fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328)

fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586)
fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)

.gitignore

@@ -5,5 +5,3 @@ libsndfile-1.0.21.tar.gz
 /libsndfile-1.0.25.tar.gz
 /libsndfile-1.0.27.tar.gz
 /libsndfile-1.0.28.tar.gz
-/libsndfile-1.0.31.tar.bz2
-/libsndfile-1.1.0.tar.xz

libsndfile-1.0.25-system-gsm.patch

@@ -1,87 +1,6 @@
-diff -up libsndfile-1.1.0/CMakeLists.txt.system-gsm libsndfile-1.1.0/CMakeLists.txt
---- libsndfile-1.1.0/CMakeLists.txt.system-gsm	2022-03-27 14:39:27.000000000 +0200
-+++ libsndfile-1.1.0/CMakeLists.txt	2022-04-25 22:41:46.472440316 +0200
-@@ -286,7 +286,6 @@ add_library (sndfile
- 	src/double64.c
- 	src/ima_adpcm.c
- 	src/ms_adpcm.c
--	src/gsm610.c
- 	src/dwvw.c
- 	src/vox_adpcm.c
- 	src/interleave.c
-@@ -347,23 +346,6 @@ add_library (sndfile
- 	src/mpeg.c
- 	src/mpeg_decode.c
- 	src/mpeg_l3_encode.c
--	src/GSM610/config.h
--	src/GSM610/gsm.h
--	src/GSM610/gsm610_priv.h
--	src/GSM610/add.c
--	src/GSM610/code.c
--	src/GSM610/decode.c
--	src/GSM610/gsm_create.c
--	src/GSM610/gsm_decode.c
--	src/GSM610/gsm_destroy.c
--	src/GSM610/gsm_encode.c
--	src/GSM610/gsm_option.c
--	src/GSM610/long_term.c
--	src/GSM610/lpc.c
--	src/GSM610/preprocess.c
--	src/GSM610/rpe.c
--	src/GSM610/short_term.c
--	src/GSM610/table.c
- 	src/G72x/g72x.h
- 	src/G72x/g72x_priv.h
- 	src/G72x/g721.c
-@@ -412,6 +394,7 @@ target_link_libraries (sndfile
- 		$<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:Opus::opus>
- 		$<$<BOOL:${HAVE_MPEG}>:MPG123::libmpg123>
- 		$<$<BOOL:${HAVE_MPEG}>:Lame::Lame>
-+		-lgsm
- 	)
- set_target_properties (sndfile PROPERTIES
- 	PUBLIC_HEADER "${sndfile_HDRS}"
-diff -up libsndfile-1.1.0/Makefile.am.system-gsm libsndfile-1.1.0/Makefile.am
---- libsndfile-1.1.0/Makefile.am.system-gsm	2022-03-27 10:55:12.000000000 +0200
-+++ libsndfile-1.1.0/Makefile.am	2022-04-25 22:39:56.976112391 +0200
-@@ -47,7 +47,6 @@ SYMBOL_FILES = src/Symbols.gnu-binutils
- 
- EXTRA_DIST += include/sndfile.h.in src/config.h.in src/test_endswap.tpl src/test_endswap.def \
- 	$(SYMBOL_FILES) src/create_symbols_file.py src/binheader_writef_check.py \
--	src/GSM610/README src/GSM610/COPYRIGHT src/GSM610/ChangeLog \
- 	src/G72x/README src/G72x/README.original src/G72x/ChangeLog \
- 	src/make-static-lib-hidden-privates.sh \
- 	src/config.h.cmake
-@@ -72,7 +71,7 @@ src_libsndfile_la_SOURCES = src/sndfile.
- 	src/ogg.c src/ogg.h src/ogg_vorbis.c src/ogg_speex.c src/ogg_pcm.c src/ogg_opus.c src/ogg_vcomment.c src/ogg_vcomment.h \
- 	src/common.h src/sfconfig.h src/sfendian.h src/wavlike.h src/sf_unistd.h src/chanmap.h src/mpeg.c
- nodist_src_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
--src_libsndfile_la_LIBADD = src/GSM610/libgsm.la src/G72x/libg72x.la src/ALAC/libalac.la \
-+src_libsndfile_la_LIBADD = -lgsm src/G72x/libg72x.la src/ALAC/libalac.la \
- 	src/libcommon.la $(EXTERNAL_XIPH_LIBS) -lm $(MPEG_LIBS)
- EXTRA_src_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
- 
-@@ -91,17 +90,6 @@ src_test_main_SOURCES = src/test_main.c
- 	src/test_binheader_writef.c src/test_nms_adpcm.c
- src_test_main_LDADD = src/libcommon.la
- 
--##############
--# src/GSM610 #
--##############
--
--noinst_LTLIBRARIES += src/GSM610/libgsm.la
--src_GSM610_libgsm_la_SOURCES = src/GSM610/config.h src/GSM610/gsm.h src/GSM610/gsm610_priv.h \
--	src/GSM610/add.c src/GSM610/code.c src/GSM610/decode.c src/GSM610/gsm_create.c \
--	src/GSM610/gsm_decode.c src/GSM610/gsm_destroy.c src/GSM610/gsm_encode.c \
--	src/GSM610/gsm_option.c src/GSM610/long_term.c src/GSM610/lpc.c src/GSM610/preprocess.c \
--	src/GSM610/rpe.c src/GSM610/short_term.c src/GSM610/table.c
--
- ############
- # src/G72x #
- ############
-diff -up libsndfile-1.1.0/src/gsm610.c.system-gsm libsndfile-1.1.0/src/gsm610.c
---- libsndfile-1.1.0/src/gsm610.c.system-gsm	2021-05-17 11:12:28.000000000 +0200
-+++ libsndfile-1.1.0/src/gsm610.c	2022-04-25 22:37:21.059496852 +0200
+diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c
+--- libsndfile-1.0.28/src/gsm610.c.systemgsm	2016-09-10 10:08:27.000000000 +0200
++++ libsndfile-1.0.28/src/gsm610.c	2017-04-11 10:47:40.437162489 +0200
 @@ -27,7 +27,7 @@
  #include "sfendian.h"
  #include "common.h"
@@ -96,8 +15,42 @@ diff -up libsndfile-1.1.0/src/gsm610.c.system-gsm libsndfile-1.1.0/src/gsm610.c
  		pgsm610->blockcount = 0 ;
  
 -		gsm_init (pgsm610->gsm_data) ;
-+                gsm_destroy (pgsm610->gsm_data) ;
-+                pgsm610->gsm_data = gsm_create () ;
++		gsm_destroy (pgsm610->gsm_data) ;
++		pgsm610->gsm_data = gsm_create () ;
  		if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
  				(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
  			gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
+diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am
+--- libsndfile-1.0.28/src/Makefile.am.systemgsm	2017-04-01 09:18:02.000000000 +0200
++++ libsndfile-1.0.28/src/Makefile.am	2017-04-11 10:48:43.855620172 +0200
+@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
+ include_HEADERS = sndfile.hh
+ nodist_include_HEADERS = sndfile.h
+ 
+-noinst_LTLIBRARIES =  GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la libcommon.la
++noinst_LTLIBRARIES =  G72x/libg72x.la ALAC/libalac.la libcommon.la
+ 
+ SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
+ 
+@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR
+ libsndfile_la_LDFLAGS = -no-undefined -version-info  $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
+ libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
+ nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
+-libsndfile_la_LIBADD = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la \
++libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
+ 		libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
+ 
+ EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
+@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io.
+ #======================================================================
+ # Subdir libraries.
+ 
+-GSM610_libgsm_la_SOURCES = GSM610/config.h GSM610/gsm.h GSM610/gsm610_priv.h \
+-		GSM610/add.c GSM610/code.c GSM610/decode.c GSM610/gsm_create.c \
+-		GSM610/gsm_decode.c GSM610/gsm_destroy.c GSM610/gsm_encode.c \
+-		GSM610/gsm_option.c GSM610/long_term.c GSM610/lpc.c GSM610/preprocess.c \
+-		GSM610/rpe.c GSM610/short_term.c GSM610/table.c
+-
+ G72x_libg72x_la_SOURCES = G72x/g72x.h G72x/g72x_priv.h \
+ 		G72x/g721.c G72x/g723_16.c G72x/g723_24.c G72x/g723_40.c G72x/g72x.c
+ 

libsndfile-1.0.25-zerodivfix.patch

@@ -0,0 +1,25 @@
+From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 24 Dec 2014 21:02:35 +1100
+Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
+
+Closes: https://github.com/erikd/libsndfile/issues/92
+---
+ src/file_io.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/file_io.c b/src/file_io.c
+index 26d3d6d..6ccab78 100644
+--- a/src/file_io.c
++++ b/src/file_io.c
+@@ -1322,6 +1322,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
+ {	sf_count_t total = 0 ;
+ 	ssize_t	count ;
+ 
++	if (bytes == 0 || items == 0)
++		return 0 ;
++
+ 	if (psf->virtual_io)
+ 		return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
+ 
+

libsndfile-1.0.28-flacbufovfl.patch

@@ -0,0 +1,64 @@
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },

libsndfile-1.0.29-cve2017_6892.patch

@@ -0,0 +1,25 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+---
+ src/aiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index 5b5f9f53..45864b76 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+ 		psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+ 	if (map_info->channel_map != NULL)
+-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+ 		free (psf->channel_map) ;
+ 

libsndfile-1.1.0-cefd7b59.patch

@@ -1,75 +0,0 @@
-From cefd7b59df628eca240af3c136d66137c8e94888 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?IOhannes=20m=20zm=C3=B6lnig?= <zmoelnig@iem.at>
-Date: Thu, 8 Sep 2022 10:49:36 +0200
-Subject: [PATCH] tests: Use fuzzy comparison in test-suite
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Using exact comparison ("a == b") when comparing expected with computed
-test data fails the test-suite on many architectures (including, but not
-limited to armhf and arm64).
-
-Instead, use epsilon(for now, FLT_EPSILON and DBL_EPSILON) to compare
-floating point numbers for equality.
-
-
-Closes: https://github.com/libsndfile/libsndfile/issues/866
-
-Signed-off-by: IOhannes m zmölnig <zmoelnig@iem.at>
----
- tests/utils.tpl | 27 +++++++++++++++++++++++++--
- 1 file changed, 25 insertions(+), 2 deletions(-)
-
-diff --git a/tests/utils.tpl b/tests/utils.tpl
-index c68e3a26e..0d1cd8bb9 100644
---- a/tests/utils.tpl
-+++ b/tests/utils.tpl
-@@ -193,6 +193,7 @@ sf_count_t		file_length_fd (int fd) ;
- #include <string.h>
- #include <ctype.h>
- #include <math.h>
-+#include <float.h>
- #include <fcntl.h>
- #include <sys/stat.h>
- 
-@@ -215,6 +216,28 @@ sf_count_t		file_length_fd (int fd) ;
- #define O_BINARY 0
- #endif
- 
-+
-+/*
-+**      Compare for equality, with epsilon
-+*/
-+static inline int
-+equals_short (const short a, const short b)
-+{        return (a == b);
-+} /* equals_short */
-+static inline int
-+equals_int (const int a, const int b)
-+{        return (a == b);
-+} /* equals_int */
-+static inline int
-+equals_float (const float a, const float b)
-+{        return (fabsf(a - b) <= FLT_EPSILON);
-+} /* equals_float */
-+static inline int
-+equals_double (const double a, const double b)
-+{       return (fabs(a - b) <= DBL_EPSILON);
-+} /* equals_double */
-+
-+
- [+ FOR float_type +]
- void
- gen_windowed_sine_[+ (get "name") +] ([+ (get "name") +] *data, int len, double maximum)
-@@ -752,8 +775,8 @@ compare_[+ (get "io_element") +]_or_die (const [+ (get "io_element") +] *expecte
- 	unsigned k ;
- 
- 	for (k = 0 ; k < count ; k++)
--		if (expected [k] != actual [k])
--		{	printf ("\n\nLine %d : Error at index %d, got " [+ (get "format_str") +] ", should be " [+ (get "format_str") +] ".\n\n", line_num, k, actual [k], expected [k]) ;
-+		if (!equals_[+ (get "io_element") +](expected [k], actual [k]))
-+		{	printf ("\n\nLine %d : Error at index %d, got " [+ (get "format_str") +] ", should be " [+ (get "format_str") +] "(delta=" [+ (get "format_str") +] " ).\n\n", line_num, k, actual [k], expected [k], actual [k] - expected [k]) ;
- 			exit (1) ;
- 			} ;
- 

libsndfile.spec

@@ -1,28 +1,24 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
-Version:	1.1.0
-Release:	6%{?dist}
+Version:	1.0.28
+Release:	3%{?dist}
 License:	LGPLv2+ and GPLv2+ and BSD
-URL:		http://libsndfile.github.io/libsndfile/
-Source0:        https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz
+Group:		System Environment/Libraries
+URL:		http://www.mega-nerd.com/libsndfile/
+Source0:	http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
 Patch0:		libsndfile-1.0.25-system-gsm.patch
-Patch1:	libsndfile-1.1.0-cefd7b59.patch
-BuildRequires:  autogen
-BuildRequires:  gcc-c++
+Patch1:		libsndfile-1.0.25-zerodivfix.patch
+Patch2: revert.patch
+Patch3: libsndfile-1.0.28-flacbufovfl.patch
+Patch4: libsndfile-1.0.29-cve2017_6892.patch
 BuildRequires:	alsa-lib-devel
 BuildRequires:	flac-devel
-BuildRequires:	gcc
 BuildRequires:	libogg-devel
 BuildRequires:	libvorbis-devel
 BuildRequires:	pkgconfig
 BuildRequires:	sqlite-devel
 BuildRequires:	gsm-devel
 BuildRequires:	libtool
-BuildRequires:	make
-BuildRequires:	python3
-BuildRequires:  opus-devel
-BuildRequires:  lame-devel
-BuildRequires:  mpg123-devel
 
 
 %description
@@ -35,6 +31,7 @@ compiles and runs on *nix, MacOS, and Win32.
 
 %package devel
 Summary:	Development files for libsndfile
+Group:		Development/Libraries
 Requires:	%{name}%{?_isa} = %{version}-%{release} pkgconfig
 
 
@@ -46,6 +43,7 @@ This package contains files needed to develop with libsndfile.
 
 %package utils
 Summary:	Command Line Utilities for libsndfile
+Group:		Applications/Multimedia
 Requires:	%{name} = %{version}-%{release}
 
 
@@ -57,8 +55,11 @@ This package contains command line utilities for libsndfile.
 
 %prep
 %setup -q
-%patch0 -p1 -b .system-gsm
-%patch1 -p1 -b .cefd7b59
+%patch0 -p1 -b .systemgsm
+%patch1 -p1 -b .zerodivfix
+%patch2 -p1 -b .revert
+%patch3 -p1 -b .flacbufovfl
+%patch4 -p1 -b .cve2017_6892
 rm -r src/GSM610
 
 %build
@@ -68,18 +69,17 @@ autoreconf -I M4 -fiv # for system-gsm patch
 	--enable-sqlite \
 	--enable-alsa \
 	--enable-largefile \
-	--enable-mpeg \
 	--disable-static
 
 # Get rid of rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 
-%make_build
+make %{?_smp_mflags}
 
 
 %install
-%make_install
+make install DESTDIR=$RPM_BUILD_ROOT
 rm -rf __docs
 mkdir __docs
 cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs
@@ -111,14 +111,15 @@ rm -f %{buildroot}%{_bindir}/sndfile-jackplay
 LD_LIBRARY_PATH=$PWD/src/.libs make check
 
 
-%ldconfig_scriptlets
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
 
 
 %files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-# NEWS files is missing in 1.1.0, check if it was re-added
-%doc AUTHORS README
+%doc AUTHORS README NEWS
 %{_libdir}/%{name}.so.*
 
 %files utils
@@ -131,6 +132,7 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 %{_bindir}/sndfile-metadata-get
 %{_bindir}/sndfile-metadata-set
 %{_bindir}/sndfile-play
+%{_bindir}/sndfile-regtest
 %{_bindir}/sndfile-salvage
 %{_mandir}/man1/sndfile-cmp.1*
 %{_mandir}/man1/sndfile-concat.1*
@@ -153,79 +155,6 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 
 
 %changelog
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Tue Sep 13 2022 Michel Alexandre Salim <salimma@fedoraproject.org> - 1.1.0-5
-- Rebuilt for flac 1.4.0
-
-* Sat Sep 10 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.1.0-4
-- enable MP3 support
-
-* Wed Aug 03 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.1.0-3
-- new MPEG support does not compile on some archs, do not enable it yet
-
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon Apr 25 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.1.0-1
-- updated to 1.1.0
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.31-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Dec 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-6
-- fix heap buffer overflow in flac (#2027692)
-
-* Fri Jul 23 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-5
-- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution (#1984320)
-
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.31-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Mon Feb 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-3
-- add opus-devel BR to satisfy configure requirements check (#1931251)
-
-* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.0.31-2
-- Use make macros
-- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
-
-* Wed Jan 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-1
-- updated to 1.0.31
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-8
-- add gcc buildrequire
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Aug 24 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-6
-- heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562)
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
 * Wed Jun 21 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-3
 - fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328)
 

revert.patch

@@ -0,0 +1,37 @@
+--- libsndfile-1.0.28/src/rf64.c	2017-04-02 09:43:22.000000000 +0200
++++ libsndfile-1.0.27/src/rf64.c	2016-04-01 23:08:53.000000000 +0200
+@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int
+ 
+ #endif
+ 
+-	pad_size = psf->dataoffset - 16 - psf->header.indx ;
+-	if (pad_size >= 0)
+-		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++	if (psf->header.indx + 8 < psf->dataoffset)
++	{	/* Add PAD data if necessary. */
++		int k = psf->dataoffset - 16 - psf->header.indx ;
++		psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ;
++		} ;
+ 
+ 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
+ 	else
+ 		psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ;
+ 
+-	psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
++	psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
+ 	if (psf->error)
+ 		return psf->error ;
+ 
+-	if (has_data && psf->dataoffset != psf->header.indx)
+-	{	psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
++	if (has_data && psf->dataoffset != psf->header.indx)
++	{	psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
+ 		return psf->error = SFE_INTERNAL ;
+ 		} ;
+ 
+-	psf->dataoffset = psf->header.indx ;
++	psf->dataoffset = psf->header.indx ;
+ 
+ 	if (NOT (has_data))
+ 		psf_fseek (psf, psf->dataoffset, SEEK_SET) ;

sources

@@ -1 +1 @@
-SHA512 (libsndfile-1.1.0.tar.xz) = d01696a8a88a4444e5eb91a137cf7b26b55b12c1fe3b648653f7e78674bbdf61870066216c9ff2f6a1e63bdf7b558af9a759480cf6523b607d29347b12762006
+SHA512 (libsndfile-1.0.28.tar.gz) = 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f