libsndfile-1.1.0

[Bruce Dubbs]

New minor version.

[Xi Ruoyao]

Elevate because oss-fuzz has found some security issues, and rated at least one of them high. No CVE is assigned now.

[Bruce Dubbs]

[1.1.0] - 2022-03-27

# Added

• MPEG Encode/Decode Support.

Uses libmpg123 for decode, liblame for encode. Encoding and decoding support is independent of each other and is split into separate files. MPEG support is generalized as subformats, SF_FORMAT_MPEG_LAYER(I,II,III) so that it might be used by other containers (MPEG1WAVEFORMAT for example), but also contains a major format SF_FORMAT_MPEG for 'mp3 files.'

Encoding Status:

• Layer III encoding
• ID3v1 writing
• ID3v2 writing
• Lame/Xing Tag writing
• Bitrate selection command
• VBR or CBR

Decoding Status:

• Layers I/II/III decoding
• ID3v1 reading
• ID3v2 reading
• Seeking

• New fuzzer for OSS-Fuzz
• This CHANGELOG.md. All notable changes to this project will be documented in this file. The old NEWS file has been renamed to NEWS.OLD and is no longer updated.
• Add support for decoding MPEG III Audio in WAV files.
• SECURITY.md file to give people instructions for reporting security vulnerabilities.
• Support for [Vcpkg manifest mode].

If you have problems with manifest mode, disable it with VCPKG_MANIFEST_MODE switch.

• [Export CMake targets from the build tree
• CIFuzz fuzzer, thanks to @AdamKorcz (

# Changed

• SFC_SET_DITHER_ON_READ and SFC_SET_DITHER_ON_WRITE enums comments in public header.
• ENABLE_SNDFILE_WINDOWS_PROTOTYPES define is deprecated and not needed anymore.

Previously, in order for the [sf_wchar_open()] function to become available on the Windows platform, it was required to perform certain actions:

  ```c
  #include <windows.h>
  #define ENABLE_SNDFILE_WINDOWS_PROTOTYPES 1
  #including <sndfile.h>
  ```

These steps are no longer required and the sf_wchar_open() function is always available on the Windows platform.

• Use UTF-8 as internal path encoding on Windows platform.

This is an internal change to unify and simplify the handling of file paths.

On the Windows platform, the file path is always converted to UTF-8 and converted to UTF-16 only for calls to WinAPI functions.

The behavior of the functions for opening files on other platforms does not change.

• Switch to .xz over .bz2 for release tarballs.
• Disable static builds using Autotools by default. If you want static libraries, pass --enable-static to ./configure

### Fixed

• Typo in docs/index.md.
• Typo in programs/sndfile-convert.c.
• Memory leak in caf_read_header().
• Stack overflow in guess_file_type().
• Abort in fuzzer.
• Infinite loop in svx_read_header().
• GCC and Clang pedantic warnings.
• Normalisation issue when scaling floating point data to int in replace_read_f2i().
• Missing samples when doing a partial read of Ogg file from index till the end of file.
• sndfile-salvage: Handle files > 4 GB on Windows OS
• Undefined shift in dyn_get_32bit().
• Integer overflow in nms_adpcm_update().
• Integer overflow in psf_log_printf().
• ABI version incompatibility between Autotools and CMake build on Apple platforms.

Now ABI must be compatible with Autotools builds. Note that this change requires CMake >= 3.17 for building dylib on Apple platforms.

• Fix build with Autotools + MinGW toolchain on Windows platform.

# Security

• Heap buffer overflow in wavlike_ima_decode_block().
• Heap buffer overflow in msadpcm_decode_block().
• Heap buffer overflow in psf_binheader_readf().
• Index out of bounds in psf_nms_adpcm_decode_block().
• Heap buffer overflow in flac_buffer_copy().
• Heap buffer overflow in copyPredictorTo24().
• Uninitialized variable in psf_binheader_readf().

[Bruce Dubbs]

Package updates:

b0530c8c66 Update to shared-mime-info-2.2.
2edd90496f Update to mc-4.8.28.
e273fc4bcd Update to frei0r-plugins-1.8.0.
3b342a16a6 Update to libsndfile-1.1.0.
b1d16c5709 Update to cups-filters-1.28.13.