From 9b5ae38d85a4676ddce83c3e574ec1b748b64c8d Mon Sep 17 00:00:00 2001
From: falkTX <falktx@falktx.com>
Date: Sat, 26 Jun 2021 14:04:31 +0100
Subject: [PATCH] Update libs

---
 bootstrap-common.sh                           |  2 +-
 bootstrap-plugins.sh                          |  4 +-
 ...patch => 01_fix-external-lib-checks.patch} |  0
 patches/libsndfile/01_fix-static-libs.patch   | 10 ----
 patches/libsndfile/02_CVE-2017-8365.patch     | 50 ------------------
 patches/libsndfile/03_CVE-2017-8363.patch     | 44 ----------------
 patches/libsndfile/04_CVE-2017-8362.patch     | 42 ---------------
 patches/libsndfile/05_CVE-2017-6892.patch     | 18 -------
 .../06_binheader-heapoverflow.patch           | 29 -----------
 patches/libsndfile/07_fix_rf64_arm.patch      | 43 ----------------
 patches/libsndfile/08_fix_typos.patch         | 51 -------------------
 .../12_fix-multiple-is-defined-macro.patch    | 17 -------
 setup/functions.sh                            |  2 +-
 setup/versions.sh                             | 14 ++---
 14 files changed, 11 insertions(+), 315 deletions(-)
 rename patches/libsndfile/{11_fix-external-lib-checks.patch => 01_fix-external-lib-checks.patch} (100%)
 delete mode 100644 patches/libsndfile/01_fix-static-libs.patch
 delete mode 100644 patches/libsndfile/02_CVE-2017-8365.patch
 delete mode 100644 patches/libsndfile/03_CVE-2017-8363.patch
 delete mode 100644 patches/libsndfile/04_CVE-2017-8362.patch
 delete mode 100644 patches/libsndfile/05_CVE-2017-6892.patch
 delete mode 100644 patches/libsndfile/06_binheader-heapoverflow.patch
 delete mode 100644 patches/libsndfile/07_fix_rf64_arm.patch
 delete mode 100644 patches/libsndfile/08_fix_typos.patch
 delete mode 100644 patches/libsndfile/12_fix-multiple-is-defined-macro.patch

diff --git a/bootstrap-common.sh b/bootstrap-common.sh
index f9b090d..1ff7e56 100755
--- a/bootstrap-common.sh
+++ b/bootstrap-common.sh
@@ -112,7 +112,7 @@ build_autoconf libsamplerate "${LIBSAMPLERATE_VERSION}" "--disable-fftw --disabl
 # ---------------------------------------------------------------------------------------------------------------------
 # libsndfile
 
-download libsndfile "${LIBSNDFILE_VERSION}" "http://www.mega-nerd.com/libsndfile/files"
+download libsndfile "${LIBSNDFILE_VERSION}" "https://github.com/libsndfile/libsndfile/releases/download/${LIBSNDFILE_VERSION}" "tar.bz2"
 patch_file libsndfile "${LIBSNDFILE_VERSION}" "configure" 's/ -Wvla//'
 build_autoconf libsndfile "${LIBSNDFILE_VERSION}" "--disable-alsa --disable-full-suite --disable-sqlite"
 
diff --git a/bootstrap-plugins.sh b/bootstrap-plugins.sh
index 8c79ea0..86115cd 100755
--- a/bootstrap-plugins.sh
+++ b/bootstrap-plugins.sh
@@ -199,9 +199,9 @@ build_cmake fluidsynth ${FLUIDSYNTH_VERSION} "${FLUIDSYNTH_EXTRAFLAGS}"
 
 if [ ! -e "${PAWPAW_PREFIX}/lib/pkgconfig/fluidsynth.pc-e" ]; then
     if [ "${MACOS}" -eq 1 ]; then
-        sed -i -e 's/-lfluidsynth/-lfluidsynth -lglib-2.0 -lgthread-2.0 -lsndfile -lFLAC -lvorbisenc -lvorbis -logg -lpthread -liconv -lm/' "${PAWPAW_PREFIX}/lib/pkgconfig/fluidsynth.pc"
+        sed -i -e 's/-lfluidsynth/-lfluidsynth -lglib-2.0 -lgthread-2.0 -lsndfile -lFLAC -lvorbisenc -lvorbis -lopus -logg -lpthread -liconv -lm/' "${PAWPAW_PREFIX}/lib/pkgconfig/fluidsynth.pc"
     elif [ "${WIN32}" -eq 1 ]; then
-        sed -i -e 's/-L${libdir} -lfluidsynth/-L${libdir}  -lfluidsynth -lglib-2.0 -lgthread-2.0 -lsndfile -lFLAC -lvorbisenc -lvorbis -logg -lpthread -lm -lole32 -lws2_32/' "${PAWPAW_PREFIX}/lib/pkgconfig/fluidsynth.pc"
+        sed -i -e 's/-L${libdir} -lfluidsynth/-L${libdir}  -lfluidsynth -lglib-2.0 -lgthread-2.0 -lsndfile -lFLAC -lvorbisenc -lvorbis -lopus -logg -lpthread -lm -lole32 -lws2_32/' "${PAWPAW_PREFIX}/lib/pkgconfig/fluidsynth.pc"
         touch "${PAWPAW_PREFIX}/lib/pkgconfig/fluidsynth.pc-e"
     fi
 fi
diff --git a/patches/libsndfile/11_fix-external-lib-checks.patch b/patches/libsndfile/01_fix-external-lib-checks.patch
similarity index 100%
rename from patches/libsndfile/11_fix-external-lib-checks.patch
rename to patches/libsndfile/01_fix-external-lib-checks.patch
diff --git a/patches/libsndfile/01_fix-static-libs.patch b/patches/libsndfile/01_fix-static-libs.patch
deleted file mode 100644
index 5b58f9d..0000000
--- a/patches/libsndfile/01_fix-static-libs.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- libsndfile-static-1.0.25.orig/sndfile.pc.in
-+++ libsndfile-static-1.0.25/sndfile.pc.in
-@@ -7,6 +7,6 @@ Name: sndfile
- Description: A library for reading and writing audio files
- Requires: 
- Version: @VERSION@
--Libs: -L${libdir} -lsndfile
-+Libs: -L${libdir} -lsndfile -lFLAC -lvorbisenc -lvorbis -logg -lm
- Libs.private: @EXTERNAL_XIPH_LIBS@
- Cflags: -I${includedir} 
diff --git a/patches/libsndfile/02_CVE-2017-8365.patch b/patches/libsndfile/02_CVE-2017-8365.patch
deleted file mode 100644
index 409b32e..0000000
--- a/patches/libsndfile/02_CVE-2017-8365.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Description: fixing buffer read/write overruns in FLAC-code
- CVE-2017-8365, CVE-2017-8363, CVE-2017-8361
-Author: Erik de Castro Lopo
-Origin: upstream
-Applied-Upstream: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
-Last-Update: 2017-05-28
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/src/common.h
-+++ libsndfile/src/common.h
-@@ -725,6 +725,7 @@
- 	SFE_FLAC_INIT_DECODER,
- 	SFE_FLAC_LOST_SYNC,
- 	SFE_FLAC_BAD_SAMPLE_RATE,
-+	SFE_FLAC_CHANNEL_COUNT_CHANGED,
- 	SFE_FLAC_UNKOWN_ERROR,
- 
- 	SFE_WVE_NOT_WVE,
---- libsndfile.orig/src/flac.c
-+++ libsndfile/src/flac.c
-@@ -435,6 +435,19 @@
- 
- 	switch (metadata->type)
- 	{	case FLAC__METADATA_TYPE_STREAMINFO :
-+			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
-+			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
-+									"Nothing to be but to error out.\n" ,
-+									psf->sf.channels, metadata->data.stream_info.channels) ;
-+				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
-+				return ;
-+				} ;
-+
-+			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
-+			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
-+									"Carrying on as if nothing happened.",
-+									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
-+				} ;
- 			psf->sf.channels = metadata->data.stream_info.channels ;
- 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
- 			psf->sf.frames = metadata->data.stream_info.total_samples ;
---- libsndfile.orig/src/sndfile.c
-+++ libsndfile/src/sndfile.c
-@@ -245,6 +245,7 @@
- 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
- 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
- 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
-+	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
- 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
- 
- 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
diff --git a/patches/libsndfile/03_CVE-2017-8363.patch b/patches/libsndfile/03_CVE-2017-8363.patch
deleted file mode 100644
index 56f6269..0000000
--- a/patches/libsndfile/03_CVE-2017-8363.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Description: fixing another memory leak in FLAC code
- CVE-2017-8363
-Author: Erik de Castro Lopo
-Origin: upstream
-Applied-Upstream: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 & https://github.com/erikd/libsndfile/commit/5206a9b65e61598fde44d276c81b0585bc428562
-Last-Update: 2017-05-28
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/src/flac.c
-+++ libsndfile/src/flac.c
-@@ -430,8 +430,7 @@
- static void
- sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__StreamMetadata *metadata, void *client_data)
- {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
--	FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ;
--	int bitwidth = 0, i ;
-+	int bitwidth = 0 ;
- 
- 	switch (metadata->type)
- 	{	case FLAC__METADATA_TYPE_STREAMINFO :
-@@ -481,12 +480,6 @@
- 
- 			if (bitwidth > 0)
- 				psf_log_printf (psf, "  Bit width   : %d\n", bitwidth) ;
--
--
--			for (i = 0 ; i < psf->sf.channels ; i++)
--				pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (int32_t)) ;
--
--			pflac->wbuffer = (const int32_t* const*) pflac->rbuffer ;
- 			break ;
- 
- 		case FLAC__METADATA_TYPE_VORBIS_COMMENT :
-@@ -848,7 +841,9 @@
- 
- 	psf_log_printf (psf, "End\n") ;
- 
--	if (psf->error == 0)
-+	if (psf->error != 0)
-+		FLAC__stream_decoder_delete (pflac->fsd) ;
-+	else
- 	{	FLAC__uint64 position ;
- 
- 		FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ;
diff --git a/patches/libsndfile/04_CVE-2017-8362.patch b/patches/libsndfile/04_CVE-2017-8362.patch
deleted file mode 100644
index 218085e..0000000
--- a/patches/libsndfile/04_CVE-2017-8362.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Description: fixed yet another buffer read overflow in FLAC code
- CVE-2017-8362
-Author: Erik de Castro Lopo
-Origin: upstream
-Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
-Last-Update: 2017-05-28
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/src/flac.c
-+++ libsndfile/src/flac.c
-@@ -169,6 +169,14 @@
- 	const int32_t* const *buffer = pflac->wbuffer ;
- 	unsigned i = 0, j, offset, channels, len ;
- 
-+	if (psf->sf.channels != (int) frame->header.channels)
-+	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
-+									"Nothing to do but to error out.\n" ,
-+									psf->sf.channels, frame->header.channels) ;
-+		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
-+		return 0 ;
-+		} ;
-+
- 	/*
- 	**	frame->header.blocksize is variable and we're using a constant blocksize
- 	**	of FLAC__MAX_BLOCK_SIZE.
-@@ -202,7 +210,6 @@
- 		return 0 ;
- 		} ;
- 
--
- 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
- 
- 	if (pflac->remain % channels != 0)
-@@ -436,7 +443,7 @@
- 	{	case FLAC__METADATA_TYPE_STREAMINFO :
- 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
- 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
--									"Nothing to be but to error out.\n" ,
-+									"Nothing to do but to error out.\n" ,
- 									psf->sf.channels, metadata->data.stream_info.channels) ;
- 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
- 				return ;
diff --git a/patches/libsndfile/05_CVE-2017-6892.patch b/patches/libsndfile/05_CVE-2017-6892.patch
deleted file mode 100644
index 9928297..0000000
--- a/patches/libsndfile/05_CVE-2017-6892.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: Fix for CVE-2017-6892
-Author: Erik de Castro Lopez
-Origin: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
-Applied-Upstream: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
-Last-Update: 2017-06-20
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/src/aiff.c
-+++ libsndfile/src/aiff.c
-@@ -1905,7 +1905,7 @@
- 		psf_binheader_readf (psf, "j", dword - bytesread) ;
- 
- 	if (map_info->channel_map != NULL)
--	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
-+	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
- 
- 		free (psf->channel_map) ;
- 
diff --git a/patches/libsndfile/06_binheader-heapoverflow.patch b/patches/libsndfile/06_binheader-heapoverflow.patch
deleted file mode 100644
index 3aa796b..0000000
--- a/patches/libsndfile/06_binheader-heapoverflow.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: Fix heap buffer overflows when writing strings in binheader
-Author: Jörn Heusipp <osmanx@problemloesungsmaschine.de>
-Origin: upstream
-Applied-Upstream: cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
-Last-Update: 2017-07-12
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/src/common.c
-+++ libsndfile/src/common.c
-@@ -675,15 +675,15 @@
- 					/* Write a C string (guaranteed to have a zero terminator). */
- 					strptr = va_arg (argptr, char *) ;
- 					size = strlen (strptr) + 1 ;
--					size += (size & 1) ;
- 
--					if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
-+					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
- 						return count ;
- 
- 					if (psf->rwf_endian == SF_ENDIAN_BIG)
--						header_put_be_int (psf, size) ;
-+						header_put_be_int (psf, size + (size & 1)) ;
- 					else
--						header_put_le_int (psf, size) ;
-+						header_put_le_int (psf, size + (size & 1)) ;
-+					size += (size & 1) ;
- 					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
- 					psf->header.indx += size ;
- 					psf->header.ptr [psf->header.indx - 1] = 0 ;
diff --git a/patches/libsndfile/07_fix_rf64_arm.patch b/patches/libsndfile/07_fix_rf64_arm.patch
deleted file mode 100644
index a85df40..0000000
--- a/patches/libsndfile/07_fix_rf64_arm.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Description: fix RF64 on armel/armhf archs
-Author: Erik de Castro Lopez
-Origin: upstream
-Applied-Upstream: 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5
-Last-Update: 2017-06-20
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/src/rf64.c
-+++ libsndfile/src/rf64.c
-@@ -339,6 +339,12 @@
- 					} ;
- 				break ;
- 
-+			case JUNK_MARKER :
-+			case PAD_MARKER :
-+				psf_log_printf (psf, "%M : %d\n", marker, chunk_size) ;
-+				psf_binheader_readf (psf, "j", chunk_size) ;
-+				break ;
-+
- 			default :
- 					if (chunk_size >= 0xffff0000)
- 					{	psf_log_printf (psf, "*** Unknown chunk marker (%X) at position %D with length %u. Exiting parser.\n", marker, psf_ftell (psf) - 8, chunk_size) ;
-@@ -659,7 +665,7 @@
- 
- 	if (wpriv->rf64_downgrade && psf->filelength < RIFF_DOWNGRADE_BYTES)
- 	{	psf_binheader_writef (psf, "etm8m", RIFF_MARKER, (psf->filelength < 8) ? 8 : psf->filelength - 8, WAVE_MARKER) ;
--		psf_binheader_writef (psf, "m4884", JUNK_MARKER, 20, 0, 0, 0, 0) ;
-+		psf_binheader_writef (psf, "m4z", JUNK_MARKER, 24, 24) ;
- 		add_fact_chunk = 1 ;
- 		}
- 	else
-@@ -735,9 +741,10 @@
- 
- #endif
- 
-+	/* Padding may be needed if string data sizes change. */
- 	pad_size = psf->dataoffset - 16 - psf->header.indx ;
- 	if (pad_size >= 0)
--		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
-+		psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
- 
- 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
- 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
diff --git a/patches/libsndfile/08_fix_typos.patch b/patches/libsndfile/08_fix_typos.patch
deleted file mode 100644
index fd5ac52..0000000
--- a/patches/libsndfile/08_fix_typos.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Description: fixed spelling errors
- discovered by lintian
-Author: IOhannes m zmölnig
-Forwarded: yes
-Last-Update: 2016-10-05
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- libsndfile.orig/doc/bugs.html
-+++ libsndfile/doc/bugs.html
-@@ -31,7 +31,7 @@
- 	<UL>
- 	<LI>	Compilation problems on new platforms.
- 	<LI>	Errors being detected during the `make check' process.
--	<LI>	Segmentation faults occuring inside libsndfile.
-+	<LI>	Segmentation faults occurring inside libsndfile.
- 	<LI>	libsndfile hanging when opening a file.
- 	<LI>	Supported sound file types being incorrectly read or written.
- 	<LI>	Omissions, errors or spelling mistakes in the documentation.
---- libsndfile.orig/programs/sndfile-convert.c
-+++ libsndfile/programs/sndfile-convert.c
-@@ -317,7 +317,7 @@
- 	if ((sfinfo.format & SF_FORMAT_SUBMASK) == SF_FORMAT_GSM610 && sfinfo.samplerate != 8000)
- 	{	printf (
- 			"WARNING: GSM 6.10 data format only supports 8kHz sample rate. The converted\n"
--			"ouput file will contain the input data converted to the GSM 6.10 data format\n"
-+			"output file will contain the input data converted to the GSM 6.10 data format\n"
- 			"but not re-sampled.\n"
- 			) ;
- 		} ;
---- libsndfile.orig/src/ogg.c
-+++ libsndfile/src/ogg.c
-@@ -193,7 +193,7 @@
- 			break ;
- 		} ;
- 
--	psf_log_printf (psf, "This Ogg bitstream contains some uknown data type.\n") ;
-+	psf_log_printf (psf, "This Ogg bitstream contains some unknown data type.\n") ;
- 	return SFE_UNIMPLEMENTED ;
- } /* ogg_stream_classify */
- 
---- libsndfile.orig/src/wavlike.c
-+++ libsndfile/src/wavlike.c
-@@ -161,7 +161,7 @@
- 	{	psf_log_printf (psf, "  Bit Width     : 24\n") ;
- 
- 		psf_log_printf (psf, "\n"
--			"  Ambiguous information in 'fmt ' chunk. Possibile file types:\n"
-+			"  Ambiguous information in 'fmt ' chunk. Possible file types:\n"
- 			"    0) Invalid IEEE float file generated by Syntrillium's Cooledit!\n"
- 			"    1) File generated by ALSA's arecord containing 24 bit samples in 32 bit containers.\n"
- 			"    2) 24 bit file with incorrect Block Align value.\n"
diff --git a/patches/libsndfile/12_fix-multiple-is-defined-macro.patch b/patches/libsndfile/12_fix-multiple-is-defined-macro.patch
deleted file mode 100644
index dfc68ea..0000000
--- a/patches/libsndfile/12_fix-multiple-is-defined-macro.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/src/sfconfig.h b/src/sfconfig.h
-index 0f30855..a36477b 100644
---- a/src/sfconfig.h
-+++ b/src/sfconfig.h
-@@ -113,7 +113,11 @@
- #define HAVE_X86INTRIN_H 0
- #endif
- 
--#define CPU_IS_X86		(defined __i486__ || defined __i586__ || defined __i686__ || defined __x86_64__)
-+#if (defined __i486__ || defined __i586__ || defined __i686__ || defined __x86_64__)
-+#define CPU_IS_X86 1
-+#else
-+#define CPU_IS_X86 0
-+#endif
- #define CPU_IS_X86_64	(defined __x86_64__)
- 
- #endif
diff --git a/setup/functions.sh b/setup/functions.sh
index 7261999..e588886 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -31,7 +31,7 @@ function download() {
             rm -rf "${tmprepodir}"
         else
             local dlurl
-            if echo ${dlbaseurl} | grep -q github.com; then
+            if echo ${dlbaseurl} | grep -q github.com | grep -q -v releases; then
                 if [ x"${dlmethod}" = x"nv" ]; then
                     dlurl="${dlbaseurl}/${version}.${dlext}"
                 else
diff --git a/setup/versions.sh b/setup/versions.sh
index 1fcf59b..cbf2376 100644
--- a/setup/versions.sh
+++ b/setup/versions.sh
@@ -10,19 +10,20 @@ PKG_CONFIG_VERSION=0.28
 
 FLAC_VERSION=1.3.3
 FLUIDSYNTH_VERSION=1.1.11
-FFTW_VERSION=3.3.8
 GLIB_VERSION=2.22.5
 GLIB_MVERSION=2.22
 LIBLO_VERSION=0.30
-LIBOGG_VERSION=1.3.4
+LIBOGG_VERSION=1.3.5
 LIBSAMPLERATE_VERSION=0.1.9
-LIBSNDFILE_VERSION=1.0.28
+LIBSNDFILE_VERSION=1.0.31
 LIBVORBIS_VERSION=1.3.7
+OPUS_VERSION=1.3.1
 
 # ---------------------------------------------------------------------------------------------------------------------
 # plugins
 
-CARLA_VERSION=d664abbe958972b49f1d995cd0b90e5b599f884f
+CARLA_VERSION=ca44f4bc538690e76f4e02544f047ad9d559a1b8
+FFTW_VERSION=3.3.9
 KXSTUDIO_LV2_EXTENSIONS_VERSION=fae65fbc173cd2c4367e85917a6ef97280532d88
 LILV_VERSION=0.24.12
 LV2_VERSION=6cefc7df1a6158c79d23029df183c09b10b88cad
@@ -48,7 +49,7 @@ fi
 # qt stuff
 
 if [ "${MACOS_UNIVERSAL}" -eq 1 ]; then
-    QT5_VERSION=5.12.10
+    QT5_VERSION=5.12.11
     QT5_MVERSION=5.12
 else
     QT5_VERSION=5.9.8
@@ -63,7 +64,7 @@ LIBFFI_VERSION=3.3
 
 if [ "${MACOS_UNIVERSAL}" -eq 1 ]; then
     CXFREEZE_VERSION=6.4.2
-    PYTHON_VERSION=3.9.1
+    PYTHON_VERSION=3.9.5
     PYLIBLO_VERSION=0.10.0
     PYQT5_VERSION=5.13.1
     SIP_VERSION=4.19.19
@@ -93,7 +94,6 @@ fi
 
 AFTEN_VERSION=0.0.8
 DB_VERSION=5.3.28
-OPUS_VERSION=1.3.1
 PORTAUDIO_VERSION=19.6.0
 RTAUDIO_VERSION=e03448bd15c1c34e842459939d755f5f89e880ed
 TRE_VERSION=6092368aabdd0dbb0fbceb2766a37b98e0ff6911