updated to 1.0.28

fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586)
fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)

.gitignore

@@ -4,3 +4,4 @@ libsndfile-1.0.21.tar.gz
 /libsndfile-1.0.24.tar.gz
 /libsndfile-1.0.25.tar.gz
 /libsndfile-1.0.27.tar.gz
+/libsndfile-1.0.28.tar.gz

libsndfile-1.0.25-system-gsm.patch

@@ -1,6 +1,6 @@
-diff -up libsndfile-1.0.27/src/gsm610.c.systemgsm libsndfile-1.0.27/src/gsm610.c
---- libsndfile-1.0.27/src/gsm610.c.systemgsm	2016-04-01 23:08:53.000000000 +0200
-+++ libsndfile-1.0.27/src/gsm610.c	2016-11-11 19:12:06.749656521 +0100
+diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c
+--- libsndfile-1.0.28/src/gsm610.c.systemgsm	2016-09-10 10:08:27.000000000 +0200
++++ libsndfile-1.0.28/src/gsm610.c	2017-04-11 10:47:40.437162489 +0200
 @@ -27,7 +27,7 @@
  #include "sfendian.h"
  #include "common.h"
@@ -20,9 +20,9 @@ diff -up libsndfile-1.0.27/src/gsm610.c.systemgsm libsndfile-1.0.27/src/gsm610.c
  		if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
  				(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
  			gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
-diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makefile.am
---- libsndfile-1.0.27/src/Makefile.am.systemgsm	2016-11-11 19:10:05.220551515 +0100
-+++ libsndfile-1.0.27/src/Makefile.am	2016-11-11 19:10:14.315634212 +0100
+diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am
+--- libsndfile-1.0.28/src/Makefile.am.systemgsm	2017-04-01 09:18:02.000000000 +0200
++++ libsndfile-1.0.28/src/Makefile.am	2017-04-11 10:48:43.855620172 +0200
 @@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
  include_HEADERS = sndfile.hh
  nodist_include_HEADERS = sndfile.h
@@ -32,7 +32,7 @@ diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makef
  
  SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
  
-@@ -46,7 +46,7 @@ endif
+@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR
  libsndfile_la_LDFLAGS = -no-undefined -version-info  $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
  libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
  nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
@@ -40,8 +40,8 @@ diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makef
 +libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
  		libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
  
- libcommon_la_SOURCES = $(COMMON)
-@@ -54,12 +54,6 @@ libcommon_la_SOURCES = $(COMMON)
+ EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
+@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io.
  #======================================================================
  # Subdir libraries.
  

libsndfile.spec

@@ -1,6 +1,6 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
-Version:	1.0.27
+Version:	1.0.28
 Release:	1%{?dist}
 License:	LGPLv2+ and GPLv2+ and BSD
 Group:		System Environment/Libraries
@@ -8,7 +8,7 @@ URL:		http://www.mega-nerd.com/libsndfile/
 Source0:	http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
 Patch0:		libsndfile-1.0.25-system-gsm.patch
 Patch1:		libsndfile-1.0.25-zerodivfix.patch
-
+Patch2: revert.patch
 BuildRequires:	alsa-lib-devel
 BuildRequires:	flac-devel
 BuildRequires:	libogg-devel
@@ -55,6 +55,7 @@ This package contains command line utilities for libsndfile.
 %setup -q
 %patch0 -p1 -b .systemgsm
 %patch1 -p1 -b .zerodivfix
+%patch2 -p1 -b .revert
 rm -r src/GSM610
 
 %build
@@ -150,6 +151,14 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 
 
 %changelog
+* Tue Apr 11 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-1
+- updated to 1.0.28
+- fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586)
+- fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.27-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
 * Fri Nov 11 2016 Michal Hlavinka <mhlavink@redhat.com> - 1.0.27-1
 - updated to 1.0.27
 

revert.patch

@@ -0,0 +1,37 @@
+--- libsndfile-1.0.28/src/rf64.c	2017-04-02 09:43:22.000000000 +0200
++++ libsndfile-1.0.27/src/rf64.c	2016-04-01 23:08:53.000000000 +0200
+@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int
+ 
+ #endif
+ 
+-	pad_size = psf->dataoffset - 16 - psf->header.indx ;
+-	if (pad_size >= 0)
+-		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++	if (psf->header.indx + 8 < psf->dataoffset)
++	{	/* Add PAD data if necessary. */
++		int k = psf->dataoffset - 16 - psf->header.indx ;
++		psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ;
++		} ;
+ 
+ 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
+ 	else
+ 		psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ;
+ 
+-	psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
++	psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
+ 	if (psf->error)
+ 		return psf->error ;
+ 
+-	if (has_data && psf->dataoffset != psf->header.indx)
+-	{	psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
++	if (has_data && psf->dataoffset != psf->header.indx)
++	{	psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
+ 		return psf->error = SFE_INTERNAL ;
+ 		} ;
+ 
+-	psf->dataoffset = psf->header.indx ;
++	psf->dataoffset = psf->header.indx ;
+ 
+ 	if (NOT (has_data))
+ 		psf_fseek (psf, psf->dataoffset, SEEK_SET) ;

sources

@@ -1 +1 @@
-fd1d97c6077f03b5d984d7956ffedb7a  libsndfile-1.0.27.tar.gz
+SHA512 (libsndfile-1.0.28.tar.gz) = 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f