import libsndfile-1.0.28-12.el8

SOURCES/libsndfile-1.0.31-ced91d7b.patch

@@ -0,0 +1,25 @@
+From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
+From: yuan <ssspeed00@gmail.com>
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e6..e33204505 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;

SOURCES/libsndfile-1.0.31-deb669ee.patch

@@ -0,0 +1,21 @@
+diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
+index 5e8f1a31..a21cb994 100644
+--- a/src/ms_adpcm.c
++++ b/src/ms_adpcm.c
+@@ -128,8 +128,14 @@ wavlike_msadpcm_init	(SF_PRIVATE *psf, int blockalign, int samplesperblock)
+ 	if (psf->file.mode == SFM_WRITE)
+ 		samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
+ 
+-	if (blockalign < 7 * psf->sf.channels)
+-	{	psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
++	/* There's 7 samples per channel in the preamble of each block */
++	if (samplesperblock < 7 * psf->sf.channels)
++	{	psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
++		return SFE_INTERNAL ;
++		} ;
++
++	if (2 * blockalign < samplesperblock * psf->sf.channels)
++	{	psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
+ 		return SFE_INTERNAL ;
+ 		} ;
+ 

SPECS/libsndfile.spec

@@ -1,7 +1,7 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
 Version:	1.0.28
-Release:	10%{?dist}
+Release:	12%{?dist}
 License:	LGPLv2+ and GPLv2+ and BSD
 Group:		System Environment/Libraries
 URL:		http://www.mega-nerd.com/libsndfile/
@@ -18,6 +18,9 @@ Patch6: libsndfile-1.0.28-fixfree.patch
 Patch7: libsndfile-1.0.28-vafix.patch
 Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
 Patch9: libsndfile-1.0.28-cve_2018_19662.patch
+# from upstream, for <= 1.0.31, rhbz#1985028
+Patch10:	libsndfile-1.0.31-deb669ee.patch
+Patch11:	libsndfile-1.0.31-ced91d7b.patch
 BuildRequires:	alsa-lib-devel
 BuildRequires:	flac-devel
 BuildRequires:	libogg-devel
@@ -72,6 +75,8 @@ This package contains command line utilities for libsndfile.
 %patch7 -p1 -b .vafix
 %patch8 -p1 -b .CVE_2018_13139
 %patch9 -p1 -b .cve_2018_19662
+%patch10 -p1 -b .deb669ee
+%patch11 -p1 -b .ced91d7b
 rm -r src/GSM610
 
 %build
@@ -167,6 +172,12 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 
 
 %changelog
+* Wed Jan 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-12
+- fix heap buffer overflow in flac (#2030507)
+
+* Mon Jul 26 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-11
+- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985028)
+
 * Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
 - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function
   i2alaw_array in alaw (#1673085)