Accepting request 967827 from home:tiwai:branches:multimedia:libs

- Fix build with libsndfile 1.1.0; add missing build reqs

- update to 1.1.0:
  * Added MPEG Encode/Decode Support
  * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
  Fixed:
  * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375).
  * Stack overflow in guess_file_type()
  * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
  * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz
  * GCC and Clang pedantic warnings, thanks @bobsayshilol.
  * Normalisation issue when scaling floating point data to int in
    replace_read_f2i(), thanks @bobsayshilol, (issue #702).
  * Missing samples when doing a partial read of Ogg file from index till the
    end of file, thanks @arthurt (issue #643).
  * sndfile-salvage: Handle files > 4 GB on Windows OS
  * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz
  * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz
  * Integer overflow in psf_log_printf(), credit to OSS-Fuzz
  * ABI version incompatibility between Autotools and CMake build on Apple
    platforms.
  * Heap buffer overflow in wavlike_ima_decode_block()
  * Heap buffer overflow in msadpcm_decode_block()
  * Heap buffer overflow in psf_binheader_readf()
  * Index out of bounds in psf_nms_adpcm_decode_block()
  * Heap buffer overflow in flac_buffer_copy()
  * Heap buffer overflow in copyPredictorTo24()
  * Uninitialized variable in psf_binheader_readf()
- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch,
       libsndfile-CVE-2021-4156.patch (obsolete)

OBS-URL: https://build.opensuse.org/request/show/967827
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=84

libsndfile-1.0.31.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a8cfb1c09ea6e90eff4ca87322d4168cdbe5035cb48717b40bf77e751cc02163
-size 875335

libsndfile-1.1.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0f98e101c0f7c850a71225fb5feaf33b106227b3d331333ddc9bacee190bcf41
+size 730604

libsndfile-CVE-2021-4156.patch

@@ -1,42 +0,0 @@
-From 4c30646abf7834e406f7e2429c70bc254e18beab Mon Sep 17 00:00:00 2001
-From: yuawn <ssspeed00@gmail.com>
-Date: Wed, 14 Apr 2021 08:38:23 +0000
-Subject: [PATCH] flac: Fix improper buffer reusing
-
----
- src/flac.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/flac.c b/src/flac.c
-index 64d0172e6..800d81078 100644
---- a/src/flac.c
-+++ b/src/flac.c
-@@ -62,6 +62,7 @@ typedef struct
- 	FLAC__StreamMetadata *metadata ;
- 
- 	const int32_t * const * wbuffer ;
-+	unsigned wbuffer_size ;
- 	int32_t * rbuffer [FLAC__MAX_CHANNELS] ;
- 
- 	int32_t* encbuffer ;
-@@ -188,6 +189,12 @@ flac_buffer_copy (SF_PRIVATE *psf)
- 		return 0 ;
- 		} ;
- 
-+	if (frame->header.blocksize > pflac->wbuffer_size)
-+	{	psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > pflac->wbuffer_size (%d)\n", __func__, __LINE__, frame->header.blocksize, pflac->wbuffer_size) ;
-+		psf->error = SFE_INTERNAL ;
-+		return 0 ;
-+		} ;
-+
- 	if (frame->header.channels > FLAC__MAX_CHANNELS)
- 		psf_log_printf (psf, "Ooops : frame->header.channels (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.channels, FLAC__MAX_CHANNELS) ;
- 
-@@ -393,6 +400,7 @@ sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC
- 	pflac->bufferpos = 0 ;
- 
- 	pflac->wbuffer = buffer ;
-+	pflac->wbuffer_size = pflac->frame->header.blocksize ;
- 
- 	flac_buffer_copy (psf) ;
- 

libsndfile-progs.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Fri Apr  8 15:02:29 CEST 2022 - tiwai@suse.de
+
+- Fix build with libsndfile 1.1.0; add missing build reqs
+
+-------------------------------------------------------------------
+Tue Mar 29 18:07:33 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.1.0:
+  * Added MPEG Encode/Decode Support
+  * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
+  Fixed:
+  * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375).
+  * Stack overflow in guess_file_type()
+  * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
+  * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz
+  * GCC and Clang pedantic warnings, thanks @bobsayshilol.
+  * Normalisation issue when scaling floating point data to int in
+    replace_read_f2i(), thanks @bobsayshilol, (issue #702).
+  * Missing samples when doing a partial read of Ogg file from index till the
+    end of file, thanks @arthurt (issue #643).
+  * sndfile-salvage: Handle files > 4 GB on Windows OS
+  * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz
+  * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz
+  * Integer overflow in psf_log_printf(), credit to OSS-Fuzz
+  * ABI version incompatibility between Autotools and CMake build on Apple
+    platforms.
+  * Heap buffer overflow in wavlike_ima_decode_block()
+  * Heap buffer overflow in msadpcm_decode_block()
+  * Heap buffer overflow in psf_binheader_readf()
+  * Index out of bounds in psf_nms_adpcm_decode_block()
+  * Heap buffer overflow in flac_buffer_copy()
+  * Heap buffer overflow in copyPredictorTo24()
+  * Uninitialized variable in psf_binheader_readf()
+- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch,
+       libsndfile-CVE-2021-4156.patch (obsolete)
+
 -------------------------------------------------------------------
 Sun Mar 14 21:38:48 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

libsndfile-progs.spec

@@ -17,16 +17,15 @@
 
 
 Name:           libsndfile-progs
-Version:        1.0.31
+Version:        1.1.0
 Release:        0
 Summary:        Example Programs for libsndfile
 License:        LGPL-2.1-or-later
 Group:          System/Libraries
 URL:            https://libsndfile.github.io/libsndfile/
-Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2
-Source1:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2.sig
+Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
+Source1:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
 Source2:        libsndfile.keyring
-Patch34:        sndfile-deinterlace-channels-check.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -34,28 +33,28 @@ BuildRequires:  cmake
 BuildRequires:  flac-devel
 BuildRequires:  gcc-c++
 BuildRequires:  libjack-devel
+BuildRequires:  libopus-devel
 BuildRequires:  libtool
 BuildRequires:  libvorbis-devel
 BuildRequires:  pkgconfig
+BuildRequires:  speex-devel
 BuildRequires:  sqlite3-devel
 
 %description
 This package includes the example programs for libsndfile.
 
 %prep
-%setup -q -n libsndfile-%{version}
-%patch34 -p1
-%patch100 -p1
+%autosetup -p1 -n libsndfile-%{version}
 
 %build
-%cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF
+%cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF -DCMAKE_INSTALL_DOCDIR=%{_defaultdocdir}/libsndfile
 %cmake_build
 
 %install
 %cmake_install
 
 # remove unnecessary files
-rm -rf %{buildroot}%{_datadir}/doc/libsndfile
+rm -rf %{buildroot}%{_defaultdocdir}/libsndfile
 rm -rf %{buildroot}%{_libdir}
 rm -rf %{buildroot}%{_includedir}
 rm -rf %{buildroot}%{_datadir}/doc/libsndfile1-dev

libsndfile.changes

@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Tue Mar 29 18:07:33 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.1.0:
+  * Added MPEG Encode/Decode Support
+  * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
+  Fixed:
+  * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375).
+  * Stack overflow in guess_file_type()
+  * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
+  * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz
+  * GCC and Clang pedantic warnings, thanks @bobsayshilol.
+  * Normalisation issue when scaling floating point data to int in
+    replace_read_f2i(), thanks @bobsayshilol, (issue #702).
+  * Missing samples when doing a partial read of Ogg file from index till the
+    end of file, thanks @arthurt (issue #643).
+  * sndfile-salvage: Handle files > 4 GB on Windows OS
+  * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz
+  * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz
+  * Integer overflow in psf_log_printf(), credit to OSS-Fuzz
+  * ABI version incompatibility between Autotools and CMake build on Apple
+    platforms.
+  * Heap buffer overflow in wavlike_ima_decode_block()
+  * Heap buffer overflow in msadpcm_decode_block()
+  * Heap buffer overflow in psf_binheader_readf()
+  * Index out of bounds in psf_nms_adpcm_decode_block()
+  * Heap buffer overflow in flac_buffer_copy()
+  * Heap buffer overflow in copyPredictorTo24()
+  * Uninitialized variable in psf_binheader_readf()
+- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch,
+       libsndfile-CVE-2021-4156.patch (obsolete)
+
 -------------------------------------------------------------------
 Mon Jan  3 08:35:12 CET 2022 - tiwai@suse.de
 

libsndfile.spec

@@ -18,19 +18,16 @@
 
 %define lname	%{name}1
 Name:           libsndfile
-Version:        1.0.31
+Version:        1.1.0
 Release:        0
 Summary:        Development/Libraries/C and C++
 License:        LGPL-2.1-or-later
 Group:          System/Libraries
 URL:            https://libsndfile.github.io/libsndfile/
-Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2
-Source1:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2.sig
-Source2:        %{name}.keyring
+Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
+Source1:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
+Source2:        libsndfile.keyring
 Source3:        baselibs.conf
-Patch34:        sndfile-deinterlace-channels-check.patch
-Patch35:        ms_adpcm-Fix-and-extend-size-checks.patch
-Patch40:        libsndfile-CVE-2021-4156.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  cmake
@@ -77,8 +74,7 @@ This package contains the files needed to compile programs that use the
 libsndfile library.
 
 %prep
-%setup -q
-%autopatch -p1
+%autosetup -p1
 
 %build
 %cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF -DCMAKE_INSTALL_DOCDIR=%{_defaultdocdir}/libsndfile
@@ -96,13 +92,13 @@ rm -rf %{buildroot}%{_datadir}/doc/libsndfile
 %postun -n %{lname} -p /sbin/ldconfig
 
 %check
-# check requires -DBUILD_SHARED_LIBS=off
+# ctest fails?!
 
 %files -n %{lname}
 %{_libdir}/libsndfile.so.1*
 
 %files devel
-%doc AUTHORS ChangeLog NEWS README
+%doc AUTHORS CHANGELOG.md README
 %license COPYING
 %{_libdir}/libsndfile.so
 %{_includedir}/sndfile.h

ms_adpcm-Fix-and-extend-size-checks.patch

@@ -1,39 +0,0 @@
-From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
-From: bobsayshilol <bobsayshilol@live.co.uk>
-Date: Thu, 18 Feb 2021 21:52:09 +0000
-Subject: [PATCH] ms_adpcm: Fix and extend size checks
-
-'blockalign' is the size of a block, and each block contains 7 samples
-per channel as part of the preamble, so check against 'samplesperblock'
-rather than 'blockalign'. Also add an additional check that the block
-is big enough to hold the samples it claims to hold.
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
----
- src/ms_adpcm.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
-index 5e8f1a316507..a21cb994105e 100644
---- a/src/ms_adpcm.c
-+++ b/src/ms_adpcm.c
-@@ -128,8 +128,14 @@ wavlike_msadpcm_init	(SF_PRIVATE *psf, int blockalign, int samplesperblock)
- 	if (psf->file.mode == SFM_WRITE)
- 		samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
- 
--	if (blockalign < 7 * psf->sf.channels)
--	{	psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
-+	/* There's 7 samples per channel in the preamble of each block */
-+	if (samplesperblock < 7 * psf->sf.channels)
-+	{	psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
-+		return SFE_INTERNAL ;
-+		} ;
-+
-+	if (2 * blockalign < samplesperblock * psf->sf.channels)
-+	{	psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
- 		return SFE_INTERNAL ;
- 		} ;
- 
--- 
-2.26.2
-

sndfile-deinterlace-channels-check.patch

@@ -1,16 +0,0 @@
-Index: libsndfile-1.0.31/programs/sndfile-deinterleave.c
-===================================================================
---- libsndfile-1.0.31.orig/programs/sndfile-deinterleave.c
-+++ libsndfile-1.0.31/programs/sndfile-deinterleave.c
-@@ -96,6 +96,11 @@ main (int argc, char **argv)
- 		} ;
- 
- 
-+	if (sfinfo.channels > MAX_CHANNELS)
-+	{	printf ("\nError : Too many channels %d in input file '%s'.\n", sfinfo.channels, argv[1]) ;
-+		exit (1) ;
-+		}
-+
- 	state.channels = sfinfo.channels ;
- 	sfinfo.channels = 1 ;
- 

sndfile-ocloexec.patch

@@ -2,9 +2,11 @@
  src/file_io.c |    3 +++
  1 file changed, 3 insertions(+)
 
---- a/src/file_io.c
-+++ b/src/file_io.c
-@@ -570,6 +570,9 @@ psf_open_fd (PSF_FILE * pfile)
+Index: libsndfile-1.1.0/src/file_io.c
+===================================================================
+--- libsndfile-1.1.0.orig/src/file_io.c
++++ libsndfile-1.1.0/src/file_io.c
+@@ -598,6 +598,9 @@ psf_open_fd (PSF_FILE * pfile)
  				return - SFE_BAD_OPEN_MODE ;
  				break ;
  		} ;
@@ -13,4 +15,4 @@
 +#endif
  
  	if (mode == 0)
- 		fd = open (pfile->path.c, oflag) ;
+ 		fd = open (pfile->path, oflag) ;