commit 3d843e5cdf3e7c0ab35b6ce7dbbb7c90d0bf526f Author: CentOS Sources Date: Tue May 7 07:38:31 2019 -0400 import libsndfile-1.0.28-8.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cbaa935 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libsndfile-1.0.28.tar.gz diff --git a/.libsndfile.metadata b/.libsndfile.metadata new file mode 100644 index 0000000..0c3e03f --- /dev/null +++ b/.libsndfile.metadata @@ -0,0 +1 @@ +85aa967e19f6b9bf975601d79669025e5f8bc77d SOURCES/libsndfile-1.0.28.tar.gz diff --git a/SOURCES/libsndfile-1.0.25-system-gsm.patch b/SOURCES/libsndfile-1.0.25-system-gsm.patch new file mode 100644 index 0000000..d6d1b34 --- /dev/null +++ b/SOURCES/libsndfile-1.0.25-system-gsm.patch @@ -0,0 +1,56 @@ +diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c +--- libsndfile-1.0.28/src/gsm610.c.systemgsm 2016-09-10 10:08:27.000000000 +0200 ++++ libsndfile-1.0.28/src/gsm610.c 2017-04-11 10:47:40.437162489 +0200 +@@ -27,7 +27,7 @@ + #include "sfendian.h" + #include "common.h" + #include "wavlike.h" +-#include "GSM610/gsm.h" ++#include + + #define GSM610_BLOCKSIZE 33 + #define GSM610_SAMPLES 160 +@@ -391,7 +391,8 @@ gsm610_seek (SF_PRIVATE *psf, int UNUSED + psf_fseek (psf, psf->dataoffset, SEEK_SET) ; + pgsm610->blockcount = 0 ; + +- gsm_init (pgsm610->gsm_data) ; ++ gsm_destroy (pgsm610->gsm_data) ; ++ pgsm610->gsm_data = gsm_create () ; + if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV || + (SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64) + gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ; +diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am +--- libsndfile-1.0.28/src/Makefile.am.systemgsm 2017-04-01 09:18:02.000000000 +0200 ++++ libsndfile-1.0.28/src/Makefile.am 2017-04-11 10:48:43.855620172 +0200 +@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la + include_HEADERS = sndfile.hh + nodist_include_HEADERS = sndfile.h + +-noinst_LTLIBRARIES = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la libcommon.la ++noinst_LTLIBRARIES = G72x/libg72x.la ALAC/libalac.la libcommon.la + + SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static + +@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR + libsndfile_la_LDFLAGS = -no-undefined -version-info $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG) + libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS) + nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS) +-libsndfile_la_LIBADD = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la \ ++libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \ + libcommon.la $(EXTERNAL_XIPH_LIBS) -lm + + EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES) +@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io. + #====================================================================== + # Subdir libraries. + +-GSM610_libgsm_la_SOURCES = GSM610/config.h GSM610/gsm.h GSM610/gsm610_priv.h \ +- GSM610/add.c GSM610/code.c GSM610/decode.c GSM610/gsm_create.c \ +- GSM610/gsm_decode.c GSM610/gsm_destroy.c GSM610/gsm_encode.c \ +- GSM610/gsm_option.c GSM610/long_term.c GSM610/lpc.c GSM610/preprocess.c \ +- GSM610/rpe.c GSM610/short_term.c GSM610/table.c +- + G72x_libg72x_la_SOURCES = G72x/g72x.h G72x/g72x_priv.h \ + G72x/g721.c G72x/g723_16.c G72x/g723_24.c G72x/g723_40.c G72x/g72x.c + diff --git a/SOURCES/libsndfile-1.0.25-zerodivfix.patch b/SOURCES/libsndfile-1.0.25-zerodivfix.patch new file mode 100644 index 0000000..792fd92 --- /dev/null +++ b/SOURCES/libsndfile-1.0.25-zerodivfix.patch @@ -0,0 +1,25 @@ +From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Wed, 24 Dec 2014 21:02:35 +1100 +Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero. + +Closes: https://github.com/erikd/libsndfile/issues/92 +--- + src/file_io.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/file_io.c b/src/file_io.c +index 26d3d6d..6ccab78 100644 +--- a/src/file_io.c ++++ b/src/file_io.c +@@ -1322,6 +1322,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf + { sf_count_t total = 0 ; + ssize_t count ; + ++ if (bytes == 0 || items == 0) ++ return 0 ; ++ + if (psf->virtual_io) + return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ; + + diff --git a/SOURCES/libsndfile-1.0.28-cve2017_12562.patch b/SOURCES/libsndfile-1.0.28-cve2017_12562.patch new file mode 100644 index 0000000..f195e87 --- /dev/null +++ b/SOURCES/libsndfile-1.0.28-cve2017_12562.patch @@ -0,0 +1,88 @@ +From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= +Date: Wed, 14 Jun 2017 12:25:40 +0200 +Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings + in binheader + +Fixes the following problems: + 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. + 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the + big switch statement by an amount (16 bytes) which is enough for all cases + where only a single value gets added. Cases 's', 'S', 'p' however + additionally write an arbitrary length block of data and again enlarge the + buffer to the required amount. However, the required space calculation does + not take into account the size of the length field which gets output before + the data. + 3. Buffer size requirement calculation in case 'S' does not account for the + padding byte ("size += (size & 1) ;" happens after the calculation which + uses "size"). + 4. Case 'S' can overrun the header buffer by 1 byte when no padding is + involved + ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while + the buffer is only guaranteed to have "size" space available). + 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte + beyond the space which is guaranteed to be allocated in the header buffer. + 6. Case 's' can overrun the provided source string by 1 byte if padding is + involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" + where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, + plus optionally another 1 which is padding and not guaranteed to be + readable via the source string pointer). + +Closes: https://github.com/erikd/libsndfile/issues/292 +--- + src/common.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/common.c b/src/common.c +index 1a6204ca..6b2a2ee9 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + /* Write a C string (guaranteed to have a zero terminator). */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) + 1 ; +- size += (size & 1) ; + +- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) +- header_put_be_int (psf, size) ; ++ header_put_be_int (psf, size + (size & 1)) ; + else +- header_put_le_int (psf, size) ; ++ header_put_le_int (psf, size + (size & 1)) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; ++ size += (size & 1) ; + psf->header.indx += size ; + psf->header.ptr [psf->header.indx - 1] = 0 ; + count += 4 + size ; +@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) ; +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size) ; + else + header_put_le_int (psf, size) ; +- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; ++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; + size += (size & 1) ; + psf->header.indx += size ; +- psf->header.ptr [psf->header.indx] = 0 ; + count += 4 + size ; + break ; + +@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + size = (size & 1) ? size : size + 1 ; + size = (size > 254) ? 254 : size ; + +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) + return count ; + + header_put_byte (psf, size) ; diff --git a/SOURCES/libsndfile-1.0.28-fixfree.patch b/SOURCES/libsndfile-1.0.28-fixfree.patch new file mode 100644 index 0000000..e91d138 --- /dev/null +++ b/SOURCES/libsndfile-1.0.28-fixfree.patch @@ -0,0 +1,11 @@ +diff -up libsndfile-1.0.28/src/sndfile.c.fixfree libsndfile-1.0.28/src/sndfile.c +--- libsndfile-1.0.28/src/sndfile.c.fixfree 2018-10-15 14:24:26.521941046 +0200 ++++ libsndfile-1.0.28/src/sndfile.c 2018-10-15 14:24:26.534940869 +0200 +@@ -339,6 +339,7 @@ sf_open (const char *path, int mode, SF_ + + if (copy_filename (psf, path) != 0) + { sf_errno = psf->error ; ++ free(psf); + return NULL ; + } ; + diff --git a/SOURCES/libsndfile-1.0.28-flacbufovfl.patch b/SOURCES/libsndfile-1.0.28-flacbufovfl.patch new file mode 100644 index 0000000..1dc5b57 --- /dev/null +++ b/SOURCES/libsndfile-1.0.28-flacbufovfl.patch @@ -0,0 +1,64 @@ +From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Wed, 12 Apr 2017 19:45:30 +1000 +Subject: [PATCH] FLAC: Fix a buffer read overrun + +Buffer read overrun occurs when reading a FLAC file that switches +from 2 channels to one channel mid-stream. Only option is to +abort the read. + +Closes: https://github.com/erikd/libsndfile/issues/230 +--- + src/common.h | 1 + + src/flac.c | 13 +++++++++++++ + src/sndfile.c | 1 + + 3 files changed, 15 insertions(+) + +diff --git a/src/common.h b/src/common.h +index 0bd810c3..e2669b6a 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -725,6 +725,7 @@ enum + SFE_FLAC_INIT_DECODER, + SFE_FLAC_LOST_SYNC, + SFE_FLAC_BAD_SAMPLE_RATE, ++ SFE_FLAC_CHANNEL_COUNT_CHANGED, + SFE_FLAC_UNKOWN_ERROR, + + SFE_WVE_NOT_WVE, +diff --git a/src/flac.c b/src/flac.c +index 84de0e26..986a7b8f 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ + + switch (metadata->type) + { case FLAC__METADATA_TYPE_STREAMINFO : ++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) ++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" ++ "Nothing to be but to error out.\n" , ++ psf->sf.channels, metadata->data.stream_info.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return ; ++ } ; ++ ++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate) ++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n" ++ "Carrying on as if nothing happened.", ++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ; ++ } ; + psf->sf.channels = metadata->data.stream_info.channels ; + psf->sf.samplerate = metadata->data.stream_info.sample_rate ; + psf->sf.frames = metadata->data.stream_info.total_samples ; +diff --git a/src/sndfile.c b/src/sndfile.c +index 41875610..e2a87be8 100644 +--- a/src/sndfile.c ++++ b/src/sndfile.c +@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] = + { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." }, + { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." }, + { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." }, ++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." }, + { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." }, + + { SFE_WVE_NOT_WVE , "Error : not a WVE file." }, diff --git a/SOURCES/libsndfile-1.0.28-vafix.patch b/SOURCES/libsndfile-1.0.28-vafix.patch new file mode 100644 index 0000000..bb72616 --- /dev/null +++ b/SOURCES/libsndfile-1.0.28-vafix.patch @@ -0,0 +1,114 @@ +diff -up libsndfile-1.0.28/src/common.c.vafix libsndfile-1.0.28/src/common.c +--- libsndfile-1.0.28/src/common.c.vafix 2018-10-15 14:31:59.805758665 +0200 ++++ libsndfile-1.0.28/src/common.c 2018-10-15 14:34:48.978445310 +0200 +@@ -561,7 +561,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + while ((c = *format++)) + { + if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + switch (c) + { case ' ' : /* Do nothing. Just used to space out format string. */ +@@ -677,7 +680,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + size = strlen (strptr) + 1 ; + + if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size + (size & 1)) ; +@@ -698,7 +704,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) ; + if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size) ; + else +@@ -718,7 +727,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + size = (size > 254) ? 254 : size ; + + if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + header_put_byte (psf, size) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; +@@ -731,7 +743,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + size = va_arg (argptr, size_t) ; + + if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + memcpy (&(psf->header.ptr [psf->header.indx]), bindata, size) ; + psf->header.indx += size ; +@@ -742,7 +757,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + size = va_arg (argptr, size_t) ; + + if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + count += size ; + while (size) +@@ -763,7 +781,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + size = va_arg (argptr, size_t) ; + + if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + psf->header.indx += size ; + count += size ; +@@ -773,7 +794,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c + size = va_arg (argptr, size_t) ; + + if ((sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, size)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + psf->header.indx = size ; + break ; +@@ -960,7 +984,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch + while ((c = *format++)) + { + if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ { ++ va_end (argptr) ; + return count ; ++ } ; + + switch (c) + { case 'e' : /* All conversions are now from LE to host. */ +@@ -1087,7 +1114,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch + memset (charptr, 0, count) ; + + if (psf->header.indx + count >= psf->header.len && psf_bump_header_allocation (psf, count)) +- return 0 ; ++ { ++ va_end (argptr) ; ++ return count ; ++ } ; + + byte_count += header_gets (psf, charptr, count) ; + break ; diff --git a/SOURCES/libsndfile-1.0.29-cve2017_6892.patch b/SOURCES/libsndfile-1.0.29-cve2017_6892.patch new file mode 100644 index 0000000..d5ccf72 --- /dev/null +++ b/SOURCES/libsndfile-1.0.29-cve2017_6892.patch @@ -0,0 +1,25 @@ +From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Tue, 23 May 2017 20:15:24 +1000 +Subject: [PATCH] src/aiff.c: Fix a buffer read overflow + +Secunia Advisory SA76717. + +Found by: Laurent Delosieres, Secunia Research at Flexera Software +--- + src/aiff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/aiff.c b/src/aiff.c +index 5b5f9f53..45864b76 100644 +--- a/src/aiff.c ++++ b/src/aiff.c +@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword) + psf_binheader_readf (psf, "j", dword - bytesread) ; + + if (map_info->channel_map != NULL) +- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ; ++ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ; + + free (psf->channel_map) ; + diff --git a/SOURCES/revert.patch b/SOURCES/revert.patch new file mode 100644 index 0000000..fbdd96d --- /dev/null +++ b/SOURCES/revert.patch @@ -0,0 +1,37 @@ +--- libsndfile-1.0.28/src/rf64.c 2017-04-02 09:43:22.000000000 +0200 ++++ libsndfile-1.0.27/src/rf64.c 2016-04-01 23:08:53.000000000 +0200 +@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int + + #endif + +- pad_size = psf->dataoffset - 16 - psf->header.indx ; +- if (pad_size >= 0) +- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ; ++ if (psf->header.indx + 8 < psf->dataoffset) ++ { /* Add PAD data if necessary. */ ++ int k = psf->dataoffset - 16 - psf->header.indx ; ++ psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ; ++ } ; + + if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES)) + psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ; + else + psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ; + +- psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ; ++ psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ; + if (psf->error) + return psf->error ; + +- if (has_data && psf->dataoffset != psf->header.indx) +- { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ; ++ if (has_data && psf->dataoffset != psf->header.indx) ++ { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ; + return psf->error = SFE_INTERNAL ; + } ; + +- psf->dataoffset = psf->header.indx ; ++ psf->dataoffset = psf->header.indx ; + + if (NOT (has_data)) + psf_fseek (psf, psf->dataoffset, SEEK_SET) ; diff --git a/SPECS/libsndfile.spec b/SPECS/libsndfile.spec new file mode 100644 index 0000000..368e9f3 --- /dev/null +++ b/SPECS/libsndfile.spec @@ -0,0 +1,363 @@ +Summary: Library for reading and writing sound files +Name: libsndfile +Version: 1.0.28 +Release: 8%{?dist} +License: LGPLv2+ and GPLv2+ and BSD +Group: System Environment/Libraries +URL: http://www.mega-nerd.com/libsndfile/ +Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz +Patch0: libsndfile-1.0.25-system-gsm.patch +Patch1: libsndfile-1.0.25-zerodivfix.patch +Patch2: revert.patch +Patch3: libsndfile-1.0.28-flacbufovfl.patch +Patch4: libsndfile-1.0.29-cve2017_6892.patch +#libsndfile-1.0.29-cve2017_6892.patch +# from upstream, for <= 1.0.28, rhbz#1483140 +Patch5: libsndfile-1.0.28-cve2017_12562.patch +Patch6: libsndfile-1.0.28-fixfree.patch +Patch7: libsndfile-1.0.28-vafix.patch +BuildRequires: alsa-lib-devel +BuildRequires: flac-devel +BuildRequires: libogg-devel +BuildRequires: libvorbis-devel +BuildRequires: pkgconfig +BuildRequires: sqlite-devel +BuildRequires: gsm-devel +BuildRequires: libtool + + +%description +libsndfile is a C library for reading and writing sound files such as +AIFF, AU, WAV, and others through one standard interface. It can +currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and +64-bit floating point WAV files and a number of compressed formats. It +compiles and runs on *nix, MacOS, and Win32. + + +%package devel +Summary: Development files for libsndfile +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} pkgconfig + + +%description devel +libsndfile is a C library for reading and writing sound files such as +AIFF, AU, WAV, and others through one standard interface. +This package contains files needed to develop with libsndfile. + + +%package utils +Summary: Command Line Utilities for libsndfile +Group: Applications/Multimedia +Requires: %{name} = %{version}-%{release} + + +%description utils +libsndfile is a C library for reading and writing sound files such as +AIFF, AU, WAV, and others through one standard interface. +This package contains command line utilities for libsndfile. + + +%prep +%setup -q +%patch0 -p1 -b .systemgsm +%patch1 -p1 -b .zerodivfix +%patch2 -p1 -b .revert +%patch3 -p1 -b .flacbufovfl +%patch4 -p1 -b .cve2017_6892 +%patch5 -p1 -b .cve2017_12562 +%patch6 -p1 -b .fixfree +%patch7 -p1 -b .vafix +rm -r src/GSM610 + +%build +autoreconf -I M4 -fiv # for system-gsm patch +%configure \ + --disable-dependency-tracking \ + --enable-sqlite \ + --enable-alsa \ + --enable-largefile \ + --disable-static + +# Get rid of rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} + + +%install +make install DESTDIR=$RPM_BUILD_ROOT +rm -rf __docs +mkdir __docs +cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs +rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name} +find %{buildroot} -type f -name "*.la" -delete + +# fix multilib issues +mv %{buildroot}%{_includedir}/sndfile.h \ + %{buildroot}%{_includedir}/sndfile-%{__isa_bits}.h + +cat > %{buildroot}%{_includedir}/sndfile.h < + +#if __WORDSIZE == 32 +# include "sndfile-32.h" +#elif __WORDSIZE == 64 +# include "sndfile-64.h" +#else +# error "unexpected value for __WORDSIZE macro" +#endif +EOF + +%if 0%{?rhel} != 0 +rm -f %{buildroot}%{_bindir}/sndfile-jackplay +%endif + + +%check +LD_LIBRARY_PATH=$PWD/src/.libs make check + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS README NEWS +%{_libdir}/%{name}.so.* + +%files utils +%{_bindir}/sndfile-cmp +%{_bindir}/sndfile-concat +%{_bindir}/sndfile-convert +%{_bindir}/sndfile-deinterleave +%{_bindir}/sndfile-info +%{_bindir}/sndfile-interleave +%{_bindir}/sndfile-metadata-get +%{_bindir}/sndfile-metadata-set +%{_bindir}/sndfile-play +%{_bindir}/sndfile-regtest +%{_bindir}/sndfile-salvage +%{_mandir}/man1/sndfile-cmp.1* +%{_mandir}/man1/sndfile-concat.1* +%{_mandir}/man1/sndfile-convert.1* +%{_mandir}/man1/sndfile-deinterleave.1* +%{_mandir}/man1/sndfile-info.1* +%{_mandir}/man1/sndfile-interleave.1* +%{_mandir}/man1/sndfile-metadata-get.1* +%{_mandir}/man1/sndfile-metadata-set.1* +%{_mandir}/man1/sndfile-play.1* +%{_mandir}/man1/sndfile-salvage.1* + +%files devel +%doc __docs ChangeLog +%{_includedir}/sndfile.h +%{_includedir}/sndfile.hh +%{_includedir}/sndfile-%{__isa_bits}.h +%{_libdir}/%{name}.so +%{_libdir}/pkgconfig/sndfile.pc + + +%changelog +* Mon Oct 15 2018 Michal Hlavinka - 1.0.28-8 +- fix coverity scan found issues (#1602592) + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.28-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 24 2017 Michal Hlavinka - 1.0.28-6 +- heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562) + +* Thu Aug 03 2017 Fedora Release Engineering - 1.0.28-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.0.28-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jun 21 2017 Michal Hlavinka - 1.0.28-3 +- fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328) + +* Mon Jun 05 2017 Michal Hlavinka - 1.0.28-2 +- fix flac and pcm buffer overflows (CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365) + +* Tue Apr 11 2017 Michal Hlavinka - 1.0.28-1 +- updated to 1.0.28 +- fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) +- fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585) + +* Fri Feb 10 2017 Fedora Release Engineering - 1.0.27-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Nov 11 2016 Michal Hlavinka - 1.0.27-1 +- updated to 1.0.27 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.0.25-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Nov 06 2015 Michal Hlavinka - 1.0.25-19 +- fix incomplete patch for CVE-2015-7805 + +* Fri Nov 06 2015 Michal Hlavinka - 1.0.25-18 +- fix CVE-2015-7805: Heap overflow vulnerability when parsing specially + crafted AIFF header + +* Thu Aug 27 2015 Marcin Juszkiewicz - 1.0.25-17 +- Use __isa_bits macro instead of list of 64-bit architectures + +* Sun Jul 19 2015 Peter Robinson 1.0.25-16 +- Fix FTBFS +- Use %%license + +* Wed Jun 17 2015 Fedora Release Engineering - 1.0.25-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jan 13 2015 Michal Hlavinka - 1.0.25-14 +- fix CVE-2014-9496: 2 buffer overruns in sd2_parse_rsrc_fork (#1178840) +- division by zero leading to denial of service in psf_fwrite (#1177254) + +* Sun Aug 17 2014 Fedora Release Engineering - 1.0.25-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Aug 02 2014 Kalev Lember - 1.0.25-12 +- Fix up previous commit + +* Sat Aug 2 2014 Peter Robinson 1.0.25-11 +- Modernise spec +- Generic 32/64bit platform detection + +* Sat Jun 07 2014 Fedora Release Engineering - 1.0.25-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jan 13 2014 Michal Hlavinka - 1.0.25-9 +- fix ppc64le build (#1051639) + +* Sat Aug 03 2013 Fedora Release Engineering - 1.0.25-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jun 03 2013 Michal Hlavinka - 1.0.25-7 +- fix support for aarch64, another part (#969831) + +* Wed Mar 27 2013 Michal Hlavinka - 1.0.25-6 +- fix support for aarch64 (#925887) + +* Thu Feb 14 2013 Fedora Release Engineering - 1.0.25-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 1.0.25-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 1.0.25-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sat Nov 12 2011 Ville Skyttä - 1.0.25-2 +- Patch to use system libgsm instead of a bundled copy. +- Make main package dep in -devel ISA qualified. +- Drop -octave Provides (not actually built with octave > 3.0). +- Don't build throwaway static lib. +- Run test suite during build. + +* Thu Jul 14 2011 Michal Hlavinka - 1.0.25-1 +- Update to 1.0.25 +- fixes integer overflow by processing certain PAF audio files (#721240) + +* Sun Mar 27 2011 Orcan Ogetbil - 1.0.24-1 +- Update to 1.0.24 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sat Oct 16 2010 Orcan Ogetbil - 1.0.23-1 +- Update to 10.0.23 + +* Tue Oct 05 2010 Orcan Ogetbil - 1.0.22-1 +- Update to 10.0.22 + +* Tue May 11 2010 Orcan Ogetbil - 1.0.21-1 +- Update to 10.0.21 +- Do not include the static library in the package (RHBZ#556074) +- Remove BR on jack since sndfile-jackplay is not provided anymore + +* Mon Feb 1 2010 Stepan Kasal - 1.0.20-5 +- Do not build against Jack on RHEL +- Fix the Source0: URL +- Fix the licence tag + +* Sat Nov 14 2009 Orcan Ogetbil - 1.0.20-4 +- Split utils into a subpackage + +* Sat Nov 14 2009 Orcan Ogetbil - 1.0.20-3 +- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel) +- Make build verbose +- Remove rpath +- Fix ChangeLog encoding +- Move the big Changelog to the devel package + +* Sat Jul 25 2009 Fedora Release Engineering - 1.0.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sat Jun 06 2009 Lennart Poettering - 1.0.20-1 +- Updated to 1.0.20 + +* Tue Mar 03 2009 Robert Scheck - 1.0.17-8 +- Rebuilt against libtool 2.2 + +* Wed Feb 25 2009 Fedora Release Engineering - 1.0.17-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Oct 25 2008 Andreas Thienemann - 1.0.17-6 +- Removed spurious #endif in the libsndfile.h wrapper. Thx to Edward + Sheldrake for finding it. Fixes #468508. +- Fix build for autoconf-2.63 + +* Thu Oct 23 2008 Andreas Thienemann - 1.0.17-5 +- Fixed multilib conflict. #342401 +- Made flac support actually work correctly. + +* Thu Aug 7 2008 Tom "spot" Callaway - 1.0.17-4 +- fix license tag + +* Tue Feb 19 2008 Fedora Release Engineering - 1.0.17-3 +- Autorebuild for GCC 4.3 + +* Thu Sep 20 2007 Andreas Thienemann - 1.0.17-2 +- Adding FLAC support to libsndfile courtesy of gentoo, #237575 +- Fixing CVE-2007-4974. Thanks to the gentoo people for the patch, #296221 + +* Fri Sep 08 2006 Andreas Thienemann - 1.0.17-1 +- Updated to 1.0.17 + +* Sun Apr 30 2006 Andreas Thienemann - 1.0.16-1 +- Updated to 1.0.16 + +* Thu Mar 30 2006 Andreas Thienemann - 1.0.15-1 +- Updated to 1.0.15 + +* Thu Mar 16 2006 Dams - 1.0.14-1.fc5 +- Updated to 1.0.14 +- Dropped patch0 + +* Thu May 12 2005 Michael Schwendt - 1.0.11-3 +- rebuilt + +* Sat Mar 5 2005 Michael Schwendt - 1.0.11-2 +- Fix format string bug (#149863). +- Drop explicit Epoch 0. + +* Sat Dec 4 2004 Ville Skyttä - 0:1.0.11-0.fdr.1 +- Update to 1.0.11. + +* Wed Oct 13 2004 Ville Skyttä - 0:1.0.10-0.fdr.1 +- Update to 1.0.10, update URLs, include ALSA support. +- Disable dependency tracking to speed up the build. +- Add missing ldconfig invocations. +- Make -devel require pkgconfig. +- Include developer docs in -devel. +- Provide -octave in main package, own more related dirs. +- Bring specfile up to date with current spec templates. + +* Sat Apr 12 2003 Dams +- Initial build.