Hello community, here is the log from the commit of package snack.3551 for openSUSE:13.1:Update checked in at 2015-02-26 10:05:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/snack.3551 (Old) and /work/SRC/openSUSE:13.1:Update/.snack.3551.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "snack.3551" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.snack.3551.new/snack.changes 2015-02-26 10:05:46.000000000 +0100 @@ -0,0 +1,162 @@ +------------------------------------------------------------------- +Wed Feb 18 14:08:46 UTC 2015 - [email protected] + +- bnc#793860: CVE-2012-6303: heap based overflow: snack-2.2.10-CVE-2012-6303.patch + +------------------------------------------------------------------- +Mon Jan 11 15:57:04 CET 2010 - [email protected] + +- Fix build on Factory and SLES10. + +------------------------------------------------------------------- +Tue Nov 3 10:46:40 CET 2009 - [email protected] + +- Adopt patch from other distros to fix and re-enable ALSA support + (snack-alsa.patch). + +------------------------------------------------------------------- +Fri Oct 2 15:31:27 CEST 2009 - [email protected] + +- Fix loading of libsnack by removing the rest of the MP3-related + symbols. + +------------------------------------------------------------------- +Wed Jun 3 17:22:59 CEST 2009 - [email protected] + +- Don't build the MP3 decoder. + +------------------------------------------------------------------- +Fri May 25 15:31:34 CEST 2007 - [email protected] + +- Make rpmlint happy. + +------------------------------------------------------------------- +Mon May 22 16:51:29 CEST 2006 - [email protected] + +- New version: 2.2.10 +- Improved MP3 format handling + +------------------------------------------------------------------- +Wed Jan 25 21:41:42 CET 2006 - [email protected] + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jul 28 14:09:35 CEST 2005 - [email protected] + +- Use OSS, because ALSA support is incomplete and unstable. + +- Moved the script library to /usr/share/tcl . + +------------------------------------------------------------------- +Fri Apr 22 15:53:28 CEST 2005 - [email protected] + +- Don't build with multiple compile jobs. + +------------------------------------------------------------------- +Tue Feb 15 17:21:40 CET 2005 - [email protected] + +- added python requires + +------------------------------------------------------------------- +Tue Jan 25 13:55:17 CET 2005 - [email protected] + +- New version: 2.2.9 + +------------------------------------------------------------------- +Thu Nov 25 01:47:19 CET 2004 - [email protected] + +- remove local macro for python_site + +------------------------------------------------------------------- +Mon Jul 12 18:05:16 CEST 2004 - [email protected] + +- New version: 2.2.7 + +------------------------------------------------------------------- +Thu Mar 4 11:40:45 CET 2004 - [email protected] + +- New version: 2.2.4 + +------------------------------------------------------------------- +Fri Feb 6 18:48:38 CET 2004 - [email protected] + +- Impoved ALSA support (snack-alsa.patch). +- Fixed reading from files on 64bit platforms (snack-64bit.patch). +- Added -fno-strict-aliasing to CFLAGS. + +------------------------------------------------------------------- +Thu Oct 30 16:31:06 CET 2003 - [email protected] + +- Removed the unnecessary binary tclkit from the source tarball + making it (and the resulting rpm) about 1MB smaller. + +------------------------------------------------------------------- +Thu Oct 30 13:29:11 CET 2003 - [email protected] + +- New version: 2.2.3 +- Using ALSA instead of OSS. +- Building as non-root user. + +------------------------------------------------------------------- +Mon Jul 28 16:52:18 CEST 2003 - [email protected] + +- added tk-devel to neededforbuild + +------------------------------------------------------------------- +Tue May 13 16:46:07 CEST 2003 - [email protected] + +- Fixed building of libsnackogg.so. + +------------------------------------------------------------------- +Mon May 12 16:51:13 CEST 2003 - [email protected] + +- New version: 2.2.2. + +------------------------------------------------------------------- +Mon Nov 11 23:49:54 CET 2002 - [email protected] + +- changed neededforbuild <xshared> to <x-devel-packages> +- changed neededforbuild <xdevel> to <> + +------------------------------------------------------------------- +Mon Apr 15 17:03:47 CEST 2002 - [email protected] + +- New version 2.1.6 + +------------------------------------------------------------------- +Wed Oct 31 11:43:42 CET 2001 - [email protected] + +- enabled support for Ogg bistreams and Vorbis audio compression. + +------------------------------------------------------------------- +Wed Aug 15 10:34:20 CEST 2001 - [email protected] + +- new version: 2.1.3 +- changed RPM group to Development/Libraries/Tcl + +------------------------------------------------------------------- +Fri Mar 30 10:20:21 CEST 2001 - [email protected] + +- added xshared to #neededforbuild + +------------------------------------------------------------------- +Thu Mar 15 19:42:22 CET 2001 - [email protected] + +- new version 2.0.7 + +------------------------------------------------------------------- +Fri Mar 9 12:24:31 CET 2001 - [email protected] + +- new package snack2.0.6 + +- building with buildroot + +- supports Tcl/Tk and Python + +- No hard dependency on Python, because Python support is just a + wrapper around the Tcl extension and people who want to use it + with Python will have installed Python anyway + +- added tcl.m4 from Tcl/Tk to be able to re-create 'configure' + New: ---- snack-2.2.10-CVE-2012-6303.patch snack-alsa.patch snack-rpmlintrc snack.changes snack.patch snack.spec snack2.2.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ snack.spec ++++++ # # spec file for package snack # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: snack BuildRequires: alsa-devel BuildRequires: libvorbis-devel BuildRequires: python BuildRequires: tk-devel BuildRequires: xorg-x11-devel Summary: Sound Extension for Tcl/Tk and Python License: GPL-2.0+ Group: Development/Libraries/Tcl Version: 2.2.10 Release: 0 Requires: tcl Requires: tk %{py_requires} Url: http://www.speech.kth.se/snack Source0: %{name}%{version}.tar.bz2 Source1: snack-rpmlintrc Patch0: snack.patch Patch1: snack-alsa.patch Patch2: snack-2.2.10-CVE-2012-6303.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Snack provides commands to play, record, process, and visualize sound. It supports various file formats such as WAV, AU, AIFF, and MP3. With Snack, you can easily create sound applications with Tcl/Tk or Python or extend existing programs with sound capabilities. The documentation is located under /usr/share/doc/packages/snack There is also a 'demos' subdirectory which contains examples for Tcl/Tk and Python. Authors: -------- Kåre Sjölander <[email protected]> %define INSTALL install -m755 -s %define INSTALL_SCRIPT install -m755 %define INSTALL_DIR install -d -m755 %define INSTALL_DATA install -m644 %prep %setup -q -n %{name}%{version} %patch0 %patch1 %patch2 -p1 chmod 644 BSD.txt changes README COPYING doc/* ext/* chmod 755 ext/configure %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" cd unix ./configure \ --prefix=%_prefix \ --libdir=%_libdir \ --with-tcl=%_libdir \ --with-tk=%_libdir \ --with-ogg-include=%_includedir \ --with-ogg-lib=%_libdir \ --enable-alsa make OPTFLAGS="$CFLAGS" %install %{INSTALL_DIR} %buildroot%py_sitedir %{INSTALL_DATA} python/tkSnack.py %buildroot%py_sitedir cd unix make install \ DESTDIR=%buildroot \ SNACK_INSTALL_PATH=%tclscriptdir # We don't install the headers, so we don't need the stubs lib rm -f %buildroot/%_libdir/libsnack*.a %clean rm -rf %buildroot %files %defattr(-, root, root,-) %_libdir/lib* %doc demos %defattr(644, root, root, 755) %doc BSD.txt changes README COPYING doc/* ext %tclscriptdir/* %py_sitedir/* %changelog ++++++ snack-2.2.10-CVE-2012-6303.patch ++++++ Index: snack2.2.10/generic/jkSoundFile.c =================================================================== --- snack2.2.10.orig/generic/jkSoundFile.c +++ snack2.2.10/generic/jkSoundFile.c @@ -1793,7 +1793,14 @@ static int GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, int len) { - int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead); + int rlen; + + if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){ + Tcl_AppendResult(interp, "Excessive header size", NULL); + return TCL_ERROR; + } + + rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead); if (rlen < len - s->firstNRead){ Tcl_AppendResult(interp, "Failed reading header bytes", NULL); ++++++ snack-alsa.patch ++++++ Index: unix/jkAudIO_alsa.c =================================================================== --- unix/jkAudIO_alsa.c.orig +++ unix/jkAudIO_alsa.c @@ -49,6 +49,8 @@ static int littleEndian = 0; static int minNumChan = 1; +static snd_pcm_uframes_t hw_bufsize = 0; + int SnackAudioOpen(ADesc *A, Tcl_Interp *interp, char *device, int mode, int freq, int nchannels, int encoding) @@ -135,6 +137,9 @@ SnackAudioOpen(ADesc *A, Tcl_Interp *int Tcl_AppendResult(interp, "Failed setting HW params.", NULL); return TCL_ERROR; } + + snd_pcm_hw_params_get_buffer_size (hw_params, &hw_bufsize); + snd_pcm_hw_params_free(hw_params); snd_pcm_prepare(A->handle); if (A->mode == RECORD) { @@ -202,6 +207,8 @@ SnackAudioPost(ADesc *A) int i; static char buf[64]; + return; + if (A->debug > 1) Snack_WriteLog(" Enter SnackAudioPost\n"); for (i = 0; i < 1000; i++) { @@ -267,12 +274,14 @@ SnackAudioWriteable(ADesc *A) long SnackAudioPlayed(ADesc *A) { - long avail = _snd_pcm_mmap_hw_ptr(A->handle); + // FIX Here, _snd_pcm_mmap_hw_ptr is deprecated in new alsalib + long played = A->nWritten - (hw_bufsize - SnackAudioWriteable(A)); + // long avail = _snd_pcm_mmap_hw_ptr(A->handle); - if (avail < 0) - avail = 0; + if (played < 0) + return 0; - return (avail+A->nPlayed); + return (played); } void ++++++ snack-rpmlintrc ++++++ addFilter("no-soname") addFilter("files-duplicate") ++++++ snack.patch ++++++ Index: unix/Makefile.in =================================================================== --- unix/Makefile.in.orig +++ unix/Makefile.in @@ -12,6 +12,7 @@ XINCLUDES = @XINCLUDES@ # Install SNACK package here +libdir = @libdir@ SNACK_INSTALL_PATH = @SNACK_INSTALL_PATH@ SNACK_HINSTALL_PATH = @SNACK_HINSTALL_PATH@ @@ -31,7 +32,7 @@ CC = @CC@ INCLUDES = ${XINCLUDES} @TCL_INCLUDE_SPEC@ -I${TCL_INCPATH} -I${TK_INCPATH} @AINC@ @NISTINC@ -CFLAGS = -O @CFLAGS@ @AFLAG@ ${INCLUDES} @TCLAPI@ -I${GENERIC_DIR} @DEFS@ +CFLAGS = ${OPTFLAGS} @CFLAGS@ @AFLAG@ ${INCLUDES} @TCLAPI@ -I${GENERIC_DIR} @DEFS@ LIBSO = -lc @ALIB@ @TCL_LIB_SPEC@ @@ -43,13 +44,13 @@ SHLIB_SUFFIX = @SHLIB_SUFFIX@ all: libsound${SHLIB_SUFFIX} libsnack${SHLIB_SUFFIX} @DOSTUBLIB@ @LIBNIST@ @LIBOGG@ editversion OBJSO = sound.o jkSound.o jkSoundEngine.o jkSoundEdit.o jkSoundFile.o \ - g711.o @AOBJ@ jkFormatMP3.o jkSoundProc.o ffa.o jkPitchCmd.o \ + g711.o @AOBJ@ jkSoundProc.o ffa.o jkPitchCmd.o \ @STUBINITOBJ@ jkAudio.o jkMixer.o shape.o jkFilter.o jkSynthesis.o \ jkFilterIIR.o jkGetF0.o sigproc.o jkFormant.o sigproc2.o OBJSN = snack.o jkSound.o jkSoundEngine.o jkSoundEdit.o jkSoundFile.o \ jkCanvSpeg.o jkCanvWave.o jkCanvSect.o ffa.o g711.o @AOBJ@ \ - jkFormatMP3.o jkSoundProc.o jkPitchCmd.o @STUBINITOBJ@ \ + jkSoundProc.o jkPitchCmd.o @STUBINITOBJ@ \ jkAudio.o jkMixer.o shape.o jkFilter.o jkSynthesis.o jkFilterIIR.o \ jkGetF0.o sigproc.o jkFormant.o sigproc2.o @@ -309,11 +310,11 @@ install: chmod 755 ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}; \ else true; \ fi; - cp -f libsound${SHLIB_SUFFIX} ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}/ - cp -f libsnack${SHLIB_SUFFIX} ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}/ - if test -f libsnackstub${VERSION}.a; then cp -f libsnackstub${VERSION}.a ${DESTDIR}${SNACK_INSTALL_PATH}/; fi - if test -f libsnacksphere${SHLIB_SUFFIX}; then cp -f libsnacksphere${SHLIB_SUFFIX} ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}/; fi - if test -f libsnackogg${SHLIB_SUFFIX}; then cp -f libsnackogg${SHLIB_SUFFIX} ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}/; fi + cp -f libsound${SHLIB_SUFFIX} ${DESTDIR}${libdir} + cp -f libsnack${SHLIB_SUFFIX} ${DESTDIR}${libdir} + if test -f libsnackstub${VERSION}.a; then cp -f libsnackstub${VERSION}.a ${DESTDIR}${libdir}; fi + if test -f libsnacksphere${SHLIB_SUFFIX}; then cp -f libsnacksphere${SHLIB_SUFFIX} ${DESTDIR}${libdir}; fi + if test -f libsnackogg${SHLIB_SUFFIX}; then cp -f libsnackogg${SHLIB_SUFFIX} ${DESTDIR}${libdir}; fi cp -f $(UNIX_DIR)/snack.tcl ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}/ cp -f pkgIndex.tcl ${DESTDIR}${SNACK_INSTALL_PATH}/snack${VERSION}/ Index: unix/pkgIndex.tcl.dll =================================================================== --- unix/pkgIndex.tcl.dll.orig +++ unix/pkgIndex.tcl.dll @@ -4,10 +4,10 @@ # http://www.wjduquette.com/tcl/namespaces.html # -package ifneeded snack 2.2 "[list load [file join $dir libsnack.dll]];[list source [file join $dir snack.tcl]]" +package ifneeded snack 2.2 "[list load libsnack.dll];[list source [file join $dir snack.tcl]]" -package ifneeded sound 2.2 [list load [file join $dir libsound.dll]] +package ifneeded sound 2.2 [list load libsound.dll] -package ifneeded snacksphere 1.2 [list load [file join $dir libsnacksphere.dll]] +package ifneeded snacksphere 1.2 [list load libsnacksphere.dll] -package ifneeded snackogg 1.3 [list load [file join $dir libsnackogg.dll]] +package ifneeded snackogg 1.3 [list load libsnackogg.dll] Index: generic/jkSoundFile.c =================================================================== --- generic/jkSoundFile.c.orig +++ generic/jkSoundFile.c @@ -35,9 +35,6 @@ GuessWavFile(char *buf, int len) { if (len < 21) return(QUE_STRING); if (strncasecmp("RIFF", buf, strlen("RIFF")) == 0) { - if (buf[20] == 85) { - return(MP3_STRING); - } if (strncasecmp("WAVE", &buf[8], strlen("WAVE")) == 0) { return(WAV_STRING); } @@ -3305,22 +3302,6 @@ Snack_FileFormat snackRawFormat = { (Snack_FileFormat *) NULL }; -Snack_FileFormat snackMp3Format = { - MP3_STRING, - GuessMP3File, - GetMP3Header, - ExtMP3File, - NULL, - OpenMP3File, - CloseMP3File, - ReadMP3Samples, - NULL, - SeekMP3File, - FreeMP3Header, - ConfigMP3Header, - (Snack_FileFormat *) NULL -}; - Snack_FileFormat snackSmpFormat = { SMP_STRING, GuessSmpFile, @@ -3434,8 +3415,7 @@ SnackDefineFileFormats(Tcl_Interp *inter */ { snackFileFormats = &snackWavFormat; - snackWavFormat.nextPtr = &snackMp3Format; - snackMp3Format.nextPtr = &snackAiffFormat; + snackWavFormat.nextPtr = &snackAiffFormat; snackAiffFormat.nextPtr = &snackAuFormat; snackAuFormat.nextPtr = &snackSmpFormat; snackSmpFormat.nextPtr = &snackCslFormat; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
