From 58d6e8727a795e8db52e2e707d41464581a16365 Mon Sep 17 00:00:00 2001
From: dogsheng <960055655@qq.com>
Date: Wed, 25 Dec 2019 15:54:59 +0800
Subject: [PATCH] Package init

---
 libsndfile-1.0.28-CVE-2017-14634.patch        | 39 ++++++++++
 ...-17457-CVE-2018-19661-CVE-2018-19662.patch |  0
 ...1.0.28-CVE-2018-13139-CVE-2018-19432.patch |  0
 libsndfile-1.0.28-CVE-2018-19758.patch        | 45 +++++++++++
 libsndfile-1.0.28-CVE-2019-3832.patch         | 35 +++++++++
 ...c-Fix-WAV-Sampler-Chunk-tune-parsing.patch | 67 ++++++++++++++++
 libsndfile-CVE-2019-3832.patch                | 35 ---------
 libsndfile.spec                               | 27 ++++---
 ...1.0.25_CVE-2017-14245-CVE-2017-14246.patch | 76 -------------------
 9 files changed, 203 insertions(+), 121 deletions(-)
 create mode 100644 libsndfile-1.0.28-CVE-2017-14634.patch
 rename CVE-2018-19662.patch => libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch (100%)
 rename libsndfile-CVE-2018-13139.patch => libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch (100%)
 create mode 100644 libsndfile-1.0.28-CVE-2018-19758.patch
 create mode 100644 libsndfile-1.0.28-CVE-2019-3832.patch
 create mode 100644 libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch
 delete mode 100644 libsndfile-CVE-2019-3832.patch
 delete mode 100644 libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch

diff --git a/libsndfile-1.0.28-CVE-2017-14634.patch b/libsndfile-1.0.28-CVE-2017-14634.patch
new file mode 100644
index 0000000..732a9e5
--- /dev/null
+++ b/libsndfile-1.0.28-CVE-2017-14634.patch
@@ -0,0 +1,39 @@
+From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Thu, 28 Sep 2017 12:15:04 +0200
+Subject: [PATCH 1/1] double64_init: Check psf->sf.channels against upper bound
+
+This prevents division by zero later in the code.
+
+While the trivial case to catch this (i.e. sf.channels < 1) has already
+been covered, a crafted file may report a number of channels that is
+so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
+miscalculated to zero (if this makes sense) in the determination of the
+blockwidth. Since we only support a limited number of channels anyway,
+make sure to check here as well.
+
+CVE-2017-14634
+
+Closes: https://github.com/erikd/libsndfile/issues/318
+Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
+Signed-off-by: chenmaodong <chenmaodong@huawei.com>
+---
+ src/double64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/double64.c b/src/double64.c
+index b318ea8..78dfef7 100644
+--- a/src/double64.c
++++ b/src/double64.c
+@@ -91,7 +91,7 @@ int
+ double64_init	(SF_PRIVATE *psf)
+ {	static int double64_caps ;
+ 
+-	if (psf->sf.channels < 1)
++	if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
+ 	{	psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
+ 		return SFE_INTERNAL ;
+ 		} ;
+-- 
+1.8.3.1
+
diff --git a/CVE-2018-19662.patch b/libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
similarity index 100%
rename from CVE-2018-19662.patch
rename to libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
diff --git a/libsndfile-CVE-2018-13139.patch b/libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch
similarity index 100%
rename from libsndfile-CVE-2018-13139.patch
rename to libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch
diff --git a/libsndfile-1.0.28-CVE-2018-19758.patch b/libsndfile-1.0.28-CVE-2018-19758.patch
new file mode 100644
index 0000000..eabbd56
--- /dev/null
+++ b/libsndfile-1.0.28-CVE-2018-19758.patch
@@ -0,0 +1,45 @@
+From 42132c543358cee9f7c3e9e9b15bb6c1063a608e Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 1 Jan 2019 20:11:46 +1100
+Subject: [PATCH 1/1] src/wav.c: Fix heap read overflow
+
+This is CVE-2018-19758.
+
+Closes: https://github.com/erikd/libsndfile/issues/435
+Signed-off-by: chenmaodong <chenmaodong@huawei.com>
+---
+ src/wav.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index 9d71aad..5c825f2 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2019 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -1146,6 +1146,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+
++		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
++		psf->instrument->loop_count &= 0x7fff ;
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;
+ 
+@@ -1412,7 +1414,7 @@ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
+ 		} ;
+ 
+ 	psf->instrument->basenote = note ;
+-	psf->instrument->detune = (int8_t)(pitch / (0x40000000 / 25.0) + 0.5) ;
++	psf->instrument->detune = (int8_t) (pitch / (0x40000000 / 25.0) + 0.5) ;
+ 	psf->instrument->gain = 1 ;
+ 	psf->instrument->velocity_lo = psf->instrument->key_lo = 0 ;
+ 	psf->instrument->velocity_hi = psf->instrument->key_hi = 127 ;
+-- 
+1.8.3.1
+
diff --git a/libsndfile-1.0.28-CVE-2019-3832.patch b/libsndfile-1.0.28-CVE-2019-3832.patch
new file mode 100644
index 0000000..fca3025
--- /dev/null
+++ b/libsndfile-1.0.28-CVE-2019-3832.patch
@@ -0,0 +1,35 @@
+From 6d7ce94c020cc720a6b28719d1a7879181790008 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu27@gmail.com>
+Date: Tue, 5 Mar 2019 11:27:17 +0100
+Subject: [PATCH 1/1] wav_write_header: don't read past the array end
+
+If loop_count is bigger than the array, truncate it to the array
+length (and not to 32k).
+
+CVE-2019-3832
+
+Signed-off-by: chenmaodong <chenmaodong@huawei.com>
+---
+ src/wav.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index 5c825f2..104bd0a 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1146,8 +1146,10 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+ 
+-		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
+-		psf->instrument->loop_count &= 0x7fff ;
++		/* Make sure we don't read past the loops array end. */
++		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
++
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;
+ 
+-- 
+1.8.3.1
+
diff --git a/libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch b/libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch
new file mode 100644
index 0000000..ee56a63
--- /dev/null
+++ b/libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch
@@ -0,0 +1,67 @@
+From 7ea3f9d8746000cc82c016d0b5d48452bb80e9fe Mon Sep 17 00:00:00 2001
+From: Michael Panzlaff <michael.panzlaff@fau.de>
+Date: Sat, 28 Apr 2018 23:21:34 +0200
+Subject: [PATCH 1/1] src/wav.c: Fix WAV Sampler Chunk tune parsing
+
+Fix parsing of instrument fine tuning instrument field. There is still
+a possible rounding error involved which might require further
+investigation at some stage.
+
+Update the test as well.
+
+Signed-off-by: chenmaodong <chenmaodong@huawei.com>
+---
+ src/wav.c            | 9 +++++----
+ tests/command_test.c | 1 -
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index dc97545..04bf844 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1282,7 +1282,7 @@ static int
+ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
+ {	char buffer [512] ;
+ 	uint32_t thisread, bytesread = 0, dword, sampler_data, loop_count ;
+-	uint32_t note, start, end, type = -1, count ;
++	uint32_t note, pitch, start, end, type = -1, count ;
+ 	int j, k ;
+ 
+ 	chunklen += (chunklen & 1) ;
+@@ -1299,10 +1299,10 @@ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
+ 	bytesread += psf_binheader_readf (psf, "4", &note) ;
+ 	psf_log_printf (psf, "  Midi Note    : %u\n", note) ;
+ 
+-	bytesread += psf_binheader_readf (psf, "4", &dword) ;
+-	if (dword != 0)
++	bytesread += psf_binheader_readf (psf, "4", &pitch) ;
++	if (pitch != 0)
+ 	{	snprintf (buffer, sizeof (buffer), "%f",
+-					(1.0 * 0x80000000) / ((uint32_t) dword)) ;
++					(1.0 * 0x80000000) / ((uint32_t) pitch)) ;
+ 		psf_log_printf (psf, "  Pitch Fract. : %s\n", buffer) ;
+ 		}
+ 	else
+@@ -1408,6 +1408,7 @@ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
+ 		} ;
+ 
+ 	psf->instrument->basenote = note ;
++	psf->instrument->detune = (int8_t)(pitch / (0x40000000 / 25.0) + 0.5) ;
+ 	psf->instrument->gain = 1 ;
+ 	psf->instrument->velocity_lo = psf->instrument->key_lo = 0 ;
+ 	psf->instrument->velocity_hi = psf->instrument->key_hi = 127 ;
+diff --git a/tests/command_test.c b/tests/command_test.c
+index f879659..c3e7c86 100644
+--- a/tests/command_test.c
++++ b/tests/command_test.c
+@@ -768,7 +768,6 @@ instrument_test (const char *filename, int filetype)
+ 		**	write_inst struct to hold the default value that the WAV
+ 		**	module should hold.
+ 		*/
+-		write_inst.detune = 0 ;
+ 		write_inst.key_lo = write_inst.velocity_lo = 0 ;
+ 		write_inst.key_hi = write_inst.velocity_hi = 127 ;
+ 		write_inst.gain = 1 ;
+-- 
+1.8.3.1
+
diff --git a/libsndfile-CVE-2019-3832.patch b/libsndfile-CVE-2019-3832.patch
deleted file mode 100644
index 01a67ce..0000000
--- a/libsndfile-CVE-2019-3832.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008
-wav_write_header: don't read past the array end
-
-If loop_count is bigger than the array, truncate it to the array
-length (and not to 32k).
-
-CVE-2019-3832
----
-diff --git a/programs/test-sndfile-metadata-set.py b/programs/test-sndfile-metadata-set.py
-index 0006936..5c35ea4 100755
---- a/programs/test-sndfile-metadata-set.py
-+++ b/programs/test-sndfile-metadata-set.py
-@@ -180,7 +180,7 @@ tests = [
-     ("--str-title", "Echo"), ("--str-artist", "Fox trot")
-     ]
- 
--test_auto_date (programs)
-+#test_auto_date (programs)
- test_update (programs, tests)
- test_post_mod (programs, tests)
- 
-diff --git a/src/wav.c b/src/wav.c
-index 4b943dc..a1bfbe0 100644
---- a/src/wav.c
-+++ b/src/wav.c
-@@ -1093,6 +1093,9 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
- 		psf_binheader_writef (psf, "4", tmp) ;
- 		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
- 		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
-+		/* Make sure we don't read past the loops array end. */
-+		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
-+			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
- 
- 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
- 		{	int type ;
diff --git a/libsndfile.spec b/libsndfile.spec
index 3886a1b..355f5d6 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -1,6 +1,6 @@
 Name: libsndfile
 Version: 1.0.28
-Release: 13
+Release: 15
 Summary: Library for reading and writing sound files
 License: LGPLv2+ and GPLv2+ and BSD
 URL: http://www.mega-nerd.com/libsndfile/
@@ -16,10 +16,12 @@ Patch2:		revert.patch
 Patch3:		libsndfile-1.0.28-flacbufovfl.patch
 Patch4:		libsndfile-1.0.29-cve2017_6892.patch
 Patch5:		libsndfile-1.0.28-cve2017_12562.patch
-Patch9000:	libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch
-Patch9001:	libsndfile-CVE-2018-13139.patch
-Patch9002:	libsndfile-CVE-2019-3832.patch
-Patch9003:	CVE-2018-19662.patch
+Patch6000:	libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch
+Patch6001:	libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch
+Patch6002:	libsndfile-1.0.28-CVE-2018-19758.patch
+Patch6003:	libsndfile-1.0.28-CVE-2019-3832.patch
+Patch6004:	libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
+Patch6005:	libsndfile-1.0.28-CVE-2017-14634.patch
 
 %description
 Libsndfile is a C library for reading and writing files containing
@@ -85,11 +87,7 @@ EOF
 %check
 LD_LIBRARY_PATH=$PWD/src/.libs make check
 
-%post
-/sbin/ldconfig
-
-%postun
-/sbin/ldconfig
+%ldconfig_scriptlets
 
 %files
 %{_libdir}/%{name}.so.*
@@ -132,6 +130,15 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 %{_mandir}/man1/sndfile-salvage.1*
 
 %changelog
+* Mon Dec 23 2019 chenmaodong<chenmaodong@huawei.com> - 1.0.28-15
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:sync patches from next_kernel
+
+* Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.0.28-14
+- Fix ldconfig scriptlets
+
 * Sat Apr 06 2019 luochunsheng<luochunsheng@huawei.com> - 1.0.28-13
 - Type:enhancement
 - ID:NA
diff --git a/libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch b/libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch
deleted file mode 100644
index 86b3d53..0000000
--- a/libsndfile_1.0.25_CVE-2017-14245-CVE-2017-14246.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-diff --git a/programs/common.c b/programs/common.c
-index 3fc4e3d..282ee33 100644
---- a/programs/common.c
-+++ b/programs/common.c
-@@ -36,6 +36,7 @@
- #include <string.h>
- #include <ctype.h>
- #include <stdint.h>
-+#include <math.h>
- 
- #include <sndfile.h>
- 
-@@ -45,7 +46,7 @@
- 
- #define	MIN(x, y)	((x) < (y) ? (x) : (y))
- 
--void
-+int
- sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize)
- {	static double	data [BUFFER_LEN], max ;
- 	int		frames, readcount, k ;
-@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
- 	readcount = frames ;
- 
- 	sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ;
-+	if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */
-+		return 1 ;
- 
- 	if (!normalize && max < 1.0)
- 	{	while (readcount > 0)
-@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
- 		while (readcount > 0)
- 		{	readcount = sf_readf_double (infile, data, frames) ;
- 			for (k = 0 ; k < readcount * channels ; k++)
--				data [k] /= max ;
-+			{	data [k] /= max ;
-+
-+				if (!isfinite (data [k])) /* infinite or NaN */
-+					return 1;
-+				}
- 			sf_writef_double (outfile, data, readcount) ;
- 			} ;
- 		} ;
- 
--	return ;
-+	return 0 ;
- } /* sfe_copy_data_fp */
- 
- void
-@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * in
- 
- 		/* If the input file is not the same as the output file, copy the data. */
- 		if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT))
--			sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ;
-+		{	if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0)
-+			{	printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ;
-+				error_code = 1 ;
-+				goto cleanup_exit ;
-+				} ;
-+			}
- 		else
- 			sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
- 		} ;
-diff --git a/programs/common.h b/programs/common.h
-index eda2d7d..986277e 100644
---- a/programs/common.h
-+++ b/programs/common.h
-@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_BROADCAST_INFO_2K ;
- 
- void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ;
- 
--void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
-+int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
- 
- void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ;
-