fix incomplete patch for CVE-2015-7805

crafted AIFF header

.gitignore

@@ -1,9 +1 @@
-libsndfile-1.0.21.tar.gz
-/libsndfile-1.0.22.tar.gz
-/libsndfile-1.0.23.tar.gz
-/libsndfile-1.0.24.tar.gz
-/libsndfile-1.0.25.tar.gz
-/libsndfile-1.0.27.tar.gz
-/libsndfile-1.0.28.tar.gz
-/libsndfile-1.0.31.tar.bz2
-/libsndfile-1.1.0.tar.xz
+libsndfile-1.0.17.tar.gz

libsndfile-1.0.17+flac-1.1.3.patch

@@ -0,0 +1,478 @@
+diff -ru libsndfile-1.0.17/configure.ac libsndfile-1.0.17-b2/configure.ac
+--- libsndfile-1.0.17/configure.ac	2006-08-31 02:39:37.000000000 -0700
++++ libsndfile-1.0.17-b2/configure.ac	2006-10-27 08:54:45.000000000 -0700
+@@ -339,7 +339,8 @@
+ 		if test "x$HAVE_FLAC_1_1_1" = xyes ; then
+ 			AC_DEFINE(HAVE_FLAC_1_1_1, [1], [Define to 1 if you have libflac 1.1.1])
+ 			fi
+-		FLAC_LIBS="-lFLAC"
++		# in FLAC 1.1.3 libOggFLAC was merged into libFLAC, hence we need -logg
++		FLAC_LIBS="-lFLAC -logg"
+ 		fi
+ 	fi
+ 
+diff -ru libsndfile-1.0.17/src/flac.c libsndfile-1.0.17-b2/src/flac.c
+--- libsndfile-1.0.17/src/flac.c	2006-08-31 02:22:19.000000000 -0700
++++ libsndfile-1.0.17-b2/src/flac.c	2006-10-27 08:47:36.000000000 -0700
+@@ -46,6 +46,13 @@
+ #include	"sfendian.h"
+ #include	"float_cast.h"
+ 
++/* FLAC 1.1.3 has FLAC_API_VERSION_CURRENT == 8 */
++#if !defined(FLAC_API_VERSION_CURRENT) || FLAC_API_VERSION_CURRENT < 8
++#define LEGACY_FLAC
++#else
++#undef LEGACY_FLAC
++#endif
++
+ /*------------------------------------------------------------------------------
+ ** Private static functions.
+ */
+@@ -60,8 +67,14 @@
+ } PFLAC_PCM ;
+ 
+ typedef struct
+-{	FLAC__SeekableStreamDecoder *fsd ;
++{
++#ifdef LEGACY_FLAC
++	FLAC__SeekableStreamDecoder *fsd ;
+ 	FLAC__SeekableStreamEncoder *fse ;
++#else
++	FLAC__StreamDecoder *fsd ;
++	FLAC__StreamEncoder *fse ;
++#endif
+ 	PFLAC_PCM pcmtype ;
+ 	void* ptr ;
+ 	unsigned pos, len, remain ;
+@@ -108,6 +121,7 @@
+ static int flac_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+ 
+ /* Decoder Callbacks */
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamDecoderReadStatus sf_flac_read_callback (const FLAC__SeekableStreamDecoder *decoder, FLAC__byte buffer [], unsigned *bytes, void *client_data) ;
+ static FLAC__SeekableStreamDecoderSeekStatus sf_flac_seek_callback (const FLAC__SeekableStreamDecoder *decoder, FLAC__uint64 absolute_byte_offset, void *client_data) ;
+ static FLAC__SeekableStreamDecoderTellStatus sf_flac_tell_callback (const FLAC__SeekableStreamDecoder *decoder, FLAC__uint64 *absolute_byte_offset, void *client_data) ;
+@@ -116,13 +130,29 @@
+ static FLAC__StreamDecoderWriteStatus sf_flac_write_callback (const FLAC__SeekableStreamDecoder *decoder, const FLAC__Frame *frame, const FLAC__int32 * const buffer [], void *client_data) ;
+ static void sf_flac_meta_callback (const FLAC__SeekableStreamDecoder *decoder, const FLAC__StreamMetadata *metadata, void *client_data) ;
+ static void sf_flac_error_callback (const FLAC__SeekableStreamDecoder *decoder, FLAC__StreamDecoderErrorStatus status, void *client_data) ;
++#else
++static FLAC__StreamDecoderReadStatus sf_flac_read_callback (const FLAC__StreamDecoder *decoder, FLAC__byte buffer [], size_t *bytes, void *client_data) ;
++static FLAC__StreamDecoderSeekStatus sf_flac_seek_callback (const FLAC__StreamDecoder *decoder, FLAC__uint64 absolute_byte_offset, void *client_data) ;
++static FLAC__StreamDecoderTellStatus sf_flac_tell_callback (const FLAC__StreamDecoder *decoder, FLAC__uint64 *absolute_byte_offset, void *client_data) ;
++static FLAC__StreamDecoderLengthStatus sf_flac_length_callback (const FLAC__StreamDecoder *decoder, FLAC__uint64 *stream_length, void *client_data) ;
++static FLAC__bool sf_flac_eof_callback (const FLAC__StreamDecoder *decoder, void *client_data) ;
++static FLAC__StreamDecoderWriteStatus sf_flac_write_callback (const FLAC__StreamDecoder *decoder, const FLAC__Frame *frame, const FLAC__int32 * const buffer [], void *client_data) ;
++static void sf_flac_meta_callback (const FLAC__StreamDecoder *decoder, const FLAC__StreamMetadata *metadata, void *client_data) ;
++static void sf_flac_error_callback (const FLAC__StreamDecoder *decoder, FLAC__StreamDecoderErrorStatus status, void *client_data) ;
++#endif
+ 
+ /* Encoder Callbacks */
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamEncoderSeekStatus sf_flac_enc_seek_callback (const FLAC__SeekableStreamEncoder *encoder, FLAC__uint64 absolute_byte_offset, void *client_data) ;
+ #ifdef HAVE_FLAC_1_1_1
+ static FLAC__SeekableStreamEncoderTellStatus sf_flac_enc_tell_callback (const FLAC__SeekableStreamEncoder *encoder, FLAC__uint64 *absolute_byte_offset, void *client_data) ;
+ #endif
+ static FLAC__StreamEncoderWriteStatus sf_flac_enc_write_callback (const FLAC__SeekableStreamEncoder *encoder, const FLAC__byte buffer [], unsigned bytes, unsigned samples, unsigned current_frame, void *client_data) ;
++#else
++static FLAC__StreamEncoderSeekStatus sf_flac_enc_seek_callback (const FLAC__StreamEncoder *encoder, FLAC__uint64 absolute_byte_offset, void *client_data) ;
++static FLAC__StreamEncoderTellStatus sf_flac_enc_tell_callback (const FLAC__StreamEncoder *encoder, FLAC__uint64 *absolute_byte_offset, void *client_data) ;
++static FLAC__StreamEncoderWriteStatus sf_flac_enc_write_callback (const FLAC__StreamEncoder *encoder, const FLAC__byte buffer [], size_t bytes, unsigned samples, unsigned current_frame, void *client_data) ;
++#endif
+ 
+ static const int legal_sample_rates [] =
+ {	8000, 16000, 22050, 24000, 32000, 44100, 48000, 96000
+@@ -283,51 +313,99 @@
+ } /* flac_buffer_copy */
+ 
+ 
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamDecoderReadStatus
+ sf_flac_read_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), FLAC__byte buffer [], unsigned *bytes, void *client_data)
++#else
++static FLAC__StreamDecoderReadStatus
++sf_flac_read_callback (const FLAC__StreamDecoder * UNUSED (decoder), FLAC__byte buffer [], size_t *bytes, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	*bytes = psf_fread (buffer, 1, *bytes, psf) ;
+ 	if (*bytes > 0 && psf->error == 0)
++#ifdef LEGACY_FLAC
+ 		return FLAC__SEEKABLE_STREAM_DECODER_READ_STATUS_OK ;
+ 
+     return FLAC__SEEKABLE_STREAM_DECODER_READ_STATUS_ERROR ;
++#else
++		return FLAC__STREAM_DECODER_READ_STATUS_CONTINUE ;
++
++    return FLAC__STREAM_DECODER_READ_STATUS_ABORT ;
++#endif
+ } /* sf_flac_read_callback */
+ 
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamDecoderSeekStatus
+ sf_flac_seek_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), FLAC__uint64 absolute_byte_offset, void *client_data)
++#else
++static FLAC__StreamDecoderSeekStatus
++sf_flac_seek_callback (const FLAC__StreamDecoder * UNUSED (decoder), FLAC__uint64 absolute_byte_offset, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	psf_fseek (psf, absolute_byte_offset, SEEK_SET) ;
+ 	if (psf->error)
++#ifdef LEGACY_FLAC
+ 		return FLAC__SEEKABLE_STREAM_DECODER_SEEK_STATUS_ERROR ;
+ 
+ 	return FLAC__SEEKABLE_STREAM_DECODER_SEEK_STATUS_OK ;
++#else
++		return FLAC__STREAM_DECODER_SEEK_STATUS_ERROR ;
++
++	return FLAC__STREAM_DECODER_SEEK_STATUS_OK ;
++#endif
+ } /* sf_flac_seek_callback */
+ 
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamDecoderTellStatus
+ sf_flac_tell_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), FLAC__uint64 *absolute_byte_offset, void *client_data)
++#else
++static FLAC__StreamDecoderTellStatus
++sf_flac_tell_callback (const FLAC__StreamDecoder * UNUSED (decoder), FLAC__uint64 *absolute_byte_offset, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	*absolute_byte_offset = psf_ftell (psf) ;
+ 	if (psf->error)
++#ifdef LEGACY_FLAC
+ 		return FLAC__SEEKABLE_STREAM_DECODER_TELL_STATUS_ERROR ;
+ 
+ 	return FLAC__SEEKABLE_STREAM_DECODER_TELL_STATUS_OK ;
++#else
++		return FLAC__STREAM_DECODER_TELL_STATUS_ERROR ;
++
++	return FLAC__STREAM_DECODER_TELL_STATUS_OK ;
++#endif
+ } /* sf_flac_tell_callback */
+ 
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamDecoderLengthStatus
+ sf_flac_length_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), FLAC__uint64 *stream_length, void *client_data)
++#else
++static FLAC__StreamDecoderLengthStatus
++sf_flac_length_callback (const FLAC__StreamDecoder * UNUSED (decoder), FLAC__uint64 *stream_length, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	if ((*stream_length = psf->filelength) == 0)
++#ifdef LEGACY_FLAC
+ 		return FLAC__SEEKABLE_STREAM_DECODER_LENGTH_STATUS_ERROR ;
+ 
+ 	return FLAC__SEEKABLE_STREAM_DECODER_LENGTH_STATUS_OK ;
++#else
++		return FLAC__STREAM_DECODER_LENGTH_STATUS_ERROR ;
++
++	return FLAC__STREAM_DECODER_LENGTH_STATUS_OK ;
++#endif
+ } /* sf_flac_length_callback */
+ 
+ static FLAC__bool
++#ifdef LEGACY_FLAC
+ sf_flac_eof_callback (const FLAC__SeekableStreamDecoder *UNUSED (decoder), void *client_data)
++#else
++sf_flac_eof_callback (const FLAC__StreamDecoder *UNUSED (decoder), void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	if (psf_ftell (psf) == psf->filelength)
+@@ -337,7 +415,11 @@
+ } /* sf_flac_eof_callback */
+ 
+ static FLAC__StreamDecoderWriteStatus
++#ifdef LEGACY_FLAC
+ sf_flac_write_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), const FLAC__Frame *frame, const FLAC__int32 * const buffer [], void *client_data)
++#else
++sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__Frame *frame, const FLAC__int32 * const buffer [], void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 	FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ;
+ 
+@@ -353,7 +435,11 @@
+ } /* sf_flac_write_callback */
+ 
+ static void
++#ifdef LEGACY_FLAC
+ sf_flac_meta_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), const FLAC__StreamMetadata *metadata, void *client_data)
++#else
++sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__StreamMetadata *metadata, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	switch (metadata->type)
+@@ -387,7 +473,11 @@
+ } /* sf_flac_meta_callback */
+ 
+ static void
++#ifdef LEGACY_FLAC
+ sf_flac_error_callback (const FLAC__SeekableStreamDecoder * UNUSED (decoder), FLAC__StreamDecoderErrorStatus status, void *client_data)
++#else
++sf_flac_error_callback (const FLAC__StreamDecoder * UNUSED (decoder), FLAC__StreamDecoderErrorStatus status, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	psf_log_printf (psf, "ERROR : %s\n", FLAC__StreamDecoderErrorStatusString [status]) ;
+@@ -407,17 +497,29 @@
+ 	return ;
+ } /* sf_flac_error_callback */
+ 
++#ifdef LEGACY_FLAC
+ static FLAC__SeekableStreamEncoderSeekStatus
+ sf_flac_enc_seek_callback (const FLAC__SeekableStreamEncoder * UNUSED (encoder), FLAC__uint64 absolute_byte_offset, void *client_data)
++#else
++static FLAC__StreamEncoderSeekStatus
++sf_flac_enc_seek_callback (const FLAC__StreamEncoder * UNUSED (encoder), FLAC__uint64 absolute_byte_offset, void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	psf_fseek (psf, absolute_byte_offset, SEEK_SET) ;
+ 	if (psf->error)
++#ifdef LEGACY_FLAC
+ 		return FLAC__SEEKABLE_STREAM_ENCODER_SEEK_STATUS_ERROR ;
+ 
+     return FLAC__SEEKABLE_STREAM_ENCODER_SEEK_STATUS_OK ;
++#else
++		return FLAC__STREAM_ENCODER_SEEK_STATUS_ERROR ;
++
++    return FLAC__STREAM_ENCODER_SEEK_STATUS_OK ;
++#endif
+ } /* sf_flac_enc_seek_callback */
+ 
++#ifdef LEGACY_FLAC
+ #ifdef HAVE_FLAC_1_1_1
+ static FLAC__SeekableStreamEncoderTellStatus
+ sf_flac_enc_tell_callback (const FLAC__SeekableStreamEncoder *UNUSED (encoder), FLAC__uint64 *absolute_byte_offset, void *client_data)
+@@ -430,9 +532,25 @@
+ 	return FLAC__SEEKABLE_STREAM_ENCODER_TELL_STATUS_OK ;
+ } /* sf_flac_enc_tell_callback */
+ #endif
++#else
++static FLAC__StreamEncoderTellStatus
++sf_flac_enc_tell_callback (const FLAC__StreamEncoder *UNUSED (encoder), FLAC__uint64 *absolute_byte_offset, void *client_data)
++{	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
++
++	*absolute_byte_offset = psf_ftell (psf) ;
++	if (psf->error)
++		return FLAC__STREAM_ENCODER_TELL_STATUS_ERROR ;
++
++	return FLAC__STREAM_ENCODER_TELL_STATUS_OK ;
++} /* sf_flac_enc_tell_callback */
++#endif
+ 
+ static FLAC__StreamEncoderWriteStatus
++#ifdef LEGACY_FLAC
+ sf_flac_enc_write_callback (const FLAC__SeekableStreamEncoder * UNUSED (encoder), const FLAC__byte buffer [], unsigned bytes, unsigned UNUSED (samples), unsigned UNUSED (current_frame), void *client_data)
++#else
++sf_flac_enc_write_callback (const FLAC__StreamEncoder * UNUSED (encoder), const FLAC__byte buffer [], size_t bytes, unsigned UNUSED (samples), unsigned UNUSED (current_frame), void *client_data)
++#endif
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+ 
+ 	if (psf_fwrite (buffer, 1, bytes, psf) == bytes && psf->error == 0)
+@@ -509,15 +627,27 @@
+ 		return 0 ;
+ 
+ 	if (psf->mode == SFM_WRITE)
+-	{	FLAC__seekable_stream_encoder_finish (pflac->fse) ;
++	{
++#ifdef LEGACY_FLAC
++		FLAC__seekable_stream_encoder_finish (pflac->fse) ;
+ 		FLAC__seekable_stream_encoder_delete (pflac->fse) ;
++#else
++		FLAC__stream_encoder_finish (pflac->fse) ;
++		FLAC__stream_encoder_delete (pflac->fse) ;
++#endif
+ 		if (pflac->encbuffer)
+ 			free (pflac->encbuffer) ;
+ 		} ;
+ 
+ 	if (psf->mode == SFM_READ)
+-	{	FLAC__seekable_stream_decoder_finish (pflac->fsd) ;
++	{
++#ifdef LEGACY_FLAC
++		FLAC__seekable_stream_decoder_finish (pflac->fsd) ;
+ 		FLAC__seekable_stream_decoder_delete (pflac->fsd) ;
++#else
++		FLAC__stream_decoder_finish (pflac->fsd) ;
++		FLAC__stream_decoder_delete (pflac->fsd) ;
++#endif
+ 		} ;
+ 
+ 	for (k = 0 ; k < ARRAY_LEN (pflac->rbuffer) ; k++)
+@@ -546,17 +676,6 @@
+ 		return SFE_FLAC_BAD_SAMPLE_RATE ;
+ 
+ 	psf_fseek (psf, 0, SEEK_SET) ;
+-	if ((pflac->fse = FLAC__seekable_stream_encoder_new ()) == NULL)
+-		return SFE_FLAC_NEW_DECODER ;
+-	FLAC__seekable_stream_encoder_set_write_callback (pflac->fse, sf_flac_enc_write_callback) ;
+-	FLAC__seekable_stream_encoder_set_seek_callback (pflac->fse, sf_flac_enc_seek_callback) ;
+-
+-#ifdef HAVE_FLAC_1_1_1
+-	FLAC__seekable_stream_encoder_set_tell_callback (pflac->fse, sf_flac_enc_tell_callback) ;
+-#endif
+-	FLAC__seekable_stream_encoder_set_client_data (pflac->fse, psf) ;
+-	FLAC__seekable_stream_encoder_set_channels (pflac->fse, psf->sf.channels) ;
+-	FLAC__seekable_stream_encoder_set_sample_rate (pflac->fse, psf->sf.samplerate) ;
+ 
+ 	switch (psf->sf.format & SF_FORMAT_SUBMASK)
+ 	{	case SF_FORMAT_PCM_S8 :
+@@ -574,12 +693,36 @@
+ 			break ;
+ 		} ;
+ 
++#ifdef LEGACY_FLAC
++	if ((pflac->fse = FLAC__seekable_stream_encoder_new ()) == NULL)
++		return SFE_FLAC_NEW_DECODER ;
++	FLAC__seekable_stream_encoder_set_write_callback (pflac->fse, sf_flac_enc_write_callback) ;
++	FLAC__seekable_stream_encoder_set_seek_callback (pflac->fse, sf_flac_enc_seek_callback) ;
++
++#ifdef HAVE_FLAC_1_1_1
++	FLAC__seekable_stream_encoder_set_tell_callback (pflac->fse, sf_flac_enc_tell_callback) ;
++#endif
++	FLAC__seekable_stream_encoder_set_client_data (pflac->fse, psf) ;
++	FLAC__seekable_stream_encoder_set_channels (pflac->fse, psf->sf.channels) ;
++	FLAC__seekable_stream_encoder_set_sample_rate (pflac->fse, psf->sf.samplerate) ;
+ 	FLAC__seekable_stream_encoder_set_bits_per_sample (pflac->fse, bps) ;
+ 
+ 	if ((bps = FLAC__seekable_stream_encoder_init (pflac->fse)) != FLAC__SEEKABLE_STREAM_DECODER_OK)
+ 	{	psf_log_printf (psf, "Error : FLAC encoder init returned error : %s\n", FLAC__seekable_stream_encoder_get_resolved_state_string (pflac->fse)) ;
+ 		return SFE_FLAC_INIT_DECODER ;
+ 		} ;
++#else
++	if ((pflac->fse = FLAC__stream_encoder_new ()) == NULL)
++		return SFE_FLAC_NEW_DECODER ;
++	FLAC__stream_encoder_set_channels (pflac->fse, psf->sf.channels) ;
++	FLAC__stream_encoder_set_sample_rate (pflac->fse, psf->sf.samplerate) ;
++	FLAC__stream_encoder_set_bits_per_sample (pflac->fse, bps) ;
++
++	if ((bps = FLAC__stream_encoder_init_stream (pflac->fse, sf_flac_enc_write_callback, sf_flac_enc_seek_callback, sf_flac_enc_tell_callback, NULL, psf)) != FLAC__STREAM_DECODER_INIT_STATUS_OK)
++	{	psf_log_printf (psf, "Error : FLAC encoder init returned error : %s\n", FLAC__StreamEncoderInitStatusString[bps]) ;
++		return SFE_FLAC_INIT_DECODER ;
++		} ;
++#endif
+ 
+ 	if (psf->error == 0)
+ 		psf->dataoffset = psf_ftell (psf) ;
+@@ -593,6 +736,7 @@
+ {	FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ;
+ 
+ 	psf_fseek (psf, 0, SEEK_SET) ;
++#ifdef LEGACY_FLAC
+ 	if ((pflac->fsd = FLAC__seekable_stream_decoder_new ()) == NULL)
+ 		return SFE_FLAC_NEW_DECODER ;
+ 
+@@ -610,9 +754,22 @@
+ 		return SFE_FLAC_INIT_DECODER ;
+ 
+ 	FLAC__seekable_stream_decoder_process_until_end_of_metadata (pflac->fsd) ;
++#else
++	if ((pflac->fsd = FLAC__stream_decoder_new ()) == NULL)
++		return SFE_FLAC_NEW_DECODER ;
++
++	if (FLAC__stream_decoder_init_stream (pflac->fsd, sf_flac_read_callback, sf_flac_seek_callback, sf_flac_tell_callback, sf_flac_length_callback, sf_flac_eof_callback, sf_flac_write_callback, sf_flac_meta_callback, sf_flac_error_callback, psf) != FLAC__STREAM_DECODER_INIT_STATUS_OK)
++		return SFE_FLAC_INIT_DECODER ;
++
++	FLAC__stream_decoder_process_until_end_of_metadata (pflac->fsd) ;
++#endif
+ 	if (psf->error == 0)
+ 	{	FLAC__uint64 position ;
++#ifdef LEGACY_FLAC
+ 		FLAC__seekable_stream_decoder_get_decode_position (pflac->fsd, &position) ;
++#else
++		FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ;
++#endif
+ 		psf->dataoffset = position ;
+ 		} ;
+ 
+@@ -676,10 +833,18 @@
+ 		flac_buffer_copy (psf) ;
+ 
+ 	while (pflac->pos < pflac->len)
+-	{	if (FLAC__seekable_stream_decoder_process_single (pflac->fsd) == 0)
++	{
++#ifdef LEGACY_FLAC
++		if (FLAC__seekable_stream_decoder_process_single (pflac->fsd) == 0)
+ 			break ;
+ 		if (FLAC__seekable_stream_decoder_get_state (pflac->fsd) != FLAC__SEEKABLE_STREAM_DECODER_OK)
+ 			break ;
++#else
++		if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++			break ;
++		if (FLAC__stream_decoder_get_state (pflac->fsd) >= FLAC__STREAM_DECODER_END_OF_STREAM)
++			break ;
++#endif
+ 		} ;
+ 
+ 	pflac->ptr = NULL ;
+@@ -795,7 +960,11 @@
+ 	while (len > 0)
+ 	{	writecount = (len >= bufferlen) ? bufferlen : (int) len ;
+ 		convert (ptr + total, buffer, writecount) ;
++#ifdef LEGACY_FLAC
+ 		if (FLAC__seekable_stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#else
++		if (FLAC__stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#endif
+ 			thiswrite = writecount ;
+ 		else
+ 			break ;
+@@ -837,7 +1006,11 @@
+ 	while (len > 0)
+ 	{	writecount = (len >= bufferlen) ? bufferlen : (int) len ;
+ 		convert (ptr + total, buffer, writecount) ;
++#ifdef LEGACY_FLAC
+ 		if (FLAC__seekable_stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#else
++		if (FLAC__stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#endif
+ 			thiswrite = writecount ;
+ 		else
+ 			break ;
+@@ -879,7 +1052,11 @@
+ 	while (len > 0)
+ 	{	writecount = (len >= bufferlen) ? bufferlen : (int) len ;
+ 		convert (ptr + total, buffer, writecount, psf->norm_float) ;
++#ifdef LEGACY_FLAC
+ 		if (FLAC__seekable_stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#else
++		if (FLAC__stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#endif
+ 			thiswrite = writecount ;
+ 		else
+ 			break ;
+@@ -1011,7 +1188,11 @@
+ 	while (len > 0)
+ 	{	writecount = (len >= bufferlen) ? bufferlen : (int) len ;
+ 		convert (ptr + total, buffer, writecount, psf->norm_double) ;
++#ifdef LEGACY_FLAC
+ 		if (FLAC__seekable_stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#else
++		if (FLAC__stream_encoder_process_interleaved (pflac->fse, buffer, writecount/psf->sf.channels))
++#endif
+ 			thiswrite = writecount ;
+ 		else
+ 			break ;
+@@ -1131,10 +1312,17 @@
+ 
+ 	if (psf->mode == SFM_READ)
+ 	{	FLAC__uint64 position ;
++#ifdef LEGACY_FLAC
+ 		if (FLAC__seekable_stream_decoder_seek_absolute (pflac->fsd, offset))
+ 		{	FLAC__seekable_stream_decoder_get_decode_position (pflac->fsd, &position) ;
+ 			return offset ;
+ 			} ;
++#else
++		if (FLAC__stream_decoder_seek_absolute (pflac->fsd, offset))
++		{	FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ;
++			return offset ;
++			} ;
++#endif
+ 
+ 		return ((sf_count_t) -1) ;
+ 		} ;

libsndfile-1.0.17-channels-per-frame-overflow.patch

@@ -0,0 +1,16 @@
+diff -up libsndfile-1.0.17/src/caf.c.orig libsndfile-1.0.17/src/caf.c
+--- libsndfile-1.0.17/src/caf.c.orig	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/caf.c	2010-07-07 15:25:35.579607380 +0200
+@@ -282,6 +282,11 @@ caf_read_header (SF_PRIVATE *psf)
+ 			"  Frames / packet  : %u\n  Channels / frame : %u\n  Bits / channel   : %u\n",
+ 			desc.fmt_id, desc.fmt_flags, desc.pkt_bytes, desc.pkt_frames, desc.channels_per_frame, desc.bits_per_chan) ;
+ 
++	if (desc.channels_per_frame > 200)
++	{       psf_log_printf (psf, "**** Bad channels per frame value %u.\n", desc.channels_per_frame) ;
++		return SFE_MALFORMED_FILE ;
++		} ;
++
+ 	if (chunk_size > SIGNED_SIZEOF (DESC_CHUNK))
+ 		psf_binheader_readf (psf, "j", (int) (chunk_size - sizeof (DESC_CHUNK))) ;
+ 
+

libsndfile-1.0.17-flac-buffer-overflow.patch

@@ -0,0 +1,40 @@
+Index: libsndfile-1.0.17/src/flac.c
+===================================================================
+--- libsndfile-1.0.17.orig/src/flac.c
++++ libsndfile-1.0.17/src/flac.c
+@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf)
+ ** Private static functions.
+ */
+ 
+-#define ENC_BUFFER_SIZE 4096
++#define ENC_BUFFER_SIZE 8192
+ 
+ typedef enum
+ {	PFLAC_PCM_SHORT = 0,
+@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const FLAC__int32* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset ;
+ 
++	/*
++	**	frame->header.blocksize is variable and we're using a constant blocksize
++	**	of FLAC__MAX_BLOCK_SIZE.
++	**	Check our assumptions here.
++	*/
++	if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
++	{	psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
++		psf->error = SFE_INTERNAL ;
++		return 0 ;
++		} ;
++
+ 	if (pflac->ptr == NULL)
+ 	{	/*
+ 		**	Not sure why this code is here and not elsewhere.
+@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		pflac->bufferbackup = SF_TRUE ;
+ 		for (i = 0 ; i < frame->header.channels ; i++)
+ 		{	if (pflac->rbuffer [i] == NULL)
+-				pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
++				pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
+ 			memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
+ 			} ;
+ 		pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;

libsndfile-1.0.17-r1305,1610.patch

@@ -0,0 +1,91 @@
+diff -U0 libsndfile-1.0.17/ChangeLog.r1610 libsndfile-1.0.17/ChangeLog
+--- libsndfile-1.0.17/ChangeLog.r1610	2006-08-31 11:39:36.000000000 +0200
++++ libsndfile-1.0.17/ChangeLog	2011-07-14 15:20:10.566469047 +0200
+@@ -0,0 +1,11 @@
++2011-07-05  Erik de Castro Lopo  <erikd AT mega-nerd DOT com>
++
++    * src/paf.c src/common.h src/sndfile.c
++    Fix for Secunia Advisory SA45125, heap overflow (heap gets overwritten with
++    byte value of 0) due to integer overflow if PAF file handler.
++
++2009-03-15  Erik de Castro Lopo  <erikd AT mega-nerd DOT com>
++
++    * src/common.h src/caf.c src/sndfile.c
++    Add SF_MAX_CHANNELS (set to 256) and use it.
++
+diff -up libsndfile-1.0.17/src/caf.c.r1610 libsndfile-1.0.17/src/caf.c
+--- libsndfile-1.0.17/src/caf.c.r1610	2011-07-14 15:20:10.550468873 +0200
++++ libsndfile-1.0.17/src/caf.c	2011-07-14 15:20:10.567469058 +0200
+@@ -282,7 +282,7 @@ caf_read_header (SF_PRIVATE *psf)
+ 			"  Frames / packet  : %u\n  Channels / frame : %u\n  Bits / channel   : %u\n",
+ 			desc.fmt_id, desc.fmt_flags, desc.pkt_bytes, desc.pkt_frames, desc.channels_per_frame, desc.bits_per_chan) ;
+ 
+-	if (desc.channels_per_frame > 200)
++	if (desc.channels_per_frame > SF_MAX_CHANNELS)
+ 	{       psf_log_printf (psf, "**** Bad channels per frame value %u.\n", desc.channels_per_frame) ;
+ 		return SFE_MALFORMED_FILE ;
+ 		} ;
+diff -up libsndfile-1.0.17/src/common.h.r1610 libsndfile-1.0.17/src/common.h
+--- libsndfile-1.0.17/src/common.h.r1610	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/common.h	2011-07-14 15:20:10.568469068 +0200
+@@ -75,6 +75,8 @@
+ #define		SF_MAX(a,b)		((a) > (b) ? (a) : (b))
+ #define		SF_MIN(a,b)		((a) < (b) ? (a) : (b))
+ 
++#define		SF_MAX_CHANNELS	256
++
+ enum
+ {	/* PEAK chunk location. */
+ 	SF_PEAK_START		= 42,
+@@ -454,6 +456,7 @@ enum
+ 	SFE_PAF_VERSION,
+ 	SFE_PAF_UNKNOWN_FORMAT,
+ 	SFE_PAF_SHORT_HEADER,
++	SFE_PAF_BAD_CHANNELS,
+ 
+ 	SFE_SVX_NO_FORM,
+ 	SFE_SVX_NO_BODY,
+diff -up libsndfile-1.0.17/src/paf.c.r1610 libsndfile-1.0.17/src/paf.c
+--- libsndfile-1.0.17/src/paf.c.r1610	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/paf.c	2011-07-14 15:20:10.559468971 +0200
+@@ -163,6 +163,9 @@ paf_read_header	(SF_PRIVATE *psf)
+ {	PAF_FMT		paf_fmt ;
+ 	int			marker ;
+ 
++	if (psf->filelength < PAF_HEADER_LENGTH)
++		return SFE_PAF_SHORT_HEADER ;
++
+ 	memset (&paf_fmt, 0, sizeof (paf_fmt)) ;
+ 	psf_binheader_readf (psf, "pm", 0, &marker) ;
+ 
+@@ -199,8 +202,8 @@ paf_read_header	(SF_PRIVATE *psf)
+ 		psf->endian = SF_ENDIAN_BIG ;
+ 		} ;
+ 
+-	if (psf->filelength < PAF_HEADER_LENGTH)
+-		return SFE_PAF_SHORT_HEADER ;
++	if (paf_fmt.channels > SF_MAX_CHANNELS)
++		return SFE_PAF_BAD_CHANNELS ;
+ 
+ 	psf->datalength = psf->filelength - psf->dataoffset ;
+ 
+diff -up libsndfile-1.0.17/src/sndfile.c.r1610 libsndfile-1.0.17/src/sndfile.c
+--- libsndfile-1.0.17/src/sndfile.c.r1610	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/sndfile.c	2011-07-14 15:20:10.571469100 +0200
+@@ -146,6 +146,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_PAF_VERSION			, "Error in PAF file, bad version." },
+ 	{	SFE_PAF_UNKNOWN_FORMAT	, "Error in PAF file, unknown format." },
+ 	{	SFE_PAF_SHORT_HEADER	, "Error in PAF file. File shorter than minimal header." },
++	{	SFE_PAF_BAD_CHANNELS	, "Error in PAF file. Bad channel count." },
+ 
+ 	{	SFE_SVX_NO_FORM			, "Error in 8SVX / 16SV file, no 'FORM' marker." },
+ 	{	SFE_SVX_NO_BODY			, "Error in 8SVX / 16SV file, no 'BODY' marker." },
+@@ -560,7 +561,7 @@ sf_format_check	(const SF_INFO *info)
+ 	** Return 0 on failure, 1 ons success.
+ 	*/
+ 
+-	if (info->channels < 1 || info->channels > 256)
++	if (info->channels < 1 || info->channels > SF_MAX_CHANNELS)
+ 		return 0 ;
+ 
+ 	if (info->samplerate < 0)

libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch

@@ -0,0 +1,22 @@
+From 53c9f0bcaf20203bb4ee56da760a6e5118e6f93b Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Mon, 9 Nov 2015 19:18:48 +1100
+Subject: [PATCH] src/common.c: Pull fix from 1.0.25
+
+---
+ src/common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common.c b/src/common.c
+index c6b88cc..830c43e 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -805,7 +805,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
+ 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
+ 	{	int most ;
+ 
+-		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
++		most = SIGNED_SIZEOF (psf->header) - psf->headend ;
+ 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
+ 		memcpy (ptr, psf->header + psf->headend, most) ;
+ 		psf->headend = psf->headindex += most ;

libsndfile-1.0.25-cve2014_9496.patch

@@ -0,0 +1,51 @@
+diff -up libsndfile-1.0.25/src/sd2.c.cve2014_9496 libsndfile-1.0.25/src/sd2.c
+--- libsndfile-1.0.25/src/sd2.c.cve2014_9496	2011-01-19 11:10:36.000000000 +0100
++++ libsndfile-1.0.25/src/sd2.c	2015-01-13 17:00:35.920285526 +0100
+@@ -395,6 +395,21 @@ read_marker (const unsigned char * data,
+ 		return 0x666 ;
+ } /* read_marker */
+ 
++static inline int
++read_rsrc_marker (const SD2_RSRC *prsrc, int offset)
++{	const unsigned char * data = prsrc->rsrc_data ;
++
++	if (offset < 0 || offset + 3 >= prsrc->rsrc_len)
++		return 0 ;
++
++	if (CPU_IS_BIG_ENDIAN)
++		return (((uint32_t) data [offset]) << 24) + (data [offset + 1] << 16) + (data [offset + 2] << 8) + data [offset + 3] ;
++	if (CPU_IS_LITTLE_ENDIAN)
++		return data [offset] + (data [offset + 1] << 8) + (data [offset + 2] << 16) + (((uint32_t) data [offset + 3]) << 24) ;
++
++	return 0 ;
++} /* read_rsrc_marker */
++
+ static void
+ read_str (const unsigned char * data, int offset, char * buffer, int buffer_len)
+ {	int k ;
+@@ -496,6 +511,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
+ 
+ 	rsrc.type_offset = rsrc.map_offset + 30 ;
+ 
++	if (rsrc.map_offset + 28 > rsrc.rsrc_len)
++	{       psf_log_printf (psf, "Bad map offset.\n") ;
++		goto parse_rsrc_fork_cleanup ;
++		} ;
++
+ 	rsrc.type_count = read_short (rsrc.rsrc_data, rsrc.map_offset + 28) + 1 ;
+ 	if (rsrc.type_count < 1)
+ 	{	psf_log_printf (psf, "Bad type count.\n") ;
+@@ -512,7 +532,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
+ 
+ 	rsrc.str_index = -1 ;
+ 	for (k = 0 ; k < rsrc.type_count ; k ++)
+-	{	marker = read_marker (rsrc.rsrc_data, rsrc.type_offset + k * 8) ;
++	{	if (rsrc.type_offset + k * 8 > rsrc.rsrc_len)
++		{	psf_log_printf (psf, "Bad rsrc marker.\n") ;
++			goto parse_rsrc_fork_cleanup ;
++			} ;
++
++		marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
+ 
+ 		if (marker == STR_MARKER)
+ 		{	rsrc.str_index = k ;

libsndfile-1.0.25-d2a87385c1ca1d72918e9a2875d24f202a5093e8.patch

@@ -0,0 +1,89 @@
+From d2a87385c1ca1d72918e9a2875d24f202a5093e8 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Sat, 7 Feb 2015 15:45:10 +1100
+Subject: [PATCH] src/common.c : Fix a header parsing bug.
+
+When the file header is bigger that SF_HEADER_LEN, the code would seek
+instead of reading causing file parse errors.
+
+The current header parsing and writing code *badly* needs a re-write.
+---
+ src/common.c | 27 +++++++++++----------------
+ 1 file changed, 11 insertions(+), 16 deletions(-)
+
+diff -up libsndfile-1.0.17/src/common.c.d2a87385c1ca1d72918e9a2875d24f202a5093e8 libsndfile-1.0.17/src/common.c
+--- libsndfile-1.0.17/src/common.c.d2a87385c1ca1d72918e9a2875d24f202a5093e8	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/common.c	2015-11-06 20:47:43.080091853 +0100
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2006 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2015 Erik de Castro Lopo <erikd@mega-nerd.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+ ** it under the terms of the GNU Lesser General Public License as published by
+@@ -800,21 +800,16 @@ header_read (SF_PRIVATE *psf, void *ptr,
+ {	int count = 0 ;
+ 
+ 	if (psf->headindex >= SIGNED_SIZEOF (psf->header))
+-	{	memset (ptr, 0, SIGNED_SIZEOF (psf->header) - psf->headindex) ;
+-
+-		/* This is the best that we can do. */
+-		psf_fseek (psf, bytes, SEEK_CUR) ;
+-		return bytes ;
+-		} ;
++		return psf_fread (ptr, 1, bytes, psf) ;
+ 
+ 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
+ 	{	int most ;
+ 
+ 		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
+ 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
+-		memset ((char *) ptr + most, 0, bytes - most) ;
+-
+-		psf_fseek (psf, bytes - most, SEEK_CUR) ;
++		memcpy (ptr, psf->header + psf->headend, most) ;
++		psf->headend = psf->headindex += most ;
++		psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
+ 		return bytes ;
+ 		} ;
+ 
+@@ -822,7 +817,7 @@ header_read (SF_PRIVATE *psf, void *ptr,
+ 	{	count = psf_fread (psf->header + psf->headend, 1, bytes - (psf->headend - psf->headindex), psf) ;
+ 		if (count != bytes - (int) (psf->headend - psf->headindex))
+ 		{	psf_log_printf (psf, "Error : psf_fread returned short count.\n") ;
+-			return 0 ;
++			return count ;
+ 			} ;
+ 		psf->headend += count ;
+ 		} ;
+@@ -836,7 +831,6 @@ header_read (SF_PRIVATE *psf, void *ptr,
+ static void
+ header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
+ {
+-
+ 	switch (whence)
+ 	{	case SEEK_SET :
+ 			if (position > SIGNED_SIZEOF (psf->header))
+@@ -885,8 +879,7 @@ header_seek (SF_PRIVATE *psf, sf_count_t
+ 
+ static int
+ header_gets (SF_PRIVATE *psf, char *ptr, int bufsize)
+-{
+-	int		k ;
++{	int		k ;
+ 
+ 	for (k = 0 ; k < bufsize - 1 ; k++)
+ 	{	if (psf->headindex < psf->headend)
+@@ -1073,8 +1066,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
+ 			case 'j' :
+ 					/* Get the seek position first. */
+ 					count = va_arg (argptr, int) ;
+-					header_seek (psf, count, SEEK_CUR) ;
+-					byte_count += count ;
++					if (count)
++					{	header_seek (psf, count, SEEK_CUR) ;
++						byte_count += count ;
++						} ;
+ 					break ;
+ 
+ 			default :

libsndfile-1.0.25-system-gsm.patch

@@ -1,103 +0,0 @@
-diff -up libsndfile-1.1.0/CMakeLists.txt.system-gsm libsndfile-1.1.0/CMakeLists.txt
---- libsndfile-1.1.0/CMakeLists.txt.system-gsm	2022-03-27 14:39:27.000000000 +0200
-+++ libsndfile-1.1.0/CMakeLists.txt	2022-04-25 22:41:46.472440316 +0200
-@@ -286,7 +286,6 @@ add_library (sndfile
- 	src/double64.c
- 	src/ima_adpcm.c
- 	src/ms_adpcm.c
--	src/gsm610.c
- 	src/dwvw.c
- 	src/vox_adpcm.c
- 	src/interleave.c
-@@ -347,23 +346,6 @@ add_library (sndfile
- 	src/mpeg.c
- 	src/mpeg_decode.c
- 	src/mpeg_l3_encode.c
--	src/GSM610/config.h
--	src/GSM610/gsm.h
--	src/GSM610/gsm610_priv.h
--	src/GSM610/add.c
--	src/GSM610/code.c
--	src/GSM610/decode.c
--	src/GSM610/gsm_create.c
--	src/GSM610/gsm_decode.c
--	src/GSM610/gsm_destroy.c
--	src/GSM610/gsm_encode.c
--	src/GSM610/gsm_option.c
--	src/GSM610/long_term.c
--	src/GSM610/lpc.c
--	src/GSM610/preprocess.c
--	src/GSM610/rpe.c
--	src/GSM610/short_term.c
--	src/GSM610/table.c
- 	src/G72x/g72x.h
- 	src/G72x/g72x_priv.h
- 	src/G72x/g721.c
-@@ -412,6 +394,7 @@ target_link_libraries (sndfile
- 		$<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:Opus::opus>
- 		$<$<BOOL:${HAVE_MPEG}>:MPG123::libmpg123>
- 		$<$<BOOL:${HAVE_MPEG}>:Lame::Lame>
-+		-lgsm
- 	)
- set_target_properties (sndfile PROPERTIES
- 	PUBLIC_HEADER "${sndfile_HDRS}"
-diff -up libsndfile-1.1.0/Makefile.am.system-gsm libsndfile-1.1.0/Makefile.am
---- libsndfile-1.1.0/Makefile.am.system-gsm	2022-03-27 10:55:12.000000000 +0200
-+++ libsndfile-1.1.0/Makefile.am	2022-04-25 22:39:56.976112391 +0200
-@@ -47,7 +47,6 @@ SYMBOL_FILES = src/Symbols.gnu-binutils
- 
- EXTRA_DIST += include/sndfile.h.in src/config.h.in src/test_endswap.tpl src/test_endswap.def \
- 	$(SYMBOL_FILES) src/create_symbols_file.py src/binheader_writef_check.py \
--	src/GSM610/README src/GSM610/COPYRIGHT src/GSM610/ChangeLog \
- 	src/G72x/README src/G72x/README.original src/G72x/ChangeLog \
- 	src/make-static-lib-hidden-privates.sh \
- 	src/config.h.cmake
-@@ -72,7 +71,7 @@ src_libsndfile_la_SOURCES = src/sndfile.
- 	src/ogg.c src/ogg.h src/ogg_vorbis.c src/ogg_speex.c src/ogg_pcm.c src/ogg_opus.c src/ogg_vcomment.c src/ogg_vcomment.h \
- 	src/common.h src/sfconfig.h src/sfendian.h src/wavlike.h src/sf_unistd.h src/chanmap.h src/mpeg.c
- nodist_src_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
--src_libsndfile_la_LIBADD = src/GSM610/libgsm.la src/G72x/libg72x.la src/ALAC/libalac.la \
-+src_libsndfile_la_LIBADD = -lgsm src/G72x/libg72x.la src/ALAC/libalac.la \
- 	src/libcommon.la $(EXTERNAL_XIPH_LIBS) -lm $(MPEG_LIBS)
- EXTRA_src_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
- 
-@@ -91,17 +90,6 @@ src_test_main_SOURCES = src/test_main.c
- 	src/test_binheader_writef.c src/test_nms_adpcm.c
- src_test_main_LDADD = src/libcommon.la
- 
--##############
--# src/GSM610 #
--##############
--
--noinst_LTLIBRARIES += src/GSM610/libgsm.la
--src_GSM610_libgsm_la_SOURCES = src/GSM610/config.h src/GSM610/gsm.h src/GSM610/gsm610_priv.h \
--	src/GSM610/add.c src/GSM610/code.c src/GSM610/decode.c src/GSM610/gsm_create.c \
--	src/GSM610/gsm_decode.c src/GSM610/gsm_destroy.c src/GSM610/gsm_encode.c \
--	src/GSM610/gsm_option.c src/GSM610/long_term.c src/GSM610/lpc.c src/GSM610/preprocess.c \
--	src/GSM610/rpe.c src/GSM610/short_term.c src/GSM610/table.c
--
- ############
- # src/G72x #
- ############
-diff -up libsndfile-1.1.0/src/gsm610.c.system-gsm libsndfile-1.1.0/src/gsm610.c
---- libsndfile-1.1.0/src/gsm610.c.system-gsm	2021-05-17 11:12:28.000000000 +0200
-+++ libsndfile-1.1.0/src/gsm610.c	2022-04-25 22:37:21.059496852 +0200
-@@ -27,7 +27,7 @@
- #include "sfendian.h"
- #include "common.h"
- #include "wavlike.h"
--#include "GSM610/gsm.h"
-+#include <gsm.h>
- 
- #define	GSM610_BLOCKSIZE		33
- #define	GSM610_SAMPLES			160
-@@ -391,7 +391,8 @@ gsm610_seek	(SF_PRIVATE *psf, int UNUSED
- 		psf_fseek (psf, psf->dataoffset, SEEK_SET) ;
- 		pgsm610->blockcount = 0 ;
- 
--		gsm_init (pgsm610->gsm_data) ;
-+                gsm_destroy (pgsm610->gsm_data) ;
-+                pgsm610->gsm_data = gsm_create () ;
- 		if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
- 				(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
- 			gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;

libsndfile-1.0.25-zerodivfix.patch

@@ -0,0 +1,25 @@
+From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 24 Dec 2014 21:02:35 +1100
+Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
+
+Closes: https://github.com/erikd/libsndfile/issues/92
+---
+ src/file_io.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/file_io.c b/src/file_io.c
+index 26d3d6d..6ccab78 100644
+--- a/src/file_io.c
++++ b/src/file_io.c
+@@ -358,6 +358,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
+ {	sf_count_t total = 0 ;
+ 	ssize_t	count ;
+ 
++	if (bytes == 0 || items == 0)
++		return 0 ;
++
+ 	if (psf->virtual_io)
+ 		return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
+ 
+

libsndfile-1.1.0-cefd7b59.patch

@@ -1,75 +0,0 @@
-From cefd7b59df628eca240af3c136d66137c8e94888 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?IOhannes=20m=20zm=C3=B6lnig?= <zmoelnig@iem.at>
-Date: Thu, 8 Sep 2022 10:49:36 +0200
-Subject: [PATCH] tests: Use fuzzy comparison in test-suite
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Using exact comparison ("a == b") when comparing expected with computed
-test data fails the test-suite on many architectures (including, but not
-limited to armhf and arm64).
-
-Instead, use epsilon(for now, FLT_EPSILON and DBL_EPSILON) to compare
-floating point numbers for equality.
-
-
-Closes: https://github.com/libsndfile/libsndfile/issues/866
-
-Signed-off-by: IOhannes m zmölnig <zmoelnig@iem.at>
----
- tests/utils.tpl | 27 +++++++++++++++++++++++++--
- 1 file changed, 25 insertions(+), 2 deletions(-)
-
-diff --git a/tests/utils.tpl b/tests/utils.tpl
-index c68e3a26e..0d1cd8bb9 100644
---- a/tests/utils.tpl
-+++ b/tests/utils.tpl
-@@ -193,6 +193,7 @@ sf_count_t		file_length_fd (int fd) ;
- #include <string.h>
- #include <ctype.h>
- #include <math.h>
-+#include <float.h>
- #include <fcntl.h>
- #include <sys/stat.h>
- 
-@@ -215,6 +216,28 @@ sf_count_t		file_length_fd (int fd) ;
- #define O_BINARY 0
- #endif
- 
-+
-+/*
-+**      Compare for equality, with epsilon
-+*/
-+static inline int
-+equals_short (const short a, const short b)
-+{        return (a == b);
-+} /* equals_short */
-+static inline int
-+equals_int (const int a, const int b)
-+{        return (a == b);
-+} /* equals_int */
-+static inline int
-+equals_float (const float a, const float b)
-+{        return (fabsf(a - b) <= FLT_EPSILON);
-+} /* equals_float */
-+static inline int
-+equals_double (const double a, const double b)
-+{       return (fabs(a - b) <= DBL_EPSILON);
-+} /* equals_double */
-+
-+
- [+ FOR float_type +]
- void
- gen_windowed_sine_[+ (get "name") +] ([+ (get "name") +] *data, int len, double maximum)
-@@ -752,8 +775,8 @@ compare_[+ (get "io_element") +]_or_die (const [+ (get "io_element") +] *expecte
- 	unsigned k ;
- 
- 	for (k = 0 ; k < count ; k++)
--		if (expected [k] != actual [k])
--		{	printf ("\n\nLine %d : Error at index %d, got " [+ (get "format_str") +] ", should be " [+ (get "format_str") +] ".\n\n", line_num, k, actual [k], expected [k]) ;
-+		if (!equals_[+ (get "io_element") +](expected [k], actual [k]))
-+		{	printf ("\n\nLine %d : Error at index %d, got " [+ (get "format_str") +] ", should be " [+ (get "format_str") +] "(delta=" [+ (get "format_str") +] " ).\n\n", line_num, k, actual [k], expected [k], actual [k] - expected [k]) ;
- 			exit (1) ;
- 			} ;
- 

libsndfile.spec

@@ -1,29 +1,42 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
-Version:	1.1.0
-Release:	6%{?dist}
-License:	LGPLv2+ and GPLv2+ and BSD
-URL:		http://libsndfile.github.io/libsndfile/
-Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
-Patch0:		libsndfile-1.0.25-system-gsm.patch
-Patch1:	libsndfile-1.1.0-cefd7b59.patch
-BuildRequires:  autogen
-BuildRequires:  gcc-c++
-BuildRequires:	alsa-lib-devel
-BuildRequires:	flac-devel
-BuildRequires:	gcc
-BuildRequires:	libogg-devel
-BuildRequires:	libvorbis-devel
-BuildRequires:	pkgconfig
-BuildRequires:	sqlite-devel
-BuildRequires:	gsm-devel
-BuildRequires:	libtool
-BuildRequires:	make
-BuildRequires:	python3
-BuildRequires:  opus-devel
-BuildRequires:  lame-devel
-BuildRequires:  mpg123-devel
+Version:	1.0.17
+Release:	8%{?dist}
+License:	LGPL
+Group:		System Environment/Libraries
+URL:		http://www.mega-nerd.com/libsndfile/
+Source0:	http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
+Patch0:         libsndfile-1.0.17+flac-1.1.3.patch
+Patch1:         libsndfile-1.0.17-flac-buffer-overflow.patch
 
+#from upstream, for libsndfile < 1.0.19, CVE-2009-0186
+Patch2:		libsndfile-1.0.17-channels-per-frame-overflow.patch
+
+#from upstream, for libsndfile < 1.0.20, CVE-2009-1788 CVE-2009-1791 
+#http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html
+Patch3:		voc-aiff-patch-1.0.17.diff
+
+#from upstream, for libsndfile < 1.0.25, crash by overflow with some PAF files (#721239)
+Patch4:         libsndfile-1.0.17-r1305,1610.patch
+
+#from upstream, for libsndfile <= 1.0.25, rhbz#1177254
+Patch5: libsndfile-1.0.25-zerodivfix.patch
+
+#from upstream, for libsndfile <= 1.0.25, rhbz#1178840
+Patch6: libsndfile-1.0.25-cve2014_9496.patch
+# 2x from upstream, for <= 1.0.25, rhbz#1277899 
+Patch7: libsndfile-1.0.25-d2a87385c1ca1d72918e9a2875d24f202a5093e8.patch
+Patch8: libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch
+
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
+
+BuildRequires:	alsa-lib-devel
+Provides:	%{name}-octave = %{version}-%{release}
+
+%package devel
+Summary:	Development files for libsndfile
+Group:		Development/Libraries
+Requires:	%{name} = %{version}-%{release} pkgconfig
 
 %description
 libsndfile is a C library for reading and writing sound files such as
@@ -32,344 +45,90 @@ currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and
 64-bit floating point WAV files and a number of compressed formats. It
 compiles and runs on *nix, MacOS, and Win32.
 
-
-%package devel
-Summary:	Development files for libsndfile
-Requires:	%{name}%{?_isa} = %{version}-%{release} pkgconfig
-
-
 %description devel
 libsndfile is a C library for reading and writing sound files such as
 AIFF, AU, WAV, and others through one standard interface.
 This package contains files needed to develop with libsndfile.
 
 
-%package utils
-Summary:	Command Line Utilities for libsndfile
-Requires:	%{name} = %{version}-%{release}
-
-
-%description utils
-libsndfile is a C library for reading and writing sound files such as
-AIFF, AU, WAV, and others through one standard interface.
-This package contains command line utilities for libsndfile.
-
-
 %prep
 %setup -q
-%patch0 -p1 -b .system-gsm
-%patch1 -p1 -b .cefd7b59
-rm -r src/GSM610
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1 -b .zerodivfix
+%patch6 -p1 -b .cve2014_9496
+%patch7 -p1 -b .d2a87385c1ca1d72918e9a2875d24f202a5093e8
+%patch8 -p1 -b .53c9f0bcaf20203bb4ee56da760a6e5118e6f93b
 
 %build
-autoreconf -I M4 -fiv # for system-gsm patch
-%configure \
-	--disable-dependency-tracking \
-	--enable-sqlite \
-	--enable-alsa \
-	--enable-largefile \
-	--enable-mpeg \
-	--disable-static
-
-# Get rid of rpath
-sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
-sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
-
-%make_build
+%configure --disable-dependency-tracking
+make %{?_smp_mflags}
 
 
 %install
-%make_install
-rm -rf __docs
-mkdir __docs
-cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs
-rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}
-find %{buildroot} -type f -name "*.la" -delete
-
-# fix multilib issues
-mv %{buildroot}%{_includedir}/sndfile.h \
-   %{buildroot}%{_includedir}/sndfile-%{__isa_bits}.h
-
-cat > %{buildroot}%{_includedir}/sndfile.h <<EOF
-#include <bits/wordsize.h>
-
-#if __WORDSIZE == 32
-# include "sndfile-32.h"
-#elif __WORDSIZE == 64
-# include "sndfile-64.h"
-#else
-# error "unexpected value for __WORDSIZE macro"
-#endif
-EOF
-
-%if 0%{?rhel} != 0
-rm -f %{buildroot}%{_bindir}/sndfile-jackplay
-%endif
+rm -rf $RPM_BUILD_ROOT __docs
+make install DESTDIR=$RPM_BUILD_ROOT
+cp -pR $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev/html __docs
+rm -rf $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev
 
 
-%check
-LD_LIBRARY_PATH=$PWD/src/.libs make check
+%clean
+rm -rf $RPM_BUILD_ROOT
 
 
-%ldconfig_scriptlets
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
 
 
 %files
-%{!?_licensedir:%global license %%doc}
-%license COPYING
-# NEWS files is missing in 1.1.0, check if it was re-added
-%doc AUTHORS README
-%{_libdir}/%{name}.so.*
-
-%files utils
-%{_bindir}/sndfile-cmp
-%{_bindir}/sndfile-concat
-%{_bindir}/sndfile-convert
-%{_bindir}/sndfile-deinterleave
+%defattr(-,root,root,-)
+%doc COPYING AUTHORS TODO README NEWS ChangeLog
 %{_bindir}/sndfile-info
-%{_bindir}/sndfile-interleave
-%{_bindir}/sndfile-metadata-get
-%{_bindir}/sndfile-metadata-set
 %{_bindir}/sndfile-play
-%{_bindir}/sndfile-salvage
-%{_mandir}/man1/sndfile-cmp.1*
-%{_mandir}/man1/sndfile-concat.1*
-%{_mandir}/man1/sndfile-convert.1*
-%{_mandir}/man1/sndfile-deinterleave.1*
+%{_bindir}/sndfile-convert
+%{_bindir}/sndfile-regtest
 %{_mandir}/man1/sndfile-info.1*
-%{_mandir}/man1/sndfile-interleave.1*
-%{_mandir}/man1/sndfile-metadata-get.1*
-%{_mandir}/man1/sndfile-metadata-set.1*
 %{_mandir}/man1/sndfile-play.1*
-%{_mandir}/man1/sndfile-salvage.1*
+%{_mandir}/man1/sndfile-convert.1*
+%{_libdir}/%{name}.so.*
+%{_datadir}/octave
 
 %files devel
-%doc __docs ChangeLog
+%defattr(-,root,root,-)
+%doc __docs/*
+%exclude %{_libdir}/%{name}.la
 %{_includedir}/sndfile.h
 %{_includedir}/sndfile.hh
-%{_includedir}/sndfile-%{__isa_bits}.h
 %{_libdir}/%{name}.so
+%{_libdir}/%{name}.a
 %{_libdir}/pkgconfig/sndfile.pc
 
 
 %changelog
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Tue Sep 13 2022 Michel Alexandre Salim <salimma@fedoraproject.org> - 1.1.0-5
-- Rebuilt for flac 1.4.0
-
-* Sat Sep 10 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.1.0-4
-- enable MP3 support
-
-* Wed Aug 03 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.1.0-3
-- new MPEG support does not compile on some archs, do not enable it yet
-
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon Apr 25 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.1.0-1
-- updated to 1.1.0
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.31-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Dec 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-6
-- fix heap buffer overflow in flac (#2027692)
-
-* Fri Jul 23 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-5
-- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution (#1984320)
-
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.31-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Mon Feb 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-3
-- add opus-devel BR to satisfy configure requirements check (#1931251)
-
-* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.0.31-2
-- Use make macros
-- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
-
-* Wed Jan 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-1
-- updated to 1.0.31
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-8
-- add gcc buildrequire
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Aug 24 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-6
-- heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562)
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Wed Jun 21 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-3
-- fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328)
-
-* Mon Jun 05 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-2
-- fix flac and pcm buffer overflows (CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365)
-
-* Tue Apr 11 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-1
-- updated to 1.0.28
-- fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586)
-- fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.27-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Fri Nov 11 2016 Michal Hlavinka <mhlavink@redhat.com> - 1.0.27-1
-- updated to 1.0.27
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.25-20
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-19
+* Thu Dec 17 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.17-8
 - fix incomplete patch for CVE-2015-7805
 
-* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-18
+* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.17-7
 - fix CVE-2015-7805: Heap overflow vulnerability when parsing specially
   crafted AIFF header
 
-* Thu Aug 27 2015 Marcin Juszkiewicz <mjuszkiewicz@redhat.com> - 1.0.25-17
-- Use __isa_bits macro instead of list of 64-bit architectures
-
-* Sun Jul 19 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.25-16
-- Fix FTBFS
-- Use %%license
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-15
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Tue Jan 13 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-14
+* Tue Jan 13 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.17-6
 - fix CVE-2014-9496: 2 buffer overruns in sd2_parse_rsrc_fork (#1178840)
 - division by zero leading to denial of service in psf_fwrite (#1177254)
 
-* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+* Thu Jul 14 2011 Michal Hlavinka <mhlavink@redhat.com> - 1.0.17-5
+- fixes integer overflow by processing certain PAF audio files (#721239)
 
-* Sat Aug 02 2014 Kalev Lember <kalevlember@gmail.com> - 1.0.25-12
-- Fix up previous commit
+* Thu Dec 23 2010 Michal Hlavinka <mhlavink@redhat.com> - 1.0.17-4
+- fix CVE-2009-1788 : VOC file heap based buffer overflow (#502657)
+- fix CVE-2009-1791 : AIFF file heap based buffer overflow (#502658)
 
-* Sat Aug  2 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.25-11
-- Modernise spec
-- Generic 32/64bit platform detection
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Mon Jan 13 2014 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-9
-- fix ppc64le build (#1051639)
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Mon Jun 03 2013 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-7
-- fix support for aarch64, another part (#969831)
-
-* Wed Mar 27 2013 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-6
-- fix support for aarch64 (#925887)
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Sat Nov 12 2011 Ville Skyttä <ville.skytta@iki.fi> - 1.0.25-2
-- Patch to use system libgsm instead of a bundled copy.
-- Make main package dep in -devel ISA qualified.
-- Drop -octave Provides (not actually built with octave > 3.0).
-- Don't build throwaway static lib.
-- Run test suite during build.
-
-* Thu Jul 14 2011 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-1
-- Update to 1.0.25
-- fixes integer overflow by processing certain PAF audio files (#721240)
-
-* Sun Mar 27 2011 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.24-1
-- Update to 1.0.24
-
-* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.23-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Sat Oct 16 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.23-1
-- Update to 10.0.23
-
-* Tue Oct 05 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.22-1
-- Update to 10.0.22
-
-* Tue May 11 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.21-1
-- Update to 10.0.21
-- Do not include the static library in the package (RHBZ#556074)
-- Remove BR on jack since sndfile-jackplay is not provided anymore
-
-* Mon Feb  1 2010 Stepan Kasal <skasal@redhat.com> - 1.0.20-5
-- Do not build against Jack on RHEL
-- Fix the Source0: URL
-- Fix the licence tag
-
-* Sat Nov 14 2009 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.20-4
-- Split utils into a subpackage
-
-* Sat Nov 14 2009 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.20-3
-- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel)
-- Make build verbose
-- Remove rpath
-- Fix ChangeLog encoding
-- Move the big Changelog to the devel package
-
-* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.20-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Sat Jun 06 2009 Lennart Poettering <lpoetter@redhat.com> - 1.0.20-1
-- Updated to 1.0.20
-
-* Tue Mar 03 2009 Robert Scheck <robert@fedoraproject.org> - 1.0.17-8
-- Rebuilt against libtool 2.2
-
-* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.17-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Sat Oct 25 2008 Andreas Thienemann <andreas@bawue.net> - 1.0.17-6
-- Removed spurious #endif in the libsndfile.h wrapper. Thx to Edward
-  Sheldrake for finding it. Fixes #468508.
-- Fix build for autoconf-2.63
-
-* Thu Oct 23 2008 Andreas Thienemann <andreas@bawue.net> - 1.0.17-5
-- Fixed multilib conflict. #342401
-- Made flac support actually work correctly.
-
-* Thu Aug  7 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.17-4
-- fix license tag
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.17-3
-- Autorebuild for GCC 4.3
+* Thu Jul  8 2010 Michel Salim <salimma@fedoraproject.org> - 1.0.17-3
+- Fix for channel per frame overflow (CVE-2009-0186, #488364)
 
 * Thu Sep 20 2007 Andreas Thienemann <andreas@bawue.net> - 1.0.17-2
 - Adding FLAC support to libsndfile courtesy of gentoo, #237575
@@ -395,10 +154,10 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 - Fix format string bug (#149863).
 - Drop explicit Epoch 0.
 
-* Sat Dec  4 2004 Ville Skyttä <ville.skytta@iki.fi> - 0:1.0.11-0.fdr.1
+* Sat Dec  4 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.0.11-0.fdr.1
 - Update to 1.0.11.
 
-* Wed Oct 13 2004 Ville Skyttä <ville.skytta@iki.fi> - 0:1.0.10-0.fdr.1
+* Wed Oct 13 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.0.10-0.fdr.1
 - Update to 1.0.10, update URLs, include ALSA support.
 - Disable dependency tracking to speed up the build.
 - Add missing ldconfig invocations.

sources

@@ -1 +1 @@
-SHA512 (libsndfile-1.1.0.tar.xz) = d01696a8a88a4444e5eb91a137cf7b26b55b12c1fe3b648653f7e78674bbdf61870066216c9ff2f6a1e63bdf7b558af9a759480cf6523b607d29347b12762006
+2d126c35448503f6dbe33934d9581f6b  libsndfile-1.0.17.tar.gz

voc-aiff-patch-1.0.17.diff

@@ -0,0 +1,52 @@
+diff -ur libsndfile-1.0.17-orig/src/aiff.c libsndfile-1.0.17/src/aiff.c
+--- libsndfile-1.0.17-orig/src/aiff.c	2006-08-31 19:22:07.000000000 +1000
++++ libsndfile-1.0.17/src/aiff.c	2009-04-27 19:24:01.000000000 +1000
+@@ -714,13 +714,25 @@
+ 						psf_log_printf (psf, "  Count : %d\n", mark_count) ;
+ 
+ 						for (n = 0 ; n < mark_count && bytesread < dword ; n++)
+-						{	bytesread += psf_binheader_readf (psf, "E241", &mark_id, &position, &pstr_len) ;
+-							psf_log_printf (psf, "   Mark ID  : %u\n   Position : %u\n", mark_id, position) ;
++						{	unsigned int pstr_len ;
++							unsigned char ch ;
+ 
+-							pstr_len += (pstr_len & 1) + 1 ; /* fudgy, fudgy, hack, hack */
+-
+-							bytesread += psf_binheader_readf (psf, "b", psf->u.scbuf, pstr_len) ;
+-							psf_log_printf (psf, "   Name     : %s\n", psf->u.scbuf) ;
++							bytesread += psf_binheader_readf (psf, "E241", &mark_id, &position, &ch) ;
++  							psf_log_printf (psf, "   Mark ID  : %u\n   Position : %u\n", mark_id, position) ;
++  
++							pstr_len = (ch & 1) ? ch : ch + 1 ;
++
++							if (pstr_len < sizeof (psf->u.scbuf) - 1)
++							{	bytesread += psf_binheader_readf (psf, "b", psf->u.scbuf, pstr_len) ;
++								psf->u.scbuf [pstr_len] = 0 ;
++								}
++							else
++							{	unsigned int read_len = pstr_len - (sizeof (psf->u.scbuf) - 1) ;
++								bytesread += psf_binheader_readf (psf, "bj", psf->u.scbuf, read_len, pstr_len - read_len) ;
++								psf->u.scbuf [sizeof (psf->u.scbuf) - 1] = 0 ;
++								}
++  
++  							psf_log_printf (psf, "   Name     : %s\n", psf->u.scbuf) ;
+ 
+ 							markstr [n].markerID = mark_id ;
+ 							markstr [n].position = position ;
+diff -ur libsndfile-1.0.17-orig/src/voc.c libsndfile-1.0.17/src/voc.c
+--- libsndfile-1.0.17-orig/src/voc.c	2006-08-31 19:22:07.000000000 +1000
++++ libsndfile-1.0.17/src/voc.c	2009-04-27 19:21:18.000000000 +1000
+@@ -209,6 +209,13 @@
+ 
+ 						psf_log_printf (psf, " ASCII : %d\n", size) ;
+ 
++						if (size < sizeof (psf->header) - 1)
++						{	offset += psf_binheader_readf (psf, "b", psf->header, size) ;
++							psf->header [size] = 0 ;
++							psf_log_printf (psf, "  text : %s\n", psf->header) ;
++							continue ;
++							}
++
+ 						offset += psf_binheader_readf (psf, "b", psf->header, size) ;
+ 						psf->header [size] = 0 ;
+ 						psf_log_printf (psf, "  text : %s\n", psf->header) ;