Hello community, here is the log from the commit of package libvorbis for openSUSE:Factory checked in at 2018-03-22 11:55:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvorbis (Old) and /work/SRC/openSUSE:Factory/.libvorbis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvorbis" Thu Mar 22 11:55:59 2018 rev:49 rq:588197 version:1.3.6 Changes: -------- New Changes file: --- /dev/null 2018-03-01 08:56:54.644963210 +0100 +++ /work/SRC/openSUSE:Factory/.libvorbis.new/libvorbis-doc.changes 2018-03-22 11:58:41.983480171 +0100 @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Sat Mar 17 14:55:12 CET 2018 - [email protected] + +- Split from libvorbis.spec to reduce the build dependencies + --- /work/SRC/openSUSE:Factory/libvorbis/libvorbis.changes 2017-12-21 11:27:32.348828337 +0100 +++ /work/SRC/openSUSE:Factory/.libvorbis.new/libvorbis.changes 2018-03-22 11:58:42.591458369 +0100 @@ -1,0 +2,36 @@ +Sat Mar 17 14:54:44 CET 2018 - [email protected] + +- Split libvorbis-doc subpackage to a separate spec file for + reducing the dependencies + +------------------------------------------------------------------- +Fri Mar 16 22:12:35 CET 2018 - [email protected] + +- Update to version 1.3.6: + * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. + * Fix CVE-2017-14632 - free() on unitialized data + * Fix CVE-2017-14633 - out-of-bounds read + * Fix bitrate metadata parsing. + * Fix out-of-bounds read in codebook parsing. + * Fix residue vector size in Vorbis I spec. + * Appveyor support + * Travis CI support + * Add secondary CMake build system. + * Build system fixes +- Build documents with doxygen, and many tex stuff; + this requires to disable parallel builds partially +- Move COPYING to license directory +- Drop obsoleted patches: + vorbis-fix-linking.patch + 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch + 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch + libvorbis-CVE-2018-5146.patch + +------------------------------------------------------------------- +Fri Mar 16 20:02:45 CET 2018 - [email protected] + +- Fix VUL-0: libvorbis: Out of bounds memory write while processing + Vorbis audio data (CVE-2018-5146, bsc#1085687): + libvorbis-CVE-2018-5146.patch + +------------------------------------------------------------------- Old: ---- 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch libvorbis-1.3.5.tar.xz vorbis-fix-linking.patch New: ---- libvorbis-1.3.6.tar.xz libvorbis-doc.changes libvorbis-doc.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvorbis-doc.spec ++++++ # # spec file for package libvorbis-doc # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %if 0%{?suse_version} > 1320 %define build_docs 1 %else %define build_docs 0 %endif Name: libvorbis-doc Version: 1.3.6 Release: 0 Summary: Documentation of Ogg/Vorbis library License: BSD-3-Clause Group: Documentation/Other Url: http://www.vorbis.com/ Source: http://downloads.xiph.org/releases/vorbis/libvorbis-%{version}.tar.xz Patch1: libvorbis-lib64.dif Patch2: libvorbis-m4.dif Patch12: vorbis-ocloexec.patch BuildRequires: fdupes BuildRequires: libogg-devel BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: xz %if %build_docs BuildRequires: doxygen BuildRequires: texlive-babel-english BuildRequires: texlive-latex BuildRequires: texlive-tex4ht BuildRequires: tex(a4wide.sty) BuildRequires: tex(capt-of.sty) BuildRequires: tex(csquotes.sty) BuildRequires: tex(enumitem.sty) BuildRequires: tex(fancyvrb.sty) BuildRequires: tex(grffile.sty) BuildRequires: tex(parskip.sty) BuildRequires: tex(ulem.sty) BuildRequires: tex(underscore.sty) %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %description This package contains documents for Ogg/Vorbis library, including the API reference. %prep %setup -q -n libvorbis-%{version} %patch2 # %%patch5 -p1 if [ "%{_lib}" == "lib64" ]; then %patch1 fi %patch12 %build autoreconf -fiv %configure \ %if %build_docs --enable-docs \ %endif --disable-examples \ --disable-static # parallel-build of docs may fail make -C doc # we don't build anything but docs %install make -C doc DESTDIR=%{buildroot} install mkdir -p %{buildroot}%{_docdir} mv %{buildroot}%{_datadir}/doc/libvorbis-* %{buildroot}%{_docdir}/%{name} # remove unneeded files find %{buildroot}%{_docdir}/ -empty -delete %fdupes -s %{buildroot}%{_docdir} %files %defattr(-,root,root) %doc %{_docdir}/%{name} %changelog ++++++ libvorbis.spec ++++++ --- /var/tmp/diff_new_pack.7GJsJX/_old 2018-03-22 11:58:43.759416486 +0100 +++ /var/tmp/diff_new_pack.7GJsJX/_new 2018-03-22 11:58:43.767416199 +0100 @@ -1,7 +1,7 @@ # # spec file for package libvorbis # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: libvorbis -Version: 1.3.5 +Version: 1.3.6 Release: 0 Summary: The Vorbis General Audio Compression Codec License: BSD-3-Clause @@ -27,14 +27,7 @@ Source1: baselibs.conf Patch1: libvorbis-lib64.dif Patch2: libvorbis-m4.dif -# URL http://www.geocities.jp/aoyoume/aotuv/ -# 'Patch5: libvorbis-%%{version}-aotuv-b5.7.diff' -# PATCH-FIX-UPSTREAM libvorbis-pkgconfig.patch https://trac.xiph.org/ticket/1759 [email protected] -- Use Requires/Libs.private to avoid overlinking -Patch11: vorbis-fix-linking.patch Patch12: vorbis-ocloexec.patch -Patch21: 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch -Patch22: 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch -BuildRequires: fdupes BuildRequires: libogg-devel BuildRequires: libtool BuildRequires: pkgconfig @@ -115,17 +108,6 @@ This package contains all necessary include files and libraries needed to compile and develop applications that use libvorbis. -%package doc -Summary: Documentation of Ogg/Vorbis library -Group: Documentation/Other -%if 0%{?suse_version} >= 1120 -BuildArch: noarch -%endif - -%description doc -This package contains documents for Ogg/Vorbis library, including the -API reference. - %prep %setup -q %patch2 @@ -133,10 +115,7 @@ if [ "%{_lib}" == "lib64" ]; then %patch1 fi -%patch11 -p1 %patch12 -%patch21 -p1 -%patch22 -p1 %build # Fix optimization level @@ -149,14 +128,11 @@ make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} -mkdir -p %{buildroot}%{_docdir}/%{name} -mv %{buildroot}%{_datadir}/doc/libvorbis-* %{buildroot}%{_docdir}/%{name} -install -c -m 0644 doc/Vorbis_I_spec.* %{buildroot}%{_docdir}/%{name} +make DESTDIR=%{buildroot} install +# docs are built in a separate spec file +rm -rf %{buildroot}%{_datadir}/doc/* # remove unneeded files find %{buildroot} -type f -name "*.la" -delete -print -find %{buildroot}%{_docdir}/ -empty -delete -%fdupes -s %{buildroot}%{_docdir} %check make %{?_smp_mflags} check @@ -187,14 +163,11 @@ %files devel %defattr(-,root,root) -%doc COPYING AUTHORS README *.txt +%doc AUTHORS +%license COPYING %{_datadir}/aclocal/*.m4 %{_includedir}/vorbis %{_libdir}/lib*.so %{_libdir}/pkgconfig/*.pc -%files doc -%defattr(-,root,root) -%doc %{_docdir}/%{name} - %changelog ++++++ libvorbis-1.3.5.tar.xz -> libvorbis-1.3.6.tar.xz ++++++ ++++ 24457 lines of diff (skipped)
