import opusfile-0.12-15.el10

.gitignore

@@ -1 +1 @@
-/opusfile-0.*.tar.gz
+SOURCES/opusfile-0.12.tar.gz

.opusfile.metadata

@@ -0,0 +1 @@
+3e86971fef28292f982a32730632b1d531059ed5  SOURCES/opusfile-0.12.tar.gz

SOURCES/CVE-2022-47021.patch

@@ -0,0 +1,40 @@
+From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001
+From: Ralph Giles <giles@thaumas.net>
+Date: Tue, 6 Sep 2022 19:04:31 -0700
+Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer.
+
+Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns
+a null pointer. This allows more graceful recovery by the caller
+in the unlikely event of a fallible ogg_malloc call.
+
+We do check the return value elsewhere in the code, so the new
+checks make the code more consistent.
+
+Thanks to https://github.com/xiph/opusfile/issues/36 for reporting.
+
+Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
+Signed-off-by: Mark Harris <mark.hsj@gmail.com>
+---
+ src/opusfile.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/opusfile.c b/src/opusfile.c
+index ca219b2..3c3c81e 100644
+--- a/src/opusfile.c
++++ b/src/opusfile.c
+@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){
+   int            nbytes;
+   OP_ASSERT(_nbytes>0);
+   buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes);
++  if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
+   nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes);
+   OP_ASSERT(nbytes<=_nbytes);
+   if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes);
+@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of,
+   if(_initial_bytes>0){
+     char *buffer;
+     buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
++    if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
+     memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
+     ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
+   }

SPECS/opusfile.spec

@@ -1,16 +1,24 @@
 Name:          opusfile
 Version:       0.12
-Release:       6%{?dist}
+%global soname_version 0
+Release:       15%{?dist}
 Summary:       A high-level API for decoding and seeking within .opus files
-License:       BSD
+License:       BSD-3-Clause
 URL:           https://www.opus-codec.org/
 Source0:       https://downloads.xiph.org/releases/opus/%{name}-%{version}.tar.gz
+# Propagate allocation failure from ogg_sync_buffer.
+# https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
+#
+# Fixes CVE-2022-47021.
+# A potential bug of NPD
+# https://github.com/xiph/opusfile/issues/36
+Patch1:        https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5.patch#/CVE-2022-47021.patch
 
 BuildRequires: make
 BuildRequires: gcc
-BuildRequires: libogg-devel
-BuildRequires: openssl-devel
-BuildRequires: opus-devel
+BuildRequires: pkgconfig(ogg)
+BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(opus)
 
 %description
 libopusfile provides a high-level API for decoding and seeking 
@@ -27,13 +35,14 @@ decoded with a single output format, even if the channel count changes).
 %package devel
 Summary: Development package for %{name}
 Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires: pkgconfig
+# The public API headers include ogg/ogg.h.
+Requires: pkgconfig(ogg)
 
 %description devel
 Files for development with %{name}.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure --disable-static
@@ -46,13 +55,11 @@ Files for development with %{name}.
 #Remove libtool archives.
 find %{buildroot} -type f -name "*.la" -delete
 
-%ldconfig_scriptlets
-
 %files
 %license COPYING
 %doc AUTHORS
-%{_libdir}/libopusfile.so.*
-%{_libdir}/libopusurl.so.*
+%{_libdir}/libopusfile.so.%{soname_version}{,.*}
+%{_libdir}/libopusurl.so.%{soname_version}{,.*}
 
 %files devel
 %doc %{_docdir}/%{name}
@@ -63,6 +70,37 @@ find %{buildroot} -type f -name "*.la" -delete
 %{_libdir}/libopusurl.so
 
 %changelog
+* Sat Dec 28 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 0.12-15
+- Rebuilt for MSVSphere 10
+
+* Sat Sep 21 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 0.12-15
+- Identify the license as BSD-3-Clause
+- Make opusfile-devel depend on libogg-devel
+
+* Mon Sep 02 2024 Miroslav Suchý <msuchy@redhat.com> - 0.12-14
+- convert license to SPDX
+
+* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Feb 01 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.12-9
+- Add upstream fix for CVE-2022-47021
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 

sources

@@ -1 +0,0 @@
-SHA512 (opusfile-0.12.tar.gz) = e25e6968a3183ac0628ce1000840fd6f9f636e92ba984d6a72b76fb2a98ec632d2de4c66a8e4c05ef30655c2a4a13ab35f89606fa7d79a54cfa8506543ca57af