From af79db2713823318099106a77fa4872d967bbf6b2a5d7364e3822f8941cf1711 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Fri, 20 Oct 2023 12:11:28 +0000
Subject: [PATCH] Accepting request 1119225 from
 home:tiwai:branches:multimedia:libs

- Update to 1.2.1:
  * Various bug fixes (issue #908, #907, #934, #950, #930)
- Update to 1.2.2:
  * Fixed invalid regex in src/create_symbols_file.py
  * Fixed passing null pointer to printf %s in tests
- Fix signed integers overflows in au_read_header()
  (bsc#121345, CVE-2022-33065):
  libsndfile-CVE-2022-33065.patch

- Update to 1.2.1:
  * Various bug fixes (issue #908, #907, #934, #950, #930)
- Update to 1.2.2:
  * Fixed invalid regex in src/create_symbols_file.py
  * Fixed passing null pointer to printf %s in tests
- Fix signed integers overflows in au_read_header()
  (bsc#121345, CVE-2022-33065):
  libsndfile-CVE-2022-33065.patch

OBS-URL: https://build.opensuse.org/request/show/1119225
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=90
---
 libsndfile-1.2.0.tar.xz         |   3 ---
 libsndfile-1.2.0.tar.xz.asc     | Bin 662 -> 0 bytes
 libsndfile-1.2.2.tar.xz         |   3 +++
 libsndfile-1.2.2.tar.xz.asc     | Bin 0 -> 662 bytes
 libsndfile-CVE-2022-33065.patch |  40 ++++++++++++++++++++++++++++++++
 libsndfile-progs.changes        |  12 ++++++++++
 libsndfile-progs.spec           |   3 ++-
 libsndfile.changes              |  12 ++++++++++
 libsndfile.spec                 |   3 ++-
 9 files changed, 71 insertions(+), 5 deletions(-)
 delete mode 100644 libsndfile-1.2.0.tar.xz
 delete mode 100644 libsndfile-1.2.0.tar.xz.asc
 create mode 100644 libsndfile-1.2.2.tar.xz
 create mode 100644 libsndfile-1.2.2.tar.xz.asc
 create mode 100644 libsndfile-CVE-2022-33065.patch

diff --git a/libsndfile-1.2.0.tar.xz b/libsndfile-1.2.0.tar.xz
deleted file mode 100644
index 48ef18d..0000000
--- a/libsndfile-1.2.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0e30e7072f83dc84863e2e55f299175c7e04a5902ae79cfb99d4249ee8f6d60a
-size 730268
diff --git a/libsndfile-1.2.0.tar.xz.asc b/libsndfile-1.2.0.tar.xz.asc
deleted file mode 100644
index 9ffab438232c3d4ebf2b33b6f878531a5e025a1dce2fc684818a47e6593936e2..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 662
zcmV;H0%`q;0+R#)0SW+p79j+<)iGV50CK>nV2Gd2HsKc_E;vF30%NE)C0`VP00000
zE&wQLb8~fNaxG?XazJixbYXO9Z*FrgZ*XO9aA$BXW@%=0XlQS8b7gH|ZZ2+RbV4{p
zH8U|aL_shxFgG$oFhMvrFgQ3lMngq2HbpTpH!?6XMKd@wG5`t*5Y9H?7a%S;LSC5<
z{Tzd9)(sALIOojd3Ve~CX$4|l!1pH!m6RXSOK~O=2h~~U09o=9Pdz$Wav_R-x!l`H
z)<_Y~1u?{fqvp!~DaeY_rCwPmeid>c&mDos<E{L~hna#W;N^$y=5-{X*A<$dr@W3T
zq2EXs--kp>WCf}XGQD5~j|(WJ0G(~&K9_Joz&Fa$S9&p!YTmb|&zZl78W&#nl^2Q3
z9ES1NrBR=0UfG9Fj}H1po*xq=V6=Jl4Pw=dC+=uGgY%_bG~5~o7~xPX3=H?G!%?0b
zva_^6w#outzt1tdeRzORdLvG1qwW}_TemRCzg@zlH6Tsl`kWxNTgb@2>}^kj!7wbr
zmNqU&6<BdI`OFHL!_Cw@jDWi*nx6;u8B#NxQ~jVgk%at`*q`N*7|Csk12P>PUPY9`
z#>RZ+{wSP{T&>VG+YD^hUUa1)WEfns0rn$U0RPNbBAT^+tEQr?Zh8EH2=VTas3qrf
zS)?-x=(D3b&ub+>>4fuL+AD(D#=;%28PuPOUxeMme!fWBMG@vE&ouRT{65_rJD4dA
zrYjPlRQ4$$F1R>h_KNr2fr4RAqeg~$lV{(P)x<CHFKMq_b^5Ygi4o}DJ;|-6O7qEB
wuY9<gxSDcsJ1GFvLXF77CTSWnFX8fA&SYN1VAm*EmAD1MAf$l4B5zX<(Dvah761SM

diff --git a/libsndfile-1.2.2.tar.xz b/libsndfile-1.2.2.tar.xz
new file mode 100644
index 0000000..22bafa3
--- /dev/null
+++ b/libsndfile-1.2.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3799ca9924d3125038880367bf1468e53a1b7e3686a934f098b7e1d286cdb80e
+size 730760
diff --git a/libsndfile-1.2.2.tar.xz.asc b/libsndfile-1.2.2.tar.xz.asc
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..74cf2ae5639f7baf416e6947c13f9eb91d40ccb936240942f990c0e965e3aa25
GIT binary patch
literal 662
zcmV;H0%`q;0+R#)0SW+p79j+<)iGV50CK>nV2Gd2HsKc_E;vF30%X{t3SSg}00000
zE&wQLb8~fNaxG?XazJixbYXO9Z*FrgZ*XO9aA$BXW@%=0XlQS8b7gH|ZZ2+RbV4{p
zH8U|aL_shxFgG$oFhMvrFgQ3lMngq2HbpTpH!?6XMKd@wG5`t*5Y9H?7a%S;LdQH0
z{yG6fg?V+A4gDj0J`9iOv#3=PALQZ^TU|@bj*l_OqUa4TZv`B(+N8vF;+An9a0Z<b
zs+L#veMszp-foV?-z+_4s&C_hfpbr*+#t^}RDc#wGT2-F*XG?pmQmOV5dbk)XKrN#
zNDya~wdTLZjEGPGVuOq&&g@}P_@ax`zoN%y3r3+NlD;QOcq?QbAvi3wT5sKY%06M0
zwfILghxW&jakNEK>E#NN#F%u3Dl!<AFzw;BFdh7benWUyYFE&6kzyD5F!|DW>%$ba
zi5bHkhcI0uLo0zDxweE|zM<2fGIj31K^&zLd7zzR|BBaF{rI#igvGHu=vwc2Puq9Y
zy<MnrE7Y5QRV~pZJ;JHt5q1`(0JBLI`e!KhZe2oOu?VAguU0zkv~e`oc2$e3a5Z9`
z;!}hI;22j{YXxDd$4|qH2s_jwyj81Zsoh6;&n?C0e+Tc~@zy0(P=Arkb3Z@U={dyU
zM}%}XYwVsTY?eRaf7rpIL<YR6sB#J+;|uu?#nO|(QME<rus3P!2v|KrlEZ}Kpw>#j
z{wKXG10MloAGk~-r9Gf6wRF{qBu(YRzN%~ALNMRqIq7E(3{~iBc&EB8qQp+2$#jLi
wByg5W2>qa!wRH92PcR*HDh#MIJ839Hs{I-w2IXZX{-hvZlx5q?W%eu1rCk{*$p8QV

literal 0
HcmV?d00001

diff --git a/libsndfile-CVE-2022-33065.patch b/libsndfile-CVE-2022-33065.patch
new file mode 100644
index 0000000..9249814
--- /dev/null
+++ b/libsndfile-CVE-2022-33065.patch
@@ -0,0 +1,40 @@
+From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001
+From: Alex Stewart <alex.stewart@ni.com>
+Date: Tue, 10 Oct 2023 16:10:34 -0400
+Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
+
+The clang sanitizer warns of a possible signed integer overflow when
+calculating the `dataend` value in `mat4_read_header()`.
+
+```
+src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
+src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
+```
+
+Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
+`dataend` before performing the calculation, to avoid the issue.
+
+CVE: CVE-2022-33065
+Fixes: https://github.com/libsndfile/libsndfile/issues/789
+Fixes: https://github.com/libsndfile/libsndfile/issues/833
+
+Signed-off-by: Alex Stewart <alex.stewart@ni.com>
+---
+ src/mat4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mat4.c b/src/mat4.c
+index 0b1b414b4..575683ba1 100644
+--- a/src/mat4.c
++++ b/src/mat4.c
+@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
+ 				psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
+ 		}
+ 	else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
+-		psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
++		psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
+ 
+ 	psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
+ 
diff --git a/libsndfile-progs.changes b/libsndfile-progs.changes
index f2c2d9e..c564de7 100644
--- a/libsndfile-progs.changes
+++ b/libsndfile-progs.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <tiwai@suse.com>
+
+- Update to 1.2.1:
+  * Various bug fixes (issue #908, #907, #934, #950, #930)
+- Update to 1.2.2:
+  * Fixed invalid regex in src/create_symbols_file.py
+  * Fixed passing null pointer to printf %s in tests
+- Fix signed integers overflows in au_read_header()
+  (bsc#121345, CVE-2022-33065):
+  libsndfile-CVE-2022-33065.patch
+
 -------------------------------------------------------------------
 Tue Feb 21 10:14:43 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
 
diff --git a/libsndfile-progs.spec b/libsndfile-progs.spec
index ca8a07c..01f3241 100644
--- a/libsndfile-progs.spec
+++ b/libsndfile-progs.spec
@@ -17,7 +17,7 @@
 
 
 Name:           libsndfile-progs
-Version:        1.2.0
+Version:        1.2.2
 Release:        0
 Summary:        Example Programs for libsndfile
 License:        LGPL-2.1-or-later
@@ -26,6 +26,7 @@ URL:            https://libsndfile.github.io/libsndfile/
 Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
 Source1:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
 Source2:        libsndfile.keyring
+Patch1:         libsndfile-CVE-2022-33065.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
diff --git a/libsndfile.changes b/libsndfile.changes
index 1a0180e..75748d2 100644
--- a/libsndfile.changes
+++ b/libsndfile.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <tiwai@suse.com>
+
+- Update to 1.2.1:
+  * Various bug fixes (issue #908, #907, #934, #950, #930)
+- Update to 1.2.2:
+  * Fixed invalid regex in src/create_symbols_file.py
+  * Fixed passing null pointer to printf %s in tests
+- Fix signed integers overflows in au_read_header()
+  (bsc#121345, CVE-2022-33065):
+  libsndfile-CVE-2022-33065.patch
+
 -------------------------------------------------------------------
 Mon Apr 24 11:42:18 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/libsndfile.spec b/libsndfile.spec
index 9eaea3b..0048650 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -18,7 +18,7 @@
 
 %define lname	%{name}1
 Name:           libsndfile
-Version:        1.2.0
+Version:        1.2.2
 Release:        0
 Summary:        Development/Libraries/C and C++
 License:        LGPL-2.1-or-later
@@ -28,6 +28,7 @@ Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{ver
 Source1:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc
 Source2:        libsndfile.keyring
 Source3:        baselibs.conf
+Patch1:         libsndfile-CVE-2022-33065.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  cmake