGQ -THMFp4Pdzk0w/gRwcn1gEqkB7bspzdS0CGqklqv26NkIS+2aRBoXtroCKPn65FcX -fkF1CGdQWnGTrLNJ9vPJC1QCeo9XoR9Wp4XiWGgYG9owxvOLJnSZAUK3c2vtrkCE -pm4XE83dv8Brs+bvGFc8Ba77RyK6BQ7P3YYvzj0TQVYKaYXswrTqQQSCKqJe9Qet -XECHvbiNvgbMUoROvloUVPUQorCx33mZdTzGicgKqvMgWBn58B9qK208utPgk3Ot -o+4m8s/hJ/HkwLz6a00Tzg7CFrjlr+vX1qzgosJLjew80np3azrAf+Wwen8/mzm3 -gaDIptbh+hTjAUfdEnw/aQT6HryIQJNEFsNAER+FpHuMJepIllHmFLRjvLBF2rzR -US6zfkq4mfwrRht1ya8bpIAhDyYFP44MrpVtSCY+PkjtrlB5F9ck7MmxThSUOfxQ -YalBpqOTmHUHwra0uQINBFjgp8wBEACyNn74E17Xn0ba/UcrTVDs75HYvE6DJ/PJ -/HXv8bfTVlyuhXMP7ZzX3GnLK/ilIzUJbskpyDvaZxzSmWsA6tzagWOr7/YmtEYP -TZBnZW/nlr9gQfWL1YqO9fE1D1nHM1rnkFeUhPZRUGfk53VRnr5XMhgZZcuhj8cg -dLDL5aeULRw1TfqP4pAxov/yGx5gbxeqistuMEWq6PiFYpnyyoMeR+a193rM3Asl -CxkMsWmKZqI6tXLCUYn5z010/sstrZ2eionv9u5bpi5FeN2pZ6usdM0wqm/21dFC -qXtXdXa37mznSfHpP/sqyNhU6tWg+o9QTBcmGOZE5lLc6xAZDS0sYts0F9daizoF -e5ZSrNE46wKSaOI6fLfprvg3NXXrOf5fBTdpd3EUKaNVeCQ6juyQqYNHB8NnwfuQ -+2Oxuuw8Vh6ooxJ/KAcDSdmhm1OhNIEmVPoY7fGheUFf04toZQj5MtuCJnmSbWbS -GsEwPbkETCNB/vXiTzDm2Ern8wxEz7a3sBr3bKg25HkOXtlKmqXHJ+5r7hdExc+W -kHQaELQpv7NHnR1pfTgH2RbB+nLNx8cfoGnnNEDpg1VOHNzELK4xT/ZqULET944n -Wf1En0YX8Ecx0n11iW4Y8r0Mu2E+VcBLbYNf9t6BodbEZ7kRfI16MDXIIFeg/HxI -5F4wGCIMyQARAQABiQI2BBgBCAAgFiEEapGlzyLCTJmjXgE/z9z5H7JCrO0FAljg -p8wCGwwACgkQz9z5H7JCrO2t8A//dWj6L24uM1WF/P2Np9/Ks45HaqZMpuQyifxt -X1+XRzQvfu9cQEFiKfcHgZbx67JOFC6C9BHoN54AwLN+VeoYB08WXzHxPphlFfVL -GCD0aAl6pA27EGFkRTZ3tlCOYbnS+szVw3zyyap/2Qci9BxwNvFuRol/M95hn606 -K7krGluXOLUJIE9pkmW7uEp+dFSZkOwXI6e9ZSgJQeFy8BWY12AJHDyO0BOyfF59 -FIZg8JC2Rjz8w1xp2qXNNnGoDMPvTfQGL1LGfWGH3UMWe+cK3j2Zw8klgtFQm+v+ -ZWaq+Hacf5u0BZNXdUao+1pAChVCxiZH245hPXEGsV/yNyYUW9metRJMfatmsPCq -ozFfTYXSuZunbMZLbzqh78jeLGSzS46l3bnQDhUcXh4gD3a8DBLyndymfmz6uWgZ -PO1MSw+76aZFQRA3MJC+DhbOAarvjJPhOCiEeDYc/haROvfeOsvZFmYrwHlnRnQh -LnVlLHcT7m6qnslxuUA+FNTep5/vHnw8Nn9Q6/FaXewVFsHoz3uICNtUSA4OUG7C -s2p3vvTXxV7cXUt02K9imZznwGKJIl2esTPS3g6ow106DVh26GYtkQc3fuCQmIQh -Uk4qtes3BpsFl/WUWEUSPzNaqmIdJWVzUkPI9SeGjql9EBpV/MiO31I2XgvdqPjY -7t8v33E= -=2Oyd +mQINBFppABgBEAC42ZiNvV7BTIgR6TQy0YnF54fx3mVRP1u8Mq00UZa7reAsNKh7 +1H60j0W4s6+4pVVIKGfpVGxLwUdJe+KVCYw1Cd3YW6uMf5zZrC/ZWqnJiH/n6S6o +1l4INII2o6YbGBnzIWBPRo7PlOL+mvgKTLpBSJPnhD8XDGN5wRiV8rL2+6Dptg0F +nJt7oxECGF3OD3gk6HMel0o82CVkIqMtNaX1L/bhcdF7K0Rp2MXPZMmpn1izW5sI +asN1G9+w+Zwj7kMJzq1Aw3ac+rsX4SEYdvXjS2QhDHQUIr6LXri3D2WbcEqIZj2R +JVoVwblsrG11dYXFDBbgrq4NhgTBsxHYDlkr/qF2W+kbPC/nhSqTVZeCYvTBZbOQ ++RqyN/I0izukglnWmV1jGijFA8snyP8efx732hw/24zRYmtXOtnEITUpw8WOeZCq +6uiHaQ+eopnY2ojBg9BI7WZm0AFn58xxT9soMsyFOUFgXTqaWFZWlJ3fhZE8/0v8 +JEu/kPGE5aJReT3b34B+Bojkj74XR+h2u7iJJBHMTE8RwGoUOZHer/XsL9xlcdks +I+7TCjiq++ShaSSt2XsJmw2BhREohrjW/2KkwmvT3b44RMpKPB4WTH+++aqJQNeM +IqmswOMoZvzEZezInj7WVY/r0WEei1Y6wt1tBrJ/cFf1oQBM1UmphxcrfQARAQAB +tB9EYXZpZCBTZWlmZXJ0IDxzb2FwQGdlbnRvby5vcmc+iQJUBBMBCgA+BQsJCAcD +BRUKCQgLBRYCAwEAAh4BAheAAhsBFiEEMdlcq22A0mIkShdQpHYg6AHkfpUFAl/V +CvoFCQkuceIACgkQpHYg6AHkfpXYxA//aiJW1NwunpmzEc62id8lRMnoLHWVjISZ +b+xSlm+hk4LYq+ZbthJDzKcT86/3DJOSE1zQw9wLuCao9IW2UfFJQBtR+TAfbagG +0Yyk/kMcLoFJxnG1ywdJWypCAauuIhia52Z7PmmjsBbFwr6LygDwSQmZAyACMAs7 +TLQe+yERc2RNDsIEsquLSxxRF0Spk9gagWtKgrPc2XBjuNtQDwW7JgsOUoEeHyxC +29fRUjC3o/pG2I6iAZp17OROZI5yl4TSORrSBDGIi2sayxyxP0x+IPKtrCUcBGNx +wGp+56bP/V0hA6sgCPh/iwvqLoeibso6l/Kd4ltVAEQnHTd6fr8g+wLEUXfbJVTR +7aeFUoaFmWjSPlQrNr6HlxSLV/kRx9kVJp1Pn16vkfVBF7fG7iDLiqphwEeQg5ND +nmGeKAbRRNxFHyBHf0XRsaYiFZQckguO+71XSRtVx8/YP5nyNbtl9y1h/4JlT6Gy +t7hb5twYFQyQrKss83E/Bo1sRdHpj0ibtqb4ZbYANbh482E6yFhAkuo8YjVTJipI +1Ve8EBKnX3R+pDt147uyysNvtPVXML+sWpGSMVSm4NA8uT3F5nqxVwj+SeXy3Wq/ +CHQ2VBKGBC655G+wFD5C6O7cTx2MwH+2H8tzhWm+gFlI3MFKEXa/PC+YUC/diYcb +BrApavriTRa5Ag0EWmkAZgEQAPXMD3mZI+ChvBysXZWksC88/uSEwFeb3XkcRm7v +04GN7hcz+bfrmnUTB3tuE/ZQgv+u7ZjetvH1aEKieznn/GjnWoOBoJusOYvfAQeF +0mQVi118QiOZRCnEZpkz+RY9TiXVgrZJg+AGqHZ3Ol4GkInEV2NWgH37Xal+HkFl +rwI2U7mL0kZRG+LAVCQHKzqU0R0HE1XyJ4qf0awtG5Qi/TZvgXBdZPDXgr8i9Vlf +UUu10c2XnXM0Av/YAlZmBFjVYrSOUCFenqSVqL+s9sTCVdWlJrGjrr3Ja4uT3kl2 +rLva0AR4oSQoxt8adKohmFz0vzOkQtCoRzhrCwoo3JvNjKdSNoOP1nSsxlO5ji8r +ih5d+ajPgi580XyHLnrvG7vobR48qqscv1hizKuCgTacOTe6Db2Gqc8xF6v8HhJa +KwWJtmFllIfN/tIvZ6BbbgHQn0IGf4CYnWf0SksPZqpBmTRpD2jfBxcj2UEg+AR3 +LARjuyUVpFJScyu6ExQG+6O+ByLL31iWP5MgUrza1rIpriPa3NT3rZ3DG2pvQrS3 +ySsrPzH7VRX8L1ThSMSzjwF96aMsd14s7XzR4EzNuWwZDukfs0yavZk6l4o1M0mb +tbJi7hE4cz13KRHYvIkKMdZGYUnzRzZUDlsj2imakk3BR6GXnxZ1ST6062g+QxiL +AJFLABEBAAGJBHIEGAEKACYCGwIWIQQx2VyrbYDSYiRKF1CkdiDoAeR+lQUCX9UL +DQUJCS5xpwJAwXQgBBkBCgAdFiEEuNUxXaAAcsCoYIifzjbhFyAuOEIFAlppAGYA +CgkQzjbhFyAuOELmrQ/9H9wrWsWa21STZdxUmyU2sh9VXAWEHl1Ey0fVTznDM0Fl +zx5YSR/TmmnE36rpaz31Ttkx8SP914oV+mMgseecdya9Bf6uZL9Cv7V3KEsJBRL/ +ncrOWQBHP/Xy1X+mLD6A19xq7H4RihSLj0LeK2YVjrJzJ7wMf4mKXuBayQeAHImU +WRCRTbmK3umh2nB5V0iPd/XZEIiYtiTPe+7E/va6+0bBvOumF3a+Z0iui7eU4hFC +7Jk71D0dcg09SlIaNoMOrw7cMC3j2pMdKtsj8+0I6WBv14PhhqPAsnjdf7I/4NfK +L7Jav8T/gDS01uA2Jxm72d+wr+eSjOBXa6x8CEbTqfkjAGxsWENThCp6zDkaXSDd +JsV0va47vjzG8+wTDAvPy5IxIM/KZZdl4uWM+mF5K+q+eSTOHe7aLF2OdcussoBA +A18zm994dAkG1COX/qpxanxx2bv/2IvCGPg+x6JtAN8ji2kncWu3dWGQdE5XbVjc +fDwgsUPpp04G27Mr/x+HpEbgZ5SdA0dAqJktlNvCcHALhlblCWrsh/1QNjT/2iG8 +wsjcpEy/s4tWAuV4PTa4xvZ1JPS7Z7Eo5aBy9ZGOWG9SrHEiHnhkUsiswbHBOEjd +pBSkmNElDcv9fRUahVCTPfvWBATFDrQyMjJBSm+cV8c/iFQM7isVSu8W7E0eetsJ +EKR2IOgB5H6Vv9sP/1dxTvH0N0UoEoxIG/hnirEkbRpljdvqy4/uikYBKyQgSbo8 +VITTjea7gIhDztil9WZYt35jbOmoaGM2Z6TP2LEDOWgljYUNq9pl9Sc2GS8cNtEO +WxExzGOc1Flo730dX3A85Ks3+0WPXZjLDcRRcPVkFd5WLQQDV1YVYopWkuQBC+Br +4q3uv+sk+bw6gDa9+zFBbDuegdsYuTXrFHoxHz2GRv9Yb7ULCMgpFeNKDgtQq91u +RqewoTwQp9tlp91LH/hh7R0Q4DRgeFDkLnVRXwSKjVvCrT5cBgImGwtFTGS4egoy +MDKd/KKjZllp1ahRCln1XfmFQyQVMVvuF/JTtt31n6KwXwK2yxIlXB01xvRH+Ees +AWeRYWKWXydaAY/9Ve0/PLFlgsr/XUGvt0GoEKe7odD3nZgg6015+/8JTroKw19L +NZkhdfFMl11Zi0j5k3UbyzjYVpFSd8K2o0VoOG1LFsPp8tlRxNoVzpId0CX1au/p +y1H7Wy/39mzriRG3rw+mJAQbBjN09putCltXFXpOEWk08n/N3vufCVQUoSu/2Bqw +2HYj8VtToQp+O5dG3XxvDHINtInP1yr2Wcw2plna0KoXLwv/lZgDm3LN+eCWpG6d +N/xk25DTSqTHArUQIEkhcHYK6GnyxUcvoKtG88hXtqEPYXiK08FZYAUPTnDYuQIN +BFppAIkBEADDjvQZUs1NoqJpxkD2QDBudU1DBCaeI1D6CancMtb5FebPUxgFlDMd +CBGOun48dY5i87gDhT/qS3gP/Mv9rjKJmcG9JHfhpXdW73owxrcsQ96nxxVJNEVl +UHJw00z8C9eGWqr0SzSoE33K/PkzSkgtsaotF6+3uCerWulweulmGa5dpVfV0mbS +aVw8VmrhZ5NmCeodyy/lR85rPik5pb32NT6v7xBkgkfS0VYtPB2E5gW1pXX/jEOi +Mfq9idOEP9lxrNXV9j49Lr0JQCwAcrYbQ2+VPe6eacJEjzJ/6HiUqhPrYdnvydmb +hU+xmv2NjGp2UnDZDEhzQfwm6fMx+8Nx2uPzCnXQGoyRBwiC/KcdW0F1ZPKdSXqH +NKoOF62pLvIMSmfI3ZVOrTohArfr1kFEYVDv9Nl7oY+qg2rZEc2srOF74a9Z46bR +TDPsEQzE2UMCvu3+rofhSD7aRotlKeDCvbe2s0yE4Man457Xc3LXh8Gva8CzCOLE +2eMhNTsHIZk68WgXp3/uvE4Xy42myrk1AV8XXDdlWgx0Kc/I6tE59O5NVPSfuGvH +1a15KKx0F6euEnYDKKpQ5PDR6dSn61po0tfbt96m044G/xQFjrfhHei4jji9Ogd9 +vlXVAi2vn3+NCSHFP5l3igLByBHy9iLIdmz7yQuus/1nwRmxOHOf2QARAQABiQI8 +BBgBCgAmAhsMFiEEMdlcq22A0mIkShdQpHYg6AHkfpUFAl/VCxkFCQkucZAACgkQ +pHYg6AHkfpVPSRAAmheYkYJmtDbkzPBBnj5mbCIQN1/G5PI9eixc/TXWFOXtcjU1 +mJlJpSidHJyLRrx7r0c+N+s8vnY/JuUBsNoMJMER+Mv/CFW4iFi59V534SyAb2S0 +7NINJnFNkXBY62CDz9KsMuv/MdSv2yLhPH2Tfrm/eDRQesj1PanE4U1cgjWyJRc/ +IOlaRHvTasWDLgwbQi8ykt+4xUWzL/YKHzB+KyyzBK7vPBXqySX8ka4BOw7SDwG5 +lX2gtmhk4AGBwVChLXKflqVx1WXj4DPOt0kmOKVnKFyvUijK58M0A2FMgFMXDTIS +DRtoZPdx/rkODXxgS+W+27NcYAnxJiM0cQqizEnQh7PQ1KzgdChPejYXMKe9lwdn +ssMUxrBpbuAuagEf+pebNjD2eaNR4p8kfaDdGn53q55ysDvoyxKvnVQGSk1FAR9Q +s4N5a4f02U7dzlyEhEfIcuUlRCfnlpn4n725YIhHheDig5zKWoEZCkNIfiRcGzDl +8Drj+tlZiUR+gDkIoWSBaCkKbIQlc8qCYy6Hm7oZBaol6xKlUnTMK2rjK8fR4i8r +bVDWBAaWj3jcDHJ0Jg3fS/qBpeya/JXMp89TR8NK5Ys7PZpWbor+puXBYyXDAVx3 +rXQ7JBA5klHPxrgjso1S/LqwscKLENtrVjdjhryLBmPifrmofJRnrpiHIEa5Ag0E +WmkAswEQAL0hKwsRybQzkNGpJP+ElLSwFHd7XQhr+qIwLllpumWtnIK/DHmv8SpW +FqAYajmRTXipFcBHH25x2jIIliZidn0a9826l+sMzrFadMC6/W4pitP71TeqZzwn +pAuHs14YL7Wiy0aJQnfbCpRzPq3kYyOXmhmY7lPWO0WdUpR6W8wUbleK5XOVDDRx +aIC/M3hhDOxZOMzQ+pdn4BaOFQQ0ygsRkqOudbuc0R1giYRt1i6gMeT8gfzL9jlw +HcJ+aVnxdUQQ4uC47oKo/+lg7qh7LsiW79pQC1Bcdm8lhRmqtxe6ub60ecjax3XU +1ILIEfIFCv6M7LRUAwz0bqk35spgkJqrGGKkdeWEKAFHg2QWR2F0zy+HdlPLfKxO +uhaccpwc9EJtf744GS0SXa2AXr32j56n7CFcEjFcIQPBC6OJn6eA3hOVUYGZ7SrT +4fsmZiFAdGEkvLKFuNhju1Hj2EJQUY1pm4GSBco7BR8x+QqoYrt5clU3WxRMNfTR +0Rtuzsh4xskXNVMMgvKOahAtxENv2M2Cx6zJPVL5dmaysP7d6QRVeOQA5PwkcZ5Q +qK6JtDZj2jpaKQH4Za715kiIcdqMDSkwxa6avc0kARHvfFcBR4hwDm1GAlaKG7eH +8TOGGQIk8x2F3s4l8mTJVLWTP/uJYnkYBdqANYo5t1NIQLvwLFV3ABEBAAGJAjwE +GAEKACYCGyAWIQQx2VyrbYDSYiRKF1CkdiDoAeR+lQUCX9ULIwUJCS5xcAAKCRCk +diDoAeR+leekD/sF7aHH0W35ckWrXZlfSp0qHPWrBUaLBI9OAUHenRhgs4SbK0D4 +wqEiu0C5iDQojpXAeALQ8g/1pUsZ1yuFqYbGYWrHkA0Pm+P3tAGB4LMZ41YfvROP +uaiW/+IMJbWllgRtaDt8/NtCgs30WI9I+az5M29HcGfvEwEUykrBx3dE9T+1ui3O +capdd+GMvdAAsX5PyVkjWgZ7GrZeH8mG7UysYfT4qthxEtQfZ/u8ceSduKA46ugh +C2eafIDNvluqn7BU4oKxME61u6C8BN2yHLI6LV0Tr4z5H8joVbM4BSFMwLVGlsXf +HhB8kLiErN6bXolxsjARlmYiD9S9H2AcYidr6RYXf2EVFSpBG59xn1WTDN+DsHQf +7btNPEPl/OPxa3OQjG+xn8USddiP0N0B4xsyzMNCCKDgvXXcIhX55KG9eh3Tc98S +fEyhxu8ybZBIGmTJysPKxijfvSgQF+RPNTsz9lvXqkoK7RTgeYMschpjJEznCLbt +M6eTDb5z0G5uLXh6+dYxtDOlPogI5OHd+G51LwCjvrQ+AtIUCgafuemwA9mpFT2b +svb/qcxSVUb44bVaNHn1JHebX2YbokGtBOm1x2PI5fT8n6YIIYz3jKYOZAYdUT7x +6qURyNjOfG4aPJIATwuh4GSNuxUG40+yuT+XfQF24mu1esS1J3wzRloJ7w== +=K3x+ -----END PGP PUBLIC KEY BLOCK----- + diff --git a/libsndfile.spec b/libsndfile.spec index 5aa3ce1..5d14a9a 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,7 +1,7 @@ # # spec file for package libsndfile # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,41 +18,30 @@ %define lname %{name}1 Name: libsndfile -Version: 1.0.28 +Version: 1.0.31 Release: 0 Summary: Development/Libraries/C and C++ License: LGPL-2.1-or-later Group: System/Libraries -URL: http://www.mega-nerd.com/libsndfile -Source0: http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz -Source1: http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz.asc +URL: https://libsndfile.github.io/libsndfile/ +Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2 +Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2.sig Source2: %{name}.keyring Source3: baselibs.conf -# PATCH-FIX-UPSTREAM -Patch1: 0001-FLAC-Fix-a-buffer-read-overrun.patch -Patch2: 0002-src-flac.c-Fix-a-buffer-read-overflow.patch -Patch10: 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch -Patch20: 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch -Patch30: 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch -# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317 -Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch -# not yet upstreamed -Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch -Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch Patch34: sndfile-deinterlace-channels-check.patch -# not yet upstreamed, CVE-2018-19758, bsc#1117954 -Patch40: libsndfile-wav-loop-count-fix.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch +BuildRequires: cmake BuildRequires: flac-devel BuildRequires: gcc-c++ +BuildRequires: libopus-devel BuildRequires: libtool BuildRequires: libvorbis-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig +BuildRequires: python3-base BuildRequires: speex-devel Obsoletes: libsnd Provides: libsnd -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Libsndfile is a C library for reading and writing sound files, such as @@ -87,64 +76,38 @@ libsndfile library. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch10 -p1 -%patch20 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p1 -%patch40 -p1 -%patch100 -p1 +%autopatch -p1 %build -%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter -autoreconf --force --install -CFLAGS="%{optflags} %{warn_flags}" -export CFLAGS -%configure \ - --disable-silent-rules \ - --disable-static \ - --disable-full-suite \ - --with-pic \ - --enable-experimental -make %{?_smp_mflags} +%cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF -DCMAKE_INSTALL_DOCDIR=%{_defaultdocdir}/libsndfile +%cmake_build %install -%make_install -# remove unnecessary files -find %{buildroot} -type f -name "*.la" -delete -print +%cmake_install + # remove programs; built in another spec file rm -rf %{buildroot}%{_bindir} rm -rf %{buildroot}%{_mandir}/man1 -# remove binaries from examples directory -make -C examples distclean rm -rf %{buildroot}%{_datadir}/doc/libsndfile %post -n %{lname} -p /sbin/ldconfig - %postun -n %{lname} -p /sbin/ldconfig %check -pushd src -make %{?_smp_mflags} check -popd +# check requires -DBUILD_SHARED_LIBS=off %files -n %{lname} -%defattr(-, root, root) %{_libdir}/libsndfile.so.1* %files devel -%defattr(-, root, root) %doc AUTHORS ChangeLog NEWS README -%doc doc/*.html doc/*.jpg doc/*.css doc/*.HOWTO %license COPYING %{_libdir}/libsndfile.so %{_includedir}/sndfile.h %{_includedir}/sndfile.hh %{_libdir}/pkgconfig/*.pc +%{_libdir}/cmake/SndFile %doc examples +%doc %{_defaultdocdir}/libsndfile %changelog diff --git a/sndfile-deinterlace-channels-check.patch b/sndfile-deinterlace-channels-check.patch index ec7a8b5..e5dd5e8 100644 --- a/sndfile-deinterlace-channels-check.patch +++ b/sndfile-deinterlace-channels-check.patch @@ -1,11 +1,11 @@ -diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c -index 5366031075ab..712cb96cda76 100644 ---- a/programs/sndfile-deinterleave.c -+++ b/programs/sndfile-deinterleave.c -@@ -89,6 +89,11 @@ main (int argc, char **argv) - exit (1) ; +Index: libsndfile-1.0.31/programs/sndfile-deinterleave.c +=================================================================== +--- libsndfile-1.0.31.orig/programs/sndfile-deinterleave.c ++++ libsndfile-1.0.31/programs/sndfile-deinterleave.c +@@ -96,6 +96,11 @@ main (int argc, char **argv) } ; + + if (sfinfo.channels > MAX_CHANNELS) + { printf ("\nError : Too many channels %d in input file '%s'.\n", sfinfo.channels, argv[1]) ; + exit (1) ;