Add libsndfile patches

Signed-off-by: falkTX <falktx@falktx.com>

patches/libsndfile/01_fix-static-libs.patch

@@ -0,0 +1,10 @@
+--- libsndfile-static-1.0.25.orig/sndfile.pc.in
++++ libsndfile-static-1.0.25/sndfile.pc.in
+@@ -7,6 +7,6 @@ Name: sndfile
+ Description: A library for reading and writing audio files
+ Requires: 
+ Version: @VERSION@
+-Libs: -L${libdir} -lsndfile
++Libs: -L${libdir} -lsndfile -lFLAC -lvorbisenc -lvorbis -logg -lm
+ Libs.private: @EXTERNAL_XIPH_LIBS@
+ Cflags: -I${includedir} 

patches/libsndfile/02_CVE-2017-8365.patch

@@ -0,0 +1,50 @@
+Description: fixing buffer read/write overruns in FLAC-code
+ CVE-2017-8365, CVE-2017-8363, CVE-2017-8361
+Author: Erik de Castro Lopo
+Origin: upstream
+Applied-Upstream: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+Last-Update: 2017-05-28
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/common.h
++++ libsndfile/src/common.h
+@@ -725,6 +725,7 @@
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+--- libsndfile.orig/src/flac.c
++++ libsndfile/src/flac.c
+@@ -435,6 +435,19 @@
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+--- libsndfile.orig/src/sndfile.c
++++ libsndfile/src/sndfile.c
+@@ -245,6 +245,7 @@
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },

patches/libsndfile/03_CVE-2017-8363.patch

@@ -0,0 +1,44 @@
+Description: fixing another memory leak in FLAC code
+ CVE-2017-8363
+Author: Erik de Castro Lopo
+Origin: upstream
+Applied-Upstream: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 & https://github.com/erikd/libsndfile/commit/5206a9b65e61598fde44d276c81b0585bc428562
+Last-Update: 2017-05-28
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/flac.c
++++ libsndfile/src/flac.c
+@@ -430,8 +430,7 @@
+ static void
+ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__StreamMetadata *metadata, void *client_data)
+ {	SF_PRIVATE *psf = (SF_PRIVATE*) client_data ;
+-	FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ;
+-	int bitwidth = 0, i ;
++	int bitwidth = 0 ;
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
+@@ -481,12 +480,6 @@
+ 
+ 			if (bitwidth > 0)
+ 				psf_log_printf (psf, "  Bit width   : %d\n", bitwidth) ;
+-
+-
+-			for (i = 0 ; i < psf->sf.channels ; i++)
+-				pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (int32_t)) ;
+-
+-			pflac->wbuffer = (const int32_t* const*) pflac->rbuffer ;
+ 			break ;
+ 
+ 		case FLAC__METADATA_TYPE_VORBIS_COMMENT :
+@@ -848,7 +841,9 @@
+ 
+ 	psf_log_printf (psf, "End\n") ;
+ 
+-	if (psf->error == 0)
++	if (psf->error != 0)
++		FLAC__stream_decoder_delete (pflac->fsd) ;
++	else
+ 	{	FLAC__uint64 position ;
+ 
+ 		FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ;

patches/libsndfile/04_CVE-2017-8362.patch

@@ -0,0 +1,42 @@
+Description: fixed yet another buffer read overflow in FLAC code
+ CVE-2017-8362
+Author: Erik de Castro Lopo
+Origin: upstream
+Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
+Last-Update: 2017-05-28
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/flac.c
++++ libsndfile/src/flac.c
+@@ -169,6 +169,14 @@
+ 	const int32_t* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset, channels, len ;
+ 
++	if (psf->sf.channels != (int) frame->header.channels)
++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++									"Nothing to do but to error out.\n" ,
++									psf->sf.channels, frame->header.channels) ;
++		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++		return 0 ;
++		} ;
++
+ 	/*
+ 	**	frame->header.blocksize is variable and we're using a constant blocksize
+ 	**	of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@
+ 		return 0 ;
+ 		} ;
+ 
+-
+ 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
+ 
+ 	if (pflac->remain % channels != 0)
+@@ -436,7 +443,7 @@
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
+ 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+-									"Nothing to be but to error out.\n" ,
++									"Nothing to do but to error out.\n" ,
+ 									psf->sf.channels, metadata->data.stream_info.channels) ;
+ 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ 				return ;

patches/libsndfile/05_CVE-2017-6892.patch

@@ -0,0 +1,18 @@
+Description: Fix for CVE-2017-6892
+Author: Erik de Castro Lopez
+Origin: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
+Applied-Upstream: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
+Last-Update: 2017-06-20
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/aiff.c
++++ libsndfile/src/aiff.c
+@@ -1905,7 +1905,7 @@
+ 		psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+ 	if (map_info->channel_map != NULL)
+-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+ 		free (psf->channel_map) ;
+ 

patches/libsndfile/06_binheader-heapoverflow.patch

@@ -0,0 +1,29 @@
+Description: Fix heap buffer overflows when writing strings in binheader
+Author: Jörn Heusipp <osmanx@problemloesungsmaschine.de>
+Origin: upstream
+Applied-Upstream: cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
+Last-Update: 2017-07-12
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/common.c
++++ libsndfile/src/common.c
+@@ -675,15 +675,15 @@
+ 					/* Write a C string (guaranteed to have a zero terminator). */
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) + 1 ;
+-					size += (size & 1) ;
+ 
+-					if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+-						header_put_be_int (psf, size) ;
++						header_put_be_int (psf, size + (size & 1)) ;
+ 					else
+-						header_put_le_int (psf, size) ;
++						header_put_le_int (psf, size + (size & 1)) ;
++					size += (size & 1) ;
+ 					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
+ 					psf->header.indx += size ;
+ 					psf->header.ptr [psf->header.indx - 1] = 0 ;

patches/libsndfile/07_fix_rf64_arm.patch

@@ -0,0 +1,43 @@
+Description: fix RF64 on armel/armhf archs
+Author: Erik de Castro Lopez
+Origin: upstream
+Applied-Upstream: 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5
+Last-Update: 2017-06-20
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/rf64.c
++++ libsndfile/src/rf64.c
+@@ -339,6 +339,12 @@
+ 					} ;
+ 				break ;
+ 
++			case JUNK_MARKER :
++			case PAD_MARKER :
++				psf_log_printf (psf, "%M : %d\n", marker, chunk_size) ;
++				psf_binheader_readf (psf, "j", chunk_size) ;
++				break ;
++
+ 			default :
+ 					if (chunk_size >= 0xffff0000)
+ 					{	psf_log_printf (psf, "*** Unknown chunk marker (%X) at position %D with length %u. Exiting parser.\n", marker, psf_ftell (psf) - 8, chunk_size) ;
+@@ -659,7 +665,7 @@
+ 
+ 	if (wpriv->rf64_downgrade && psf->filelength < RIFF_DOWNGRADE_BYTES)
+ 	{	psf_binheader_writef (psf, "etm8m", RIFF_MARKER, (psf->filelength < 8) ? 8 : psf->filelength - 8, WAVE_MARKER) ;
+-		psf_binheader_writef (psf, "m4884", JUNK_MARKER, 20, 0, 0, 0, 0) ;
++		psf_binheader_writef (psf, "m4z", JUNK_MARKER, 24, 24) ;
+ 		add_fact_chunk = 1 ;
+ 		}
+ 	else
+@@ -735,9 +741,10 @@
+ 
+ #endif
+ 
++	/* Padding may be needed if string data sizes change. */
+ 	pad_size = psf->dataoffset - 16 - psf->header.indx ;
+ 	if (pad_size >= 0)
+-		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++		psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
+ 
+ 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;

patches/libsndfile/08_fix_typos.patch

@@ -0,0 +1,51 @@
+Description: fixed spelling errors
+ discovered by lintian
+Author: IOhannes m zmölnig
+Forwarded: yes
+Last-Update: 2016-10-05
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/doc/bugs.html
++++ libsndfile/doc/bugs.html
+@@ -31,7 +31,7 @@
+ 	<UL>
+ 	<LI>	Compilation problems on new platforms.
+ 	<LI>	Errors being detected during the `make check' process.
+-	<LI>	Segmentation faults occuring inside libsndfile.
++	<LI>	Segmentation faults occurring inside libsndfile.
+ 	<LI>	libsndfile hanging when opening a file.
+ 	<LI>	Supported sound file types being incorrectly read or written.
+ 	<LI>	Omissions, errors or spelling mistakes in the documentation.
+--- libsndfile.orig/programs/sndfile-convert.c
++++ libsndfile/programs/sndfile-convert.c
+@@ -317,7 +317,7 @@
+ 	if ((sfinfo.format & SF_FORMAT_SUBMASK) == SF_FORMAT_GSM610 && sfinfo.samplerate != 8000)
+ 	{	printf (
+ 			"WARNING: GSM 6.10 data format only supports 8kHz sample rate. The converted\n"
+-			"ouput file will contain the input data converted to the GSM 6.10 data format\n"
++			"output file will contain the input data converted to the GSM 6.10 data format\n"
+ 			"but not re-sampled.\n"
+ 			) ;
+ 		} ;
+--- libsndfile.orig/src/ogg.c
++++ libsndfile/src/ogg.c
+@@ -193,7 +193,7 @@
+ 			break ;
+ 		} ;
+ 
+-	psf_log_printf (psf, "This Ogg bitstream contains some uknown data type.\n") ;
++	psf_log_printf (psf, "This Ogg bitstream contains some unknown data type.\n") ;
+ 	return SFE_UNIMPLEMENTED ;
+ } /* ogg_stream_classify */
+ 
+--- libsndfile.orig/src/wavlike.c
++++ libsndfile/src/wavlike.c
+@@ -161,7 +161,7 @@
+ 	{	psf_log_printf (psf, "  Bit Width     : 24\n") ;
+ 
+ 		psf_log_printf (psf, "\n"
+-			"  Ambiguous information in 'fmt ' chunk. Possibile file types:\n"
++			"  Ambiguous information in 'fmt ' chunk. Possible file types:\n"
+ 			"    0) Invalid IEEE float file generated by Syntrillium's Cooledit!\n"
+ 			"    1) File generated by ALSA's arecord containing 24 bit samples in 32 bit containers.\n"
+ 			"    2) 24 bit file with incorrect Block Align value.\n"