Hello community,
here is the log from the commit of package vlc for openSUSE:Factory checked in
at 2017-09-25 13:54:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vlc (Old)
and /work/SRC/openSUSE:Factory/.vlc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vlc"
Mon Sep 25 13:54:42 2017 rev:72 rq:527946 version:2.2.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/vlc/vlc.changes 2017-08-24 18:26:26.524793405
+0200
+++ /work/SRC/openSUSE:Factory/.vlc.new/vlc.changes 2017-09-25
13:54:44.758261821 +0200
@@ -1,0 +2,13 @@
+Thu Sep 21 11:20:24 UTC 2017 - dims...@opensuse.org
+
+- Add vlc-flac-heap-overflow.patch: flac: fix heap write overflow
+ on frame format change (CVE-2017-9300, boo#1041907).
+
+-------------------------------------------------------------------
+Tue Sep 19 15:08:45 UTC 2017 - dims...@opensuse.org
+
+- Stop depending on libkde4-devel: It's only used to find the
+ install path for kde4, but configure falls back to the correct
+ default for openSUSE anyway (boo#1057736).
+
+-------------------------------------------------------------------
New:
----
vlc-flac-heap-overflow.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vlc.spec ++++++
--- /var/tmp/diff_new_pack.PiXHFC/_old 2017-09-25 13:54:46.669992846 +0200
+++ /var/tmp/diff_new_pack.PiXHFC/_new 2017-09-25 13:54:46.673992283 +0200
@@ -20,30 +20,25 @@
%define libvlc 5
%define libvlccore 8
%define conflicts vlc-beta
-
-# Fluidsynth plugin is known to cause strange crashes here and there - disable
it for now (2014-10-07, DimStar)
-%bcond_with fluidsynth
-
%if 0%{?suse_version} >= 1200
%bcond_without gstreamer
%else
%bcond_with gstreamer
%endif
-
-# VNC support - the module is not really usable in most cases tested so far
(e.g. against qemu-kvm -vnc :xx)
-%bcond_with vnc
-
%ifarch %arm
%bcond_without opengles
%else
%bcond_with opengles
%endif
-
+# Fluidsynth plugin is known to cause strange crashes here and there - disable
it for now (2014-10-07, DimStar)
+%bcond_with fluidsynth
+# VNC support - the module is not really usable in most cases tested so far
(e.g. against qemu-kvm -vnc :xx)
+%bcond_with vnc
Name: vlc
Version: 2.2.6
Release: 0
Summary: Graphical media player
-License: GPL-2.0+ and LGPL-2.1+
+License: GPL-2.0+ AND LGPL-2.1+
Group: Productivity/Multimedia/Video/Players
Url: http://www.videolan.org
Source:
http://download.videolan.org/%{name}/%{version}/%{name}-%{version}.tar.xz
@@ -60,6 +55,7 @@
Patch7: vlc.a52.patch
# PATCH-FIX-OPENSUSE vlc-projectM-qt5.patch -- link to libprojectM-qt5
Patch8: vlc-projectM-qt5.patch
+Patch9: vlc-flac-heap-overflow.patch
BuildRequires: Mesa-devel
BuildRequires: SDL-devel >= 1.2.10
BuildRequires: aalib-devel
@@ -68,12 +64,6 @@
BuildRequires: dirac-devel
BuildRequires: fdupes
BuildRequires: findutils
-%if %{with gstreamer}
-BuildRequires: pkgconfig(gstreamer-app-1.0)
-%endif
-%if 0%{?suse_version} > 1110 || 0%{?BUILD_ORIG}
-BuildRequires: flac-devel
-%endif
BuildRequires: freetype2
BuildRequires: fribidi-devel
BuildRequires: gettext-devel
@@ -87,24 +77,11 @@
BuildRequires: libgcrypt-devel
BuildRequires: libidn-devel
BuildRequires: libjack-devel >= 1.9.7
+BuildRequires: libjpeg-devel
BuildRequires: libkate-devel >= 0.3.0
BuildRequires: libnotify-devel
BuildRequires: libogg-devel >= 1.0
BuildRequires: libopus-devel >= 1.0.3
-BuildRequires: pkgconfig(libmodplug) >= 0.8.4
-%if 0%{?suse_version} >= 1310
-BuildRequires: pkgconfig(Qt5Core)
-BuildRequires: pkgconfig(Qt5Gui)
-BuildRequires: pkgconfig(Qt5Widgets)
-%if 0%{?suse_version} != 1315 || 0%{?is_opensuse}
-BuildRequires: pkgconfig(Qt5X11Extras)
-# for some reason libXi-devel is explicitly needed on Leap 42.1, otherwise the
build fails...
-BuildRequires: pkgconfig(xi)
-%endif
-%else
-BuildRequires: libqt4-devel >= 4.6.0
-%endif
-BuildRequires: libjpeg-devel
BuildRequires: libraw1394 >= 2.0.1
BuildRequires: librsvg-devel >= 2.9.0
BuildRequires: libsamplerate-devel
@@ -121,6 +98,7 @@
BuildRequires: live555-devel >= 2015.01.27
BuildRequires: lua-devel >= 5.1
BuildRequires: pcre-devel
+BuildRequires: pkgconfig
BuildRequires: schroedinger-devel >= 1.0.10
BuildRequires: slang-devel
BuildRequires: speex-devel >= 1.0.5
@@ -128,14 +106,35 @@
BuildRequires: vcdimager-devel
BuildRequires: xosd-devel
BuildRequires: xz
-BuildConflicts: pkgconfig(libavutil) >= 55
+BuildRequires: pkgconfig(libavcodec) >= 55.26.0
+BuildRequires: pkgconfig(libavformat) >= 53.21.0
+BuildRequires: pkgconfig(libavutil) >= 52.4.0
+BuildRequires: pkgconfig(libmodplug) >= 0.8.4
Requires: %{name}-noX = %{version}-%{release}
+Requires: %{name}-qt = %{version}-%{release}
# We need the noX package first, as it contains vlc-cache-gen
PreReq: %{name}-noX
-Requires: %{name}-qt = %{version}-%{release}
Conflicts: %{conflicts}
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-
+Obsoletes: %{name}-gnome <= %{version}
+BuildConflicts: pkgconfig(libavutil) >= 55
+%if %{with gstreamer}
+BuildRequires: pkgconfig(gstreamer-app-1.0)
+%endif
+%if 0%{?suse_version} > 1110 || 0%{?BUILD_ORIG}
+BuildRequires: flac-devel
+%endif
+%if 0%{?suse_version} >= 1310
+BuildRequires: pkgconfig(Qt5Core)
+BuildRequires: pkgconfig(Qt5Gui)
+BuildRequires: pkgconfig(Qt5Widgets)
+%if 0%{?suse_version} != 1315 || 0%{?is_opensuse}
+BuildRequires: pkgconfig(Qt5X11Extras)
+# for some reason libXi-devel is explicitly needed on Leap 42.1, otherwise the
build fails...
+BuildRequires: pkgconfig(xi)
+%endif
+%else
+BuildRequires: libqt4-devel >= 4.6.0
+%endif
%if 0%{?suse_version} > 1110
BuildRequires: gdk-pixbuf-devel
BuildRequires: libv4l-devel
@@ -150,20 +149,19 @@
BuildRequires: pkgconfig(xproto)
BuildRequires: pkgconfig(zvbi-0.2) >= 0.2.28
%endif
-
%if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1315 || 0%{?BUILD_ORIG}
BuildRequires: pkgconfig(libswscale)
%endif
%if 0%{?suse_version} > 1110
%if 0%{?suse_version} != 1315 || 0%{?is_opensuse}
BuildRequires: pkgconfig(SDL_image) >= 1.2.10
+BuildRequires: pkgconfig(libupnp)
+BuildRequires: pkgconfig(opencv) > 2.0
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libprojectM-qt5) >= 2.0.0
%else
BuildRequires: pkgconfig(libprojectM) >= 2.0.0
%endif
-BuildRequires: pkgconfig(libupnp)
-BuildRequires: pkgconfig(opencv) > 2.0
%endif
%endif
%if 0%{?suse_version} > 1110 || 0%{?BUILD_ORIG}
@@ -179,18 +177,18 @@
%endif
%if 0%{?suse_version} > 1140
BuildRequires: pkgconfig(dbus-1) >= 1.6.0
-%if 0%{?suse_version} < 1330 && ( 0%{?sle_version} < 120200 ||
0%{?is_opensuse} < 1 )
-BuildRequires: pkgconfig(freerdp) >= 1.0.1
-%endif
BuildRequires: pkgconfig(gnutls) >= 3.2.0
BuildRequires: pkgconfig(libbluray) >= 0.3.0
BuildRequires: pkgconfig(libpulse) >= 1.0
-%if %{with vnc}
-BuildRequires: pkgconfig(libvncclient) >= 0.9.9
-%endif
BuildRequires: pkgconfig(xcb-keysyms) >= 0.3.4
BuildRequires: pkgconfig(xinerama)
BuildRequires: pkgconfig(xpm)
+%if 0%{?suse_version} < 1330 && ( 0%{?sle_version} < 120200 ||
0%{?is_opensuse} < 1 )
+BuildRequires: pkgconfig(freerdp) >= 1.0.1
+%endif
+%if %{with vnc}
+BuildRequires: pkgconfig(libvncclient) >= 0.9.9
+%endif
%if %{with fluidsynth}
BuildRequires: pkgconfig(fluidsynth) >= 1.1.2
%endif
@@ -198,31 +196,25 @@
BuildRequires: pkgconfig(libchromaprint) >= 0.6.0
%endif
%endif
-%if 0%{?suse_version} != 1315
-BuildRequires: libkde4-devel
-%endif
%if 0%{?suse_version} >= 1320
BuildRequires: pkgconfig(ncursesw)
%endif
-BuildRequires: pkgconfig(libavcodec) >= 55.26.0
-BuildRequires: pkgconfig(libavformat) >= 53.21.0
-BuildRequires: pkgconfig(libavutil) >= 52.4.0
-%if (0%{?suse_version} == 1330) || (0%{suse_version} == 1315 &&
0%{?sle_version} >= 120200)
+%if (0%{?suse_version} == 1330) || (0%{?suse_version} == 1315 &&
0%{?sle_version} >= 120200)
# for TW, we favor ffmpeg2-devel. Older distros have ffmpeg 2.x intree
BuildRequires: ffmpeg2-devel
%endif
# Those are dependencies which are NOT provided in openSUSE, mostly for legal
reasons.
%if 0%{?BUILD_ORIG}
BuildRequires: faad2-devel
-BuildRequires: libfaac-devel
-BuildRequires: libxvidcore-devel
# Disabled for now - VideoLAN repo needs to catch up
BuildRequires: liba52-devel
+BuildRequires: libfaac-devel
+# Disabled for now - VideoLAN repo needs to catch up
+BuildRequires: libmad-devel
+BuildRequires: libxvidcore-devel
BuildRequires: pkgconfig(libdca) >= 0.0.5
BuildRequires: pkgconfig(libmpeg2) > 0.3.2
BuildRequires: pkgconfig(libpostproc)
-# Disabled for now - VideoLAN repo needs to catch up
-BuildRequires: libmad-devel
BuildRequires: pkgconfig(twolame)
BuildRequires: pkgconfig(x264) >= 0.8.6
# Disabled for now - VideoLAN repo needs to catch up
@@ -231,7 +223,6 @@
BuildRequires: pkgconfig(vdpau) >= 0.6
%endif
%endif
-Obsoletes: %{name}-gnome <= %{version}
%description
VLC media player is a multimedia player for many
@@ -272,16 +263,16 @@
Group: Productivity/Multimedia/Video/Players
Requires: libvlc%{libvlc} = %{version}-%{release}
Requires: libvlccore%{libvlccore} = %{version}-%{release}
+# This is a hack only due to libbluray not having versioned symbols as well as
+# having a strange ABI/API break between 0.3 and 0.7
+%requires_ge libbluray1
+Recommends: %{name}-codecs
# lang subpackage
Recommends: %{name}-lang
-Recommends: %{name}-codecs
Recommends: libdvdcss
+Conflicts: %{conflicts}-noX
# The lang-package was renamed to vlc-lang to assist AppStream building
Obsoletes: %{name}-noX-lang
-# This is a hack only due to libbluray not having versioned symbols as well as
-# having a strange ABI/API break between 0.3 and 0.7
-%requires_ge libbluray1
-Conflicts: %{conflicts}-noX
%description noX
This package of VLC contains the bare requirements you need to install.
@@ -301,8 +292,8 @@
# We do not want to require vlc, which is GUI based, but only vlc-noX
Group: System/Localization
Requires: %{name}-noX = %{version}
-Provides: %{name}-lang-all = %{version}
Supplements: packageand(bundle-lang-other:%{name}-noX)
+Provides: %{name}-lang-all = %{version}
BuildArch: noarch
%description lang
@@ -322,10 +313,10 @@
%package codecs
Summary: Additional codecs for the VLC media player
Group: Productivity/Multimedia/Video/Players
-Requires: %{name}-noX = %{version}
-Supplements: %{name}-noX
# We require the unrestricted libavcodec - same ABI version we linked
Requires: %(rpm --qf "%%{name}" -qf $(readlink -f
%{_libdir}/libavcodec.so))(unrestricted)
+Requires: %{name}-noX = %{version}
+Supplements: %{name}-noX
%description codecs
This package enhances the functionality of the VLC media player by
@@ -336,12 +327,12 @@
Summary: Qt interface for the VLC media player
Group: Productivity/Multimedia/Video/Players
Requires: %{name}-noX = %{version}-%{release}
+Conflicts: %{conflicts}-qt
%if 0%{?suse_version} >= 1310
Supplements: packageand(%{name}-noX:libqt5)
%else
Supplements: packageand(%{name}-noX:libqt4)
%endif
-Conflicts: %{conflicts}-qt
%description qt
This subpackage provides a Qt interface for VLC and selects it by
@@ -369,6 +360,7 @@
%if 0%{?suse_version} > 1320
%patch8 -p1
%endif
+%patch9 -p1
### Fix up sources for LUA 5.3
if pkg-config --atleast-version 5.3 lua; then
@@ -557,7 +549,7 @@
%find_lang vlc
#Install appdata file
-install -Dm0644 %{S:3} %{buildroot}%{_datadir}/appdata/%{name}.appdata.xml
+install -Dm0644 %{SOURCE3} %{buildroot}%{_datadir}/appdata/%{name}.appdata.xml
%post
%{_libdir}/vlc/vlc-cache-gen -f %{_libdir}/vlc/plugins
++++++ vlc-flac-heap-overflow.patch ++++++
X-Git-Url:
http://git.videolan.org/?p=vlc%2Fvlc-2.2.git;a=blobdiff_plain;f=modules%2Fcodec%2Fflac.c;h=fb12e6cab890777592154b43d8a2bc286a8f3913;hp=87c1e6cb7b84d4ba2b5eef18f9dc861b40cf6393;hb=55a82442cfea9dab8b853f3a4610f2880c5fadf3;hpb=dbe888f9ca9c3b102478b4a16a3d1d985c267899
diff --git a/modules/codec/flac.c b/modules/codec/flac.c
index 87c1e6cb7b..fb12e6cab8 100644
--- a/modules/codec/flac.c
+++ b/modules/codec/flac.c
@@ -64,6 +64,8 @@ struct decoder_sys_t
*/
FLAC__StreamDecoder *p_flac;
FLAC__StreamMetadata_StreamInfo stream_info;
+
+ uint8_t rgi_channels_reorder[AOUT_CHAN_MAX];
bool b_stream_info;
};
@@ -87,6 +89,19 @@ static const int pi_channels_maps[9] =
| AOUT_CHAN_LFE
};
+/* XXX it supposes our internal format is WG4 */
+static const uint8_t ppi_reorder[1+8][8] = {
+ { },
+ { 0, },
+ { 0, 1 },
+ { 0, 1, 2 },
+ { 0, 1, 2, 3 },
+ { 0, 1, 3, 4, 2 },
+ { 0, 1, 4, 5, 2, 3 },
+ { 0, 1, 5, 6, 4, 2, 3 },
+ { 0, 1, 6, 7, 4, 5, 2, 3 },
+};
+
/*****************************************************************************
* Local prototypes
*****************************************************************************/
@@ -143,6 +158,29 @@ static void Interleave( int32_t *p_out, const int32_t *
const *pp_in,
}
/*****************************************************************************
+ * DecoderSetOutputFormat: helper function to convert and check frame format
+ *****************************************************************************/
+static int DecoderSetOutputFormat( unsigned i_channels, unsigned i_rate,
+ unsigned i_streaminfo_rate,
+ unsigned i_bitspersample,
+ audio_format_t *fmt,
+ uint8_t *pi_channels_reorder )
+{
+ if( i_channels == 0 || i_channels > FLAC__MAX_CHANNELS ||
+ i_bitspersample == 0 || (i_rate == 0 && i_streaminfo_rate == 0) )
+ return VLC_EGENERIC;
+
+ fmt->i_channels = i_channels;
+ fmt->i_rate = (i_rate > 0 ) ? i_rate : i_streaminfo_rate;
+ fmt->i_physical_channels =
+ fmt->i_original_channels = pi_channels_maps[i_channels];
+ memcpy( pi_channels_reorder, ppi_reorder[i_channels], i_channels );
+ fmt->i_bitspersample = i_bitspersample;
+
+ return VLC_SUCCESS;
+}
+
+/*****************************************************************************
* DecoderWriteCallback: called by libflac to output decoded samples
*****************************************************************************/
static FLAC__StreamDecoderWriteStatus
@@ -150,30 +188,31 @@ DecoderWriteCallback( const FLAC__StreamDecoder *decoder,
const FLAC__Frame *frame,
const FLAC__int32 *const buffer[], void *client_data )
{
- /* XXX it supposes our internal format is WG4 */
- static const unsigned char ppi_reorder[1+8][8] = {
- { },
- { 0, },
- { 0, 1 },
- { 0, 1, 2 },
- { 0, 1, 2, 3 },
- { 0, 1, 3, 4, 2 },
- { 0, 1, 4, 5, 2, 3 },
- { 0, 1, 5, 6, 4, 2, 3 },
- { 0, 1, 6, 7, 4, 5, 2, 3 },
- };
-
VLC_UNUSED(decoder);
decoder_t *p_dec = (decoder_t *)client_data;
decoder_sys_t *p_sys = p_dec->p_sys;
- if( p_dec->fmt_out.audio.i_channels <= 0 ||
- p_dec->fmt_out.audio.i_channels > 8 )
+ if( DecoderSetOutputFormat( frame->header.channels,
+ frame->header.sample_rate,
+ p_sys->b_stream_info ?
p_sys->stream_info.sample_rate : 0,
+ frame->header.bits_per_sample,
+ &p_dec->fmt_out.audio,
+ p_sys->rgi_channels_reorder ) )
return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
- if( date_Get( &p_sys->end_date ) <= VLC_TS_INVALID )
+
+ if( p_sys->end_date.i_divider_num != p_dec->fmt_out.audio.i_rate )
+ {
+ if( p_sys->end_date.i_divider_num > 0 )
+ date_Change( &p_sys->end_date, p_dec->fmt_out.audio.i_rate, 1 );
+ else
+ date_Init( &p_sys->end_date, p_dec->fmt_out.audio.i_rate, 1 );
+ }
+
+ if( decoder_UpdateAudioFormat( p_dec ) )
return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
- const unsigned char *pi_reorder =
ppi_reorder[p_dec->fmt_out.audio.i_channels];
+ if( date_Get( &p_sys->end_date ) <= VLC_TS_INVALID )
+ return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
p_sys->p_aout_buffer =
decoder_NewAudioBuffer( p_dec, frame->header.blocksize );
@@ -181,7 +220,8 @@ DecoderWriteCallback( const FLAC__StreamDecoder *decoder,
if( p_sys->p_aout_buffer == NULL )
return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
- Interleave( (int32_t *)p_sys->p_aout_buffer->p_buffer, buffer, pi_reorder,
+ Interleave( (int32_t *)p_sys->p_aout_buffer->p_buffer, buffer,
+ p_sys->rgi_channels_reorder ,
frame->header.channels, frame->header.blocksize,
frame->header.bits_per_sample );
@@ -233,17 +273,11 @@ static void DecoderMetadataCallback( const
FLAC__StreamDecoder *decoder,
decoder_sys_t *p_sys = p_dec->p_sys;
/* Setup the format */
- p_dec->fmt_out.audio.i_rate = metadata->data.stream_info.sample_rate;
- p_dec->fmt_out.audio.i_channels = metadata->data.stream_info.channels;
- if(metadata->data.stream_info.channels < 9)
- {
- p_dec->fmt_out.audio.i_physical_channels =
- p_dec->fmt_out.audio.i_original_channels =
- pi_channels_maps[metadata->data.stream_info.channels];
- }
- if (!p_dec->fmt_out.audio.i_bitspersample)
- p_dec->fmt_out.audio.i_bitspersample =
- metadata->data.stream_info.bits_per_sample;
+ DecoderSetOutputFormat( metadata->data.stream_info.channels,
+ metadata->data.stream_info.sample_rate,
+ metadata->data.stream_info.sample_rate,
+ metadata->data.stream_info.bits_per_sample,
+ &p_dec->fmt_out.audio, p_sys->rgi_channels_reorder
);
msg_Dbg( p_dec, "channels:%d samplerate:%d bitspersamples:%d",
p_dec->fmt_out.audio.i_channels, p_dec->fmt_out.audio.i_rate,
