!36 [sync] PR-31: Fix CVE-2019-8354,CVE-2019-8355,CVE-2019-8356,CVE-2019-8357 and CVE-2019-13590

From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

CVE-2017-18189.patch

@@ -0,0 +1,27 @@
+A corrupt header specifying zero channels would send read_channels()
+into an infinite loop.  Prevent this by sanity checking the channel
+count in open_read().  Also add an upper bound to prevent overflow
+in multiplication.
+---
+ src/xa.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+ 
+diff --git a/src/xa.c b/src/xa.c
+index 81a767720d93..9fc086eca2b2 100644
+--- a/src/xa.c
++++ b/src/xa.c
+@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft)
+         lsx_report("User options overriding rate read in .xa header");
+     }
+ 
++    if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) {
++        lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d",
++                       ft->signal.channels);
++        return SOX_EOF;
++    }
++
+     /* Check for supported formats */
+     if (ft->encoding.bits_per_sample != 16) {
+         lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.",
+-- 
+2.17.0

CVE-2019-13590.patch

@@ -0,0 +1,13 @@
+--- a/src/sox-fmt.c
++++ b/src/sox-fmt.c
+@@ -46,7 +46,9 @@
+       lsx_readdw(ft, &comments_bytes))
+     return SOX_EOF;
+ 
+-  if (((headers_bytes + 4) & 7) || headers_bytes < FIXED_HDR + comments_bytes ||
++  if (((headers_bytes + 4) & 7) ||
++      comments_bytes > 0x40000000 || /* max 1 GB */
++      headers_bytes < FIXED_HDR + comments_bytes ||
+       (num_channels > 65535)) /* Reserve top 16 bits */ {
+     lsx_fail_errno(ft, SOX_EHDR, "invalid sox file format header");
+     return SOX_EOF;

CVE-2019-8354.patch

@@ -0,0 +1,11 @@
+--- a/src/effects_i_dsp.c
++++ b/src/effects_i_dsp.c
+@@ -357,7 +357,7 @@
+     double scale, sox_bool dc_norm)
+ {
+   int i, m = num_taps - 1;
+-  double * h = malloc(num_taps * sizeof(*h)), sum = 0;
++  double * h = calloc(num_taps, sizeof(*h)), sum = 0;
+   double mult = scale / lsx_bessel_I_0(beta), mult1 = 1 / (.5 * m + rho);
+   assert(Fc >= 0 && Fc <= 1);
+   lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale);

CVE-2019-8355.patch

@@ -0,0 +1,46 @@
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -95,7 +95,7 @@
+ 
+ libsox_la_CFLAGS = @WARN_CFLAGS@
+ libsox_la_LDFLAGS = @APP_LDFLAGS@ -version-info @SHLIB_VERSION@ \
+-  -export-symbols-regex '^(sox_.*|lsx_(check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|flush|error|eof|fail_errno|filelength|find_(enum_(text|value)|file_extension)|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|realloc|rewind|seeki|sigfigs3p?|strcasecmp|tell|unreadb|write(b|_b_buf|buf|s)))$$'
++  -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc.*|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$'
+ 
+ if HAVE_WIN32_LTDL
+   libsox_la_SOURCES += win32-ltdl.c win32-ltdl.h
+--- a/src/xmalloc.c
++++ b/src/xmalloc.c
+@@ -41,3 +41,13 @@
+ 
+   return ptr;
+ }
++
++void *lsx_realloc_array(void *p, size_t n, size_t size)
++{
++  if (n > (size_t)-1 / size) {
++    lsx_fail("malloc size overflow");
++    exit(2);
++  }
++
++  return lsx_realloc(p, n * size);
++}
+--- a/src/xmalloc.h
++++ b/src/xmalloc.h
+@@ -23,12 +23,14 @@
+ #include <stddef.h>
+ #include <string.h>
+ 
++LSX_RETURN_VALID void *lsx_realloc_array(void *p, size_t n, size_t size);
++
+ #define lsx_malloc(size) lsx_realloc(NULL, (size))
+ #define lsx_calloc(n,s) (((n)*(s))? memset(lsx_malloc((n)*(s)),0,(n)*(s)) : NULL)
+ #define lsx_Calloc(v,n)  v = lsx_calloc(n,sizeof(*(v)))
+ #define lsx_strdup(p) ((p)? strcpy((char *)lsx_malloc(strlen(p) + 1), p) : NULL)
+ #define lsx_memdup(p,s) ((p)? memcpy(lsx_malloc(s), p, s) : NULL)
+-#define lsx_valloc(v,n)  v = lsx_malloc((n)*sizeof(*(v)))
+-#define lsx_revalloc(v,n)  v = lsx_realloc(v, (n)*sizeof(*(v)))
++#define lsx_valloc(v,n)  v = lsx_realloc_array(NULL, n, sizeof(*(v)))
++#define lsx_revalloc(v,n)  v = lsx_realloc_array(v, n, sizeof(*(v)))
+ 
+ #endif

CVE-2019-8356.patch

@@ -0,0 +1,73 @@
+--- a/src/fft4g.c
++++ b/src/fft4g.c
+@@ -322,6 +322,9 @@
+ 
+ void cdft(int n, int isgn, double *a, int *ip, double *w)
+ {
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     if (n > (ip[0] << 2)) {
+         makewt(n >> 2, ip, w);
+     }
+@@ -344,6 +347,9 @@
+     int nw, nc;
+     double xi;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 2)) {
+         nw = n >> 2;
+@@ -384,6 +390,9 @@
+     int j, nw, nc;
+     double xr;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 2)) {
+         nw = n >> 2;
+@@ -435,6 +444,9 @@
+     int j, nw, nc;
+     double xr;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 2)) {
+         nw = n >> 2;
+@@ -486,6 +498,9 @@
+     int j, k, l, m, mh, nw, nc;
+     double xr, xi, yr, yi;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 3)) {
+         nw = n >> 3;
+@@ -576,6 +591,9 @@
+     int j, k, l, m, mh, nw, nc;
+     double xr, xi, yr, yi;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 3)) {
+         nw = n >> 3;
+--- a/src/fft4g.h
++++ b/src/fft4g.h
+@@ -13,6 +13,8 @@
+  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+  */
+ 
++#define FFT4G_MAX_SIZE 262144
++
+ void lsx_cdft(int, int, double *, int *, double *);
+ void lsx_rdft(int, int, double *, int *, double *);
+ void lsx_ddct(int, int, double *, int *, double *);

CVE-2019-8357.patch

@@ -0,0 +1,12 @@
+--- a/src/effects_i_dsp.c
++++ b/src/effects_i_dsp.c
+@@ -362,6 +362,9 @@
+   assert(Fc >= 0 && Fc <= 1);
+   lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale);
+ 
++  if (!h)
++    return NULL;
++
+   for (i = 0; i <= m / 2; ++i) {
+     double z = i - .5 * m, x = z * M_PI, y = z * mult1;
+     h[i] = x? sin(Fc * x) / x : Fc;

CVE-2021-23159.patch

@@ -0,0 +1,23 @@
+From: Helmut Grohne <helmut@subdivi.de>
+Subject: hcom: validate dictsize
+Bug: https://sourceforge.net/p/sox/bugs/350/
+Bug: https://sourceforge.net/p/sox/bugs/352/
+Bug-Debian: https://bugs.debian.org/1021133
+Bug-Debian: https://bugs.debian.org/1021134
+
+This patch fixes both CVE-2021-23159 and CVE-2021-23172.
+
+--- a/src/hcom.c
++++ b/src/hcom.c
+@@ -134,6 +134,11 @@
+                 return (SOX_EOF);
+         }
+         lsx_readw(ft, &dictsize);
++        if (dictsize == 0 || dictsize > 511)
++        {
++                lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header");
++                return SOX_EOF;
++        }
+ 
+         /* Translate to sox parameters */
+         ft->encoding.encoding = SOX_ENCODING_HCOM;

CVE-2021-33844.patch

@@ -0,0 +1,28 @@
+From: Helmut Grohne <helmut@subdivi.de>
+Subject: wav: reject 0 bits per sample to avoid division by zero
+Bug: https://sourceforge.net/p/sox/bugs/349/
+Bug-Debian: https://bugs.debian.org/1021135
+
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -506,7 +506,7 @@
+     unsigned short wChannels;       /* number of channels */
+     uint32_t      dwSamplesPerSecond; /* samples per second per channel */
+     uint32_t      dwAvgBytesPerSec;/* estimate of bytes per second needed */
+-    uint16_t wBitsPerSample;  /* bits per sample */
++    uint16_t wBitsPerSample = 0;  /* bits per sample */
+     uint32_t wFmtSize;
+     uint16_t wExtSize = 0;    /* extended field for non-PCM */
+ 
+@@ -587,6 +587,11 @@
+     lsx_readdw(ft, &dwAvgBytesPerSec);   /* Average bytes/second */
+     lsx_readw(ft, &(wav->blockAlign));   /* Block align */
+     lsx_readw(ft, &wBitsPerSample);      /* bits per sample per channel */
++    if (wBitsPerSample == 0)
++    {
++        lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero");
++        return SOX_EOF;
++    }
+     len -= 16;
+ 
+     if (wav->formatTag == WAVE_FORMAT_EXTENSIBLE)

CVE-2021-3643.patch

@@ -0,0 +1,27 @@
+From: Helmut Grohne <helmut@subdivi.de>
+Date: Sat, 11 Nov 2023 18:18:40 +0100
+Subject: voc: word width should never be 0 to avoid division by zero
+
+Bug: https://sourceforge.net/p/sox/bugs/351/
+Bug-Debian: https://bugs.debian.org/1010374
+
+This patch fixes both CVE-2021-3643 and CVE-2021-23210.
+---
+ src/voc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/voc.c b/src/voc.c
+index f026178..f44933d 100644
+--- a/src/voc.c
++++ b/src/voc.c
+@@ -614,6 +614,10 @@ static int getblock(sox_format_t * ft)
+         v->rate = new_rate_32;
+         ft->signal.rate = new_rate_32;
+         lsx_readb(ft, &uc);
++        if (uc <= 1) {
++          lsx_fail_errno(ft, SOX_EFMT, "2 bits per word required");
++          return (SOX_EOF);
++        }
+         v->size = uc;
+         lsx_readb(ft, &(v->channels));
+         lsx_readw(ft, &(v->format));    /* ANN: added format */

CVE-2021-40426.patch

@@ -0,0 +1,35 @@
+From: Helmut Grohne <helmut@subdivi.de>
+Date: Sat, 11 Nov 2023 18:18:40 +0100
+Subject: sphere: avoid integer underflow
+
+Link: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
+Bug: https://sourceforge.net/p/sox/bugs/362/
+Bug-Debian: https://bugs.debian.org/1012138
+---
+ src/sphere.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/sphere.c b/src/sphere.c
+index a3fd1c6..9544d16 100644
+--- a/src/sphere.c
++++ b/src/sphere.c
+@@ -63,7 +63,8 @@ static int start_read(sox_format_t * ft)
+     return (SOX_EOF);
+   }
+ 
+-  header_size -= (strlen(buf) + 1);
++  bytes_read = strlen(buf);
++  header_size -= bytes_read >= header_size ? header_size : bytes_read + 1;
+ 
+   while (strncmp(buf, "end_head", (size_t)8) != 0) {
+     if (strncmp(buf, "sample_n_bytes", (size_t)14) == 0)
+@@ -105,7 +106,8 @@ static int start_read(sox_format_t * ft)
+       return (SOX_EOF);
+     }
+ 
+-    header_size -= (strlen(buf) + 1);
++    bytes_read = strlen(buf);
++    header_size -= bytes_read >= header_size ? header_size : bytes_read + 1;
+   }
+ 
+   if (!bytes_per_sample)

CVE-2022-31650.patch

@@ -0,0 +1,56 @@
+From: Helmut Grohne <helmut@subdivi.de>
+Date: Sat, 11 Nov 2023 18:18:40 +0100
+Subject: formats+aiff: reject implausibly large number of channels
+
+Bug: https://sourceforge.net/p/sox/bugs/360/
+Bug-Debian: https://bugs.debian.org/1012516
+---
+ src/aiff.c      |  5 +++++
+ src/formats_i.c | 10 ++++++++--
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index 11ddb54..1476778 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -609,6 +609,11 @@ int lsx_aiffstartwrite(sox_format_t * ft)
+            At 48 kHz, 16 bits stereo, this gives ~3 hours of audio.
+            Sorry, the AIFF format does not provide for an indefinite
+            number of samples. */
++        if (ft->signal.channels >= (0x7f000000 / (ft->encoding.bits_per_sample >> 3)))
++        {
++                lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF header");
++                return SOX_EOF;
++        }
+         return(aiffwriteheader(ft, (uint64_t) 0x7f000000 / ((ft->encoding.bits_per_sample>>3)*ft->signal.channels)));
+ }
+ 
+diff --git a/src/formats_i.c b/src/formats_i.c
+index 5e264f8..602e044 100644
+--- a/src/formats_i.c
++++ b/src/formats_i.c
+@@ -19,6 +19,7 @@
+  */
+ 
+ #include "sox_i.h"
++#include <limits.h>
+ #include <string.h>
+ #include <sys/stat.h>
+ #include <stdarg.h>
+@@ -60,9 +61,14 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels,
+   if (ft->seekable)
+     ft->data_start = lsx_tell(ft);
+ 
+-  if (channels && ft->signal.channels && ft->signal.channels != channels)
++  if (channels && ft->signal.channels && ft->signal.channels != channels) {
+     lsx_warn("`%s': overriding number of channels", ft->filename);
+-  else ft->signal.channels = channels;
++  } else if (channels > SHRT_MAX) {
++    lsx_fail_errno(ft, EINVAL, "implausibly large number of channels");
++    return SOX_EOF;
++  } else {
++    ft->signal.channels = channels;
++  }
+ 
+   if (rate && ft->signal.rate && ft->signal.rate != rate)
+     lsx_warn("`%s': overriding sample rate", ft->filename);

CVE-2022-31651.patch

@@ -0,0 +1,32 @@
+From: Helmut Grohne <helmut@subdivi.de>
+Date: Sat, 11 Nov 2023 18:18:40 +0100
+Subject: formats: reject implausible rate
+
+Bug: https://sourceforge.net/p/sox/bugs/360/
+Bug-Debian: https://bugs.debian.org/1012516
+---
+ src/formats_i.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/formats_i.c b/src/formats_i.c
+index 602e044..63f8797 100644
+--- a/src/formats_i.c
++++ b/src/formats_i.c
+@@ -70,9 +70,15 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels,
+     ft->signal.channels = channels;
+   }
+ 
+-  if (rate && ft->signal.rate && ft->signal.rate != rate)
++  if (rate && ft->signal.rate && ft->signal.rate != rate) {
+     lsx_warn("`%s': overriding sample rate", ft->filename);
+-  else ft->signal.rate = rate;
++  /* Since NaN comparisons yield false, the negation rejects them. */
++  } else if (!(rate > 0)) {
++    lsx_fail_errno(ft, EINVAL, "invalid rate value");
++    return SOX_EOF;
++  } else {
++    ft->signal.rate = rate;
++  }
+ 
+   if (encoding && ft->encoding.encoding && ft->encoding.encoding != encoding)
+     lsx_warn("`%s': overriding encoding type", ft->filename);

CVE-2023-32627.patch

@@ -0,0 +1,31 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
+Date: Sun, 13 Aug 2023 14:14:09 +0000
+Subject: CVE-2023-32627 Filter null sampling rate in VOC coder
+
+Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file
+
+bug: https://sourceforge.net/p/sox/bugs/369/
+bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
+bug-debian: https://bugs.debian.org/1041112
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627
+---
+ src/voc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/voc.c b/src/voc.c
+index f44933d..cad32fa 100644
+--- a/src/voc.c
++++ b/src/voc.c
+@@ -351,6 +351,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf,
+             v->block_remaining = 0;
+             return done;
+           }
++          if(uc == 0) {
++            lsx_fail_errno(ft, EINVAL, "invalid rate value");
++            v->block_remaining = 0;
++            return done;
++          }
+           *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
+           lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
+           ++buf;
+

sox.spec

@@ -1,6 +1,6 @@
 Name: sox
 Version: 14.4.2.0
-Release: 27
+Release: 31
 Summary: A general purpose sound file conversion tool
 License: GPLv2+ and LGPLv2+ and MIT
 URL: http://sox.sourceforge.net/
@@ -17,13 +17,34 @@ Patch1003: sox-14.4.2-bug_1510923_fix.patch
 Patch1004: sox-14.4.2-hcom_stopwrite_big_endian_bug_fix.patch
 Patch1005: sox-14.4.2-bug_1226675_fix.patch
 Patch1006: sox-14.4.2-bug_1480678_fix.patch
+# - upstream patch: https://sourceforge.net/p/sox/mailman/sox-devel/thread/20180426131552.29249-9-mans@mansr.com/#msg36303839
+Patch1007: CVE-2017-18189.patch
+# https://sources.debian.org/src/sox/14.4.2%252Bgit20190427-4/debian/patches/
+Patch1008: CVE-2021-33844.patch
+Patch1009: CVE-2023-32627.patch
+# CVE-2021-23159 is the same as CVE-2023-34432,CVE-2023-34318,CVE-2021-23172
+Patch1010: CVE-2021-23159.patch
+# CVE-2021-3643 is the same as CVE-2021-23210
+Patch1011: CVE-2021-3643.patch
+# CVE-2022-31650 is the same as CVE-2023-26590
+Patch1012: CVE-2022-31650.patch
+Patch1013: CVE-2022-31651.patch
+Patch1014: CVE-2021-40426.patch
+Patch1015: CVE-2019-8354.patch
+Patch1016: CVE-2019-8355.patch
+Patch1017: CVE-2019-8356.patch
+Patch1018: CVE-2019-8357.patch
+Patch1019: CVE-2019-13590.patch
+
+# Tests:
 Patch9000: sox-14.4.2-installcheck_fix.patch
+
 BuildRequires: gcc, libvorbis-devel, alsa-lib-devel, libtool-ltdl-devel
 BuildRequires: gsm-devel, wavpack-devel, ladspa-devel, libpng-devel
 BuildRequires: flac-devel, libao-devel, libsndfile-devel, libid3tag-devel
 BuildRequires: pulseaudio-libs-devel, opusfile-devel
 BuildRequires: libtool, libmad-devel, lame-devel, twolame-devel
-BuildRequires: python3, time, libsamplerate-devel, git
+BuildRequires: python3, time, libsamplerate-devel
 
 %description
 SoX is a cross-platform (Windows, Linux, MacOS X, etc.) command line utility
@@ -43,14 +64,14 @@ which will use the SoX sound file format converter.
 %package_help
 
 %prep
-%autosetup -n %{name}-downstream-%{name}-%{version}.modified -Sgit -p1
+%autosetup -n %{name}-downstream-%{name}-%{version}.modified -p1
 autoreconf -vfi
 cp ${RPM_SOURCE_DIR}/binpatch.py binpatch.py
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
 %configure --without-lpc10 --with-gsm --includedir=%{_includedir}/sox \
-           --disable-static --with-distro=openEuler --with-dyn-default
+           --disable-static --with-distro=%{_vendor} --with-dyn-default
 make V=1 %{?_smp_mflags}
 
 %install
@@ -115,6 +136,21 @@ mv $libsox_so.orig $libsox_so
 %{_mandir}/man3/*
 
 %changelog
+* Mon Jan 06 2025 yaoxin <1024769339@qq.com> - 14.4.2.0-31
+- Fix CVE-2019-8354,CVE-2019-8355,CVE-2019-8356,CVE-2019-8357 and CVE-2019-13590
+
+* Sun Dec 24 2023 liningjie <liningjie@xfusion.com> - 14.4.2.0-30
+- DESC: apply CVE-2021-40426.patch
+
+* Thu Dec 07 2023 yaqiangchen <chenyaqiang@huawei.com> - 14.4.2.0-29
+- Fix CVE-2021-33844,CVE-2023-32627,CVE-2021-23159,CVE-2023-34432
+- CVE-2023-34318,CVE-2021-23172,CVE-2021-3643,CVE-2021-23210
+- CVE-2022-31650,CVE-2023-26590,CVE-2022-31651,CVE-2023-32627
+- CVE-2017-18189
+
+* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 14.4.2.0-28
+- DESC: delete -Sgit from %autosetup, and delete BuildRequires git
+
 * Fri Apr 3 2020 duyeyu <duyeyu@huawei.com> - 14.4.2.0-27
 - Modify configure parameters
 

sox.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: i386x/sos-downstream
+tag_prefix: ^v
+seperator: .