From 1c438d488ee6c35b1904f558f937b6734712d8cb Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 10 2022 07:07:55 +0000
Subject: import libsndfile-1.0.28-12.el8


---

diff --git a/SOURCES/libsndfile-1.0.31-ced91d7b.patch b/SOURCES/libsndfile-1.0.31-ced91d7b.patch
new file mode 100644
index 0000000..c39c029
--- /dev/null
+++ b/SOURCES/libsndfile-1.0.31-ced91d7b.patch
@@ -0,0 +1,25 @@
+From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
+From: yuan <ssspeed00@gmail.com>
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e6..e33204505 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff --git a/SPECS/libsndfile.spec b/SPECS/libsndfile.spec
index 7d6d69f..191ea64 100644
--- a/SPECS/libsndfile.spec
+++ b/SPECS/libsndfile.spec
@@ -1,7 +1,7 @@
 Summary:	Library for reading and writing sound files
 Name:		libsndfile
 Version:	1.0.28
-Release:	10%{?dist}.1
+Release:	12%{?dist}
 License:	LGPLv2+ and GPLv2+ and BSD
 Group:		System Environment/Libraries
 URL:		http://www.mega-nerd.com/libsndfile/
@@ -18,8 +18,9 @@ Patch6: libsndfile-1.0.28-fixfree.patch
 Patch7: libsndfile-1.0.28-vafix.patch
 Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
 Patch9: libsndfile-1.0.28-cve_2018_19662.patch
-# from upstream, for <= 1.0.31, rhbz#1985027
+# from upstream, for <= 1.0.31, rhbz#1985028
 Patch10:	libsndfile-1.0.31-deb669ee.patch
+Patch11:	libsndfile-1.0.31-ced91d7b.patch
 BuildRequires:	alsa-lib-devel
 BuildRequires:	flac-devel
 BuildRequires:	libogg-devel
@@ -75,6 +76,7 @@ This package contains command line utilities for libsndfile.
 %patch8 -p1 -b .CVE_2018_13139
 %patch9 -p1 -b .cve_2018_19662
 %patch10 -p1 -b .deb669ee
+%patch11 -p1 -b .ced91d7b
 rm -r src/GSM610
 
 %build
@@ -170,8 +172,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 
 
 %changelog
-* Tue Jul 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10.1
-- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985027)
+* Wed Jan 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-12
+- fix heap buffer overflow in flac (#2030507)
+
+* Mon Jul 26 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-11
+- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985028)
 
 * Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
 - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function