#
# spec file for package libsndfile
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define lname	%{name}1
Name:           libsndfile
Version:        1.0.28
Release:        7.1
Summary:        Development/Libraries/C and C++
License:        LGPL-2.1-or-later
Group:          System/Libraries
Url:            http://www.mega-nerd.com/libsndfile
Source0:        http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz
Source1:        http://www.mega-nerd.com/%{name}/files/%{name}-%{version}.tar.gz.asc
Source2:        %{name}.keyring
Source3:        baselibs.conf
# PATCH-FIX-UPSTREAM
Patch1:         0001-FLAC-Fix-a-buffer-read-overrun.patch
Patch2:         0002-src-flac.c-Fix-a-buffer-read-overflow.patch
Patch10:        0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
Patch20:        0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
Patch30:        0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
# not yet upstreamed, https://github.com/erikd/libsndfile/issues/317
Patch31:        0031-sfe_copy_data_fp-check-value-of-max-variable.patch
# not yet upstreamed
Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
Patch34:        sndfile-deinterlace-channels-check.patch
# PATCH-FIX-OPENSUSE
Patch100:       sndfile-ocloexec.patch
BuildRequires:  alsa-devel
BuildRequires:  flac-devel
BuildRequires:  gcc-c++
BuildRequires:  libtool
BuildRequires:  libvorbis-devel
BuildRequires:  pkg-config
BuildRequires:  speex-devel
BuildRequires:  sqlite-devel
Obsoletes:      libsnd
Provides:       libsnd
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
Libsndfile is a C library for reading and writing sound files, such as
AIFF, AU, and WAV files, through one standard interface.  It can
currently read and write 8, 16, 24, and 32-bit PCM files as well as
32-bit floating point WAV files and a number of compressed formats.

%package -n %{lname}
Summary:        A Library to Handle Various Audio File Formats
Group:          System/Libraries
Provides:       %{name} = %{version}
Obsoletes:      %{name} <= 1.0.25

%description -n %{lname}
Libsndfile is a C library for reading and writing sound files, such
as AIFF, AU, and WAV files, through one standard interface. It can
currently read and write 8, 16, 24, and 32-bit PCM files as well as
32-bit floating point WAV files and a number of compressed formats.

%package devel
Summary:        Development package for the libsndfile library
Group:          Development/Libraries/C and C++
Requires:       %{lname} = %{version}
Requires:       glibc-devel
Requires:       libstdc++-devel
Obsoletes:      libsndd
Provides:       libsndd

%description devel
This package contains the files needed to compile programs that use the
libsndfile library.

%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch10 -p1
%patch20 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch100 -p1

%build
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter
%if 0%{?suse_version} < 1200
sed -i -e'/^AM_SILENT_RULES/d' configure.ac
%endif
autoreconf --force --install
CFLAGS="%{optflags} %{warn_flags}"
export CFLAGS
%configure \
	--disable-silent-rules \
	--disable-static \
	--enable-sqlite \
	--with-pic \
	--enable-experimental
make %{?_smp_mflags}

%install
%make_install
# remove unnecessary files
find %{buildroot} -type f -name "*.la" -delete -print
# remove programs; built in another spec file
rm -rf %{buildroot}%{_bindir}
rm -rf %{buildroot}%{_mandir}/man1
# remove binaries from examples directory
make -C examples distclean
rm -rf %{buildroot}%{_datadir}/doc/libsndfile

%post -n %{lname} -p /sbin/ldconfig

%postun -n %{lname} -p /sbin/ldconfig

%check
pushd src
make %{?_smp_mflags} check
popd

%files -n %{lname}
%defattr(-, root, root)
%{_libdir}/libsndfile.so.1*

%files devel
%defattr(-, root, root)
%doc AUTHORS ChangeLog NEWS README
%doc doc/*.html doc/*.jpg doc/*.css doc/*.HOWTO
%license COPYING
%{_libdir}/libsndfile.so
%{_includedir}/sndfile.h
%{_includedir}/sndfile.hh
%{_libdir}/pkgconfig/*.pc
%doc examples

%changelog
* Fri Jul  6 2018 tiwai@suse.de
- Fix buffer overflow in sndfile-deinterlace, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139):
  sndfile-deinterlace-channels-check.patch
* Fri Jun  8 2018 tiwai@suse.de
- Use license file tag
* Fri Jun  8 2018 tiwai@suse.de
- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
  bsc#1071777):
  libsndfile-CVE-2017-17456-alaw-range-check.patch
- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
  bsc#1071767):
  libsndfile-CVE-2017-17457-ulaw-range-check.patch
* Tue Dec 19 2017 tiwai@suse.de
- Fix VUL-0: divide-by-zero error exists in the function
  double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
  0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
- Tentative fix for VUL-0: out of bounds read in the function
  d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
  VUL-0: out of bounds read in the function d2ulaw_array() in
  ulaw.c (CVE-2017-14246, bsc#1059913):
  0031-sfe_copy_data_fp-check-value-of-max-variable.patch
* Tue Aug  8 2017 tiwai@suse.de
- Fix Heap-based Buffer Overflow in the psf_binheader_writef
  (CVE-2017-12562, bsc#1052476):
  0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
* Tue Jun 13 2017 tiwai@suse.de
- Fix out-of-bounds read memory access in the aiff_read_chanmap()
  (CVE-2017-6892, bsc#1043978):
  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
* Tue May  2 2017 tiwai@suse.de
- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
  CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
  bsc#1036943):
  0001-FLAC-Fix-a-buffer-read-overrun.patch
  0002-src-flac.c-Fix-a-buffer-read-overflow.patch
* Mon Apr 10 2017 tiwai@suse.de
- Update to version 1.0.27:
  * Fix a seek regression in 1.0.26
  * Add metadata read/write for CAF and RF64
  * FIx PAF endian-ness issue
- Update to version 1.0.28
  * Fix buffer overruns in FLAC and ID3 handling code
  (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
  * Reduce default header memory requirements
  * Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
* Tue May 10 2016 tom.mbrt@googlemail.com
- Fix spec file to enable builds on non opensuse OS
* Mon Nov 23 2015 tiwai@suse.de
- Update to version 1.0.26:
  * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
  * Add ALAC/CAF support. Minor bug fixes and improvements.
- Refreshed patches:
  sndfile-ocloexec.patch
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Removed obsoleted patches:
  libsndfile-example-fix.diff
  libsndfile-fix-header-read-CVE-2015-7805.patch
  libsndfile-paf-zero-division-fix.diff
  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
* Wed Nov  4 2015 tiwai@suse.de
- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
  libsndfile-fix-header-read-CVE-2015-7805.patch
- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
* Wed Nov  4 2015 tiwai@suse.de
- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
* Sat Mar 21 2015 mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- Add gpg signature
- Remove old ppc provides/obsoletes
* Wed Jan  7 2015 tiwai@suse.de
- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork()
  (CVE-2014-9496, bnc#911796): backported upstream fix patches
  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
* Mon Apr 15 2013 mmeister@suse.com
- Added url as source.
  Please see http://en.opensuse.org/SourceUrls
* Fri Dec  2 2011 coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
* Thu Nov 24 2011 tiwai@suse.de
- add missing provides/obsoletes for libsndfile -> libsndfile1
  rename (bnc#732565)
* Thu Nov 24 2011 crrodriguez@opensuse.org
- use O_CLOEXEC in library code.
* Tue Nov 22 2011 coolo@suse.com
- fix devel dependency
* Mon Nov 21 2011 jengelh@medozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
* Wed Aug 24 2011 crrodriguez@opensuse.org
- Enable speex support
- run make check
* Fri Jul 29 2011 tiwai@suse.de
- Fix zero-division in PAF parser (bnc#708988)
* Thu Jul 28 2011 crrodriguez@opensuse.org
- Remove -fno-strict-aliasing from cflags, no longer needed
- disable automake silent rules.
* Mon Jul 18 2011 tiwai@suse.de
- updated to version 1.0.25:
  Fix for Secunia Advisory SA45125 (CVE-2011-2696, bnc#705681)
  Minor bug fixes and improvements
* Wed Mar 23 2011 oliver.bengs@opensuse.org
- Update to version 1.0.24
- Upstream changes :
  * WAV files are now written with an 18 byte u-law and A-law fmt chunk
  * A document on virtual I/O functionality was added
  * Two new methods were added in sndfile.hh
  * A fix was made for a non-zero SSND offset values on AIFF
  * Minor bug fixes and improvements were done
* Mon Oct 11 2010 oliver.bengs@opensuse.org
- Update to version 1.0.23
- Upstream changes :
  * configure.ac src/version-metadata.rc.in src/Makefile.am
    Add version string resources to the windows DLL.
  * doc/api.html
    Update to add missing SF_FORMAT_* values. Closed Debian bug #545257.
  * NEWS README configure.ac doc/*.html
    Updates for 1.0.23 release.
  * Other minor bug fixes
* Fri Oct  8 2010 davejplater@gmail.com
- Update to version 1.0.22
- Upstream changes :
  * Bunch of minor bug fixes.
* Mon Aug 16 2010 tiwai@suse.de
- updated to version 1.0.21:
  * Bunch of minor bug fixes.
  * including VUL-1 divide-by-zero fix (bnc#631379)
* Wed Dec 16 2009 jengelh@medozas.de
- add baselibs.conf as a source
- enable parallel building
* Wed Jun  3 2009 dmueller@suse.de
- explicitely enable sqlite support to avoid random flipping
* Fri May 15 2009 tiwai@suse.de
- updated to version 1.0.20:
  * Fix for potential heap overflow
- enable ogg/vorbis support
* Fri Apr 24 2009 tiwai@suse.de
- built progs subpackage from an individual spec file to cut the
  circular dependency with jack.
* Wed Mar  4 2009 tiwai@suse.de
- updated to version 1.0.19:
  * Fix for CVE-2009-0186 (bnc#481769 - VUL-0: libsndfile CAF
    Processing Integer Overflow Vulnerability)
  * Huge number of minor fixes as a result of static analysis
- remove INSTALL file from filelist
* Mon Feb  9 2009 tiwai@suse.de
- updated to version 1.0.18
  * Add Ogg/Vorbis support (disabled right now due to vorbis
    version mismatch; SVN version is required)
  * Remove captive FLAC library.
  * Many new features and bug fixes.
  * Generate Win32 and Win64 pre-compiled binaries.
- Dropped libsndfile-octave subpackage (as octave itself is
  dropped from FACTORY)
* Wed Jan  7 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Tue Oct 14 2008 meissner@suse.de
- prototype for memset
* Tue May  6 2008 tiwai@suse.de
- fix missing initializations in demo programs (bnc#351128)
* Tue Apr 15 2008 schwab@suse.de
- Fix configure script.
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Mon Mar 10 2008 crrodriguez@suse.de
- remove explicit-lib-dependencies
- fix -devel package dependencies
* Thu Sep 20 2007 tiwai@suse.de
- VUL-0: Heap-based buffer overflow in flac.c (#326070,
  CVE-2007-4974)
* Mon Apr 16 2007 tiwai@suse.de
- Move docs and manpages to appropriate sub-packages (#264820)
- Remove static library (#264820)
* Mon Apr 16 2007 schwab@suse.de
- Fix quoting in autoconf macros.
* Fri Apr 13 2007 tiwai@suse.de
- fix FLAC-1.1.4 support.
* Fri Sep  1 2006 tiwai@suse.de
- updated to version 1.0.17:
  * Add C++ wrapper sndfile.hh. Minor bug fixes and cleanups.
* Tue Jul  4 2006 tiwai@suse.de
- fix the build -- removed invalidly overridden HAVE_DECL_S_IRGRP
  definition in configure.ac.
* Mon May 29 2006 tiwai@suse.de
- added flac-devel to requires of devel sub package.
* Mon May 15 2006 tiwai@suse.de
- updated to version 1.0.16.
  * more format supports
  * code cleanups
  * fix memleaks
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Sep 30 2005 tiwai@suse.de
- updated to version 1.0.12.
- split example programs to progs sub-package.
- added -fno-strict-aliasing.
* Wed Nov 17 2004 tiwai@suse.de
- updated to version 1.0.11.
* Fri Sep  3 2004 tiwai@suse.de
- removed python from neededforbuild.
* Thu Aug  5 2004 tiwai@suse.de
- updated to version 1.0.10.
* Thu Feb 26 2004 tiwai@suse.de
- updated to version 1.0.7.
* Sat Jan 10 2004 adrian@suse.de
- add %%run_ldconfig
* Mon Sep 15 2003 kukuk@suse.de
- Set x bit on directories
* Fri Jun 20 2003 ro@suse.de
- added directories to filelist
* Fri Jun  6 2003 tiwai@suse.de
- updated to version 1.0.5.
* Tue May 13 2003 pthomas@suse.de
- Put Octave interface files into an own subpackage.
* Thu Feb 13 2003 pthomas@suse.de
- Compile with all usefull warnings and fix all places where the
  compiler warned.
- Fix configure to use $libdir instead of $prefix/lib for reporting.
* Tue Feb  4 2003 tiwai@suse.de
- updated to version 1.0.4.
* Fri Jan 17 2003 tiwai@suse.de
- added %%run_ldconfig to %%post.
* Thu Jan 16 2003 tiwai@suse.de
- updated to version 1.0.3.
- added *.la to devel package.
* Mon Nov 25 2002 tiwai@suse.de
- updated to version 1.0.2.
* Fri Sep 20 2002 tiwai@suse.de
- updated to version 1.0.1.
* Mon Aug 19 2002 tiwai@suse.de
- updated to version 1.0.0 final.
* Fri Aug  2 2002 tiwai@suse.de
- updated to version 1.0.0rc3.
* Tue Jun 25 2002 tiwai@suse.de
- updated to version 1.0.0rc2.
* Fri Apr 12 2002 tiwai@suse.de
- set %%__libdir.
- use make install as default instead of install-strip.
* Thu Feb  7 2002 tiwai@suse.de
- fixed build on s390x.
* Fri Dec  7 2001 tiwai@suse.de
- fixed group tag (System -> System Environment)
* Thu Dec  6 2001 tiwai@suse.de
- removed binaries from alsa-devel examples directory.
* Wed Nov 21 2001 tiwai@suse.de
- updated to ver.0.0.27.
* Wed Oct 17 2001 tiwai@suse.de
- updated to ver.0.0.26.
  + Added sf_command () interface.
  + Added support for IRCAM files.
  + Minor bug fixes.
* Tue Aug 28 2001 tiwai@suse.de
- updated to ver.0.0.24.
  + Added support for 32 bit floating point AIFC files, little endian AIFC
    files and 16, 24 and 32 bit Sphere NIST files.
  + Massive refactoring of internal code.
  + Added read and write handling of PEAK chunks on AIFF and WAV files.
  + Added read support for REX files (Propellerheads Reason).
  + Added sf_read_float () and sf_write_float () interfaces.
  + Minor bug fixes.
- changed group tag to System/Libraries
* Fri Aug  3 2001 tiwai@suse.de
- fixed compile on s390.
* Thu Jun  7 2001 tiwai@suse.de
- fixed compile with the latest libtool & autoconf.
* Tue Apr  3 2001 kukuk@suse.de
- move *.so files into devel package
- Remove kernel_header requires
- Fix glibc-devel dependencies
* Wed Dec 13 2000 tiwai@suse.de
- fixed compile on ia64.
* Thu Nov  2 2000 ro@suse.de
- changed Group to Development/Libraries (old group did not exist)
* Thu Nov  2 2000 tiwai@suse.de
- Updated to 0.0.22.
- Changed for long package-name support (libsnd -> libsndfile,
  libsndd -> libsndfile-devel).
* Tue Sep 26 2000 tiwai@suse.de
- changed to bzip2.
- added suse_update_config.
* Wed Sep  6 2000 tiwai@suse.de
- Initial version: 0.0.21.