libsndfile-progs-1.2.2-160000.3.2

- Fix out-of-bounds read in function vorbis_analysis_wrote in
  ogg_vorbis.c (CVE-2024-50612, bsc#1232438):
  libsndfile-CVE-2024-50612.patch

- Update to 1.2.1:
  * Various bug fixes (issue #908, #907, #934, #950, #930)
- Update to 1.2.2:
  * Fixed invalid regex in src/create_symbols_file.py
  * Fixed passing null pointer to printf %s in tests
- Fix signed integers overflows in au_read_header()
  (bsc#1213451, CVE-2022-33065):
  libsndfile-CVE-2022-33065.patch

- update to 1.2.0:
  * Searching for LAME dependency with CMake build system (issue #821).
  * CMake build from Autotools tarball (issue #816).
  * Build on UWP platform (issue #824).
  * Fix signed integer overflow (issue #785).
  * Skipping large wav chunks on stdin (PR #819).

- Fix build with libsndfile 1.1.0; add missing build reqs

- update to 1.1.0:
  * Added MPEG Encode/Decode Support
  * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski.
  Fixed:
  * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375).
  * Stack overflow in guess_file_type()
  * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz
  * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz
  * GCC and Clang pedantic warnings, thanks @bobsayshilol.
  * Normalisation issue when scaling floating point data to int in
    replace_read_f2i(), thanks @bobsayshilol, (issue #702).
  * Missing samples when doing a partial read of Ogg file from index till the
    end of file, thanks @arthurt (issue #643).
  * sndfile-salvage: Handle files > 4 GB on Windows OS
  * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz
  * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz
  * Integer overflow in psf_log_printf(), credit to OSS-Fuzz
  * ABI version incompatibility between Autotools and CMake build on Apple
    platforms.
  * Heap buffer overflow in wavlike_ima_decode_block()
  * Heap buffer overflow in msadpcm_decode_block()
  * Heap buffer overflow in psf_binheader_readf()
  * Index out of bounds in psf_nms_adpcm_decode_block()
  * Heap buffer overflow in flac_buffer_copy()
  * Heap buffer overflow in copyPredictorTo24()
  * Uninitialized variable in psf_binheader_readf()
- drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch,
    libsndfile-CVE-2021-4156.patch (obsolete)

- update to 1.0.31:
  * documentation fixes and updates
  * Change CMake's project name from sndfile to libsndfile as it should be.
  * Fix memory leak in wav_read_smpl_chunk() function, credit to OSS-Fuzz.
  * Fix aiff_read_header() memory leak(), credit to OSS-Fuzz.
  * Fix leak in wav_read_header(), credit to OSS-Fuzz.
  * Fix leak in wavlike_read_cart_chunk(), credit to OSS-Fuzz.
  * Fix memory leak in wav_read_acid_chunk(), credit to OSS-Fuzz.
  * Fix memory leak in aiff_read_basc_chunk(), credit to OSS-Fuzz.
  * Fix memory leak in wavlike_read_peak_chunk(), credit to OSS-Fuzz.
  * Fix memory leak in aiff_read_header(), credit to OSS-Fuzz.
  * Fix use of uninitialized value in exif_subchunk_parse(), credit to OSS-Fuzz.
  * Fix use of uninitialized value in endswap_int64_t_array(), credit to
  * OSS-Fuzz.
  * Fix up the fuzzer so that it can't under or overseek,
  * thanks to Max Dymond cmeister2@gmail.com.
  * Fix Autotools configure on macOS, thanks to @tmcguire and @nwh.
  * Exclude repository-configuration from git-archive, thanks to @umlaeute.
  * Use version-script when compiling with clang on Unix with Autotools, thanks
  * to @tstellar.
  * Improve handling of SMPL chunks in WAV files, thanks to @zodf0055980.
- update to 1.0.30:
  * Move sndfile.h.in from src/ to include/ directory.
  * Huge documentation update.
  * Fix opus test failures on BE platforms
  * Fix bug when sf_open_fd() function sometimes leaves filehandle open, even if close_desc parameter is TRUE, thanks to @umläute.
  * Fix infinite loops on some pathological SD2 files
  * Switch to GitHub Actions for continuous integration.
  * Add OSS-Fuzz tests to GitHub Actions workflow
  * Fix memory leak in wavlike_read_bext_chunk() function, credit to OSS-Fuzz.
  * Fix undefined behavior in avr-read_header() function, credit to OSS-Fuzz.
- update to 1.0.29:
  * Fixes for: CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758 and CVE-2019-3832.
  * Add BWF v2 loudness parameters.
  * Wave64: Permit and skip arbitrary chunks prior to the data chunk.
  * Fix ASAN crash in wavlike_ima_seek().
  * Fix IMA-ADPCM encoding for AIFF files.
  * sndfile-convert: Handle gsm, vox and opus extensions the same way.
  * Add SFC_SET_OGG_PAGE_LATENCY_MS command to get Ogg page latency for Ogg Opus files.
  * Fix parsing of some SD2 files.
  * Documentation updates.
  * Minor bug fixes and improvements.
- drop libsndfile-CVE-2017-17456-alaw-range-check.patch
    libsndfile-CVE-2017-17457-ulaw-range-check.patch
    libsndfile-wav-loop-count-fix.patch
    0001-FLAC-Fix-a-buffer-read-overrun.patch
    0002-src-flac.c-Fix-a-buffer-read-overflow.patch
    0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
    0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
    0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
    0031-sfe_copy_data_fp-check-value-of-max-variable.patch: upstream

- Fix buffer overflow in sndfile-deinterleave, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
  CVE-2018-19432):
  (Apply all the rest as well to sync with libsndfile.spec)
  0001-FLAC-Fix-a-buffer-read-overrun.patch
  0002-src-flac.c-Fix-a-buffer-read-overflow.patch
  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
  0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
  0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
  0031-sfe_copy_data_fp-check-value-of-max-variable.patch
  libsndfile-CVE-2017-17456-alaw-range-check.patch
  libsndfile-CVE-2017-17457-ulaw-range-check.patch
  sndfile-deinterlace-channels-check.patch
  sndfile-ocloexec.patch

- Update to version 1.0.27:
  * Fix a seek regression in 1.0.26
  * Add metadata read/write for CAF and RF64
  * FIx PAF endian-ness issue
- Update to version 1.0.28
  * Fix buffer overruns in FLAC and ID3 handling code
  (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
  * Reduce default header memory requirements
  * Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch

- Remove documentation, it belongs to the libsndfile package.

- Update to version 1.0.26:
  * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
  * Add ALAC/CAF support. Minor bug fixes and improvements.
- Drop libsndfile-example-fix.diff

- Cleanup spec file with spec-cleaner
- Add gpg signature

- Added url as source.
  Please see http://en.opensuse.org/SourceUrls

- Remove redundant/unwanted tags/section (cf. specfile guidelines)

- Fix zero-division in PAF parser (bnc#708988)

- updated to version 1.0.25:
  Fix for Secunia Advisory SA45125 (CVE-2011-2696, bnc#705681)
  Minor bug fixes and improvements

- Update to version 1.0.24
- Upstream changes :
  * WAV files are now written with an 18 byte u-law and A-law fmt chunk
  * A document on virtual I/O functionality was added
  * Two new methods were added in sndfile.hh
  * A fix was made for a non-zero SSND offset values on AIFF
  * Minor bug fixes and improvements were done

- Update to version 1.0.23:
- Upstream changes :
  * configure.ac src/version-metadata.rc.in src/Makefile.am
    Add version string resources to the windows DLL.
  * doc/api.html
    Update to add missing SF_FORMAT_* values. Closed Debian bug #545257.
  * NEWS README configure.ac doc/*.html
    Updates for 1.0.23 release.
  * Other minor bug fixes

- Update to version 1.0.22
- Upstream changes :
  * Bunch of minor bug fixes.

- updated to version 1.0.21:
  * Bunch of minor bug fixes.
  * including VUL-1 divide-by-zero fix (bnc#631379)

- explicitely enable sqlite support to avoid random flipping

- updated to version 1.0.20:
  * Fix for potential heap overflow
- enable ogg/vorbis support

- buildfix: tar basedir is libsndfile not libsndfile-progs

- built progs subpackage from an individual spec file to cut the
  circular dependency with jack.

- updated to version 1.0.19:
  * Fix for CVE-2009-0186 (bnc#481769 - VUL-0: libsndfile CAF
    Processing Integer Overflow Vulnerability)
  * Huge number of minor fixes as a result of static analysis
- remove INSTALL file from filelist

- updated to version 1.0.18
  * Add Ogg/Vorbis support (disabled right now due to vorbis
    version mismatch; SVN version is required)
  * Remove captive FLAC library.
  * Many new features and bug fixes.
  * Generate Win32 and Win64 pre-compiled binaries.
- Dropped libsndfile-octave subpackage (as octave itself is
  dropped from FACTORY)

- obsolete old -XXbit packages (bnc#437293)

- prototype for memset