flac-1.3.2-3.9.1

- Fix out of bound write in append_to_verify_fifo_interleaved_
  (CVE-2021-0561 bsc#1196660):
  libFlac-Exit-at-EOS-in-verify-mode.patch

- Fix Buffer Overflow vulnerability in function bitwriter_grow_
  (CVE-2020-22219, bsc#1214615):
  0001-fix-potential-memleak.patch
  0002-Add-and-use-_nofree-variants-of-safe_realloc-functio.patch
  0003-Leave-metadata-items-untouched-if-resize-function-fa.patch
  0004-Do-not-memset-when-allocation-fails.patch
  0005-Move-entropy-partitioning-result-allocation-so-it-ca.patch
  0006-Don-t-overwrite-bad-state-with-seek-error.patch

- add xz buildrequires for old distros.

- Fix memory leak (CVE-2020-0487 bsc#1180112):
  stream_decoder.c-Fix-a-memory-leak.patch

- Fix out-of-bounds access (CVE-2020-0499 bsc#1180099):
  libFLAC-bitreader.c-Fix-out-of-bounds-read.patch

- Fix memory leak in read_metadata_vorbiscomment_() function
  (CVE-2017-6888, bsc#1091045):
  flac-CVE-2017-6888.patch

- Update to version 1.3.2
  * Fix undefined behaviour using GCC/Clang UBSAN (erikd).
  * General hardening via fuzz testing with AFL (erikd and
    others).
  * General code improvements (lvqcl, erikd and others).
  * Add FLAC in MP4 specification docs (Ralph Giles).
  * Fix some cppcheck warnings (erikd).
  * Assume all currently used OSes support SSE2.
  flac:
  * Fix potential infinite loop on flac-to-flac conversion
    (erikd).
  * Add WAVEFORMATEXTENSIBLE to WAV (as needed) when
    decoding (lvqcl).
  * Only write vorbis-comments if they are non-empty.
  * Error out if decoding RAW with bits != (8|16|24).
  metaflac:
  * Add --scan-replay-gain option.
  libraries:
  * CPU detection cleanup and fixes (Julian Calaby, erikd
    and lvqcl).
  * Fix two stream decoder bugs (Max Kellermann).
  * Fix a NULL dereference bug (on a malformed file).
  * Changed the LPC order guess for a slight compression
    improvement, particularly for classical music
    (Martijn van Beurden).
  * Improved encoding speed on older Intel CPUs.
  * Fixed a seeking bug when decoding certain files
    (Miroslav Lichvar).
  * Put an upper bound (32768) on the number of seek
    points.
  * Fix potential memory leaks.
  * Support 64bit brword/bwword allowing
    FLAC__BYTES_PER_WORD to be set to 8 (disabled by
    default).
  * Fix an out-of-bounds heap read.
- Refreshed flac-cflags.patch

- Drop patch that should be upstreamed first, otherwise we will
  have to keep it ofrever:
  * flac-ocloexec.patch
- Drop wrong patch:
  * flac-fix-pkgconfig.patch
    + If using this change you get assert.h include overriden in your
    project by the one from FLAC/ which is not what upstream desired
    If packages fail to build they should fix their include

- Build documentation as noarch

- Cleanup spec file with spec-cleaner
- Update url
- Remove no longer needed patches
  * flac-fix-CVE-2014-8962.patch
  * flac-fix-CVE-2014-9028.patch
  * 0001-getopt_long-not-broken-here.patch
- Remove following as benefit of using openssl is small
  * 0001-Allow-use-of-openSSL.patch
- Add flac-cflags.patch
- Use doxygen to build documentation
- Split documentation to separate package
- Update to 1.3.1
  * Improved decoding efficiency of all bit depths but especially
    so for 24 bits for IA32 architecture (lvqcl and Miroslav Lichvar).
  * Faster encoding using SSE and AVX (lvqcl).
  * Fixed bartlett, bartlett_hann and triangle functions.
  * New apodization functions partial_tukey and punchout_tukey for
    improved compression (Martijn van Beurden).
  * Retuned compression presets to incorporate new apodization
    functions (Martijn van Beurden).
  * Fix -Wcast-align warnings on armhf architecture (Erik de
    Castro Lopo).
  * Help output documentation improvements.
  * I/O buffering improvements on Windows to reduce disk
    fragmentation when writing files.
  * Only write vorbis-comments if they are non-empty.
  * Fix symbol visibility in XMMS plugin.
  * Many fixes and improvements across all the build systems.
  * Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962
    (heap read overflow)

- A couple of security fixes:
  * flac-fix-CVE-2014-8962.patch:
    arbitrary code execution by a stack overflow (CVE-2014-8962,
    bnc#906831)
  * flac-fix-CVE-2014-9028.patch:
    Heap overflow via specially crafted .flac files (CVE-2014-9028,
    bnc#907016)

- Update to final upstream release 1.3.0
  * No user-visible changes
- More robust make install call

- Update to flac 1.3.0pre4 (packaged as 1.2.99_git* to avoid
  messing with RPM versioning)
  * Mostly non-linux related bugfixes plus autotools fixes
  - flac-openssl.patch --> 0001-Allow-use-of-openSSL.patch
  - remove flac-1.2.1-automake1_13.patch, fixed in upstream.
  - add 0001-getopt_long-not-broken-here.patch, FLAC bundles
  GNU-compatible getopt_long for broken OS, but we do have
  a functional version in libc already.

- license update: BSD-3-Clause and GPL-2.0+ and GFDL-1.2
  Numerous GPL-2.0+ licensed files;documtation is GFDL-1.2

- add flac-1.2.1-automake1_13.patch, fix build with automake-1.13.1

- Add flac-fix-pkgconfig.patch to fix includedir in the pkgconfig
  files.

- add xz buildrequires for old distros.

- Update to current git
  * patches deleted:
  - flac-1.2.1-asm.patch
  - flac-1.2.1-bitreader.patch
  - flac-gcc43-fixes.diff
  - flac-gcc47.patch
  - flac-leaks.patch
  - flac-no-xmms.diff
  - flac-visibility.patch
  - flac-printf-format-fix.diff
  All Upstreamed either by us or other distros.
- Add flac-openssl.patch, do crypto with openssl (not wanted upstream)
- Restore make check

- Don't ignore $(AM_CFLAGS).
- Remove ppc patch.

- Add flac-gcc47.patch: Replacing strcpy without 'lenght
  limitation' with strncpy, limited to 4 chars. This is safe, as we
  check the length already to be sure it is 4 chars, yet do not
  suffer from the problem that strcpy wants to add a '\0' char in
  plus to the target string.

- don't use fvisibility=hidden on ppc. As it can't find symbols
  afterwards

- Fix some memory and resources leak.
- Link shared libraries with -Bsymbolic-functions
- annotate relevant functions with proper attributes to
  allow the compiler generate better code (attribute hot. alloc_size)

- Support symbol visibility features
- Disable test suite, nothing wrong with it, it just
  takes too long to run and uses private/hidden symbols to
  test flac's internals.