Hello community, here is the log from the commit of package vorbis-tools.3476 for openSUSE:13.1:Update checked in at 2015-02-06 17:06:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/vorbis-tools.3476 (Old) and /work/SRC/openSUSE:13.1:Update/.vorbis-tools.3476.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vorbis-tools.3476" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.vorbis-tools.3476.new/vorbis-tools.changes 2015-02-06 17:06:23.000000000 +0100 @@ -0,0 +1,176 @@ +------------------------------------------------------------------- +Tue Jan 27 18:04:18 CET 2015 - [email protected] + +- Fix segfault by a crafted raw file input (CVE-2014-9640, + bsc#914938): + vorbis-tools-r19117-CVE-2014-9640.patch + +------------------------------------------------------------------- +Tue Jul 22 15:32:43 CEST 2014 - [email protected] + +- vcut-fix-segfault.diff: Fix segfault of vcut (bnc#888360) + +------------------------------------------------------------------- +Fri Apr 5 09:54:32 UTC 2013 - [email protected] + +- Add Source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Sat Mar 2 11:44:16 UTC 2013 - [email protected] + +- fix build with automake-1.13.1 + +------------------------------------------------------------------- +Sun Nov 20 06:29:49 UTC 2011 - [email protected] + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Sun Mar 6 22:59:51 UTC 2011 - [email protected] + +- Spec file updates: + * Fixed rpmlint warning "macro-in-comment". + +------------------------------------------------------------------- +Sun Mar 6 13:56:27 UTC 2011 - [email protected] + +- Update to version 1.4.0: + * Lots of changes (see CHANGES file). +- Spec file updates: + * Changes based on rpmdevtools templates and spec-cleaner run. + * Changed License: to GPLv2. + * Added description for the patches based on openSUSE Patches Guidelines. + * Updates in Buildrequires: and %description sections. + * Added a vorbis-tools-lang package (based on rpmlint warning + "package-with-huge-translation"). + * Updates in %build, %install and %files sections. +- Removed the following patches (fixed upstream): + * vorbis-tools-1.1.1-bounds-check-fix.diff + * vorbis-tools-1.1.1-curl-7.16.diff + * vorbis-tools-config.diff + * vorbis-tools-flac-1.1.3.diff +- Rebased the patch vorbis-tools-1.1.1-warning-fixes.diff (most are fixed + upstream and only one change is needed to fix rpm post-build-check failure). + Also renamed it to warning-fixes.diff. +- Rebased the patch for cflags. + +------------------------------------------------------------------- +Mon Apr 14 16:39:22 CEST 2008 - [email protected] + +- VUL-0: speex insufficient bounds checking (bnc#379098, + CVE-2008-1686) + +------------------------------------------------------------------- +Wed Oct 31 14:28:59 CET 2007 - [email protected] + +- add support of FLAC 1.1.3 or later (#337916) +- use find_lang + +------------------------------------------------------------------- +Fri Feb 2 11:12:59 CET 2007 - [email protected] + +- fix build with curl-7.16 +- fixed some more compiler warnings + +------------------------------------------------------------------- +Mon Oct 16 00:28:47 CEST 2006 - [email protected] + +- Make sure config.rpath is present. + +------------------------------------------------------------------- +Wed Aug 23 18:18:11 CEST 2006 - [email protected] + +- build missing vcut command (#201242) + +------------------------------------------------------------------- +Sat Apr 8 17:01:17 CEST 2006 - [email protected] + +- Include "config.h" before using HAVE_* macros. + +------------------------------------------------------------------- +Wed Jan 25 21:42:43 CET 2006 - [email protected] + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Oct 18 15:39:18 CEST 2005 - [email protected] + +- updated to version 1.1.1. +- added flac-* and speex-* to neededforbuild. + +------------------------------------------------------------------- +Thu Jul 7 17:53:45 CEST 2005 - [email protected] + +- removed -fsigned-char option (#93888). + +------------------------------------------------------------------- +Thu Apr 14 17:17:06 CEST 2005 - [email protected] + +- Added audiofile-devel to neededforbuild. + +------------------------------------------------------------------- +Fri Apr 8 18:53:38 CEST 2005 - [email protected] + +- fixed the build with the new gettext-0.14.3. + +------------------------------------------------------------------- +Mon Jan 12 10:25:04 CET 2004 - [email protected] + +- build as user + +------------------------------------------------------------------- +Fri Jan 9 17:17:32 CET 2004 - [email protected] + +- updated to version 1.0.1. +- enabled autoreconf again. + +------------------------------------------------------------------- +Fri Jun 6 08:41:43 CEST 2003 - [email protected] + +- Remove wrong doc dir + +------------------------------------------------------------------- +Mon Jul 22 10:52:00 CEST 2002 - [email protected] + +- updated to 1.0. + +------------------------------------------------------------------- +Fri Jan 4 12:01:21 CET 2002 - [email protected] + +- updated to RC3. + sync with cvs 2002.01.04. + now encoding with low variable rates is supported. +- added curl and curl-devel to neededforbuild. + +------------------------------------------------------------------- +Tue Dec 4 11:26:25 CET 2001 - [email protected] + +- sync with cvs 2001.12.04. + +------------------------------------------------------------------- +Wed Oct 24 18:00:49 CEST 2001 - [email protected] + +- sync with cvs 20011024. +- removed explicit Requires to libraries. + +------------------------------------------------------------------- +Mon Aug 13 16:57:40 CEST 2001 - [email protected] + +- updated to 1.0rc2 from cvs 20010813. + +------------------------------------------------------------------- +Fri Jul 13 11:24:53 CEST 2001 - [email protected] + +- Fixed file list (using wildcards instead of shared directory + names) + +------------------------------------------------------------------- +Mon Feb 26 17:44:29 CET 2001 - [email protected] + +- Updated to 1.0beta4. + +------------------------------------------------------------------- +Wed Jan 31 12:40:06 CET 2001 - [email protected] + +- Initial version: 1.0beta3. + New: ---- vcut-fix-segfault.diff vorbis-tools-1.4.0.tar.gz vorbis-tools-cflags.diff vorbis-tools-r19117-CVE-2014-9640.patch vorbis-tools.changes vorbis-tools.spec warning-fixes.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vorbis-tools.spec ++++++ # # spec file for package vorbis-tools # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: vorbis-tools Version: 1.4.0 Release: 0 Summary: Ogg Vorbis Tools License: GPL-2.0 Group: Productivity/Multimedia/Sound/Utilities Url: http://www.xiph.org/ Source0: http://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz # PATCH-FIX-OPENSUSE warning-fixes.diff -- Fix rpm post-build-check failure for serious compiler warnings Patch0: warning-fixes.diff # PATCH-FIX-OPENSUSE vorbis-tools-cflags.diff bnc#93888 -- Remove -fsigned-char option Patch1: vorbis-tools-cflags.diff # PATCH-FIX-OPENSUSE vcut-fix-segfault.diff bnc#888360 -- Fix segfault of vcut Patch2: vcut-fix-segfault.diff # PATCH-FIX-UPSTREAM vorbis-tools-r19117-CVE-2014-9640.patch bsc#914938 CVE-201409640 Patch3: vorbis-tools-r19117-CVE-2014-9640.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: flac-devel BuildRequires: gettext-tools BuildRequires: libao-devel BuildRequires: libcurl-devel %if 0%{?suse_version} >= 1140 BuildRequires: libkate-devel %endif BuildRequires: libtool BuildRequires: libvorbis-devel BuildRequires: pkg-config BuildRequires: speex-devel Recommends: %{name}-lang = %{version} %description This package contains some tools for Ogg Vorbis: oggenc (an encoder) and ogg123 (a playback tool). It also has vorbiscomment (to add comments to Vorbis files), ogginfo (to give all useful information about an Ogg file, including streams in it), oggdec (a simple command line decoder), and vcut (which allows you to cut up Vorbis files). Authors: -------- Michael Smith <[email protected]> Kenneth Arnold <[email protected]> Stan Seibert <[email protected]> Segher Boessenkool <[email protected]> Michael Gold <[email protected]> Xiphophorus Company <[email protected]> %lang_package %prep %setup -q %patch0 %patch1 %patch2 -p1 %patch3 -p1 # automake 1.13 deprecated AM_CONFIG_HEADER sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' configure.ac %build # Because of patch vorbis-tools-cflags.diff regenerate build system %{?suse_update_config:%{suse_update_config -f}} cp /usr/share/gettext/config.rpath . autoreconf --force --install # test ! -f po/Makevars.template || mv po/Makevars.template po/Makevars %configure --disable-rpath make %{?_smp_mflags} %install %make_install # Remove unneeded files (they will be included in /usr/share/doc/packages/vorbis-tools/) rm -rf %{buildroot}%{_datadir}/doc/%{name}-%{version}/ %find_lang %{name} %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) %doc AUTHORS CHANGES COPYING README %doc ogg123/ogg123rc-example %{_bindir}/ogg123 %{_bindir}/oggdec %{_bindir}/oggenc %{_bindir}/ogginfo %{_bindir}/vcut %{_bindir}/vorbiscomment %doc %{_mandir}/man1/ogg123.1%{ext_man} %doc %{_mandir}/man1/oggdec.1%{ext_man} %doc %{_mandir}/man1/oggenc.1%{ext_man} %doc %{_mandir}/man1/ogginfo.1%{ext_man} %doc %{_mandir}/man1/vcut.1%{ext_man} %doc %{_mandir}/man1/vorbiscomment.1%{ext_man} %files lang -f %{name}.lang %defattr(-,root,root,-) %changelog ++++++ vcut-fix-segfault.diff ++++++ --- vcut/vcut.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/vcut/vcut.c +++ b/vcut/vcut.c @@ -178,7 +178,7 @@ static int submit_headers_to_stream(vcut for(i=0;i<4;i++) { ogg_packet p; - if(i < 4) /* a header packet */ + if(i < 3) /* a header packet */ { p.bytes = vs->headers[i].length; p.packet = vs->headers[i].packet; ++++++ vorbis-tools-cflags.diff ++++++ --- configure.ac 2010-03-26 09:07:07.000000000 +0200 +++ configure.ac.new 2011-03-06 14:57:31.446178384 +0200 @@ -66,9 +66,9 @@ else case $host in *-*-linux*) - DEBUG="-g -Wall -fsigned-char" - CFLAGS="-O2 -Wall -ffast-math -fsigned-char" - PROFILE="-Wall -W -pg -g -O2 -ffast-math -fsigned-char" + DEBUG="-g -Wall" + CFLAGS="-O2 -Wall -ffast-math" + PROFILE="-Wall -W -pg -g -O2 -ffast-math" ;; sparc-sun-*) DEBUG="-g -Wall -fsigned-char -mv8" ++++++ vorbis-tools-r19117-CVE-2014-9640.patch ++++++ --- oggenc/oggenc.c | 4 ++-- oggenc/skeleton.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/oggenc/oggenc.c +++ b/oggenc/oggenc.c @@ -97,6 +97,8 @@ int main(int argc, char **argv) .3,-1, 0,0,0.f, 0, 0, 0, 0, 0}; + input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", + N_("RAW file reader")}; int i; @@ -239,8 +241,6 @@ int main(int argc, char **argv) if(opt.rawmode) { - input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", - N_("RAW file reader")}; enc_opts.rate=opt.raw_samplerate; enc_opts.channels=opt.raw_channels; --- a/oggenc/skeleton.h +++ b/oggenc/skeleton.h @@ -41,7 +41,7 @@ typedef struct { ogg_int64_t granule_rate_d; /* granule rate denominator */ ogg_int64_t start_granule; /* start granule value */ ogg_uint32_t preroll; /* preroll */ - unsigned char granule_shift; // a 8-bit field /* 1 byte value holding the granule shift */ + unsigned char granule_shift; /* 1 byte value holding the granule shift */ char *message_header_fields; /* holds all the message header fields */ /* current total size of the message header fields, for realloc purpose, initially zero */ ogg_uint32_t current_header_size; ++++++ warning-fixes.diff ++++++ --- oggenc/resample.c 2010-01-22 08:28:06.000000000 +0200 +++ oggenc/resample.c.new 2011-03-06 15:24:42.925869442 +0200 @@ -174,7 +174,7 @@ assert(beta > 2.0); break; default: - assert("arglist" == "valid"); + assert(!"arglist not valid"); return -1; } op1 = va_arg(argp, res_parameter); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
