Accepting request 345901 from home:tiwai:branches:multimedia:libs

- Update to version 1.0.26: * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805. * Add ALAC/CAF support. Minor bug fixes and improvements. - Update to version 1.0.26: * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805. * Add ALAC/CAF support. Minor bug fixes and improvements. - Refreshed patches: sndfile-ocloexec.patch libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch - Removed obsoleted patches: libsndfile-example-fix.diff libsndfile-fix-header-read-CVE-2015-7805.patch libsndfile-paf-zero-division-fix.diff libsndfile-src-common.c-Fix-a-header-parsing-bug.patch libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch OBS-URL: https://build.opensuse.org/request/show/345901 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=50
2015-11-23 18:49:52 +00:00 · 2015-11-23 18:49:52 +00:00 · 55880a58e1
commit 55880a58e1
parent 1d554d55a6
17 changed files with 57 additions and 477 deletions
--- a/libsndfile-1.0.25.tar.gz
+++ b/libsndfile-1.0.25.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59016dbd326abe7e2366ded5c344c853829bebfd1702ef26a07ef662d6aa4882
-size 1060692
--- a/libsndfile-1.0.25.tar.gz.asc
+++ b/libsndfile-1.0.25.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAk4dgRAACgkQbKQad0O41siZbQCfVOjunNH2JJuMJaY8nKsHrvTD
-7IMAn0be2Nmm1A2TbYZ0wmf4wukEGcQJ
-=YleA
-----END PGP SIGNATURE-----
--- a/libsndfile-1.0.26.tar.gz
+++ b/libsndfile-1.0.26.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd6520ec763d1a45573885ecb1f8e4e42505ac12180268482a44b28484a25092
+size 1080727
--- a/libsndfile-1.0.26.tar.gz.asc
+++ b/libsndfile-1.0.26.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABCAAGBQJWUZHQAAoJEEXYQ7zIiotIH84P/0Ub1LnlVeYrYBGd/rK3hBxC
+i0PtmA6SRd6JYphiX11eKgG6qVLTGZ+Wy7ef5TYuIlxq/Q6+IGPghLR3YUTbeugf
+U2DUlufBd3Ua9s2mpRx4CFo5kbFor38ULsH7CtJ4SiL9lcPgEVnLXzKiJLsLuALR
+uOzUpYu9Vlm2sLt/ryagYux0sVmpqfsOvEg2FI83S1v0CDJm+58GH1P7b5eMsf2h
+kGLd76vkCa5ooM+rXIYxsYSuRhT9SCbyDMrCgr2+djr3pEEgHQwDdfMCIxGLm111
+wrl3kU2z/KwZMuj2sgsRnvL1+G8R6uSKv1EjYfAJmvV0o5XIoirufzR3XZ5+UThH
+6MeZmUCDI5+dIyNU4Ru+/92Jvn/yePf9h/DESIN/5ne86rniOQseaxoHjD1tHKxS
+9xdu+CdfrY9kiI7LdPsNiGhnLbt1C4WO5B06G8UcC0OIefmcqw/i+JMXl9sV1/Q4
+/et1BirluKs9MUbZkXM1HYpeE0MCV4xRvwraKsBj7xH3eb+9RtKcPIAzdgFa3nBQ
+JuWNTlnGlYqcPVrkZXMEkFSrHvFNP1o/DP0s0715pOvCpM+aHWq54KjFYn0OpeDY
+PcyWtuiDX9vzkWkrFZkicKwn3kwEVc9Dg4FyK/toVWm3Khcnpk1O1S9/1EkYbzja
+jbu/qJRaYp5qcVPJVvHI
+=PGP6
+-----END PGP SIGNATURE-----
--- a/libsndfile-example-fix.diff
+++ b/libsndfile-example-fix.diff
@ -1,38 +0,0 @@
--- examples/sndfile-to-text.c-dist	2009-02-09 12:36:49.000000000 +0100
-+++ examples/sndfile-to-text.c	2009-02-09 12:37:05.000000000 +0100
-@@ -101,6 +101,7 @@ main (int argc, char * argv [])
- 		return 1 ;
- 		} ;
- 
-+	memset(&sfinfo, 0, sizeof(sfinfo));
- 	if ((infile = sf_open (infilename, SFM_READ, &sfinfo)) == NULL)
- 	{	printf ("Not able to open input file %s.\n", infilename) ;
- 		puts (sf_strerror (NULL)) ;
--- examples/sfprocess.c-dist	2009-02-07 05:07:34.000000000 +0100
-+++ examples/sfprocess.c	2009-02-09 12:36:23.000000000 +0100
-@@ -31,6 +31,7 @@
- */
- 
- #include	<stdio.h>
-+#include	<string.h>
- 
- /* Include this header file to use functions from libsndfile. */
- #include	<sndfile.h>
-@@ -83,6 +84,7 @@ main (void)
- 	**		sfinfo.format   = SF_FORMAT_RAW | SF_FORMAT_PCM_16 ;
- 	**		sfinfo.channels = 2 ;
-     */
-+    memset(&sfinfo, 0, sizeof(sfinfo));
-     if (! (infile = sf_open (infilename, SFM_READ, &sfinfo)))
-     {   /* Open failed so print an error message. */
-         printf ("Not able to open input file %s.\n", infilename) ;
--- examples/generate.c-dist	2009-02-07 05:07:44.000000000 +0100
-+++ examples/generate.c	2009-02-09 12:36:23.000000000 +0100
-@@ -98,6 +98,7 @@ encode_file (const char *infilename, con
- 	k = 16 - strlen (outfilename) ;
- 	PUT_DOTS (k) ;
- 
-+	memset(&sfinfo, 0, sizeof(sfinfo));
- 	if (! (infile = sf_open (infilename, SFM_READ, &sfinfo)))
- 	{	printf ("Error : could not open file : %s\n", infilename) ;
- 		puts (sf_strerror (NULL)) ;
--- a/libsndfile-fix-header-read-CVE-2015-7805.patch
+++ b/libsndfile-fix-header-read-CVE-2015-7805.patch
@ -1,19 +0,0 @@
---
- src/common.c |    5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
--- a/src/common.c
-+++ b/src/common.c
-@@ -800,9 +800,10 @@ header_read (SF_PRIVATE *psf, void *ptr,
- 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
- 	{	int most ;
- 
-		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
-+		most = SIGNED_SIZEOF (psf->header) - psf->headend ;
- 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
-		memcpy (ptr, psf->header + psf->headend, most) ;
-+		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
-+		memcpy (ptr, psf->header + psf->headindex, most) ;
- 		psf->headend = psf->headindex += most ;
- 		psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
- 		return bytes ;
--- a/libsndfile-paf-zero-division-fix.diff
+++ b/libsndfile-paf-zero-division-fix.diff
@ -1,16 +0,0 @@
-=== modified file 'src/paf.c'
---
- src/paf.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/src/paf.c
-+++ b/src/paf.c
-@@ -202,7 +202,7 @@
- 		psf->endian = SF_ENDIAN_BIG ;
- 		} ;
- 
-	if (paf_fmt.channels > SF_MAX_CHANNELS)
-+	if (paf_fmt.channels > SF_MAX_CHANNELS || paf_fmt.channels <= 0)
- 		return SFE_PAF_BAD_CHANNELS ;
- 
- 	psf->datalength = psf->filelength - psf->dataoffset ;
--- a/libsndfile-progs.changes
+++ b/libsndfile-progs.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Nov 23 17:22:41 CET 2015 - tiwai@suse.de
+
+- Update to version 1.0.26:
+  * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
+  * Add ALAC/CAF support. Minor bug fixes and improvements. 
+
 -------------------------------------------------------------------
 Sat Mar 21 08:14:38 UTC 2015 - mpluskal@suse.com

--- a/libsndfile-progs.spec
+++ b/libsndfile-progs.spec
@ -17,7 +17,7 @@


 Name:           libsndfile-progs
-Version:        1.0.25
+Version:        1.0.26
 Release:        0
 Summary:        Example Programs for libsndfile
 License:        LGPL-2.1+
@ -26,7 +26,6 @@ Url:            http://www.mega-nerd.com/libsndfile/
 Source0:        http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
 Source1:        http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz.asc
 Source2:        libsndfile.keyring
-Patch0:         libsndfile-example-fix.diff
 BuildRequires:  alsa-devel
 BuildRequires:  flac-devel
 BuildRequires:  gcc-c++
@ -42,7 +41,6 @@ This package includes the example programs for libsndfile.

 %prep
 %setup -q -n libsndfile-%{version}
-%patch0

 %build
 %define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter
--- a/libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+++ b/libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
@ -4,7 +4,7 @@

 --- a/src/common.c
 +++ b/src/common.c
-@@ -1332,7 +1332,7 @@ psf_strlcpy_crlf (char *dest, const char
+@@ -1339,7 +1339,7 @@ psf_strlcpy_crlf (char *dest, const char
 	char * destend = dest + destmax - 2 ;
 	const char * srcend = src + srcmax ;
 
--- a/libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+++ b/libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
@ -1,81 +0,0 @@
-From d2a87385c1ca1d72918e9a2875d24f202a5093e8 Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd@mega-nerd.com>
-Date: Sat, 7 Feb 2015 15:45:10 +1100
-Subject: [PATCH] src/common.c : Fix a header parsing bug.
-
-When the file header is bigger that SF_HEADER_LEN, the code would seek
-instead of reading causing file parse errors.
-
-The current header parsing and writing code *badly* needs a re-write.
---
- src/common.c |   25 ++++++++++---------------
- 1 file changed, 10 insertions(+), 15 deletions(-)
-
--- a/src/common.c
-+++ b/src/common.c
-@@ -795,21 +795,16 @@ header_read (SF_PRIVATE *psf, void *ptr,
- {	int count = 0 ;
- 
- 	if (psf->headindex >= SIGNED_SIZEOF (psf->header))
-	{	memset (ptr, 0, SIGNED_SIZEOF (psf->header) - psf->headindex) ;
-
-		/* This is the best that we can do. */
-		psf_fseek (psf, bytes, SEEK_CUR) ;
-		return bytes ;
-		} ;
-+		return psf_fread (ptr, 1, bytes, psf) ;
- 
- 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
- 	{	int most ;
- 
- 		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
- 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
-		memset ((char *) ptr + most, 0, bytes - most) ;
-
-		psf_fseek (psf, bytes - most, SEEK_CUR) ;
-+		memcpy (ptr, psf->header + psf->headend, most) ;
-+		psf->headend = psf->headindex += most ;
-+		psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
- 		return bytes ;
- 		} ;
- 
-@@ -817,7 +812,7 @@ header_read (SF_PRIVATE *psf, void *ptr,
- 	{	count = psf_fread (psf->header + psf->headend, 1, bytes - (psf->headend - psf->headindex), psf) ;
- 		if (count != bytes - (int) (psf->headend - psf->headindex))
- 		{	psf_log_printf (psf, "Error : psf_fread returned short count.\n") ;
-			return 0 ;
-+			return count ;
- 			} ;
- 		psf->headend += count ;
- 		} ;
-@@ -831,7 +826,6 @@ header_read (SF_PRIVATE *psf, void *ptr,
- static void
- header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
- {
-
- 	switch (whence)
- 	{	case SEEK_SET :
- 			if (position > SIGNED_SIZEOF (psf->header))
-@@ -880,8 +874,7 @@ header_seek (SF_PRIVATE *psf, sf_count_t
- 
- static int
- header_gets (SF_PRIVATE *psf, char *ptr, int bufsize)
-{
-	int		k ;
-+{	int		k ;
- 
- 	for (k = 0 ; k < bufsize - 1 ; k++)
- 	{	if (psf->headindex < psf->headend)
-@@ -1068,8 +1061,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
- 			case 'j' :
- 					/* Get the seek position first. */
- 					count = va_arg (argptr, size_t) ;
-					header_seek (psf, count, SEEK_CUR) ;
-					byte_count += count ;
-+					if (count)
-+					{	header_seek (psf, count, SEEK_CUR) ;
-+						byte_count += count ;
-+						} ;
- 					break ;
- 
- 			default :
--- a/libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+++ b/libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
@ -1,22 +0,0 @@
-From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd@mega-nerd.com>
-Date: Wed, 24 Dec 2014 21:02:35 +1100
-Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
-
-Closes: https://github.com/erikd/libsndfile/issues/92
---
- src/file_io.c |    3 +++
- 1 file changed, 3 insertions(+)
-
--- a/src/file_io.c
-+++ b/src/file_io.c
-@@ -358,6 +358,9 @@ psf_fwrite (const void *ptr, sf_count_t
- {	sf_count_t total = 0 ;
- 	ssize_t	count ;
- 
-+	if (bytes == 0 || items == 0)
-+		return 0 ;
-+
- 	if (psf->virtual_io)
- 		return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
- 
--- a/libsndfile.changes
+++ b/libsndfile.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Nov 23 17:20:09 CET 2015 - tiwai@suse.de
+
+- Update to version 1.0.26:
+  * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
+  * Add ALAC/CAF support. Minor bug fixes and improvements. 
+- Refreshed patches:
+  sndfile-ocloexec.patch
+  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+- Removed obsoleted patches:
+  libsndfile-example-fix.diff
+  libsndfile-fix-header-read-CVE-2015-7805.patch
+  libsndfile-paf-zero-division-fix.diff
+  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
+  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+
 -------------------------------------------------------------------
 Wed Nov  4 16:43:39 CET 2015 - tiwai@suse.de

--- a/libsndfile.spec
+++ b/libsndfile.spec
@ -18,7 +18,7 @@

 %define lname	%{name}1
 Name:           libsndfile
-Version:        1.0.25
+Version:        1.0.26
 Release:        0
 Summary:        Development/Libraries/C and C++
 License:        LGPL-2.1+
@ -28,21 +28,7 @@ Source0:        http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz
 Source1:        http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
-# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
-Patch0:         libsndfile-example-fix.diff
-# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
-Patch1:         libsndfile-paf-zero-division-fix.diff
 Patch2:         sndfile-ocloexec.patch
-# PATCH-FIX-UPSTREAM CVE-2014-9496 bnc#911796
-Patch3:         sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
-# PATCH-FIX-UPSTREAM CVE-2014-9496 bnc#911796
-Patch4:         sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
-# PATCH-FIX-UPSTREAM CVE-2014-9756 bsc#953521
-Patch5:         libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
-# PATCH-FIX-UPSTREAM CVE-2015-7805 bsc#953516
-Patch6:         libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
-# PATCH-FIX-SUSE CVE-2015-7805 bsc#953516
-Patch7:         libsndfile-fix-header-read-CVE-2015-7805.patch
 # PATCH-FIX-SUSE CVE-2015-8075 bsc#953519
 Patch8:         libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
 BuildRequires:  alsa-devel
@ -90,14 +76,7 @@ libsndfile library.

 %prep
 %setup -q
-%patch0
-%patch1 -p1
-%patch2
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
+%patch2 -p1
 %patch8 -p1

 %build
@ -125,7 +104,7 @@ rm -rf %{buildroot}%{_bindir}
 rm -rf %{buildroot}%{_mandir}/man1
 # remove binaries from examples directory
 make -C examples distclean
-rm -rf %{buildroot}%{_datadir}/doc/libsndfile1-dev
+rm -rf %{buildroot}%{_datadir}/doc/libsndfile

 %post -n %{lname} -p /sbin/ldconfig

--- a/sndfile-ocloexec.patch
+++ b/sndfile-ocloexec.patch
@ -1,19 +1,10 @@
--- configure.ac.orig
-+++ configure.ac
-@@ -23,7 +23,9 @@ AC_SUBST(ACLOCAL_AMFLAGS, "-I M4")
- 
- AC_LANG([C])
- 
-AC_PROG_CC
-+AC_PROG_CC_STDC
-+AC_USE_SYSTEM_EXTENSIONS
-+AC_SYS_LARGEFILE
- AM_PROG_CC_C_O
- AC_PROG_CXX
- AC_PROG_SED
--- src/file_io.c.orig
-+++ src/file_io.c
-@@ -564,6 +564,9 @@ psf_open_fd (PSF_FILE * pfile)
+---
+ src/file_io.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/file_io.c
+++ b/src/file_io.c
+@@ -570,6 +570,9 @@ psf_open_fd (PSF_FILE * pfile)
 				return - SFE_BAD_OPEN_MODE ;
 				break ;
 		} ;
@ -23,12 +14,3 @@
 
 	if (mode == 0)
 		fd = open (pfile->path.c, oflag) ;
--- Makefile.am.orig
-+++ Makefile.am
-@@ -1,5 +1,6 @@
- ## Process this file with automake to produce Makefile.in
- 
-+ACLOCAL_AMFLAGS = -I M4
- DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror
- 
- if BUILD_OCTAVE_MOD
--- a/sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
+++ b/sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
@ -1,200 +0,0 @@
-From 9341e9c6e70cd3ad76c901c3cf052d4cb52fd827 Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd@mega-nerd.com>
-Date: Thu, 27 Jun 2013 18:04:03 +1000
-Subject: [PATCH] src/sd2.c : Fix segfault in SD2 RSRC parser.
-
-A specially crafted resource fork for an SD2 file can cause
-the SD2 RSRC parser to read data from outside a dynamically
-defined buffer. The data that is read is converted into a
-short or int and used during further processing.
-
-Since no write occurs, this is unlikely to be exploitable.
-
-Bug reported by The Mayhem Team from Cylab, Carnegie Mellon
-Univeristy. Paper is:
-http://users.ece.cmu.edu/~arebert/papers/mayhem-oakland-12.pdf
---
- src/sd2.c |   93 ++++++++++++++++++++++++++++++++++++--------------------------
- 1 file changed, 55 insertions(+), 38 deletions(-)
-
--- a/src/sd2.c
-+++ b/src/sd2.c
-@@ -1,5 +1,5 @@
- /*
-** Copyright (C) 2001-2011 Erik de Castro Lopo <erikd@mega-nerd.com>
-+** Copyright (C) 2001-2013 Erik de Castro Lopo <erikd@mega-nerd.com>
- ** Copyright (C) 2004 Paavo Jumppanen
- **
- ** This program is free software; you can redistribute it and/or modify
-@@ -370,44 +370,61 @@ sd2_write_rsrc_fork (SF_PRIVATE *psf, in
- */
- 
- static inline int
-read_char (const unsigned char * data, int offset)
-{	return data [offset] ;
-} /* read_char */
-+read_rsrc_char (const SD2_RSRC *prsrc, int offset)
-+{	const unsigned char * data = prsrc->rsrc_data ;
-+	if (offset < 0 || offset >= prsrc->rsrc_len)
-+		return 0 ;
-+	return data [offset] ;
-+} /* read_rsrc_char */
- 
- static inline int
-read_short (const unsigned char * data, int offset)
-{	return (data [offset] << 8) + data [offset + 1] ;
-} /* read_short */
-+read_rsrc_short (const SD2_RSRC *prsrc, int offset)
-+{	const unsigned char * data = prsrc->rsrc_data ;
-+	if (offset < 0 || offset + 1 >= prsrc->rsrc_len)
-+		return 0 ;
-+	return (data [offset] << 8) + data [offset + 1] ;
-+} /* read_rsrc_short */
- 
- static inline int
-read_int (const unsigned char * data, int offset)
-{	return (data [offset] << 24) + (data [offset + 1] << 16) + (data [offset + 2] << 8) + data [offset + 3] ;
-} /* read_int */
-+read_rsrc_int (const SD2_RSRC *prsrc, int offset)
-+{	const unsigned char * data = prsrc->rsrc_data ;
-+	if (offset < 0 || offset + 3 >= prsrc->rsrc_len)
-+		return 0 ;
-+	return (data [offset] << 24) + (data [offset + 1] << 16) + (data [offset + 2] << 8) + data [offset + 3] ;
-+} /* read_rsrc_int */
- 
- static inline int
-read_marker (const unsigned char * data, int offset)
-{
-+read_rsrc_marker (const SD2_RSRC *prsrc, int offset)
-+{	const unsigned char * data = prsrc->rsrc_data ;
-+
-+	if (offset < 0 || offset + 3 >= prsrc->rsrc_len)
-+		return 0 ;
-+
- 	if (CPU_IS_BIG_ENDIAN)
- 		return (data [offset] << 24) + (data [offset + 1] << 16) + (data [offset + 2] << 8) + data [offset + 3] ;
-	else if (CPU_IS_LITTLE_ENDIAN)
-+	if (CPU_IS_LITTLE_ENDIAN)
- 		return data [offset] + (data [offset + 1] << 8) + (data [offset + 2] << 16) + (data [offset + 3] << 24) ;
-	else
-		return 0x666 ;
-} /* read_marker */
-+
-+	return 0 ;
-+} /* read_rsrc_marker */
- 
- static void
-read_str (const unsigned char * data, int offset, char * buffer, int buffer_len)
-{	int k ;
-+read_rsrc_str (const SD2_RSRC *prsrc, int offset, char * buffer, int buffer_len)
-+{	const unsigned char * data = prsrc->rsrc_data ;
-+	int k ;
- 
- 	memset (buffer, 0, buffer_len) ;
- 
-+	if (offset < 0 || offset + buffer_len >= prsrc->rsrc_len)
-+		return ;
-+
- 	for (k = 0 ; k < buffer_len - 1 ; k++)
- 	{	if (psf_isprint (data [offset + k]) == 0)
- 			return ;
- 		buffer [k] = data [offset + k] ;
- 		} ;
- 	return ;
-} /* read_str */
-+} /* read_rsrc_str */
- 
- static int
- sd2_parse_rsrc_fork (SF_PRIVATE *psf)
-@@ -434,17 +451,17 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
- 	/* Reset the header storage because we have changed to the rsrcdes. */
- 	psf->headindex = psf->headend = rsrc.rsrc_len ;
- 
-	rsrc.data_offset = read_int (rsrc.rsrc_data, 0) ;
-	rsrc.map_offset = read_int (rsrc.rsrc_data, 4) ;
-	rsrc.data_length = read_int (rsrc.rsrc_data, 8) ;
-	rsrc.map_length = read_int (rsrc.rsrc_data, 12) ;
-+	rsrc.data_offset = read_rsrc_int (&rsrc, 0) ;
-+	rsrc.map_offset = read_rsrc_int (&rsrc, 4) ;
-+	rsrc.data_length = read_rsrc_int (&rsrc, 8) ;
-+	rsrc.map_length = read_rsrc_int (&rsrc, 12) ;
- 
- 	if (rsrc.data_offset == 0x51607 && rsrc.map_offset == 0x20000)
- 	{	psf_log_printf (psf, "Trying offset of 0x52 bytes.\n") ;
-		rsrc.data_offset = read_int (rsrc.rsrc_data, 0x52 + 0) + 0x52 ;
-		rsrc.map_offset = read_int (rsrc.rsrc_data, 0x52 + 4) + 0x52 ;
-		rsrc.data_length = read_int (rsrc.rsrc_data, 0x52 + 8) ;
-		rsrc.map_length = read_int (rsrc.rsrc_data, 0x52 + 12) ;
-+		rsrc.data_offset = read_rsrc_int (&rsrc, 0x52 + 0) + 0x52 ;
-+		rsrc.map_offset = read_rsrc_int (&rsrc, 0x52 + 4) + 0x52 ;
-+		rsrc.data_length = read_rsrc_int (&rsrc, 0x52 + 8) ;
-+		rsrc.map_length = read_rsrc_int (&rsrc, 0x52 + 12) ;
- 		} ;
- 
- 	psf_log_printf (psf, "  data offset : 0x%04X\n  map  offset : 0x%04X\n"
-@@ -487,7 +504,7 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
- 		goto parse_rsrc_fork_cleanup ;
- 		} ;
- 
-	rsrc.string_offset = rsrc.map_offset + read_short (rsrc.rsrc_data, rsrc.map_offset + 26) ;
-+	rsrc.string_offset = rsrc.map_offset + read_rsrc_short (&rsrc, rsrc.map_offset + 26) ;
- 	if (rsrc.string_offset > rsrc.rsrc_len)
- 	{	psf_log_printf (psf, "Bad string offset (%d).\n", rsrc.string_offset) ;
- 		error = SFE_SD2_BAD_RSRC ;
-@@ -496,7 +513,7 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
- 
- 	rsrc.type_offset = rsrc.map_offset + 30 ;
- 
-	rsrc.type_count = read_short (rsrc.rsrc_data, rsrc.map_offset + 28) + 1 ;
-+	rsrc.type_count = read_rsrc_short (&rsrc, rsrc.map_offset + 28) + 1 ;
- 	if (rsrc.type_count < 1)
- 	{	psf_log_printf (psf, "Bad type count.\n") ;
- 		error = SFE_SD2_BAD_RSRC ;
-@@ -512,11 +529,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
- 
- 	rsrc.str_index = -1 ;
- 	for (k = 0 ; k < rsrc.type_count ; k ++)
-	{	marker = read_marker (rsrc.rsrc_data, rsrc.type_offset + k * 8) ;
-+	{	marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
- 
- 		if (marker == STR_MARKER)
- 		{	rsrc.str_index = k ;
-			rsrc.str_count = read_short (rsrc.rsrc_data, rsrc.type_offset + k * 8 + 4) + 1 ;
-+			rsrc.str_count = read_rsrc_short (&rsrc, rsrc.type_offset + k * 8 + 4) + 1 ;
- 			error = parse_str_rsrc (psf, &rsrc) ;
- 			goto parse_rsrc_fork_cleanup ;
- 			} ;
-@@ -548,26 +565,26 @@ parse_str_rsrc (SF_PRIVATE *psf, SD2_RSR
- 	for (k = 0 ; data_offset + data_len < rsrc->rsrc_len ; k++)
- 	{	int slen ;
- 
-		slen = read_char (rsrc->rsrc_data, str_offset) ;
-		read_str (rsrc->rsrc_data, str_offset + 1, name, SF_MIN (SIGNED_SIZEOF (name), slen + 1)) ;
-+		slen = read_rsrc_char (rsrc, str_offset) ;
-+		read_rsrc_str (rsrc, str_offset + 1, name, SF_MIN (SIGNED_SIZEOF (name), slen + 1)) ;
- 		str_offset += slen + 1 ;
- 
-		rsrc_id = read_short (rsrc->rsrc_data, rsrc->item_offset + k * 12) ;
-+		rsrc_id = read_rsrc_short (rsrc, rsrc->item_offset + k * 12) ;
- 
-		data_offset = rsrc->data_offset + read_int (rsrc->rsrc_data, rsrc->item_offset + k * 12 + 4) ;
-+		data_offset = rsrc->data_offset + read_rsrc_int (rsrc, rsrc->item_offset + k * 12 + 4) ;
- 		if (data_offset < 0 || data_offset > rsrc->rsrc_len)
- 		{	psf_log_printf (psf, "Exiting parser on data offset of %d.\n", data_offset) ;
- 			break ;
- 			} ;
- 
-		data_len = read_int (rsrc->rsrc_data, data_offset) ;
-+		data_len = read_rsrc_int (rsrc, data_offset) ;
- 		if (data_len < 0 || data_len > rsrc->rsrc_len)
- 		{	psf_log_printf (psf, "Exiting parser on data length of %d.\n", data_len) ;
- 			break ;
- 			} ;
- 
-		slen = read_char (rsrc->rsrc_data, data_offset + 4) ;
-		read_str (rsrc->rsrc_data, data_offset + 5, value, SF_MIN (SIGNED_SIZEOF (value), slen + 1)) ;
-+		slen = read_rsrc_char (rsrc, data_offset + 4) ;
-+		read_rsrc_str (rsrc, data_offset + 5, value, SF_MIN (SIGNED_SIZEOF (value), slen + 1)) ;
- 
- 		psf_log_printf (psf, "  0x%04x     %4d     %4d     %3d    '%s'\n", data_offset, rsrc_id, data_len, slen, value) ;
- 
--- a/sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+++ b/sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
@ -1,38 +0,0 @@
-From dbe14f00030af5d3577f4cabbf9861db59e9c378 Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd@mega-nerd.com>
-Date: Thu, 25 Dec 2014 19:23:12 +1100
-Subject: [PATCH] src/sd2.c : Fix two potential buffer read overflows.
-
-Closes: https://github.com/erikd/libsndfile/issues/93
---
- src/sd2.c |   12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
--- a/src/sd2.c
-+++ b/src/sd2.c
-@@ -513,6 +513,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
- 
- 	rsrc.type_offset = rsrc.map_offset + 30 ;
- 
-+	if (rsrc.map_offset + 28 > rsrc.rsrc_len)
-+	{	psf_log_printf (psf, "Bad map offset.\n") ;
-+		goto parse_rsrc_fork_cleanup ;
-+		} ;
-+
- 	rsrc.type_count = read_rsrc_short (&rsrc, rsrc.map_offset + 28) + 1 ;
- 	if (rsrc.type_count < 1)
- 	{	psf_log_printf (psf, "Bad type count.\n") ;
-@@ -529,7 +534,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
- 
- 	rsrc.str_index = -1 ;
- 	for (k = 0 ; k < rsrc.type_count ; k ++)
-	{	marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
-+	{	if (rsrc.type_offset + k * 8 > rsrc.rsrc_len)
-+		{	psf_log_printf (psf, "Bad rsrc marker.\n") ;
-+			goto parse_rsrc_fork_cleanup ;
-+			} ;
-+
-+		marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
- 
- 		if (marker == STR_MARKER)
- 		{	rsrc.str_index = k ;