Hello community, here is the log from the commit of package gnash for openSUSE:Factory checked in at 2013-05-18 09:20:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnash (Old) and /work/SRC/openSUSE:Factory/.gnash.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnash" Changes: -------- --- /work/SRC/openSUSE:Factory/gnash/gnash.changes 2012-03-16 13:14:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gnash.new/gnash.changes 2013-05-18 09:20:53.000000000 +0200 @@ -1,0 +2,28 @@ +Wed May 15 17:47:12 CEST 2013 - [email protected] + +- fixed buffer overflow: + gnash-0.8.10-buffer-overflow.patch + +------------------------------------------------------------------- +Wed Mar 13 10:43:23 UTC 2013 - [email protected] + +- fix filelist + +------------------------------------------------------------------- +Wed Mar 13 08:10:40 UTC 2013 - [email protected] + +- fix build with giflib-5.x + +------------------------------------------------------------------- +Tue Mar 12 16:21:12 UTC 2013 - [email protected] + +- add makeinfo buildreq + +------------------------------------------------------------------- +Sun Jun 10 11:20:38 UTC 2012 - [email protected] + +- updated to 0.8.10 + - bugfixes + - translation changes + +------------------------------------------------------------------- Old: ---- gnash-0.8.5-build-fixes.diff gnash-0.8.8.tar.bz2 gnash-CVE-2011-4328.diff gnash-CVE-2012-1175.diff gnash-fix-insecure-temp-files.diff gnash-rpmlintrc New: ---- gnash-0.8.10-buffer-overflow.patch gnash-0.8.10-giflib5.patch gnash-0.8.10.tar.bz2 gnash-buildfix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnash.spec ++++++ --- /var/tmp/diff_new_pack.GsyA3S/_old 2013-05-18 09:20:54.000000000 +0200 +++ /var/tmp/diff_new_pack.GsyA3S/_new 2013-05-18 09:20:54.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package gnash # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,134 +16,360 @@ # -%bcond_without distributable - Name: gnash -%define cvs_date 0 -BuildRequires: SDL-devel -BuildRequires: agg-devel -BuildRequires: boost-devel -BuildRequires: curl-devel +Version: 0.8.10 +Release: 0 +Summary: GNU SWF player +License: GPL-3.0 +Group: Productivity/Multimedia/Other +Url: http://www.gnu.org/software/gnash/ +Source0: ftp://ftp.gnu.org/pub/gnu/gnash/%{version}/%{name}-%{version}.tar.bz2 +Patch0: gnash-buildfix.patch +Patch1: gnash-0.8.10-giflib5.patch +Patch2: gnash-0.8.10-buffer-overflow.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: dejagnu +BuildRequires: docbook-utils +BuildRequires: docbook2X BuildRequires: fdupes BuildRequires: gcc-c++ +BuildRequires: libexpat-devel +BuildRequires: libltdl-devel +BuildRequires: libmysqlclient-devel +BuildRequires: makeinfo +BuildRequires: mozilla-nspr-devel +BuildRequires: update-desktop-files +BuildRequires: xulrunner-devel +# bitmap libraries for loading images BuildRequires: giflib-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +# these are needed for the python gtk widget +BuildRequires: boost-devel +BuildRequires: curl-devel +BuildRequires: fontconfig-devel +BuildRequires: freetype2-devel +BuildRequires: gconf2-devel BuildRequires: gstreamer-0_10-plugins-base-devel BuildRequires: gstreamer010-devel BuildRequires: gtk2-devel -BuildRequires: libjpeg-devel -BuildRequires: libstdc++-devel -BuildRequires: libtool +BuildRequires: openssl-devel +BuildRequires: python-devel +BuildRequires: python-gtk-devel BuildRequires: speex-devel -%if !%{with distributable} -BuildRequires: ffmpeg-devel -%endif -Version: 0.8.8 -Release: 0 -Summary: Free Flash movie player -License: GPL-2.0+ -Group: Productivity/Networking/Web/Browsers -%if %{cvs_date} -%define package_version %{version}.cvs%{cvs_date} -%else -%define package_version %{version} -%endif -Url: http://www.gnu.org/software/gnash/ -Source: %{name}-%{package_version}.tar.bz2 -Source1: %{name}-rpmlintrc -# PATCH-FIX-UPSTREAM gnash-0.8.5-build-fixes.diff -Patch: gnash-0.8.5-build-fixes.diff -Patch1: gnash-fix-insecure-temp-files.diff -Patch2: gnash-CVE-2011-4328.diff -Patch3: gnash-CVE-2012-1175.diff -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# needed for Klash +BuildRequires: libkde4-devel +# these are needed for the various renderers, which now all get built +BuildRequires: SDL-devel +BuildRequires: agg-devel +BuildRequires: libstdc++-devel +BuildRequires: xorg-x11-libXt-devel + +# The default Gnash package only includes the GTK parts, the rest +# is in gnash-common. +Requires: gnash-common %description -Gnash is a Free Flash movie player, which works either standalone, or -as a Firefox/Mozilla plugin. +Gnash is a GNU SWF movie player that supports many SWF v7 features, +with growing support for swf v8, v9, and v10. + +%package common +Summary: Web-client SWF player plugin +Group: Applications/Multimedia + +%description common +Common files Shared between Gnash and Klash, Gnash/Klash is a GNU SWF movie +player that supports many SWF v7 features, with growing support for +swf v8, v9, and v10. + +%package klash4 +Summary: Konqueror SWF player plugin for KDE 4 +Group: Applications/Multimedia +Requires: gnash +Requires: gnash-common +%kde4_runtime_requires + +%description klash4 +The gnash (klash) SWF player plugin for Konqueror in KDE4. + +%package plugin +Summary: Web-client SWF player plugin +Group: Applications/Internet +Requires: gnash +Requires: gnash-common + +%description plugin +The gnash SWF player plugin for Firefox or Mozilla. + +%package cygnal +Summary: Streaming media server +Group: Applications/Multimedia +Requires: gnash-common -Gnash supports the current Shockwave format, version 7. While all the -ActionScript classes exist, not all of the methods defined by the SWF -format documentation are implemented however, so not all flash movies -work 100% if they utilize any of the unimplemented methods. This is one -of the areas to work on to achieve full version 7 compliance. +%description cygnal +Cygnal is a streaming media server that's Flash aware. %package devel -Summary: Gnash include files -Group: Development/Libraries/C and C++ -Requires: %{name} = %{version} +Summary: Gnash header files +Group: Applications/Multimedia +Requires: gnash-common %description devel -Include files for developing with gnash. +Gnash header files can be used to write external Gnash extensions. + +%package framebuffer +Summary: Standalone SWF file player for the framebuffer. +Group: Applications/Multimedia +Requires: gnash-common + +%description framebuffer +Framebuffer Gnash is a standalone SWF file player for the Linux framebuffer. + +%package dump +Summary: Standalone SWF file player that dumps screenshots. +Group: Applications/Multimedia +Requires: gnash-common + +%description dump +Gnash Dump is a standalone SWF file player that dumps screenshots of each +frame to disk. + +%package widget +Summary: Gnash widgets for Gtk and Python +Group: Applications/Multimedia +Requires: gnash +Requires: gnash-common + +%description widget +The Gnash widgets can be used to embed Gnash into any Gtk or Python-Gtk +application. + +%package fileio-extension +Summary: Fileio extension for Gnash +Group: Applications/Multimedia +Requires: gnash-common + +%description fileio-extension +This extension allows SWF files being played within Gnash to have direct access +to the file system. The API is similar to the C library one. + +%package lirc-extension +Summary: LIRC extension for Gnash +Group: Applications/Multimedia +Requires: gnash-common + +%description lirc-extension +This extension allows SWF files being played within Gnash to have direct access +to a LIRC based remote control device. The API is similar to the standard +LIRC one. + +%package dejagnu-extension +Summary: DejaGnu extension for Gnash +Group: Applications/Multimedia +Requires: gnash-common + +%description dejagnu-extension +This extension allows SWF files to have a simple unit testing API. The API +is similar to the DejaGnu unit testing one. + +%package mysql-extension +Summary: MySQL extension for Gnash +Group: Applications/Multimedia +Requires: gnash-common + +%description mysql-extension +This extension allows SWF files being played within Gnash to have direct access +to a MySQL database. The API is similar to the standard MySQL one. %prep -%if %{cvs_date} -%setup -q -n gnash -# exclude movies.all -for i in configure.ac testsuite/Makefile.am; do - grep -v 'movies\.all' $i > $i.x - mv $i.x $i -done -%else -%setup -q -n gnash-%{version} -%endif -%patch -p1 +%setup -q +%patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%patch2 %build -autoreconf -fi -# -fpermissive is for broken boost with gcc-4.3 (#353897) -# -fpermissive +# these are actually the default values, but this way they get added +# to the build so they appear in "gnash --version". +RENDERER="--enable-renderer=agg,cairo" # opengl or openvg too +# These are not the defaults +SOUND="--enable-media=gst" # we can't distribute ffmpeg support +OPTIONAL="--enable-python --enable-cygnal" +GUI="--enable-gui=gtk,qt4,fb,dump" # aqua, sdl CXXFLAGS="%{optflags}" \ %configure \ - --disable-static \ - --disable-ltdl-install \ + $SOUND \ + $GUI \ + $RENDERER \ + $OPTIONAL \ + --prefix=/usr \ + --libdir=%{_libdir} \ + --mandir=%{_prefix}/share/man \ + --infodir=%{_prefix}/share/info \ + --disable-dependency-tracking \ + --disable-testsuite \ --disable-rpath \ - --enable-gui=gtk \ - --enable-renderer=agg \ -%if %{with distributable} - --enable-media=GST \ -%else - --enable-media=ffmpeg \ - --with-ffmpeg-incl=%{_includedir} \ -%endif -%if %suse_version < 1030 - --with-gstreamer-lib=/opt/gnome/%{_lib} \ -%endif + --enable-docbook \ --with-plugins-install=system \ - --with-npapi-plugindir=%{_libdir}/browser-plugins -make %{?jobs:-j %jobs} + --with-plugindir=%{_libdir}/mozilla/plugins \ + --enable-extensions=fileio,lirc,dejagnu,mysql + +make MAKEFLAGS=$MAKEFLAGS dumpconfig all LDFLAGS="-Wl,--build-id" %install -%makeinstall install-plugins -find %{buildroot}%{_libdir} -name '*.la' -delete -# move/install documents -mkdir -p %{buildroot}%{_docdir} -mv %{buildroot}%{_datadir}/doc/gnash %{buildroot}%{_docdir} -install -c -m 0644 AUTHORS COPYING ChangeLog* NEWS README TODO \ - %{buildroot}%{_docdir}/gnash -%find_lang %{name} +make MAKEFLAGS=$MAKEFLAGS install DESTDIR=$RPM_BUILD_ROOT LDFLAGS="-Wl,--build-id" +make MAKEFLAGS=$MAKEFLAGS install-plugins DESTDIR=$RPM_BUILD_ROOT LDFLAGS="-Wl,--build-id" +rm -f $RPM_BUILD_ROOT%{_libdir}/gnash/*.*a + %fdupes -s %{buildroot}%{_datadir}/locale +%suse_update_desktop_file -i klash AudioVideo Player +%suse_update_desktop_file -i gnash AudioVideo Player %clean -rm -rf %{buildroot} +rm -rf $RPM_BUILD_ROOT -%files -f %{name}.lang -%defattr(-, root, root) -%doc %{_mandir}/man?/* -%doc %{_docdir}/gnash -%{_libdir}/gnash -%{_libdir}/browser-plugins/* -%{_bindir}/* -%{_datadir}/gnash -%config(noreplace) %{_sysconfdir}/gnashrc -%config(noreplace) %{_sysconfdir}/gnashpluginrc +%post +update-desktop-database &> /dev/null || : +touch --no-create %{_datadir}/icons/hicolor +if [ -x %{_bindir}/gtk-update-icon-cache ] ; then + %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || : +fi + +%preun +if [ $1 = 0 ]; then + /sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || : +fi + +%postun +update-desktop-database &> /dev/null || : +touch --no-create %{_datadir}/icons/hicolor +if [ -x %{_bindir}/gtk-update-icon-cache ] ; then + %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || : +fi + +%post klash4 +update-desktop-database &> /dev/null || : +touch --no-create %{_datadir}/icons/hicolor + +%postun klash4 +update-desktop-database &> /dev/null || : +touch --no-create %{_datadir}/icons/hicolor + +%files +%defattr(-,root,root,-) +%{_bindir}/gnash-gtk-launcher +%{_bindir}/gtk-gnash +%{_mandir}/man1/gtk-gnash.1.gz +%{_mandir}/man1/gnash-gtk-launcher.1.gz +%{_datadir}/icons/hicolor/32x32/apps/gnash.xpm +%{_datadir}/applications/gnash.desktop + +%files common +%defattr(-,root,root,-) +%dump +%doc README AUTHORS COPYING NEWS +%{_bindir}/gnash +%{_mandir}/man1/gnash.1.gz +%{_bindir}/gprocessor +%{_bindir}/soldumper +%{_bindir}/flvdumper +%{_bindir}/findmicrophones +%{_bindir}/findwebcams +#%{_bindir}/dumpshm +%{_bindir}/rtmpget +%dir %{_libdir}/gnash +%{_libdir}/gnash/*.so* +%dir %{_datadir}/gnash +%{_datadir}/gnash/GnashG.png +%{_datadir}/gnash/gnash_128_96.ico +%{_mandir}/man1/gprocessor.1.gz +%{_mandir}/man1/soldumper.1.gz +%{_mandir}/man1/flvdumper.1.gz +%{_mandir}/man1/findmicrophones.1.gz +%{_mandir}/man1/findwebcams.1.gz +%{_mandir}/man1/rtmpget.1.gz +%{_datadir}/locale/*/LC_MESSAGES/gnash.mo +%{_datadir}/applications/gnash.schemas +%{_datadir}/gnash/gnash-splash.swf +%dir %{_datadir}/doc +%dir %{_datadir}/doc/gnash +%{_datadir}/doc/gnash/gnash*.html +%dir %{_datadir}/doc/gnash/images +%{_datadir}/doc/gnash/images/*.png +%{_sysconfdir}/gnashrc +%{_sysconfdir}/gnashpluginrc + +%files plugin +%defattr(-,root,root,-) +%dir %{_libdir}/mozilla +%dir %{_libdir}/mozilla/plugins +%{_libdir}/mozilla/plugins/libgnashplugin.so + +%files cygnal +%defattr(-,root,root,-) +%{_bindir}/cygnal +%{_sysconfdir}/cygnalrc +%dir %{_libdir}/cygnal +%dir %{_libdir}/cygnal/plugins +%{_libdir}/cygnal/plugins/*.so* +%{_mandir}/man1/cygnal.1.gz %files devel -%defattr(-,root,root) -%dir %{_includedir}/%{name}/ -%{_includedir}/%{name} -%{_libdir}/pkgconfig/* +%defattr(-,root,root,-) +%{_includedir}/gnash/ +%{_libdir}/pkgconfig/gnash.pc + +%files widget +%defattr(-,root,root,-) +%{_prefix}/lib*/python*/site-packages/gtk-2.0/gnash.* + +%files klash4 +%defattr(-,root,root,-) +%{_bindir}/gnash-qt-launcher +%{_bindir}/qt4-gnash +%{_mandir}/man1/qt4-gnash.1.gz +%{_mandir}/man1/gnash-qt-launcher.1.gz +%{_libdir}/kde4/libklashpart.* +%dir %{_kde4_appsdir}/klash +%{_kde4_appsdir}/klash/klashpartui.rc +%{_kde4_appsdir}/klash/pluginsinfo +%{_kde4_servicesdir}/klash_part.desktop +%{_datadir}/applications/klash.desktop +%{_datadir}/icons/hicolor/32x32/apps/klash.xpm + +%files framebuffer +%defattr(-,root,root,-) +%{_bindir}/fb-gnash +%{_mandir}/man1/fb-gnash.1.gz + +%files dump +%defattr(-,root,root,-) +%{_bindir}/dump-gnash +%{_bindir}/gnash-thumbnailer +%{_sysconfdir}/gnashthumbnailrc +%{_mandir}/man1/dump-gnash.1.gz + +%files fileio-extension +%defattr(-,root,root,-) +%dir %{_libdir}/gnash +%dir %{_libdir}/gnash/plugins +%{_libdir}/gnash/plugins/fileio.so + +%files lirc-extension +%defattr(-,root,root,-) +%dir %{_libdir}/gnash +%dir %{_libdir}/gnash/plugins +%{_libdir}/gnash/plugins/lirc.so + +%files dejagnu-extension +%defattr(-,root,root,-) +%dir %{_libdir}/gnash +%dir %{_libdir}/gnash/plugins +%{_libdir}/gnash/plugins/dejagnu.so + +%files mysql-extension +%defattr(-,root,root,-) +%dir %{_libdir}/gnash +%dir %{_libdir}/gnash/plugins +%{_libdir}/gnash/plugins/mysql.so %changelog ++++++ gnash-0.8.10-buffer-overflow.patch ++++++ Index: cygnal/proc.cpp =================================================================== --- cygnal/proc.cpp.orig +++ cygnal/proc.cpp @@ -122,23 +122,23 @@ Proc::startCGI(const string &filespec, b } // setup a command line. By default, argv[0] is the name of the process - cmd_line[0] = new char(filespec.size()+1); + cmd_line[0] = new char[filespec.size()+1]; strcpy(cmd_line[0], filespec.c_str()); // If the parent has verbosity on, chances are the child should too. // if (dbglogfile.getVerbosity() > 0) { - cmd_line[1] = new char(3); - strcpy(cmd_line[1], "-n"); - cmd_line[2] = new char(4); - strcpy(cmd_line[2], "-vv"); + cmd_line[1] = new char[4]; + strncpy(cmd_line[1], "-n", 3); + cmd_line[2] = new char[5]; + strncpy(cmd_line[2], "-vv", 4); cmd_line[3] = 0; // } // When running multiple cgis, we prefer to specify the port it's using. if (port > 0) { - cmd_line[3] = new char(3); - strcpy(cmd_line[3], "-p"); - cmd_line[4] = new char(10); + cmd_line[3] = new char[4]; + strncpy(cmd_line[3], "-p", 3); + cmd_line[4] = new char[10]; sprintf(cmd_line[4], "%d", port); cmd_line[5] = 0; } ++++++ gnash-0.8.10-giflib5.patch ++++++ diff --git a/libbase/GnashImageGif.cpp b/libbase/GnashImageGif.cpp index eeba4b7..7d33cbc 100644 --- a/libbase/GnashImageGif.cpp +++ b/libbase/GnashImageGif.cpp @@ -269,7 +269,11 @@ GifInput::processRecord(GifRecordType record) void GifInput::read() { +#if GIFLIB_MAJOR < 5 _gif = DGifOpen(_inStream.get(), &readData); +#else + _gif = DGifOpen(_inStream.get(), &readData, NULL); +#endif GifRecordType record; ++++++ gnash-0.8.8.tar.bz2 -> gnash-0.8.10.tar.bz2 ++++++ ++++ 773096 lines of diff (skipped) ++++++ gnash-buildfix.patch ++++++ Index: gnash-0.8.10/plugin/klash/klash_part.cpp =================================================================== --- gnash-0.8.10.orig/plugin/klash/klash_part.cpp +++ gnash-0.8.10/plugin/klash/klash_part.cpp @@ -212,7 +212,7 @@ KDE_NO_EXPORT void KlashPart::stop () { // Ignore SIGTERM, so we won't kill ourselves. void (*oldhandler)(int) = signal(SIGTERM, SIG_IGN); - int pid = -1 * ::getpid(); + int pid = -1 * getpid(); assert(pid < -1); // Terminate every process in our process group. Index: gnash-0.8.10/plugin/klash4/klash_part.cpp =================================================================== --- gnash-0.8.10.orig/plugin/klash4/klash_part.cpp +++ gnash-0.8.10/plugin/klash4/klash_part.cpp @@ -43,6 +43,7 @@ #include "klash_part.h" #include <csignal> +#include <unistd.h> //----------------------------------------------------------------------------- -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
