Package init

CVE-2018-19662.patch

@@ -0,0 +1,94 @@
+From 585cc28a93be27d6938f276af0011401b9f7c0ca Mon Sep 17 00:00:00 2001
+From: Hugo Lefeuvre <hle@owl.eu.com>
+Date: Mon, 24 Dec 2018 06:43:48 +0100
+Subject: [PATCH] a/ulaw: fix multiple buffer overflows (#432)
+
+i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN
+properly, leading to buffer underflow. INT_MIN is a special value
+since - INT_MIN cannot be represented as int.
+
+In this case round - INT_MIN to INT_MAX and proceed as usual.
+
+f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN
+properly, leading to null pointer dereference.
+
+In this case, arbitrarily set the buffer value to 0.
+
+This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
+fixes #344 (CVE-2017-17456 and CVE-2017-17457).
+---
+ src/alaw.c | 9 +++++++--
+ src/ulaw.c | 9 +++++++--
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/alaw.c b/src/alaw.c
+index 063fd1a..4220224 100644
+--- a/src/alaw.c
++++ b/src/alaw.c
+@@ -19,6 +19,7 @@
+ #include	"sfconfig.h"
+ 
+ #include	<math.h>
++#include	<limits.h>
+ 
+ #include	"sndfile.h"
+ #include	"common.h"
+@@ -326,7 +327,9 @@ s2alaw_array (const short *ptr, int count, unsigned char *buffer)
+ static inline void
+ i2alaw_array (const int *ptr, int count, unsigned char *buffer)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (ptr [count] == INT_MIN)
++			buffer [count] = alaw_encode [INT_MAX >> (16 + 4)] ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = alaw_encode [ptr [count] >> (16 + 4)] ;
+ 		else
+ 			buffer [count] = 0x7F & alaw_encode [- ptr [count] >> (16 + 4)] ;
+@@ -346,7 +349,9 @@ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
+ static inline void
+ d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (!isfinite (ptr [count]))
++			buffer [count] = 0 ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
+ 		else
+ 			buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
+diff --git a/src/ulaw.c b/src/ulaw.c
+index e50b4cb..b6070ad 100644
+--- a/src/ulaw.c
++++ b/src/ulaw.c
+@@ -19,6 +19,7 @@
+ #include	"sfconfig.h"
+ 
+ #include	<math.h>
++#include	<limits.h>
+ 
+ #include	"sndfile.h"
+ #include	"common.h"
+@@ -827,7 +828,9 @@ s2ulaw_array (const short *ptr, int count, unsigned char *buffer)
+ static inline void
+ i2ulaw_array (const int *ptr, int count, unsigned char *buffer)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (ptr [count] == INT_MIN)
++			buffer [count] = ulaw_encode [INT_MAX >> (16 + 2)] ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = ulaw_encode [ptr [count] >> (16 + 2)] ;
+ 		else
+ 			buffer [count] = 0x7F & ulaw_encode [-ptr [count] >> (16 + 2)] ;
+@@ -847,7 +850,9 @@ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
+ static inline void
+ d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (!isfinite (ptr [count]))
++			buffer [count] = 0 ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
+ 		else
+ 			buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;
+-- 
+2.19.1
+

libsndfile-1.0.25-system-gsm.patch

@@ -0,0 +1,56 @@
+diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c
+--- libsndfile-1.0.28/src/gsm610.c.systemgsm	2016-09-10 10:08:27.000000000 +0200
++++ libsndfile-1.0.28/src/gsm610.c	2017-04-11 10:47:40.437162489 +0200
+@@ -27,7 +27,7 @@
+ #include "sfendian.h"
+ #include "common.h"
+ #include "wavlike.h"
+-#include "GSM610/gsm.h"
++#include <gsm.h>
+ 
+ #define	GSM610_BLOCKSIZE		33
+ #define	GSM610_SAMPLES			160
+@@ -391,7 +391,8 @@ gsm610_seek	(SF_PRIVATE *psf, int UNUSED
+ 		psf_fseek (psf, psf->dataoffset, SEEK_SET) ;
+ 		pgsm610->blockcount = 0 ;
+ 
+-		gsm_init (pgsm610->gsm_data) ;
++		gsm_destroy (pgsm610->gsm_data) ;
++		pgsm610->gsm_data = gsm_create () ;
+ 		if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
+ 				(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
+ 			gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
+diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am
+--- libsndfile-1.0.28/src/Makefile.am.systemgsm	2017-04-01 09:18:02.000000000 +0200
++++ libsndfile-1.0.28/src/Makefile.am	2017-04-11 10:48:43.855620172 +0200
+@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
+ include_HEADERS = sndfile.hh
+ nodist_include_HEADERS = sndfile.h
+ 
+-noinst_LTLIBRARIES =  GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la libcommon.la
++noinst_LTLIBRARIES =  G72x/libg72x.la ALAC/libalac.la libcommon.la
+ 
+ SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
+ 
+@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR
+ libsndfile_la_LDFLAGS = -no-undefined -version-info  $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
+ libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
+ nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
+-libsndfile_la_LIBADD = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la \
++libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
+ 		libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
+ 
+ EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
+@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io.
+ #======================================================================
+ # Subdir libraries.
+ 
+-GSM610_libgsm_la_SOURCES = GSM610/config.h GSM610/gsm.h GSM610/gsm610_priv.h \
+-		GSM610/add.c GSM610/code.c GSM610/decode.c GSM610/gsm_create.c \
+-		GSM610/gsm_decode.c GSM610/gsm_destroy.c GSM610/gsm_encode.c \
+-		GSM610/gsm_option.c GSM610/long_term.c GSM610/lpc.c GSM610/preprocess.c \
+-		GSM610/rpe.c GSM610/short_term.c GSM610/table.c
+-
+ G72x_libg72x_la_SOURCES = G72x/g72x.h G72x/g72x_priv.h \
+ 		G72x/g721.c G72x/g723_16.c G72x/g723_24.c G72x/g723_40.c G72x/g72x.c
+ 

libsndfile-1.0.25-zerodivfix.patch

@@ -0,0 +1,25 @@
+From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 24 Dec 2014 21:02:35 +1100
+Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
+
+Closes: https://github.com/erikd/libsndfile/issues/92
+---
+ src/file_io.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/file_io.c b/src/file_io.c
+index 26d3d6d..6ccab78 100644
+--- a/src/file_io.c
++++ b/src/file_io.c
+@@ -1322,6 +1322,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
+ {	sf_count_t total = 0 ;
+ 	ssize_t	count ;
+ 
++	if (bytes == 0 || items == 0)
++		return 0 ;
++
+ 	if (psf->virtual_io)
+ 		return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
+ 
+

libsndfile-1.0.28-cve2017_12562.patch

@@ -0,0 +1,88 @@
+From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
+Date: Wed, 14 Jun 2017 12:25:40 +0200
+Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
+ in binheader
+
+Fixes the following problems:
+ 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
+ 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
+    big switch statement by an amount (16 bytes) which is enough for all cases
+    where only a single value gets added. Cases 's', 'S', 'p' however
+    additionally write an arbitrary length block of data and again enlarge the
+    buffer to the required amount. However, the required space calculation does
+    not take into account the size of the length field which gets output before
+    the data.
+ 3. Buffer size requirement calculation in case 'S' does not account for the
+    padding byte ("size += (size & 1) ;" happens after the calculation which
+    uses "size").
+ 4. Case 'S' can overrun the header buffer by 1 byte when no padding is
+    involved
+    ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
+    the buffer is only guaranteed to have "size" space available).
+ 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
+    beyond the space which is guaranteed to be allocated in the header buffer.
+ 6. Case 's' can overrun the provided source string by 1 byte if padding is
+    involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
+    where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
+    plus optionally another 1 which is padding and not guaranteed to be
+    readable via the source string pointer).
+
+Closes: https://github.com/erikd/libsndfile/issues/292
+---
+ src/common.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1a6204ca..6b2a2ee9 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					/* Write a C string (guaranteed to have a zero terminator). */
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) + 1 ;
+-					size += (size & 1) ;
+ 
+-					if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+-						header_put_be_int (psf, size) ;
++						header_put_be_int (psf, size + (size & 1)) ;
+ 					else
+-						header_put_le_int (psf, size) ;
++						header_put_le_int (psf, size + (size & 1)) ;
+ 					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
++					size += (size & 1) ;
+ 					psf->header.indx += size ;
+ 					psf->header.ptr [psf->header.indx - 1] = 0 ;
+ 					count += 4 + size ;
+@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					*/
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) ;
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+ 						header_put_be_int (psf, size) ;
+ 					else
+ 						header_put_le_int (psf, size) ;
+-					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
++					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
+ 					size += (size & 1) ;
+ 					psf->header.indx += size ;
+-					psf->header.ptr [psf->header.indx] = 0 ;
+ 					count += 4 + size ;
+ 					break ;
+ 
+@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					size = (size & 1) ? size : size + 1 ;
+ 					size = (size > 254) ? 254 : size ;
+ 
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ 						return count ;
+ 
+ 					header_put_byte (psf, size) ;

libsndfile-1.0.28-flacbufovfl.patch

@@ -0,0 +1,64 @@
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },

libsndfile-1.0.29-cve2017_6892.patch

@@ -0,0 +1,25 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+---
+ src/aiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index 5b5f9f53..45864b76 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+ 		psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+ 	if (map_info->channel_map != NULL)
+-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+ 		free (psf->channel_map) ;
+ 

libsndfile-CVE-2018-13139.patch

@@ -0,0 +1,17 @@
+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
+index e27593e..721bee7 100644
+--- a/programs/sndfile-deinterleave.c
++++ b/programs/sndfile-deinterleave.c
+@@ -89,6 +89,12 @@ main (int argc, char **argv)
+ 		exit (1) ;
+ 		} ;
+ 
++	if (sfinfo.channels > MAX_CHANNELS)
++	{	printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
++			argv [1], sfinfo.channels, MAX_CHANNELS) ;
++		exit (1) ;
++		} ;
++
+ 	state.channels = sfinfo.channels ;
+ 	sfinfo.channels = 1 ;
+ 

libsndfile-CVE-2019-3832.patch

@@ -0,0 +1,35 @@
+https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008
+wav_write_header: don't read past the array end
+
+If loop_count is bigger than the array, truncate it to the array
+length (and not to 32k).
+
+CVE-2019-3832
+---
+diff --git a/programs/test-sndfile-metadata-set.py b/programs/test-sndfile-metadata-set.py
+index 0006936..5c35ea4 100755
+--- a/programs/test-sndfile-metadata-set.py
++++ b/programs/test-sndfile-metadata-set.py
+@@ -180,7 +180,7 @@ tests = [
+     ("--str-title", "Echo"), ("--str-artist", "Fox trot")
+     ]
+ 
+-test_auto_date (programs)
++#test_auto_date (programs)
+ test_update (programs, tests)
+ test_post_mod (programs, tests)
+ 
+diff --git a/src/wav.c b/src/wav.c
+index 4b943dc..a1bfbe0 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1093,6 +1093,9 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+ 		psf_binheader_writef (psf, "4", tmp) ;
+ 		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+ 		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
++		/* Make sure we don't read past the loops array end. */
++		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
+ 
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;

libsndfile.spec

@@ -0,0 +1,160 @@
+Name: libsndfile
+Version: 1.0.28
+Release: 13
+Summary: Library for reading and writing sound files
+License: LGPLv2+ and GPLv2+ and BSD
+URL: http://www.mega-nerd.com/libsndfile/
+Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
+
+BuildRequires: alsa-lib-devel gcc gcc-c++ flac-devel gsm-devel
+BuildRequires: libogg-devel libtool libvorbis-devel pkgconfig
+BuildRequires: sqlite-devel
+
+Patch0:		libsndfile-1.0.25-system-gsm.patch
+Patch1:		libsndfile-1.0.25-zerodivfix.patch
+Patch2:		revert.patch
+Patch3:		libsndfile-1.0.28-flacbufovfl.patch
+Patch4:		libsndfile-1.0.29-cve2017_6892.patch
+Patch5:		libsndfile-1.0.28-cve2017_12562.patch
+Patch9000:	libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch
+Patch9001:	libsndfile-CVE-2018-13139.patch
+Patch9002:	libsndfile-CVE-2019-3832.patch
+Patch9003:	CVE-2018-19662.patch
+
+%description
+Libsndfile is a C library for reading and writing files containing
+sampled sound such as MS Windows WAV and the Apple/SGI AIFF format
+through one standard library interface.
+
+%package devel
+Summary: Development package for libsndfile
+Requires: %{name}%{?_isa} = %{version}-%{release} pkgconfig
+
+%description devel
+The development package for libsndfile.
+
+%package utils
+Summary: command line utilities for libsndfile
+Requires: %{name} = %{version}-%{release}
+
+%description utils
+The command line utilities for libsndfile.
+
+%package utils-help
+Summary: Help files for %{name}-utils
+BuildArch: noarch
+%description utils-help
+Help files for %{name}-utils.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+rm -r src/GSM610
+
+%build
+autoreconf -I M4 -fiv
+%configure \
+	--disable-dependency-tracking \
+	--enable-sqlite \
+	--enable-alsa \
+	--enable-largefile \
+	--disable-static
+%disable_rpath
+%make_build
+
+%install
+%make_install
+rm -rf __docs
+mkdir __docs
+cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs
+rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}
+mv %{buildroot}%{_includedir}/sndfile.h \
+   %{buildroot}%{_includedir}/sndfile-%{__isa_bits}.h
+
+cat > %{buildroot}%{_includedir}/sndfile.h <<EOF
+#include <bits/wordsize.h>
+
+#if __WORDSIZE == 32
+# include "sndfile-32.h"
+#elif __WORDSIZE == 64
+# include "sndfile-64.h"
+#else
+# error "unexpected value for __WORDSIZE macro"
+#endif
+EOF
+
+%check
+LD_LIBRARY_PATH=$PWD/src/.libs make check
+
+%post
+/sbin/ldconfig
+
+%postun
+/sbin/ldconfig
+
+%files
+%{_libdir}/%{name}.so.*
+%doc AUTHORS README NEWS
+%license COPYING
+
+%files utils
+%{_bindir}/sndfile-cmp
+%{_bindir}/sndfile-concat
+%{_bindir}/sndfile-convert
+%{_bindir}/sndfile-deinterleave
+%{_bindir}/sndfile-info
+%{_bindir}/sndfile-interleave
+%{_bindir}/sndfile-metadata-get
+%{_bindir}/sndfile-metadata-set
+%{_bindir}/sndfile-play
+%{_bindir}/sndfile-regtest
+%{_bindir}/sndfile-salvage
+%exclude %{_bindir}/sndfile-jackplay
+
+%files devel
+%{_includedir}/sndfile.h
+%{_includedir}/sndfile.hh
+%{_includedir}/sndfile-%{__isa_bits}.h
+%{_libdir}/%{name}.so
+%{_libdir}/pkgconfig/sndfile.pc
+%doc __docs ChangeLog
+%exclude %{_libdir}/*.la
+
+%files utils-help
+%{_mandir}/man1/sndfile-cmp.1*
+%{_mandir}/man1/sndfile-concat.1*
+%{_mandir}/man1/sndfile-convert.1*
+%{_mandir}/man1/sndfile-deinterleave.1*
+%{_mandir}/man1/sndfile-info.1*
+%{_mandir}/man1/sndfile-interleave.1*
+%{_mandir}/man1/sndfile-metadata-get.1*
+%{_mandir}/man1/sndfile-metadata-set.1*
+%{_mandir}/man1/sndfile-play.1*
+%{_mandir}/man1/sndfile-salvage.1*
+
+%changelog
+* Sat Apr 06 2019 luochunsheng<luochunsheng@huawei.com> - 1.0.28-13
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:remove sensitive information
+
+* Thu Apr 04 2019 liuqianya<liuqianya@huawei.com> - 1.0.28-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2018-19662
+
+* Fri Mar 29 2019 zhangwenlong<zhangwenlong13@huawei.com> - 1.0.28-11
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2019-3832 
+
+* Wed Feb 13 2019 cangyi<cangyi@huawei.com> - 1.0.28-10
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync
+
+* Mon Sep 10 2018 openEuler Buildteam <buildteam@openeuler.org> -1.0.28-9
+- Package init

libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch

@@ -0,0 +1,76 @@
+diff --git a/programs/common.c b/programs/common.c
+index 3fc4e3d..282ee33 100644
+--- a/programs/common.c
++++ b/programs/common.c
+@@ -36,6 +36,7 @@
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdint.h>
++#include <math.h>
+ 
+ #include <sndfile.h>
+ 
+@@ -45,7 +46,7 @@
+ 
+ #define	MIN(x, y)	((x) < (y) ? (x) : (y))
+ 
+-void
++int
+ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize)
+ {	static double	data [BUFFER_LEN], max ;
+ 	int		frames, readcount, k ;
+@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
+ 	readcount = frames ;
+ 
+ 	sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ;
++	if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */
++		return 1 ;
+ 
+ 	if (!normalize && max < 1.0)
+ 	{	while (readcount > 0)
+@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
+ 		while (readcount > 0)
+ 		{	readcount = sf_readf_double (infile, data, frames) ;
+ 			for (k = 0 ; k < readcount * channels ; k++)
+-				data [k] /= max ;
++			{	data [k] /= max ;
++
++				if (!isfinite (data [k])) /* infinite or NaN */
++					return 1;
++				}
+ 			sf_writef_double (outfile, data, readcount) ;
+ 			} ;
+ 		} ;
+ 
+-	return ;
++	return 0 ;
+ } /* sfe_copy_data_fp */
+ 
+ void
+@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * in
+ 
+ 		/* If the input file is not the same as the output file, copy the data. */
+ 		if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT))
+-			sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ;
++		{	if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0)
++			{	printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ;
++				error_code = 1 ;
++				goto cleanup_exit ;
++				} ;
++			}
+ 		else
+ 			sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
+ 		} ;
+diff --git a/programs/common.h b/programs/common.h
+index eda2d7d..986277e 100644
+--- a/programs/common.h
++++ b/programs/common.h
+@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_BROADCAST_INFO_2K ;
+ 
+ void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ;
+ 
+-void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
++int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
+ 
+ void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ;
+ 

revert.patch

@@ -0,0 +1,37 @@
+--- libsndfile-1.0.28/src/rf64.c	2017-04-02 09:43:22.000000000 +0200
++++ libsndfile-1.0.27/src/rf64.c	2016-04-01 23:08:53.000000000 +0200
+@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int
+ 
+ #endif
+ 
+-	pad_size = psf->dataoffset - 16 - psf->header.indx ;
+-	if (pad_size >= 0)
+-		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++	if (psf->header.indx + 8 < psf->dataoffset)
++	{	/* Add PAD data if necessary. */
++		int k = psf->dataoffset - 16 - psf->header.indx ;
++		psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ;
++		} ;
+ 
+ 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
+ 	else
+ 		psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ;
+ 
+-	psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
++	psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
+ 	if (psf->error)
+ 		return psf->error ;
+ 
+-	if (has_data && psf->dataoffset != psf->header.indx)
+-	{	psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
++	if (has_data && psf->dataoffset != psf->header.indx)
++	{	psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
+ 		return psf->error = SFE_INTERNAL ;
+ 		} ;
+ 
+-	psf->dataoffset = psf->header.indx ;
++	psf->dataoffset = psf->header.indx ;
+ 
+ 	if (NOT (has_data))
+ 		psf_fseek (psf, psf->dataoffset, SEEK_SET) ;