From 84684ab429ccf90bcddc1c0cdbbca0ddc2b17563 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Wed, 16 Dec 2015 18:15:39 +0100
Subject: [PATCH] fix incomplete patch for CVE-2015-7805

---
 ...f0bcaf20203bb4ee56da760a6e5118e6f93b.patch | 22 +++++++++++++++++++
 libsndfile.spec                               | 10 +++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch

diff --git a/libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch b/libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch
new file mode 100644
index 0000000..6aa4bf5
--- /dev/null
+++ b/libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch
@@ -0,0 +1,22 @@
+From 53c9f0bcaf20203bb4ee56da760a6e5118e6f93b Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Mon, 9 Nov 2015 19:18:48 +1100
+Subject: [PATCH] src/common.c: Pull fix from 1.0.25
+
+---
+ src/common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common.c b/src/common.c
+index c6b88cc..830c43e 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -805,7 +805,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
+ 	if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
+ 	{	int most ;
+ 
+-		most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
++		most = SIGNED_SIZEOF (psf->header) - psf->headend ;
+ 		psf_fread (psf->header + psf->headend, 1, most, psf) ;
+ 		memcpy (ptr, psf->header + psf->headend, most) ;
+ 		psf->headend = psf->headindex += most ;
diff --git a/libsndfile.spec b/libsndfile.spec
index 6fa682f..f37c003 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -1,7 +1,7 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
 Version:	1.0.25
-Release:	17%{?dist}
+Release:	18%{?dist}
 License:	LGPLv2+ and GPLv2+ and BSD
 Group:		System Environment/Libraries
 URL:		http://www.mega-nerd.com/libsndfile/
@@ -9,8 +9,10 @@ Source0:	http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
 Patch0:		%{name}-1.0.25-system-gsm.patch
 Patch1:		libsndfile-1.0.25-zerodivfix.patch
 Patch2:		libsndfile-1.0.25-cve2014_9496.patch
-# from upstream, for <= 1.0.25, rhbz#1277899
+
+# 2x from upstream, for <= 1.0.25, rhbz#1277899
 Patch3:		libsndfile-1.0.25-d2a87385c1ca1d72918e9a2875d24f202a5093e8.patch
+Patch4:		libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch
 
 BuildRequires:	alsa-lib-devel
 BuildRequires:	flac-devel
@@ -60,6 +62,7 @@ This package contains command line utilities for libsndfile.
 %patch1 -p1 -b .zerodivfix
 %patch2 -p1 -b .cve2014_9496
 %patch3 -p1 -b .d2a87385c1ca1d72918e9a2875d24f202a5093e8
+%patch4 -p1 -b .53c9f0bcaf20203bb4ee56da760a6e5118e6f93b
 rm -r src/GSM610
 
 %build
@@ -159,6 +162,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 
 
 %changelog
+* Wed Dec 16 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-18
+- fix incomplete patch for CVE-2015-7805
+
 * Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-17
 - fix CVE-2015-7805: Heap overflow vulnerability when parsing specially
   crafted AIFF header