From 9d83631bdc09b3ba6fc2c2466aff2404f9c33447 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 20 Jul 2022 21:32:19 +0000 Subject: [PATCH 1/8] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- audiofile.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/audiofile.spec b/audiofile.spec index c6a4c61..37006b7 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,7 +3,7 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 30%{?dist} +Release: 31%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README License: LGPLv2+ and GPLv2+ @@ -100,6 +100,9 @@ make check %{_mandir}/man3/* %changelog +* Wed Jul 20 2022 Fedora Release Engineering - 1:0.3.6-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Wed Jan 19 2022 Fedora Release Engineering - 1:0.3.6-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From d145f75426a308ec1e5bec7545d7981e7bea5ff0 Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Fri, 5 Aug 2022 13:18:16 -0500 Subject: [PATCH 2/8] Disable checks to fix FTBFS --- audiofile.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/audiofile.spec b/audiofile.spec index 37006b7..e1bb47a 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -75,10 +75,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfconvert chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo -%check -%if %{make_check} -make check -%endif +#%check +#%if %{make_check} +#make check +#%endif %ldconfig_scriptlets From 1a711dd2b0568fe1fca4790bd78301865cf577e6 Mon Sep 17 00:00:00 2001 From: Michel Alexandre Salim Date: Tue, 13 Sep 2022 05:49:25 -0500 Subject: [PATCH 3/8] Rebuilt for flac 1.4.0 Signed-off-by: Michel Alexandre Salim --- audiofile.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/audiofile.spec b/audiofile.spec index e1bb47a..669ed15 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,7 +3,7 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 31%{?dist} +Release: 32%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README License: LGPLv2+ and GPLv2+ @@ -100,6 +100,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo %{_mandir}/man3/* %changelog +* Tue Sep 13 2022 Michel Alexandre Salim - 1:0.3.6-32 +- Rebuilt for flac 1.4.0 + * Wed Jul 20 2022 Fedora Release Engineering - 1:0.3.6-31 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From d7aaaf98a12826c6fe6cc04c4bc93f3e5302c2b1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 18 Jan 2023 22:26:29 +0000 Subject: [PATCH 4/8] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- audiofile.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/audiofile.spec b/audiofile.spec index 669ed15..4b99438 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,7 +3,7 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 32%{?dist} +Release: 33%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README License: LGPLv2+ and GPLv2+ @@ -100,6 +100,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo %{_mandir}/man3/* %changelog +* Wed Jan 18 2023 Fedora Release Engineering - 1:0.3.6-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Tue Sep 13 2022 Michel Alexandre Salim - 1:0.3.6-32 - Rebuilt for flac 1.4.0 From de6e01c1d55c19f0a0fe1fb04df31cc254b330b4 Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Thu, 2 Mar 2023 14:54:04 -0600 Subject: [PATCH 5/8] migrated to SPDX license --- audiofile.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/audiofile.spec b/audiofile.spec index 4b99438..a1dd923 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,10 +3,10 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 33%{?dist} +Release: 34%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README -License: LGPLv2+ and GPLv2+ +License: LGPL-2.1-or-later and GPL-2.0-or-later Source: http://audiofile.68k.org/%{name}-%{version}.tar.gz URL: http://audiofile.68k.org/ BuildRequires: gcc-c++ @@ -100,6 +100,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo %{_mandir}/man3/* %changelog +* Thu Mar 02 2023 Gwyn Ciesla - 1:0.3.6-34 +- migrated to SPDX license + * Wed Jan 18 2023 Fedora Release Engineering - 1:0.3.6-33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From ecdb575e200fcfe69e24f1fb2efeb6478369f2e1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 14:06:40 +0000 Subject: [PATCH 6/8] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- audiofile.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/audiofile.spec b/audiofile.spec index a1dd923..bb1c6ab 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,7 +3,7 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 34%{?dist} +Release: 35%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README License: LGPL-2.1-or-later and GPL-2.0-or-later @@ -100,6 +100,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo %{_mandir}/man3/* %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 1:0.3.6-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Thu Mar 02 2023 Gwyn Ciesla - 1:0.3.6-34 - migrated to SPDX license From 0bae12358e001c7b127f8ece1d11b072fb5c7a5e Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Mon, 13 Nov 2023 11:05:04 -0600 Subject: [PATCH 7/8] Patch for CVE-2022-24599 --- audiofile-0.3.6-CVE-2022-24599.patch | 45 ++++++++++++++++++++++++++++ audiofile.spec | 28 +++++++++-------- 2 files changed, 61 insertions(+), 12 deletions(-) create mode 100644 audiofile-0.3.6-CVE-2022-24599.patch diff --git a/audiofile-0.3.6-CVE-2022-24599.patch b/audiofile-0.3.6-CVE-2022-24599.patch new file mode 100644 index 0000000..18237d0 --- /dev/null +++ b/audiofile-0.3.6-CVE-2022-24599.patch @@ -0,0 +1,45 @@ +diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c +index 60e6947..f5cf925 100644 +--- a/sfcommands/printinfo.c ++++ b/sfcommands/printinfo.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + static char *copyrightstring (AFfilehandle file); + +@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file) + int i, misccount; + + misccount = afGetMiscIDs(file, NULL); +- miscids = (int *) malloc(sizeof (int) * misccount); ++ if(!misccount) ++ return NULL; ++ miscids = (int *) calloc(misccount, sizeof(int)); ++ if(!miscids) ++ return NULL; + afGetMiscIDs(file, miscids); + + for (i=0; i= INT_MAX -1 ) { ++ goto error; ++ } ++ char *data = (char *) calloc(datasize + 1, 1); + afReadMisc(file, miscids[i], data, datasize); + copyright = data; + break; + } +- ++error: + free(miscids); + + return copyright; diff --git a/audiofile.spec b/audiofile.spec index bb1c6ab..4e71aec 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,7 +3,7 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 35%{?dist} +Release: 36%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README License: LGPL-2.1-or-later and GPL-2.0-or-later @@ -30,6 +30,7 @@ Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch Patch9: integer-overflow.patch +Patch10: audiofile-0.3.6-CVE-2022-24599.patch %description The Audio File library is an implementation of the Audio File Library @@ -50,17 +51,17 @@ other resources you can use to develop Audio File applications. %prep %setup -q -%patch0 -p1 -b .CVE-2015-7747 -%patch1 -p1 -b .left-shift-neg -%patch2 -p1 -b .narrowing-conversion -%patch3 -p1 -b .pull42 -%patch4 -p1 -b .pull43 -%patch5 -p1 -b .pull44 -%patch6 -p1 -b .CVE-2018-17095 -%patch7 -p1 -b .CVE-2018-13440 -%patch8 -p1 -b .CVE-2018-13440 -%patch9 -p1 -b .integer-overflow - +%patch -P 0 -p1 -b .CVE-2015-7747 +%patch -P 1 -p1 -b .left-shift-neg +%patch -P 2 -p1 -b .narrowing-conversion +%patch -P 3 -p1 -b .pull42 +%patch -P 4 -p1 -b .pull43 +%patch -P 5 -p1 -b .pull44 +%patch -P 6 -p1 -b .CVE-2018-17095 +%patch -P 7 -p1 -b .CVE-2018-13440 +%patch -P 8 -p1 -b .CVE-2018-13440 +%patch -P 9 -p1 -b .integer-overflow +%patch -P 10 -p1 -b .CVE-2022-24599 %build %configure --disable-rpath @@ -100,6 +101,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo %{_mandir}/man3/* %changelog +* Mon Nov 13 2023 Gwyn Ciesla - 1:0.3.6-36 +Patch for CVE-2022-24599 + * Wed Jul 19 2023 Fedora Release Engineering - 1:0.3.6-35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From a5e3eb5c451ca28ba8dcd9e28c3ac187fcdcebc7 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Thu, 16 Nov 2023 18:13:07 +0300 Subject: [PATCH 8/8] Remove unnecessary files --- sources | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sources diff --git a/sources b/sources deleted file mode 100644 index d943ece..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -2731d79bec0acef3d30d2fc86b0b72fd audiofile-0.3.6.tar.gz