- Fix build with libsndfile 1.1.0; add missing build reqs
- update to 1.1.0:
* Added MPEG Encode/Decode Support
* New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
Fixed:
* Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375).
* Stack overflow in guess_file_type()
* Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
* Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz
* GCC and Clang pedantic warnings, thanks @bobsayshilol.
* Normalisation issue when scaling floating point data to int in
replace_read_f2i(), thanks @bobsayshilol, (issue #702).
* Missing samples when doing a partial read of Ogg file from index till the
end of file, thanks @arthurt (issue #643).
* sndfile-salvage: Handle files > 4 GB on Windows OS
* Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz
* Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz
* Integer overflow in psf_log_printf(), credit to OSS-Fuzz
* ABI version incompatibility between Autotools and CMake build on Apple
platforms.
* Heap buffer overflow in wavlike_ima_decode_block()
* Heap buffer overflow in msadpcm_decode_block()
* Heap buffer overflow in psf_binheader_readf()
* Index out of bounds in psf_nms_adpcm_decode_block()
* Heap buffer overflow in flac_buffer_copy()
* Heap buffer overflow in copyPredictorTo24()
* Uninitialized variable in psf_binheader_readf()
- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch,
libsndfile-CVE-2021-4156.patch (obsolete)
OBS-URL: https://build.opensuse.org/request/show/967827
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=84
- update to 1.0.31:
* documentation fixes and updates
* Change CMake's project name from sndfile to libsndfile as it should be.
* Fix memory leak in wav_read_smpl_chunk() function, credit to OSS-Fuzz.
* Fix aiff_read_header() memory leak(), credit to OSS-Fuzz.
* Fix leak in wav_read_header(), credit to OSS-Fuzz.
* Fix leak in wavlike_read_cart_chunk(), credit to OSS-Fuzz.
* Fix memory leak in wav_read_acid_chunk(), credit to OSS-Fuzz.
* Fix memory leak in aiff_read_basc_chunk(), credit to OSS-Fuzz.
* Fix memory leak in wavlike_read_peak_chunk(), credit to OSS-Fuzz.
* Fix memory leak in aiff_read_header(), credit to OSS-Fuzz.
* Fix use of uninitialized value in exif_subchunk_parse(), credit to OSS-Fuzz.
* Fix use of uninitialized value in endswap_int64_t_array(), credit to
* OSS-Fuzz.
* Fix up the fuzzer so that it can't under or overseek,
* thanks to Max Dymond cmeister2@gmail.com.
* Fix Autotools configure on macOS, thanks to @tmcguire and @nwh.
* Exclude repository-configuration from git-archive, thanks to @umlaeute.
* Use version-script when compiling with clang on Unix with Autotools, thanks
* to @tstellar.
* Improve handling of SMPL chunks in WAV files, thanks to @zodf0055980.
- update to 1.0.30:
* Move sndfile.h.in from src/ to include/ directory.
* Huge documentation update.
* Fix opus test failures on BE platforms
* Fix bug when sf_open_fd() function sometimes leaves filehandle open, even if close_desc parameter is TRUE, thanks to @umläute.
* Fix infinite loops on some pathological SD2 files
* Switch to GitHub Actions for continuous integration.
* Add OSS-Fuzz tests to GitHub Actions workflow
* Fix memory leak in wavlike_read_bext_chunk() function, credit to OSS-Fuzz.
OBS-URL: https://build.opensuse.org/request/show/879319
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=79
- Fix buffer overflow in sndfile-deinterleave, which isn't really a
security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
CVE-2018-19432):
(Apply all the rest as well to sync with libsndfile.spec)
0001-FLAC-Fix-a-buffer-read-overrun.patch
0002-src-flac.c-Fix-a-buffer-read-overflow.patch
0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
0031-sfe_copy_data_fp-check-value-of-max-variable.patch
libsndfile-CVE-2017-17456-alaw-range-check.patch
libsndfile-CVE-2017-17457-ulaw-range-check.patch
sndfile-deinterlace-channels-check.patch
sndfile-ocloexec.patch
- Fix buffer overflow in sndfile-deinterleave, which isn't really a
security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
CVE-2018-19432):
OBS-URL: https://build.opensuse.org/request/show/651403
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=56
bsc#1071777):
libsndfile-CVE-2017-17456-alaw-range-check.patch
- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
bsc#1071767):
libsndfile-CVE-2017-17457-ulaw-range-check.patch
- Fix VUL-0: divide-by-zero error exists in the function
double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
- Tentative fix for VUL-0: out of bounds read in the function
d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
VUL-0: out of bounds read in the function d2ulaw_array() in
ulaw.c (CVE-2017-14246, bsc#1059913):
0031-sfe_copy_data_fp-check-value-of-max-variable.patch
- Fix Heap-based Buffer Overflow in the psf_binheader_writef
(CVE-2017-12562, bsc#1052476):
0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
- Fix out-of-bounds read memory access in the aiff_read_chanmap()
(CVE-2017-6892, bsc#1043978):
0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
bsc#1036943):
0001-FLAC-Fix-a-buffer-read-overrun.patch
0002-src-flac.c-Fix-a-buffer-read-overflow.patch
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=71
- Fix VUL-0: divide-by-zero error exists in the function
double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
- Tentative fix for VUL-0: out of bounds read in the function
d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
VUL-0: out of bounds read in the function d2ulaw_array() in
ulaw.c (CVE-2017-14246, bsc#1059913):
0031-sfe_copy_data_fp-check-value-of-max-variable.patch
OBS-URL: https://build.opensuse.org/request/show/558585
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=64
- Update to version 1.0.27:
* Fix a seek regression in 1.0.26
* Add metadata read/write for CAF and RF64
* FIx PAF endian-ness issue
- Update to version 1.0.28
* Fix buffer overruns in FLAC and ID3 handling code
(CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
* Reduce default header memory requirements
* Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Update to version 1.0.27:
* Fix a seek regression in 1.0.26
* Add metadata read/write for CAF and RF64
* FIx PAF endian-ness issue
- Update to version 1.0.28
* Fix buffer overruns in FLAC and ID3 handling code
(CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
* Reduce default header memory requirements
* Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
OBS-URL: https://build.opensuse.org/request/show/487058
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=56
- Remove documentation, it belongs to the libsndfile package.
- Update to version 1.0.26:
* Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
* Add ALAC/CAF support. Minor bug fixes and improvements.
- Drop libsndfile-example-fix.diff
- Update to version 1.0.26:
* Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
* Add ALAC/CAF support. Minor bug fixes and improvements.
- Refreshed patches:
sndfile-ocloexec.patch
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Removed obsoleted patches:
libsndfile-example-fix.diff
libsndfile-fix-header-read-CVE-2015-7805.patch
libsndfile-paf-zero-division-fix.diff
libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
OBS-URL: https://build.opensuse.org/request/show/346027
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=47
