Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libcue for openSUSE:Factory checked in at 2023-10-11 23:54:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libcue (Old) and /work/SRC/openSUSE:Factory/.libcue.new.1807 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcue" Wed Oct 11 23:54:03 2023 rev:10 rq:1116765 version:2.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libcue/libcue.changes 2019-09-07 12:32:06.997682740 +0200 +++ /work/SRC/openSUSE:Factory/.libcue.new.1807/libcue.changes 2023-10-12 11:44:39.114520019 +0200 @@ -1,0 +2,13 @@ +Wed Oct 11 02:33:47 UTC 2023 - Jan Engelhardt <[email protected]> + +- Update to release 2.3.0 + * EOF check [CVE-2023-43641] +- Drop 0001-Check-that-the-array-index-isn-t-negative.-This-fixe.patch + +------------------------------------------------------------------- +Tue Oct 10 05:42:26 UTC 2023 - Daniel Garcia <[email protected]> + +- Add 0001-Check-that-the-array-index-isn-t-negative.-This-fixe.patch + [CVE-2023-43641] + +------------------------------------------------------------------- Old: ---- v2.2.1.tar.gz New: ---- v2.3.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcue.spec ++++++ --- /var/tmp/diff_new_pack.Nus6NF/_old 2023-10-12 11:44:39.558536035 +0200 +++ /var/tmp/diff_new_pack.Nus6NF/_new 2023-10-12 11:44:39.562536179 +0200 @@ -1,7 +1,7 @@ # # spec file for package libcue # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libcue %define lname libcue2 -Version: 2.2.1 +Version: 2.3.0 Release: 0 Summary: CUE sheet parsing library License: GPL-2.0-only @@ -26,7 +26,6 @@ URL: https://github.com/lipnitsk/libcue Source: https://github.com/lipnitsk/libcue/archive/v%version.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: cmake BuildRequires: flex @@ -61,7 +60,7 @@ %build %cmake -make %{?_smp_mflags} +%cmake_build %install %cmake_install ++++++ v2.2.1.tar.gz -> v2.3.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcue-2.2.1/CMakeLists.txt new/libcue-2.3.0/CMakeLists.txt --- old/libcue-2.2.1/CMakeLists.txt 2018-05-02 02:51:51.000000000 +0200 +++ new/libcue-2.3.0/CMakeLists.txt 2023-10-10 22:38:11.000000000 +0200 @@ -1,6 +1,6 @@ SET(PACKAGE libcue) SET(PACKAGE_NAME libcue) -SET(PACKAGE_VERSION 2.2.1) +SET(PACKAGE_VERSION 2.3.0) SET(PACKAGE_SOVERSION 2) CMAKE_MINIMUM_REQUIRED(VERSION 2.8 FATAL_ERROR) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcue-2.2.1/ChangeLog new/libcue-2.3.0/ChangeLog --- old/libcue-2.2.1/ChangeLog 2018-05-02 02:51:51.000000000 +0200 +++ new/libcue-2.3.0/ChangeLog 2023-10-10 22:38:11.000000000 +0200 @@ -1,3 +1,9 @@ +libcue (2.3.0) + [Vlad Stulikov, Vasiliy Sazonov] + * Bug fix - no EOF handling + + [Kevin Backhouse] + * Fix CVE-2023-43641 libcue (2.2.1) [Ilya Lipnitskiy] * cmake: Check for __attribute__ format diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcue-2.2.1/README.md new/libcue-2.3.0/README.md --- old/libcue-2.2.1/README.md 2018-05-02 02:51:51.000000000 +0200 +++ new/libcue-2.3.0/README.md 2023-10-10 22:38:11.000000000 +0200 @@ -10,6 +10,8 @@ # Compiling +NOTE: Use `-DBUILD_SHARED_LIBS=ON` to build as a shared library. + ``` mkdir bin cd bin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcue-2.2.1/cd.c new/libcue-2.3.0/cd.c --- old/libcue-2.2.1/cd.c 2018-05-02 02:51:51.000000000 +0200 +++ new/libcue-2.3.0/cd.c 2023-10-10 22:38:11.000000000 +0200 @@ -339,7 +339,7 @@ void track_set_index(Track *track, int i, long ind) { - if (i > MAXINDEX) { + if (i < 0 || i > MAXINDEX) { fprintf(stderr, "too many indexes\n"); return; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcue-2.2.1/cue_scanner.l new/libcue-2.3.0/cue_scanner.l --- old/libcue-2.2.1/cue_scanner.l 2018-05-02 02:51:51.000000000 +0200 +++ new/libcue-2.3.0/cue_scanner.l 2023-10-10 22:38:11.000000000 +0200 @@ -23,6 +23,7 @@ %option noyywrap %option noinput %option nounput +%option caseless %s NAME %x REM @@ -136,4 +137,7 @@ \n { yylineno++; return '\n'; } . { fprintf(stderr, "bad character '%c'\n", yytext[0]); } +<<EOF>> { static int once = 0; return (once = !once) ? '\n' : 0; } + + %%
