From 62ae74513a40ff18f2656dc972b455596d7c002140c594570b0377d9010e05ff Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 8 Apr 2022 13:14:05 +0000 Subject: [PATCH] Accepting request 967827 from home:tiwai:branches:multimedia:libs - Fix build with libsndfile 1.1.0; add missing build reqs - update to 1.1.0: * Added MPEG Encode/Decode Support * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski. Fixed: * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375). * Stack overflow in guess_file_type() * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz * GCC and Clang pedantic warnings, thanks @bobsayshilol. * Normalisation issue when scaling floating point data to int in replace_read_f2i(), thanks @bobsayshilol, (issue #702). * Missing samples when doing a partial read of Ogg file from index till the end of file, thanks @arthurt (issue #643). * sndfile-salvage: Handle files > 4 GB on Windows OS * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz * Integer overflow in psf_log_printf(), credit to OSS-Fuzz * ABI version incompatibility between Autotools and CMake build on Apple platforms. * Heap buffer overflow in wavlike_ima_decode_block() * Heap buffer overflow in msadpcm_decode_block() * Heap buffer overflow in psf_binheader_readf() * Index out of bounds in psf_nms_adpcm_decode_block() * Heap buffer overflow in flac_buffer_copy() * Heap buffer overflow in copyPredictorTo24() * Uninitialized variable in psf_binheader_readf() - drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch, libsndfile-CVE-2021-4156.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/967827 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=84 --- libsndfile-1.0.31.tar.bz2 | 3 -- libsndfile-1.0.31.tar.bz2.sig | Bin 662 -> 0 bytes libsndfile-1.1.0.tar.xz | 3 ++ libsndfile-1.1.0.tar.xz.asc | Bin 0 -> 662 bytes libsndfile-CVE-2021-4156.patch | 42 ---------------------- libsndfile-progs.changes | 37 +++++++++++++++++++ libsndfile-progs.spec | 17 +++++---- libsndfile.changes | 32 +++++++++++++++++ libsndfile.spec | 18 ++++------ ms_adpcm-Fix-and-extend-size-checks.patch | 39 -------------------- sndfile-deinterlace-channels-check.patch | 16 --------- sndfile-ocloexec.patch | 10 +++--- 12 files changed, 93 insertions(+), 124 deletions(-) delete mode 100644 libsndfile-1.0.31.tar.bz2 delete mode 100644 libsndfile-1.0.31.tar.bz2.sig create mode 100644 libsndfile-1.1.0.tar.xz create mode 100644 libsndfile-1.1.0.tar.xz.asc delete mode 100644 libsndfile-CVE-2021-4156.patch delete mode 100644 ms_adpcm-Fix-and-extend-size-checks.patch delete mode 100644 sndfile-deinterlace-channels-check.patch diff --git a/libsndfile-1.0.31.tar.bz2 b/libsndfile-1.0.31.tar.bz2 deleted file mode 100644 index 5fda9b3..0000000 --- a/libsndfile-1.0.31.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a8cfb1c09ea6e90eff4ca87322d4168cdbe5035cb48717b40bf77e751cc02163 -size 875335 diff --git a/libsndfile-1.0.31.tar.bz2.sig b/libsndfile-1.0.31.tar.bz2.sig deleted file mode 100644 index f4f873e40e3d7d22f63c59d144d6301f6c004a35f54d0f93799391f68533cfe8..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 662 zcmV;H0%`q;0+R#)0SW+p79j+<)iGV50CK>nV2Gd2HsKc_E;vF30$>ejH(wNh00000 zE&wQLb8~fNaxG?XazJixbYXO9Z*FrgZ*XO9aA$BXW@%=0XlQS8b7gH|ZZ2+RbV4{p zH8U|aL_shxFgG$oFhMvrFgQ3lMngq2HbpTpH!?6XMKd@wG5`t*5Y9H?7a%S;LPR|f z0NM1p+IWpa(U$(C?RAeN9#U=CJe<43vB0v8X1*aoIV4hcPD zQu3|M?qpj7A`|^F-RMY?L_c$Qo2QciPLvkf){R$jBgSz9O9<7wKV+kJ1~Q>!3tTly`^aaoGa;A@Be<~6;kDK9_b8Mc z$95nVNo0Iu;W@+_Wc6_Uj2ZKEG){peSozQkeMm$85{2a~G+T_$<7stL z@Ft7nc1#rG;f&mrqg$8JAKH#p)%hs%w(25Ds_=lBaUY+T>~Mo)wcnATxI;_`0r5b^ zdXw$-x}xtzPW0rnft?SU|NW=@hu?p!d`MHSlC3QLxc8#@lar7{i0qfOQnG||Of8mq zyAusj&jHM{GLYz014IHO0%xiu!u2O1eLEHa0mi!tPDnv@GGFjvy_Wba1piINpo5qsh&&KMwA!lGc`i1d6>guI7Xb23k8|MyZEmu_naFsOV diff --git a/libsndfile-1.1.0.tar.xz b/libsndfile-1.1.0.tar.xz new file mode 100644 index 0000000..3f9a007 --- /dev/null +++ b/libsndfile-1.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0f98e101c0f7c850a71225fb5feaf33b106227b3d331333ddc9bacee190bcf41 +size 730604 diff --git a/libsndfile-1.1.0.tar.xz.asc b/libsndfile-1.1.0.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..13a55fa61297a8aa9e3a46418be3a0262686e3bf9942fcd48df56eeff4f2181c GIT binary patch literal 662 zcmV;H0%`q;0+R#)0SW+p79j+<)iGV50CK>nV2Gd2HsKc_E;vF30%Aa18ebHE00000 zE&wQLb8~fNaxG?XazJixbYXO9Z*FrgZ*XO9aA$BXW@%=0XlQS8b7gH|ZZ2+RbV4{p zH8U|aL_shxFgG$oFhMvrFgQ3lMngq2HbpTpH!?6XMKd@wG5`t*5Y9H?7a%S;LaMY7 z0H0x`BLZTc1B`m$!dh8P-34@lX_mcZhgP1u zLmxx_`ZV1sQ;krB7P_G}&Rzn^5^=S6UyjE{2yqe4L1$EXu?vkx;ois^AVu8dl2&Jt zWMUKIv6d)9_BJM1^3ZA|pbt|fMj7Bo>&n5o&kZ39=03#;cQS7KMF}i9xVptr@Wg$< z@x=Uf+(%ng2#Euga@Xu|fp}H$vnI^Ype_!(DIHCaCl1KB*ox`SV}yzsYmvYllw__u zZ-W0GVxZ_UxRLrr2{Q&8>>VxFR1gpeoO;`!EtpsGy@x%qa*0oCOMM4J--ACHwzi0) zQz?TQZwxrw0sK(RV9ERCtsCGELw>M#4$MltTU|B*C9`}qzo3kX?;U#U?y%nDxmDkq zxjy=0s%hX5HCP~&^wBU8A6%f0m>4ScHrg6S@>iky0vQiUTvXd1tQIL3a&%Xq4KJuP8S*-Qm4cdb4u&EG1eo6r*gk%5K3QXiWa;+?VA2f?TxT>t<8 literal 0 HcmV?d00001 diff --git a/libsndfile-CVE-2021-4156.patch b/libsndfile-CVE-2021-4156.patch deleted file mode 100644 index 80b5c0f..0000000 --- a/libsndfile-CVE-2021-4156.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4c30646abf7834e406f7e2429c70bc254e18beab Mon Sep 17 00:00:00 2001 -From: yuawn -Date: Wed, 14 Apr 2021 08:38:23 +0000 -Subject: [PATCH] flac: Fix improper buffer reusing - ---- - src/flac.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/flac.c b/src/flac.c -index 64d0172e6..800d81078 100644 ---- a/src/flac.c -+++ b/src/flac.c -@@ -62,6 +62,7 @@ typedef struct - FLAC__StreamMetadata *metadata ; - - const int32_t * const * wbuffer ; -+ unsigned wbuffer_size ; - int32_t * rbuffer [FLAC__MAX_CHANNELS] ; - - int32_t* encbuffer ; -@@ -188,6 +189,12 @@ flac_buffer_copy (SF_PRIVATE *psf) - return 0 ; - } ; - -+ if (frame->header.blocksize > pflac->wbuffer_size) -+ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > pflac->wbuffer_size (%d)\n", __func__, __LINE__, frame->header.blocksize, pflac->wbuffer_size) ; -+ psf->error = SFE_INTERNAL ; -+ return 0 ; -+ } ; -+ - if (frame->header.channels > FLAC__MAX_CHANNELS) - psf_log_printf (psf, "Ooops : frame->header.channels (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.channels, FLAC__MAX_CHANNELS) ; - -@@ -393,6 +400,7 @@ sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC - pflac->bufferpos = 0 ; - - pflac->wbuffer = buffer ; -+ pflac->wbuffer_size = pflac->frame->header.blocksize ; - - flac_buffer_copy (psf) ; - diff --git a/libsndfile-progs.changes b/libsndfile-progs.changes index 7011a3c..a7b226c 100644 --- a/libsndfile-progs.changes +++ b/libsndfile-progs.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Fri Apr 8 15:02:29 CEST 2022 - tiwai@suse.de + +- Fix build with libsndfile 1.1.0; add missing build reqs + +------------------------------------------------------------------- +Tue Mar 29 18:07:33 UTC 2022 - Dirk Müller + +- update to 1.1.0: + * Added MPEG Encode/Decode Support + * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski. + Fixed: + * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375). + * Stack overflow in guess_file_type() + * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz + * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz + * GCC and Clang pedantic warnings, thanks @bobsayshilol. + * Normalisation issue when scaling floating point data to int in + replace_read_f2i(), thanks @bobsayshilol, (issue #702). + * Missing samples when doing a partial read of Ogg file from index till the + end of file, thanks @arthurt (issue #643). + * sndfile-salvage: Handle files > 4 GB on Windows OS + * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz + * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz + * Integer overflow in psf_log_printf(), credit to OSS-Fuzz + * ABI version incompatibility between Autotools and CMake build on Apple + platforms. + * Heap buffer overflow in wavlike_ima_decode_block() + * Heap buffer overflow in msadpcm_decode_block() + * Heap buffer overflow in psf_binheader_readf() + * Index out of bounds in psf_nms_adpcm_decode_block() + * Heap buffer overflow in flac_buffer_copy() + * Heap buffer overflow in copyPredictorTo24() + * Uninitialized variable in psf_binheader_readf() +- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch, + libsndfile-CVE-2021-4156.patch (obsolete) + ------------------------------------------------------------------- Sun Mar 14 21:38:48 UTC 2021 - Dirk Müller diff --git a/libsndfile-progs.spec b/libsndfile-progs.spec index a2cbbcb..a75fb46 100644 --- a/libsndfile-progs.spec +++ b/libsndfile-progs.spec @@ -17,16 +17,15 @@ Name: libsndfile-progs -Version: 1.0.31 +Version: 1.1.0 Release: 0 Summary: Example Programs for libsndfile License: LGPL-2.1-or-later Group: System/Libraries URL: https://libsndfile.github.io/libsndfile/ -Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2 -Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2.sig +Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz +Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc Source2: libsndfile.keyring -Patch34: sndfile-deinterlace-channels-check.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel @@ -34,28 +33,28 @@ BuildRequires: cmake BuildRequires: flac-devel BuildRequires: gcc-c++ BuildRequires: libjack-devel +BuildRequires: libopus-devel BuildRequires: libtool BuildRequires: libvorbis-devel BuildRequires: pkgconfig +BuildRequires: speex-devel BuildRequires: sqlite3-devel %description This package includes the example programs for libsndfile. %prep -%setup -q -n libsndfile-%{version} -%patch34 -p1 -%patch100 -p1 +%autosetup -p1 -n libsndfile-%{version} %build -%cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF +%cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF -DCMAKE_INSTALL_DOCDIR=%{_defaultdocdir}/libsndfile %cmake_build %install %cmake_install # remove unnecessary files -rm -rf %{buildroot}%{_datadir}/doc/libsndfile +rm -rf %{buildroot}%{_defaultdocdir}/libsndfile rm -rf %{buildroot}%{_libdir} rm -rf %{buildroot}%{_includedir} rm -rf %{buildroot}%{_datadir}/doc/libsndfile1-dev diff --git a/libsndfile.changes b/libsndfile.changes index 7dfd574..622cb83 100644 --- a/libsndfile.changes +++ b/libsndfile.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Tue Mar 29 18:07:33 UTC 2022 - Dirk Müller + +- update to 1.1.0: + * Added MPEG Encode/Decode Support + * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski. + Fixed: + * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375). + * Stack overflow in guess_file_type() + * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz + * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz + * GCC and Clang pedantic warnings, thanks @bobsayshilol. + * Normalisation issue when scaling floating point data to int in + replace_read_f2i(), thanks @bobsayshilol, (issue #702). + * Missing samples when doing a partial read of Ogg file from index till the + end of file, thanks @arthurt (issue #643). + * sndfile-salvage: Handle files > 4 GB on Windows OS + * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz + * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz + * Integer overflow in psf_log_printf(), credit to OSS-Fuzz + * ABI version incompatibility between Autotools and CMake build on Apple + platforms. + * Heap buffer overflow in wavlike_ima_decode_block() + * Heap buffer overflow in msadpcm_decode_block() + * Heap buffer overflow in psf_binheader_readf() + * Index out of bounds in psf_nms_adpcm_decode_block() + * Heap buffer overflow in flac_buffer_copy() + * Heap buffer overflow in copyPredictorTo24() + * Uninitialized variable in psf_binheader_readf() +- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch, + libsndfile-CVE-2021-4156.patch (obsolete) + ------------------------------------------------------------------- Mon Jan 3 08:35:12 CET 2022 - tiwai@suse.de diff --git a/libsndfile.spec b/libsndfile.spec index dc74b59..a3a2d2f 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -18,19 +18,16 @@ %define lname %{name}1 Name: libsndfile -Version: 1.0.31 +Version: 1.1.0 Release: 0 Summary: Development/Libraries/C and C++ License: LGPL-2.1-or-later Group: System/Libraries URL: https://libsndfile.github.io/libsndfile/ -Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2 -Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2.sig -Source2: %{name}.keyring +Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz +Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc +Source2: libsndfile.keyring Source3: baselibs.conf -Patch34: sndfile-deinterlace-channels-check.patch -Patch35: ms_adpcm-Fix-and-extend-size-checks.patch -Patch40: libsndfile-CVE-2021-4156.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: cmake @@ -77,8 +74,7 @@ This package contains the files needed to compile programs that use the libsndfile library. %prep -%setup -q -%autopatch -p1 +%autosetup -p1 %build %cmake -DENABLE_EXPERIMENTAL=ON -DBUILD_EXAMPLES=OFF -DCMAKE_INSTALL_DOCDIR=%{_defaultdocdir}/libsndfile @@ -96,13 +92,13 @@ rm -rf %{buildroot}%{_datadir}/doc/libsndfile %postun -n %{lname} -p /sbin/ldconfig %check -# check requires -DBUILD_SHARED_LIBS=off +# ctest fails?! %files -n %{lname} %{_libdir}/libsndfile.so.1* %files devel -%doc AUTHORS ChangeLog NEWS README +%doc AUTHORS CHANGELOG.md README %license COPYING %{_libdir}/libsndfile.so %{_includedir}/sndfile.h diff --git a/ms_adpcm-Fix-and-extend-size-checks.patch b/ms_adpcm-Fix-and-extend-size-checks.patch deleted file mode 100644 index 415110d..0000000 --- a/ms_adpcm-Fix-and-extend-size-checks.patch +++ /dev/null @@ -1,39 +0,0 @@ -From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001 -From: bobsayshilol -Date: Thu, 18 Feb 2021 21:52:09 +0000 -Subject: [PATCH] ms_adpcm: Fix and extend size checks - -'blockalign' is the size of a block, and each block contains 7 samples -per channel as part of the preamble, so check against 'samplesperblock' -rather than 'blockalign'. Also add an additional check that the block -is big enough to hold the samples it claims to hold. - -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803 ---- - src/ms_adpcm.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c -index 5e8f1a316507..a21cb994105e 100644 ---- a/src/ms_adpcm.c -+++ b/src/ms_adpcm.c -@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock) - if (psf->file.mode == SFM_WRITE) - samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ; - -- if (blockalign < 7 * psf->sf.channels) -- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ; -+ /* There's 7 samples per channel in the preamble of each block */ -+ if (samplesperblock < 7 * psf->sf.channels) -+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ; -+ return SFE_INTERNAL ; -+ } ; -+ -+ if (2 * blockalign < samplesperblock * psf->sf.channels) -+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ; - return SFE_INTERNAL ; - } ; - --- -2.26.2 - diff --git a/sndfile-deinterlace-channels-check.patch b/sndfile-deinterlace-channels-check.patch deleted file mode 100644 index e5dd5e8..0000000 --- a/sndfile-deinterlace-channels-check.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: libsndfile-1.0.31/programs/sndfile-deinterleave.c -=================================================================== ---- libsndfile-1.0.31.orig/programs/sndfile-deinterleave.c -+++ libsndfile-1.0.31/programs/sndfile-deinterleave.c -@@ -96,6 +96,11 @@ main (int argc, char **argv) - } ; - - -+ if (sfinfo.channels > MAX_CHANNELS) -+ { printf ("\nError : Too many channels %d in input file '%s'.\n", sfinfo.channels, argv[1]) ; -+ exit (1) ; -+ } -+ - state.channels = sfinfo.channels ; - sfinfo.channels = 1 ; - diff --git a/sndfile-ocloexec.patch b/sndfile-ocloexec.patch index b91e741..deabaca 100644 --- a/sndfile-ocloexec.patch +++ b/sndfile-ocloexec.patch @@ -2,9 +2,11 @@ src/file_io.c | 3 +++ 1 file changed, 3 insertions(+) ---- a/src/file_io.c -+++ b/src/file_io.c -@@ -570,6 +570,9 @@ psf_open_fd (PSF_FILE * pfile) +Index: libsndfile-1.1.0/src/file_io.c +=================================================================== +--- libsndfile-1.1.0.orig/src/file_io.c ++++ libsndfile-1.1.0/src/file_io.c +@@ -598,6 +598,9 @@ psf_open_fd (PSF_FILE * pfile) return - SFE_BAD_OPEN_MODE ; break ; } ; @@ -13,4 +15,4 @@ +#endif if (mode == 0) - fd = open (pfile->path.c, oflag) ; + fd = open (pfile->path, oflag) ;