migrated to SPDX license

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

822b732fd31ffcb78f6920001e9b1fbd815fa712.patch

@@ -0,0 +1,26 @@
+From 822b732fd31ffcb78f6920001e9b1fbd815fa712 Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans@redhat.com>
+Date: Thu, 27 Sep 2018 12:11:12 +0200
+Subject: [PATCH] SimpleModule: set output chunk framecount after pull
+
+After pulling the data, set the output chunk to the amount of
+frames we pulled so that the next module in the chain has the correct
+frame count.
+
+Fixes #50 and #51
+---
+ libaudiofile/modules/SimpleModule.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libaudiofile/modules/SimpleModule.cpp b/libaudiofile/modules/SimpleModule.cpp
+index 2bae1eb..e87932c 100644
+--- a/libaudiofile/modules/SimpleModule.cpp
++++ b/libaudiofile/modules/SimpleModule.cpp
+@@ -26,6 +26,7 @@
+ void SimpleModule::runPull()
+ {
+ 	pull(m_outChunk->frameCount);
++	m_outChunk->frameCount = m_inChunk->frameCount;
+ 	run(*m_inChunk, *m_outChunk);
+ }
+ 

941774c8c0e79007196d7f1e7afdc97689f869b3.patch

@@ -0,0 +1,21 @@
+From 941774c8c0e79007196d7f1e7afdc97689f869b3 Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans@redhat.com>
+Date: Thu, 27 Sep 2018 12:09:45 +0200
+Subject: [PATCH] ALAC: set chunk frameCount to 0 on short read
+
+---
+ libaudiofile/modules/ALAC.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libaudiofile/modules/ALAC.cpp b/libaudiofile/modules/ALAC.cpp
+index 7593c11..478e2af 100644
+--- a/libaudiofile/modules/ALAC.cpp
++++ b/libaudiofile/modules/ALAC.cpp
+@@ -240,6 +240,7 @@ void ALAC::runPull()
+ 	if (read(m_inChunk->buffer, bytesPerPacket) < bytesPerPacket)
+ 	{
+ 		reportReadError(0, m_track->f.framesPerPacket);
++		m_outChunk->frameCount = 0;
+ 		return;
+ 	}
+ 

audiofile-0.3.6-left-shift-neg.patch

@@ -0,0 +1,48 @@
+diff -Nurb --strip-trailing-cr audiofile-0.3.6-orig/libaudiofile/modules/SimpleModule.h audiofile-0.3.6/libaudiofile/modules/SimpleModule.h
+--- audiofile-0.3.6-orig/libaudiofile/modules/SimpleModule.h	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6/libaudiofile/modules/SimpleModule.h	2016-02-03 21:19:43.065454454 +0100
+@@ -123,7 +123,7 @@
+ 	typedef typename IntTypes<Format>::UnsignedType UnsignedType;
+ 
+ 	static const int kScaleBits = (Format + 1) * CHAR_BIT - 1;
+-	static const int kMinSignedValue = -1 << kScaleBits;
++	static const int kMinSignedValue = 0-(1U<<kScaleBits);
+ 
+ 	struct signedToUnsigned : public std::unary_function<SignedType, UnsignedType>
+ 	{
+diff -Nurb --strip-trailing-cr audiofile-0.3.6-orig/test/FloatToInt.cpp audiofile-0.3.6/test/FloatToInt.cpp
+--- audiofile-0.3.6-orig/test/FloatToInt.cpp	2013-02-11 18:23:26.000000000 +0100
++++ audiofile-0.3.6/test/FloatToInt.cpp	2016-02-03 21:21:14.714510229 +0100
+@@ -115,7 +115,7 @@
+ 		EXPECT_EQ(readData[i], expectedData[i]);
+ }
+ 
+-static const int32_t kMinInt24 = -1<<23;
++static const int32_t kMinInt24 = 0-(1U<<23);
+ static const int32_t kMaxInt24 = (1<<23) - 1;
+ 
+ TEST_F(FloatToIntTest, Int24)
+diff -Nurb --strip-trailing-cr audiofile-0.3.6-orig/test/IntToFloat.cpp audiofile-0.3.6/test/IntToFloat.cpp
+--- audiofile-0.3.6-orig/test/IntToFloat.cpp	2013-02-11 18:23:26.000000000 +0100
++++ audiofile-0.3.6/test/IntToFloat.cpp	2016-02-03 21:20:57.380445355 +0100
+@@ -117,7 +117,7 @@
+ 		EXPECT_EQ(readData[i], expectedData[i]);
+ }
+ 
+-static const int32_t kMinInt24 = -1<<23;
++static const int32_t kMinInt24 = 0-(1U<<23);
+ static const int32_t kMaxInt24 = (1<<23) - 1;
+ 
+ TEST_F(IntToFloatTest, Int24)
+diff -Nurb --strip-trailing-cr audiofile-0.3.6-orig/test/Sign.cpp audiofile-0.3.6/test/Sign.cpp
+--- audiofile-0.3.6-orig/test/Sign.cpp	2013-02-11 18:23:26.000000000 +0100
++++ audiofile-0.3.6/test/Sign.cpp	2016-02-03 21:20:38.742450826 +0100
+@@ -116,7 +116,7 @@
+ 		EXPECT_EQ(readData[i], expectedData[i]);
+ }
+ 
+-static const int32_t kMinInt24 = -1<<23;
++static const int32_t kMinInt24 = 0-(1U<<23);
+ static const int32_t kMaxInt24 = (1<<23) - 1;
+ static const uint32_t kMaxUInt24 = (1<<24) - 1;
+ 

audiofile-0.3.6-narrowing.patch

@@ -0,0 +1,52 @@
+diff -Nur audiofile-0.3.6-orig/test/NeXT.cpp audiofile-0.3.6/test/NeXT.cpp
+--- audiofile-0.3.6-orig/test/NeXT.cpp	2013-02-11 18:23:26.000000000 +0100
++++ audiofile-0.3.6/test/NeXT.cpp	2016-02-04 10:37:32.457140823 +0100
+@@ -37,13 +37,13 @@
+ 
+ #include "TestUtilities.h"
+ 
+-const char kDataUnspecifiedLength[] =
++const signed char kDataUnspecifiedLength[] =
+ {
+ 	'.', 's', 'n', 'd',
+ 	0, 0, 0, 24, // offset of 24 bytes
+-	0xff, 0xff, 0xff, 0xff, // unspecified length
++	-1, -1, -1, -1, // unspecified length
+ 	0, 0, 0, 3, // 16-bit linear
+-	0, 0, 172, 68, // 44100 Hz
++	0, 0, -84, 68, // 44100 Hz (0xAC44)
+ 	0, 0, 0, 1, // 1 channel
+ 	0, 1,
+ 	0, 1,
+@@ -57,13 +57,13 @@
+ 	0, 55
+ };
+ 
+-const char kDataTruncated[] =
++const signed char kDataTruncated[] =
+ {
+ 	'.', 's', 'n', 'd',
+ 	0, 0, 0, 24, // offset of 24 bytes
+ 	0, 0, 0, 20, // length of 20 bytes
+ 	0, 0, 0, 3, // 16-bit linear
+-	0, 0, 172, 68, // 44100 Hz
++	0, 0, -84, 68, // 44100 Hz (0xAC44)
+ 	0, 0, 0, 1, // 1 channel
+ 	0, 1,
+ 	0, 1,
+@@ -152,13 +152,13 @@
+ 	ASSERT_EQ(::unlink(testFileName.c_str()), 0);
+ }
+ 
+-const char kDataZeroChannels[] =
++const signed char kDataZeroChannels[] =
+ {
+ 	'.', 's', 'n', 'd',
+ 	0, 0, 0, 24, // offset of 24 bytes
+ 	0, 0, 0, 2, // 2 bytes
+ 	0, 0, 0, 3, // 16-bit linear
+-	0, 0, 172, 68, // 44100 Hz
++	0, 0, -84, 68, // 44100 Hz (0xAC44)
+ 	0, 0, 0, 0, // 0 channels
+ 	0, 1
+ };

audiofile-0.3.6-pull42.patch

@@ -0,0 +1,176 @@
+diff -Nur audiofile-0.3.6/libaudiofile/modules/BlockCodec.cpp audiofile-0.3.6-pull42/libaudiofile/modules/BlockCodec.cpp
+--- audiofile-0.3.6/libaudiofile/modules/BlockCodec.cpp	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull42/libaudiofile/modules/BlockCodec.cpp	2017-03-10 15:40:02.000000000 +0100
+@@ -52,8 +52,9 @@
+ 	// Decompress into m_outChunk.
+ 	for (int i=0; i<blocksRead; i++)
+ 	{
+-		decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket,
+-			static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount);
++		if (decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket,
++			static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount)==0)
++			break;
+ 
+ 		framesRead += m_framesPerPacket;
+ 	}
+diff -Nur audiofile-0.3.6/libaudiofile/modules/MSADPCM.cpp audiofile-0.3.6-pull42/libaudiofile/modules/MSADPCM.cpp
+--- audiofile-0.3.6/libaudiofile/modules/MSADPCM.cpp	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull42/libaudiofile/modules/MSADPCM.cpp	2017-03-10 15:40:02.000000000 +0100
+@@ -101,24 +101,60 @@
+ 	768, 614, 512, 409, 307, 230, 230, 230
+ };
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++bool multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
++	return __builtin_mul_overflow(a, b, result);
++#else
++	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
++		return true;
++	*result = a * b;
++	return false;
++#endif
++}
++
++
+ // Compute a linear PCM value from the given differential coded value.
+ static int16_t decodeSample(ms_adpcm_state &state,
+-	uint8_t code, const int16_t *coefficient)
++	uint8_t code, const int16_t *coefficient, bool *ok=NULL)
+ {
+ 	int linearSample = (state.sample1 * coefficient[0] +
+ 		state.sample2 * coefficient[1]) >> 8;
++	int delta;
+ 
+ 	linearSample += ((code & 0x08) ? (code - 0x10) : code) * state.delta;
+ 
+ 	linearSample = clamp(linearSample, MIN_INT16, MAX_INT16);
+ 
+-	int delta = (state.delta * adaptationTable[code]) >> 8;
++	if (multiplyCheckOverflow(state.delta, adaptationTable[code], &delta))
++	{
++                if (ok) *ok=false;
++		_af_error(AF_BAD_COMPRESSION, "Error decoding sample");
++		return 0;
++	}
++	delta >>= 8;
+ 	if (delta < 16)
+ 		delta = 16;
+ 
+ 	state.delta = delta;
+ 	state.sample2 = state.sample1;
+ 	state.sample1 = linearSample;
++	if (ok) *ok=true;
+ 
+ 	return static_cast<int16_t>(linearSample);
+ }
+@@ -212,13 +248,16 @@
+ 	{
+ 		uint8_t code;
+ 		int16_t newSample;
++		bool ok;
+ 
+ 		code = *encoded >> 4;
+-		newSample = decodeSample(*state[0], code, coefficient[0]);
++		newSample = decodeSample(*state[0], code, coefficient[0], &ok);
++		if (!ok) return 0;
+ 		*decoded++ = newSample;
+ 
+ 		code = *encoded & 0x0f;
+-		newSample = decodeSample(*state[1], code, coefficient[1]);
++		newSample = decodeSample(*state[1], code, coefficient[1], &ok);
++		if (!ok) return 0;
+ 		*decoded++ = newSample;
+ 
+ 		encoded++;
+diff -Nur audiofile-0.3.6/libaudiofile/WAVE.cpp audiofile-0.3.6-pull42/libaudiofile/WAVE.cpp
+--- audiofile-0.3.6/libaudiofile/WAVE.cpp	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull42/libaudiofile/WAVE.cpp	2017-03-10 15:40:02.000000000 +0100
+@@ -281,6 +281,12 @@
+ 
+ 			/* numCoefficients should be at least 7. */
+ 			assert(numCoefficients >= 7 && numCoefficients <= 255);
++			if (numCoefficients < 7 || numCoefficients > 255)
++			{
++				_af_error(AF_BAD_HEADER,
++						"Bad number of coefficients");
++				return AF_FAIL;
++			}
+ 
+ 			m_msadpcmNumCoefficients = numCoefficients;
+ 
+@@ -834,6 +840,8 @@
+ 	}
+ 
+ 	TrackSetup *track = setup->getTrack();
++	if (!track)
++		return AF_NULL_FILESETUP;
+ 
+ 	if (track->f.isCompressed())
+ 	{
+diff -Nur audiofile-0.3.6/sfcommands/sfconvert.c audiofile-0.3.6-pull42/sfcommands/sfconvert.c
+--- audiofile-0.3.6/sfcommands/sfconvert.c	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull42/sfcommands/sfconvert.c	2017-03-10 15:40:02.000000000 +0100
+@@ -45,6 +45,33 @@
+ void usageerror (void);
+ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid);
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++bool multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
++	return __builtin_mul_overflow(a, b, result);
++#else
++	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
++		return true;
++	*result = a * b;
++	return false;
++#endif
++}
++
+ int main (int argc, char **argv)
+ {
+ 	if (argc == 2)
+@@ -323,8 +350,11 @@
+ {
+ 	int frameSize = afGetVirtualFrameSize(infile, trackid, 1);
+ 
+-	const int kBufferFrameCount = 65536;
+-	void *buffer = malloc(kBufferFrameCount * frameSize);
++	int kBufferFrameCount = 65536;
++	int bufferSize;
++	while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
++		kBufferFrameCount /= 2;
++	void *buffer = malloc(bufferSize);
+ 
+ 	AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK);
+ 	AFframecount totalFramesWritten = 0;

audiofile-0.3.6-pull43.patch

@@ -0,0 +1,21 @@
+diff -Nur audiofile-0.3.6/libaudiofile/modules/IMA.cpp audiofile-0.3.6-pull43/libaudiofile/modules/IMA.cpp
+--- audiofile-0.3.6/libaudiofile/modules/IMA.cpp	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull43/libaudiofile/modules/IMA.cpp	2017-03-06 18:06:35.000000000 +0100
+@@ -169,7 +169,7 @@
+ 		if (encoded[1] & 0x80)
+ 			m_adpcmState[c].previousValue -= 0x10000;
+ 
+-		m_adpcmState[c].index = encoded[2];
++		m_adpcmState[c].index = clamp(encoded[2], 0, 88);
+ 
+ 		*decoded++ = m_adpcmState[c].previousValue;
+ 
+@@ -210,7 +210,7 @@
+ 			predictor -= 0x10000;
+ 
+ 		state.previousValue = clamp(predictor, MIN_INT16, MAX_INT16);
+-		state.index = encoded[1] & 0x7f;
++		state.index = clamp(encoded[1] & 0x7f, 0, 88);
+ 		encoded += 2;
+ 
+ 		for (int n=0; n<m_framesPerPacket; n+=2)

audiofile-0.3.6-pull44.patch

@@ -0,0 +1,31 @@
+diff -Nur audiofile-0.3.6/libaudiofile/modules/BlockCodec.cpp audiofile-0.3.6-pull44/libaudiofile/modules/BlockCodec.cpp
+--- audiofile-0.3.6/libaudiofile/modules/BlockCodec.cpp	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull44/libaudiofile/modules/BlockCodec.cpp	2017-03-09 10:21:18.000000000 +0100
+@@ -47,7 +47,7 @@
+ 
+ 	// Read the compressed data.
+ 	ssize_t bytesRead = read(m_inChunk->buffer, m_bytesPerPacket * blockCount);
+-	int blocksRead = bytesRead >= 0 ? bytesRead / m_bytesPerPacket : 0;
++	int blocksRead = (bytesRead >= 0 && m_bytesPerPacket > 0) ? bytesRead / m_bytesPerPacket : 0;
+ 
+ 	// Decompress into m_outChunk.
+ 	for (int i=0; i<blocksRead; i++)
+diff -Nur audiofile-0.3.6/libaudiofile/WAVE.cpp audiofile-0.3.6-pull44/libaudiofile/WAVE.cpp
+--- audiofile-0.3.6/libaudiofile/WAVE.cpp	2013-03-06 06:30:03.000000000 +0100
++++ audiofile-0.3.6-pull44/libaudiofile/WAVE.cpp	2017-03-09 10:21:18.000000000 +0100
+@@ -326,6 +326,7 @@
+ 			{
+ 				_af_error(AF_BAD_NOT_IMPLEMENTED,
+ 					"IMA ADPCM compression supports only 4 bits per sample");
++				return AF_FAIL;
+ 			}
+ 
+ 			int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount;
+@@ -333,6 +334,7 @@
+ 			{
+ 				_af_error(AF_BAD_CODEC_CONFIG,
+ 					"Invalid samples per block for IMA ADPCM compression");
++				return AF_FAIL;
+ 			}
+ 
+ 			track->f.sampleWidth = 16;

audiofile.spec

@@ -3,20 +3,33 @@
 Summary: Library for accessing various audio file formats
 Name: audiofile
 Version: 0.3.6
-Release: 9%{?dist}
+Release: 34%{?dist}
 Epoch: 1
 # library is LGPL / the two programs GPL / see README
-License: LGPLv2+ and GPLv2+
+License: LGPL-2.1-or-later and GPL-2.0-or-later
-Group: System Environment/Libraries
 Source: http://audiofile.68k.org/%{name}-%{version}.tar.gz
 URL: http://audiofile.68k.org/
+BuildRequires:  gcc-c++
 BuildRequires: libtool
 BuildRequires: alsa-lib-devel
 BuildRequires: flac-devel
+BuildRequires: make
+BuildRequires: chrpath
 # optional for rebuilding manual pages from .txt
 #BuildRequires: asciidoc
 
 Patch0: audiofile-0.3.6-CVE-2015-7747.patch
+# fixes to make build with GCC 6
+Patch1: audiofile-0.3.6-left-shift-neg.patch
+Patch2: audiofile-0.3.6-narrowing.patch
+# pull requests #42,#43,#44
+Patch3: audiofile-0.3.6-pull42.patch
+Patch4: audiofile-0.3.6-pull43.patch
+Patch5: audiofile-0.3.6-pull44.patch
+Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch
+Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch
+Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch
+Patch9: integer-overflow.patch
 
 %description
 The Audio File library is an implementation of the Audio File Library
@@ -29,7 +42,6 @@ any of the sound file formats it can handle.
 
 %package devel
 Summary: Development files for Audio File applications
-Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
 
 %description devel
@@ -39,27 +51,37 @@ other resources you can use to develop Audio File applications.
 %prep
 %setup -q
 %patch0 -p1 -b .CVE-2015-7747
+%patch1 -p1 -b .left-shift-neg
+%patch2 -p1 -b .narrowing-conversion
+%patch3 -p1 -b .pull42
+%patch4 -p1 -b .pull43
+%patch5 -p1 -b .pull44
+%patch6 -p1 -b .CVE-2018-17095
+%patch7 -p1 -b .CVE-2018-13440
+%patch8 -p1 -b .CVE-2018-13440
+%patch9 -p1 -b .integer-overflow
+
 
 %build
-%configure --disable-static
+%configure --disable-rpath
-make %{?_smp_mflags} LIBTOOL="/usr/bin/libtool"
+%make_build
 
 %install
-make DESTDIR="$RPM_BUILD_ROOT" install
+%make_install
 
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 
+chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfconvert
+chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo
 
-%check
+#%check
-%if %{make_check}
+#%if %{make_check}
-make check
+#make check
-%endif
+#%endif
 
 
-%post -p /sbin/ldconfig
+%ldconfig_scriptlets
-
-%postun -p /sbin/ldconfig
 
 
 %files
@@ -78,6 +100,85 @@ make check
 %{_mandir}/man3/*
 
 %changelog
+* Thu Mar 02 2023 Gwyn Ciesla <gwync@protonmail.com> - 1:0.3.6-34
+- migrated to SPDX license
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Sep 13 2022 Michel Alexandre Salim <salimma@fedoraproject.org> - 1:0.3.6-32
+- Rebuilt for flac 1.4.0
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-30
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu May 27 2021 Gwyn Ciesla <gwync@protonmail.com> - 1:0.3.6-28
+- Disable RPATH.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 04 2021 Timm Bäder <tbaeder@redhat.com> - 1:0.3.6-26
+- Fix a integer overflow warning with gcc and error with clang
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Oct 09 2018 Gwyn Ciesla <limburgher@gmail.com> - 1:0.3.6-21
+- Fixes for CVE-2018-13440.
+
+* Tue Oct 09 2018 Gwyn Ciesla <limburgher@gmail.com> - 1:0.3.6-20
+- Fix for CVE-2018-17095.
+
+* Mon Aug 13 2018 Leigh Scott <leigh123linux@googlemail.com> - 1:0.3.6-19
+- Fix build
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:0.3.6-17
+- Escape macros in %%changelog
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sun Mar 12 2017 Michael Schwendt <mschwendt@fedoraproject.org> - 1:0.3.6-13
+- Merge upstream pull requests #42,#43,#44 from Agostino Sarubbo to fix
+  security issues.  CVE-2017-6827, CVE-2017-6828,
+  CVE-2017-6829, CVE-2017-6830, CVE-2017-6831,
+  CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835,
+  CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Feb  3 2016 Michael Schwendt <mschwendt@fedoraproject.org> - 1:0.3.6-11
+- patch to compile with GCC 6
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
 * Thu Oct  8 2015 Michael Schwendt <mschwendt@fedoraproject.org> - 1:0.3.6-9
 - Merge fix from upstream pull request #25 for CVE-2015-7747.
   Test conversion from e.g. 16-bit LE stereo to 8-bit LE mono
@@ -235,7 +336,7 @@ make check
 - upgrade to 0.1.11.
 
 * Mon Aug 14 2000 Than Ngo <than@redhat.com>
-- add ldconfig to %post and %postun (Bug #15413)
+- add ldconfig to %%post and %%postun (Bug #15413)
 
 * Fri Aug 11 2000 Jonathan Blandford <jrb@redhat.com>
 - Up Epoch and release
@@ -268,7 +369,7 @@ make check
 - Version 0.1.6
 
 * Sun Feb 21 1999 Michael Fulbright <drmike@redhat.com>
-- Removed libtoolize from %build
+- Removed libtoolize from %%build
 
 * Wed Feb 3 1999 Jonathan Blandfor <jrb@redhat.com>
 - Newer version with bug fix.  Upped release.

fde6d79fb8363c4a329a184ef0b107156602b225.patch

@@ -0,0 +1,28 @@
+From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans@redhat.com>
+Date: Thu, 27 Sep 2018 10:48:45 +0200
+Subject: [PATCH] ModuleState: handle compress/decompress init failure
+
+When the unit initcompress or initdecompress function fails,
+m_fileModule is NULL. Return AF_FAIL in that case instead of
+causing NULL pointer dereferences later.
+
+Fixes #49
+---
+ libaudiofile/modules/ModuleState.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp
+index 0c29d7a..070fd9b 100644
+--- a/libaudiofile/modules/ModuleState.cpp
++++ b/libaudiofile/modules/ModuleState.cpp
+@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track)
+ 		m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok,
+ 			file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames);
+ 
++	if (!m_fileModule)
++		return AF_FAIL;
++
+ 	if (unit->needsRebuffer)
+ 	{
+ 		assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP);

integer-overflow.patch

@@ -0,0 +1,12 @@
+diff -ruN audiofile-0.3.6.orig/test/Sign.cpp audiofile-0.3.6/test/Sign.cpp
+--- audiofile-0.3.6.orig/test/Sign.cpp	2021-01-04 12:50:58.563336280 +0100
++++ audiofile-0.3.6/test/Sign.cpp	2021-01-04 13:00:55.536214264 +0100
+@@ -157,7 +157,7 @@
+ 	AFframecount framesRead = afReadFrames(file, AF_DEFAULT_TRACK, readData, frameCount);
+ 	ASSERT_EQ(framesRead, frameCount);
+ 	afCloseFile(file);
+-	const uint32_t expectedData[] = { 0, -kMinInt32, kMaxUInt32 };
++	const uint32_t expectedData[] = { 0, static_cast<uint32_t>(-kMinInt32), kMaxUInt32 };
+ 	for (int i=0; i<frameCount; i++)
+ 		EXPECT_EQ(readData[i], expectedData[i]);
+ }