Import Debian changes 1.0.28-ok1

libsndfile (1.0.28-ok1) yangtze; urgency=medium

  * Build for openKylin.
This commit is contained in:
openKylinBot 2022-04-25 22:03:04 +08:00
parent f3546b656e
commit a4d9a95c56
30 changed files with 1062 additions and 0 deletions

7
debian/README.source vendored Normal file
View File

@ -0,0 +1,7 @@
The Debian version of libsndfile has a couple of small patches applied which
have not yet been pushed upstream.
On a Debian system you can read about how to apply the debian patches here:
/usr/share/doc/quilt/README.source

5
debian/changelog vendored Normal file
View File

@ -0,0 +1,5 @@
libsndfile (1.0.28-ok1) yangtze; urgency=medium
* Build for openKylin.
-- openKylinBot <openKylinBot@openkylin.com> Mon, 25 Apr 2022 22:03:04 +0800

74
debian/control vendored Normal file
View File

@ -0,0 +1,74 @@
Source: libsndfile
Section: devel
Priority: optional
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Uploaders:
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>,
Build-Depends:
debhelper-compat (= 12),
pkg-config,
libvorbis-dev (>= 1.2.3),
libflac-dev (>= 1.1.4-0),
libasound2-dev [linux-any],
Rules-Requires-Root: no
Homepage: http://www.mega-nerd.com/libsndfile/
Vcs-Git: https://salsa.debian.org/multimedia-team/libsndfile.git
Vcs-Browser: https://salsa.debian.org/multimedia-team/libsndfile
Standards-Version: 4.5.0
Package: libsndfile1-dev
Section: libdevel
Architecture: any
Depends:
${misc:Depends},
libsndfile1 (= ${binary:Version}),
pkg-config,
libvorbis-dev (>= 1.2.3),
libflac-dev (>= 1.1.4-0),
Conflicts: libsndfile-dev,
libsndfile0-dev
Replaces: libsndfile-dev
Provides: libsndfile-dev
Description: Development files for libsndfile; a library for reading/writing audio files
libsndfile is a library of C routines for reading and writing files containing
sampled audio data.
.
This is the development version of libsndfile. You will need this only if you
intend to compile programs that use this library.
Package: libsndfile1
Section: libs
Architecture: any
Multi-Arch: same
Pre-Depends: ${misc:Pre-Depends}
Depends:
${misc:Depends},
${shlibs:Depends},
Description: Library for reading/writing audio files
libsndfile is a library of C routines for reading and writing files containing
sampled audio data.
.
Various versions of WAV (integer, floating point, GSM, and compressed formats);
Microsoft PCM, A-law and u-law formats; AIFF, AIFC and RIFX; various AU/SND
formats (Sun/NeXT, Dec AU, G721 and G723 ADPCM); RAW header-less PCM files;
Amiga IFF/8SVX/16SV PCM files; Ensoniq PARIS (.PAF); Apple's Core Audio Format
(CAF) and others.
Package: sndfile-programs
Section: utils
Architecture: any
Depends:
${misc:Depends},
${shlibs:Depends},
Recommends: sndfile-tools
Description: Sample programs that use libsndfile
This package contains simple programs which use libsndfile for operating on
sound files.
.
Programs include:
- sndfile-cmp : compare the audio data of two files
- sndfile-concat : concatenate two or more files
- sndfile-convert : convert between sound file formats
- sndfile-info : print information about files
- sndfile-metadata-get/set : get and set file metadata
- sndfile-play : play a sound file

307
debian/copyright vendored Normal file
View File

@ -0,0 +1,307 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: libsndfile
Upstream-Contact: Erik de Castro Lopo <erikd@mega-nerd.com>
Source: https://github.com/erikd/libsndfile/
Files: *
Copyright: 1999-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
License: LGPL-2.1+
Files: src/*
Copyright: 1999-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
License: LGPL-2.1+
Files: src/GSM610/*
Copyright: 1992, Jutta Degener and Carsten Bormann, Technische Universität Berlin
License: gsm
Any use of this software is permitted provided that this notice is not
removed and that neither the authors nor the Technische Universitaet Berlin
are deemed to have made any representations as to the suitability of this
software for any purpose nor are held responsible for any defects of
this software. THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.
.
As a matter of courtesy, the authors request to be informed about uses
this software has found, about bugs in this software, and about any
improvements that may be of general interest.
Files: src/ALAC/*
Copyright: 2011, Apple Inc.
2012-2015, Erik de Castro Lopo <erikd@mega-nerd.com>
License: Apache-2.0
Files: src/ALAC/shift.h
Copyright: 2014, Erik de Castro Lopo <erikd@mega-nerd.com>
License: LGPL-2.1+
Files: src/G72x/*
Copyright: Sun Microsystems, Inc.
License: sun
This source code is a product of Sun Microsystems, Inc. and is provided
for unrestricted use. Users may copy or modify this source code without
charge.
.
SUN SOURCE CODE IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING
THE WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
.
Sun source code is provided with no support and without any obligation on
the part of Sun Microsystems, Inc. to assist in its use, correction,
modification or enhancement.
.
SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY THIS SOFTWARE
OR ANY PART THEREOF.
.
In no event will Sun Microsystems, Inc. be liable for any lost revenue
or profits or other special, indirect and consequential damages, even if
Sun has been advised of the possibility of such damages.
.
Sun Microsystems, Inc.
2550 Garcia Avenue
Mountain View, California 94043
Files: src/G72x/g72x_test.c
Copyright: 1999-2014, Erik de Castro Lopo <erikd@mega-nerd.com>
License: GPL-2+
Files: src/*ima_oki*
Copyright: 2007, <robs@users.sourceforge.net>
2007-2014, Erik de Castro Lopo <erikd@mega-nerd.com>
License: LGPL-2+
Files: src/aiff.c
src/wav.c
src/wavlike.c
Copyright: 1999-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2004-2005, David Viens <davidv@plogue.com>
License: LGPL-2.1+
Files: src/*.py
Copyright: 2003-2017, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: src/sndfile.hh
Copyright: 2005-2012, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: src/ogg_vorbis.c
Copyright: 2002-2005, Michael Smith <msmith@xiph.org>
2002-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2007, John ffitch
License: BSD-3-clause and LGPL-2.1+
Files: src/ogg.c
Copyright: 2002-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2007, John ffitch
License: LGPL-2.1+
Files: src/flac.c
Copyright: 2004, Tobias Gehrig <tgehrig@ira.uka.de>
2004-2017, Erik de Castro Lopo <erikd@mega-nerd.com>
License: LGPL-2.1+
Files: src/cart.c
Copyright: 2006, Paul Davis <paul@linuxaudiosystems.com>
2006-2013, Erik de Castro Lopo <erikd@mega-nerd.com>
2012, Chris Roberts <c.roberts@csrfm.com>
License: LGPL-2.1+
Files: src/chunk.c
Copyright: 2008-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2012, IOhannes m zmoelnig, IEM <zmoelnig@iem.at>
License: LGPL-2.1+
Files: src/sd2.c
Copyright: 2001-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2004, Paavo Jumppanen
License: LGPL-2.1+
Files: src/broadcast.c
Copyright: 2006, Paul Davis <paul@linuxaudiosystems.com>
2006-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
License: LGPL-2.1+
Files: src/wve.c
Copyright: 2002-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2007, Reuben Thomas
License: LGPL-2.1+
Files: src/file_io.c
Copyright: 2002-2014, Erik de Castro Lopo <erikd@mega-nerd.com>
2003, Ross Bencina <rbencina@iprimus.com.au>
License: LGPL-2.1+
Files: src/rf64.c
Copyright: 2008-2017, Erik de Castro Lopo <erikd@mega-nerd.com>
2009, Uli Franke <cls@nebadje.org>
License: LGPL-2.1+
Files: programs/*
Copyright: 1999-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: programs/common.c
programs/sndfile-metadata-*.c
Copyright: 1999-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
2008-2010, George Blood Audio
License: BSD-3-clause
Files: programs/sndfile-cmp.c
Copyright: 2008, Conrad Parker <conrad@metadecks.org>
2008-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: programs/sndfile-play-beos.cpp
Copyright: 2001, Marcus Overhagen <marcus@overhagen.de>
License: GPL-2+
Files: examples/*
Copyright: 1999-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: examples/sndfilehandle.cc
Copyright: 2007-2011, Erik de Castro Lopo <erikd@mega-nerd.com>
License: GPL-2+
Files: Octave/sndfile_load.m
Octave/sndfile_play.m
Octave/sndfile_save.m
Copyright: 2002-2011, Erik de Castro Lopo
License: GPL-2+
Files: tests/*
Copyright: 1999-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
License: GPL-2+
Files: tests/*.sh.in
Copyright: 2008-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: regtest/*
Copyright: 2005-2011, Erik de Castro Lopo
License: GPL-2+
Files: Scripts/android-configure.sh
Copyright: 2013-2016, Erik de Castro Lopo <erikd@mega-nerd.com>
License: BSD-3-clause
Files: M4/stack_protect.m4
Copyright: 2013, Xiph.org Foundation
License: BSD-3-clause
Files: M4/ax_add_fortify_source.m4
Copyright: 2017, David Seifert <soap@gentoo.org>
License: FSFAP
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice
and this notice are preserved. This file is offered as-is, without any
warranty.
Files: M4/extra_pkg.m4
Copyright: 2004, Scott James Remnant <scott@netsplit.com>.
2008-2012, Erik de Castro Lopo <erikd@mega-nerd.com>
License: GPL-2+
Files: debian/*
Copyright: 2016-2017, Erik de Castro Lopo <erikd@mega-nerd.com>
2016-2017, IOhannes m zmölnig <umlaeute@debian.org>
License: LGPL-2.1+
License: LGPL-2.1+
This package is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
.
You should have received a copy of the 'GNU Lesser General Public
License' along with this program. If not, see
<http://www.gnu.org/licenses/>.
Comment:
On Debian systems, the complete text of the GNU Lesser General Public License
(LGPL) version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1".
License: LGPL-2+
This package is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2 of the License.
.
This package is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
.
You should have received a copy of the 'GNU Lesser General Public
License' along with this program. If not, see
<http://www.gnu.org/licenses/>.
Comment:
On Debian systems, the complete text of the GNU Lesser General Public License
(LGPL) version 2 can be found in "/usr/share/common-licenses/LGPL-2".
License: GPL-2+
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
.
You should have received a copy of the GNU General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
Comment:
On Debian systems, the complete text of the GNU General Public License
(GPL) version 2 can be found in "/usr/share/common-licenses/GPL-2".
License: BSD-3-clause
All rights reserved.
.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
3. The name of the author may not be used to endorse or promote
products derived from this software without specific prior
written permission.
.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Comment:
On Debian systems, the complete text of the Apache 2.0 License
can be found in /usr/share/common-licenses/Apache-2.0 file.

13
debian/examples/Makefile vendored Normal file
View File

@ -0,0 +1,13 @@
SRC=$(wildcard *.c)
APPS=$(SRC:%.c=%)
SNDLIBS=$(LIBS) $(shell pkg-config --cflags --libs sndfile) -lm
.PHONY: default clean
default: $(APPS)
%: %.c
$(CC) -Icommon $(CPPFLAGS) $(CFLAGS) -o $@ $< $(SNDLIBS)
clean:
rm -f $(APPS)

9
debian/libsndfile1-dev.doc-base vendored Normal file
View File

@ -0,0 +1,9 @@
Document: libsndfile
Title: Debian libsndfile Manual
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
Abstract: Programming manual and examples for the libsndfile library.
Section: Programming
Format: HTML
Index: /usr/share/doc/libsndfile1-dev/html/index.html
Files: /usr/share/doc/libsndfile1-dev/html/*.html

3
debian/libsndfile1-dev.docs vendored Normal file
View File

@ -0,0 +1,3 @@
NEWS
README
AUTHORS

5
debian/libsndfile1-dev.examples vendored Normal file
View File

@ -0,0 +1,5 @@
examples/*.c
debian/examples/Makefile
src/common.h
src/sfconfig.h
src/config.h

5
debian/libsndfile1-dev.install vendored Normal file
View File

@ -0,0 +1,5 @@
usr/include/*
usr/lib/*/lib*.a
usr/lib/*/lib*.so
usr/lib/*/pkgconfig/sndfile.pc
usr/share/doc/libsndfile/* usr/share/doc/libsndfile1-dev/html/

1
debian/libsndfile1.install vendored Normal file
View File

@ -0,0 +1 @@
usr/lib/*/lib*.so.*

42
debian/libsndfile1.symbols vendored Normal file
View File

@ -0,0 +1,42 @@
libsndfile.so.1 libsndfile1 (>= 1.0.20)
libsndfile.so.1.0@libsndfile.so.1.0 1.0.20
sf_close@libsndfile.so.1.0 1.0.20
sf_command@libsndfile.so.1.0 1.0.20
sf_current_byterate@libsndfile.so.1.0 1.0.27
sf_error@libsndfile.so.1.0 1.0.20
sf_error_number@libsndfile.so.1.0 1.0.20
sf_error_str@libsndfile.so.1.0 1.0.20
sf_format_check@libsndfile.so.1.0 1.0.20
sf_get_chunk_data@libsndfile.so.1.0 1.0.27
sf_get_chunk_iterator@libsndfile.so.1.0 1.0.27
sf_get_chunk_size@libsndfile.so.1.0 1.0.27
sf_get_string@libsndfile.so.1.0 1.0.20
sf_next_chunk_iterator@libsndfile.so.1.0 1.0.27
sf_open@libsndfile.so.1.0 1.0.20
sf_open_fd@libsndfile.so.1.0 1.0.20
sf_open_virtual@libsndfile.so.1.0 1.0.20
sf_perror@libsndfile.so.1.0 1.0.20
sf_read_double@libsndfile.so.1.0 1.0.20
sf_read_float@libsndfile.so.1.0 1.0.20
sf_read_int@libsndfile.so.1.0 1.0.20
sf_read_raw@libsndfile.so.1.0 1.0.20
sf_read_short@libsndfile.so.1.0 1.0.20
sf_readf_double@libsndfile.so.1.0 1.0.20
sf_readf_float@libsndfile.so.1.0 1.0.20
sf_readf_int@libsndfile.so.1.0 1.0.20
sf_readf_short@libsndfile.so.1.0 1.0.20
sf_seek@libsndfile.so.1.0 1.0.20
sf_set_chunk@libsndfile.so.1.0 1.0.27
sf_set_string@libsndfile.so.1.0 1.0.20
sf_strerror@libsndfile.so.1.0 1.0.20
sf_version_string@libsndfile.so.1.0 1.0.20
sf_write_double@libsndfile.so.1.0 1.0.20
sf_write_float@libsndfile.so.1.0 1.0.20
sf_write_int@libsndfile.so.1.0 1.0.20
sf_write_raw@libsndfile.so.1.0 1.0.20
sf_write_short@libsndfile.so.1.0 1.0.20
sf_write_sync@libsndfile.so.1.0 1.0.20
sf_writef_double@libsndfile.so.1.0 1.0.20
sf_writef_float@libsndfile.so.1.0 1.0.20
sf_writef_int@libsndfile.so.1.0 1.0.20
sf_writef_short@libsndfile.so.1.0 1.0.20

21
debian/patches/CVE-2017-6892.patch vendored Normal file
View File

@ -0,0 +1,21 @@
From: Erik de Castro Lopez <erikd@mega-nerd.com>
Date: Tue, 20 Jun 2017 00:00:00 +0200
Subject: Fix for CVE-2017-6892
Origin: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
Applied-Upstream: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- libsndfile.orig/src/aiff.c
+++ libsndfile/src/aiff.c
@@ -1905,7 +1905,7 @@
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;

49
debian/patches/CVE-2017-8362.patch vendored Normal file
View File

@ -0,0 +1,49 @@
From: Erik de Castro Lopez <erikd@mega-nerd.com>
Date: Sun, 28 May 2017 00:00:00 +0200
Subject: fixed yet another buffer read overflow in FLAC code
Origin: upstream
Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
CVE-2017-8362
Last-Update: 2017-05-28
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/flac.c b/src/flac.c
index 5a4f8c2..e4f9aaa 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;

51
debian/patches/CVE-2017-8363.patch vendored Normal file
View File

@ -0,0 +1,51 @@
From: Erik de Castro Lopez <erikd@mega-nerd.com>
Date: Sun, 28 May 2017 00:00:00 +0200
Subject: fixing another memory leak in FLAC code
Origin: upstream
Applied-Upstream: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 & https://github.com/erikd/libsndfile/commit/5206a9b65e61598fde44d276c81b0585bc428562
Last-Update: 2017-05-28
CVE-2017-8363
---
src/flac.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/src/flac.c b/src/flac.c
index aad7920..5a4f8c2 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -430,8 +430,7 @@ sf_flac_meta_get_vorbiscomments (SF_PRIVATE *psf, const FLAC__StreamMetadata *me
static void
sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__StreamMetadata *metadata, void *client_data)
{ SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
- FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ;
- int bitwidth = 0, i ;
+ int bitwidth = 0 ;
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
@@ -481,12 +480,6 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
if (bitwidth > 0)
psf_log_printf (psf, " Bit width : %d\n", bitwidth) ;
-
-
- for (i = 0 ; i < psf->sf.channels ; i++)
- pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (int32_t)) ;
-
- pflac->wbuffer = (const int32_t* const*) pflac->rbuffer ;
break ;
case FLAC__METADATA_TYPE_VORBIS_COMMENT :
@@ -848,7 +841,9 @@ flac_read_header (SF_PRIVATE *psf)
psf_log_printf (psf, "End\n") ;
- if (psf->error == 0)
+ if (psf->error != 0)
+ FLAC__stream_decoder_delete (pflac->fsd) ;
+ else
{ FLAC__uint64 position ;
FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ;

63
debian/patches/CVE-2017-8365.patch vendored Normal file
View File

@ -0,0 +1,63 @@
From: Erik de Castro Lopez <erikd@mega-nerd.com>
Date: Sun, 28 May 2017 00:00:00 +0200
Subject: fixing buffer read/write overruns in FLAC-code
Origin: upstream
Applied-Upstream: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
Last-Update: 2017-05-28
CVE-2017-8365, CVE-2017-8363, CVE-2017-8361
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
diff --git a/src/common.h b/src/common.h
index 0bd810c..e2669b6 100644
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
diff --git a/src/flac.c b/src/flac.c
index 40629c7..aad7920 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+ "Nothing to be but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+ "Carrying on as if nothing happened.",
+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
psf->sf.frames = metadata->data.stream_info.total_samples ;
diff --git a/src/sndfile.c b/src/sndfile.c
index b76bfe9..1f57846 100644
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },

21
debian/patches/CVE-2019-3832.patch vendored Normal file
View File

@ -0,0 +1,21 @@
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
Date: Tue, 5 Mar 2019 11:27 +0100
Subject: Fix for CVE-2019-3832
Origin: https://github.com/erikd/libsndfile/pull/460
Applied-Upstream: https://github.com/erikd/libsndfile/commit/7408c4c788ce047d4e652b60a04e7796bcd7267e
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- libsndfile.orig/src/wav.c
+++ libsndfile/src/wav.c
@@ -1094,6 +1094,10 @@
psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+ /* Make sure we don't read past the loops array end. */
+ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
+ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
+
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
{ int type ;

View File

@ -0,0 +1,30 @@
From: "Brett T. Warden" <brett.t.warden@intel.com>
Date: Tue, 28 Aug 2018 12:01:17 -0700
Subject: Check MAX_CHANNELS in sndfile-deinterleave
Allocated buffer has space for only 16 channels. Verify that input file
meets this limit.
Fixes #397
---
programs/sndfile-deinterleave.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index e27593e..cb497e1 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,13 @@ main (int argc, char **argv)
exit (1) ;
} ;
+ if (sfinfo.channels > MAX_CHANNELS)
+ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
+ argv [1], sfinfo.channels, MAX_CHANNELS) ;
+ exit (1) ;
+ } ;
+
+
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;

View File

@ -0,0 +1,90 @@
From: Hugo Lefeuvre <hle@owl.eu.com>
Date: Mon, 24 Dec 2018 06:43:48 +0100
Subject: a/ulaw: fix multiple buffer overflows (#432)
i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN
properly, leading to buffer underflow. INT_MIN is a special value
since - INT_MIN cannot be represented as int.
In this case round - INT_MIN to INT_MAX and proceed as usual.
f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN
properly, leading to null pointer dereference.
In this case, arbitrarily set the buffer value to 0.
This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
fixes #344 (CVE-2017-17456 and CVE-2017-17457).
---
src/alaw.c | 9 +++++++--
src/ulaw.c | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/alaw.c b/src/alaw.c
index 063fd1a..4220224 100644
--- a/src/alaw.c
+++ b/src/alaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -326,7 +327,9 @@ s2alaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2alaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = alaw_encode [INT_MAX >> (16 + 4)] ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [ptr [count] >> (16 + 4)] ;
else
buffer [count] = 0x7F & alaw_encode [- ptr [count] >> (16 + 4)] ;
@@ -346,7 +349,9 @@ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
diff --git a/src/ulaw.c b/src/ulaw.c
index e50b4cb..b6070ad 100644
--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -827,7 +828,9 @@ s2ulaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2ulaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = ulaw_encode [INT_MAX >> (16 + 2)] ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [ptr [count] >> (16 + 2)] ;
else
buffer [count] = 0x7F & ulaw_encode [-ptr [count] >> (16 + 2)] ;
@@ -847,7 +850,9 @@ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;

View File

@ -0,0 +1,34 @@
From: =?utf-8?q?J=C3=B6rn_Heusipp?= <osmanx@problemloesungsmaschine.de>
Date: Wed, 12 Jul 2017 00:00:00 +0200
Subject: Fix heap buffer overflows when writing strings in binheader
Origin: upstream
Applied-Upstream: cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
---
src/common.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/common.c b/src/common.c
index b9f3223..ecce9a7 100644
--- a/src/common.c
+++ b/src/common.c
@@ -675,15 +675,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
/* Write a C string (guaranteed to have a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size + (size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size + (size & 1)) ;
+ size += (size & 1) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1] = 0 ;

View File

@ -0,0 +1,34 @@
From: Fabian Greffrath <fabian@greffrath.com>
Date: Thu, 28 Sep 2017 12:15:04 +0200
Subject: double64_init: Check psf->sf.channels against upper bound
This prevents division by zero later in the code.
While the trivial case to catch this (i.e. sf.channels < 1) has already
been covered, a crafted file may report a number of channels that is
so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
miscalculated to zero (if this makes sense) in the determination of the
blockwidth. Since we only support a limited number of channels anyway,
make sure to check here as well.
CVE-2017-14634
Closes: https://github.com/erikd/libsndfile/issues/318
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
---
src/double64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/double64.c b/src/double64.c
index b318ea8..78dfef7 100644
--- a/src/double64.c
+++ b/src/double64.c
@@ -91,7 +91,7 @@ int
double64_init (SF_PRIVATE *psf)
{ static int double64_caps ;
- if (psf->sf.channels < 1)
+ if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
{ psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
return SFE_INTERNAL ;
} ;

49
debian/patches/fix_rf64_arm.patch vendored Normal file
View File

@ -0,0 +1,49 @@
From: Erik de Castro Lopez <erikd@mega-nerd.com>
Date: Tue, 20 Jun 2017 00:00:00 +0200
Subject: fix RF64 on armel/armhf archs
Origin: upstream
Applied-Upstream: 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5
Last-Update: 2017-06-20
---
src/rf64.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/rf64.c b/src/rf64.c
index c373bb0..60a3309 100644
--- a/src/rf64.c
+++ b/src/rf64.c
@@ -339,6 +339,12 @@ rf64_read_header (SF_PRIVATE *psf, int *blockalign, int *framesperblock)
} ;
break ;
+ case JUNK_MARKER :
+ case PAD_MARKER :
+ psf_log_printf (psf, "%M : %d\n", marker, chunk_size) ;
+ psf_binheader_readf (psf, "j", chunk_size) ;
+ break ;
+
default :
if (chunk_size >= 0xffff0000)
{ psf_log_printf (psf, "*** Unknown chunk marker (%X) at position %D with length %u. Exiting parser.\n", marker, psf_ftell (psf) - 8, chunk_size) ;
@@ -659,7 +665,7 @@ rf64_write_header (SF_PRIVATE *psf, int calc_length)
if (wpriv->rf64_downgrade && psf->filelength < RIFF_DOWNGRADE_BYTES)
{ psf_binheader_writef (psf, "etm8m", RIFF_MARKER, (psf->filelength < 8) ? 8 : psf->filelength - 8, WAVE_MARKER) ;
- psf_binheader_writef (psf, "m4884", JUNK_MARKER, 20, 0, 0, 0, 0) ;
+ psf_binheader_writef (psf, "m4z", JUNK_MARKER, 24, 24) ;
add_fact_chunk = 1 ;
}
else
@@ -735,9 +741,10 @@ rf64_write_header (SF_PRIVATE *psf, int calc_length)
#endif
+ /* Padding may be needed if string data sizes change. */
pad_size = psf->dataoffset - 16 - psf->header.indx ;
if (pad_size >= 0)
- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
+ psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;

67
debian/patches/fix_typos.patch vendored Normal file
View File

@ -0,0 +1,67 @@
From: IOhannes m zmoelnig <umlaeute@debian.org>
Date: Wed, 5 Oct 2016 00:00:00 +0200
Subject: fixed spelling errors
Forwarded: yes
Last-Update: 2016-10-05
discovered by lintian
---
doc/bugs.html | 2 +-
programs/sndfile-convert.c | 2 +-
src/ogg.c | 2 +-
src/wavlike.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/bugs.html b/doc/bugs.html
index 3a441fe..addedb8 100644
--- a/doc/bugs.html
+++ b/doc/bugs.html
@@ -31,7 +31,7 @@
<UL>
<LI> Compilation problems on new platforms.
<LI> Errors being detected during the `make check' process.
- <LI> Segmentation faults occuring inside libsndfile.
+ <LI> Segmentation faults occurring inside libsndfile.
<LI> libsndfile hanging when opening a file.
<LI> Supported sound file types being incorrectly read or written.
<LI> Omissions, errors or spelling mistakes in the documentation.
diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c
index dff7f79..896838f 100644
--- a/programs/sndfile-convert.c
+++ b/programs/sndfile-convert.c
@@ -317,7 +317,7 @@ main (int argc, char * argv [])
if ((sfinfo.format & SF_FORMAT_SUBMASK) == SF_FORMAT_GSM610 && sfinfo.samplerate != 8000)
{ printf (
"WARNING: GSM 6.10 data format only supports 8kHz sample rate. The converted\n"
- "ouput file will contain the input data converted to the GSM 6.10 data format\n"
+ "output file will contain the input data converted to the GSM 6.10 data format\n"
"but not re-sampled.\n"
) ;
} ;
diff --git a/src/ogg.c b/src/ogg.c
index 0856f77..e01ebe1 100644
--- a/src/ogg.c
+++ b/src/ogg.c
@@ -193,7 +193,7 @@ ogg_stream_classify (SF_PRIVATE *psf, OGG_PRIVATE* odata)
break ;
} ;
- psf_log_printf (psf, "This Ogg bitstream contains some uknown data type.\n") ;
+ psf_log_printf (psf, "This Ogg bitstream contains some unknown data type.\n") ;
return SFE_UNIMPLEMENTED ;
} /* ogg_stream_classify */
diff --git a/src/wavlike.c b/src/wavlike.c
index 86ebf01..c053da3 100644
--- a/src/wavlike.c
+++ b/src/wavlike.c
@@ -161,7 +161,7 @@ wavlike_read_fmt_chunk (SF_PRIVATE *psf, int fmtsize)
{ psf_log_printf (psf, " Bit Width : 24\n") ;
psf_log_printf (psf, "\n"
- " Ambiguous information in 'fmt ' chunk. Possibile file types:\n"
+ " Ambiguous information in 'fmt ' chunk. Possible file types:\n"
" 0) Invalid IEEE float file generated by Syntrillium's Cooledit!\n"
" 1) File generated by ALSA's arecord containing 24 bit samples in 32 bit containers.\n"
" 2) 24 bit file with incorrect Block Align value.\n"

12
debian/patches/series vendored Normal file
View File

@ -0,0 +1,12 @@
CVE-2017-8365.patch
CVE-2017-8363.patch
CVE-2017-8362.patch
CVE-2017-6892.patch
CVE-2019-3832.patch
binheader-heapoverflow.patch
fix_rf64_arm.patch
fix_typos.patch
a-ulaw-fix-multiple-buffer-overflows-432.patch
double64_init-Check-psf-sf.channels-against-upper-bo.patch
src-wav.c-Fix-heap-read-overflow.patch
Check-MAX_CHANNELS-in-sndfile-deinterleave.patch

View File

@ -0,0 +1,29 @@
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 1 Jan 2019 20:11:46 +1100
Subject: src/wav.c: Fix heap read overflow
This is CVE-2018-19758.
Closes: https://github.com/erikd/libsndfile/issues/435
---
src/wav.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- libsndfile.orig/src/wav.c
+++ libsndfile/src/wav.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2019 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
**
** This program is free software; you can redistribute it and/or modify
@@ -1098,6 +1098,8 @@
if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
+ /* Loop count is signed 16 bit number so we limit it range to something sensible. */
+ psf->instrument->loop_count &= 0x7fff ;
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
{ int type ;

18
debian/rules vendored Executable file
View File

@ -0,0 +1,18 @@
#!/usr/bin/make -f
# Copyright © 2017 IOhannes m zmölnig
# under the LGPL-2.1+
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@
override_dh_strip:
dh_strip --dbgsym-migration='libsndfile1-dbg (<< 1.0.28-1~), sndfile-programs-dbg (<< 1.0.28-1~)'
override_dh_clean:
dh_clean
-find man/ -type l -delete

4
debian/salsa-ci.yml vendored Normal file
View File

@ -0,0 +1,4 @@
---
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml

11
debian/sndfile-programs.install vendored Normal file
View File

@ -0,0 +1,11 @@
usr/bin/sndfile-cmp
usr/bin/sndfile-concat
usr/bin/sndfile-convert
usr/bin/sndfile-deinterleave
usr/bin/sndfile-info
usr/bin/sndfile-interleave
usr/bin/sndfile-metadata-get
usr/bin/sndfile-metadata-set
usr/bin/sndfile-play
usr/bin/sndfile-salvage
usr/share/man/man1/*

1
debian/source/format vendored Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

4
debian/upstream/metadata vendored Normal file
View File

@ -0,0 +1,4 @@
Bug-Database: https://github.com/erikd/libsndfile/issues
Bug-Submit: https://github.com/erikd/libsndfile/issues/new
Repository: https://github.com/erikd/libsndfile.git
Repository-Browse: https://github.com/erikd/libsndfile

3
debian/watch vendored Normal file
View File

@ -0,0 +1,3 @@
version=3
http://www.mega-nerd.com/libsndfile/files/ libsndfile-([\d\.]+)\.tar\.gz