Hello community, here is the log from the commit of package mpg123 for openSUSE:Factory checked in at 2019-07-21 11:30:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mpg123 (Old) and /work/SRC/openSUSE:Factory/.mpg123.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mpg123" Sun Jul 21 11:30:48 2019 rev:12 rq:716250 version:1.25.11 Changes: -------- --- /work/SRC/openSUSE:Factory/mpg123/mpg123.changes 2018-06-28 15:10:19.291933863 +0200 +++ /work/SRC/openSUSE:Factory/.mpg123.new.4126/mpg123.changes 2019-07-21 11:30:49.684812942 +0200 @@ -1,0 +2,18 @@ +Thu Jul 18 08:55:03 UTC 2019 - Luigi Baldoni <[email protected]> + +- Update to version 1.25.11 + libmpg123: + * Fix out-of-bounds reads in ID3 parser for unsynced frames. + (oss-fuzz-bug 15852) + * Fix out-of-bounds read for RVA2 frames with non-delimited + identifier. (oss-fuzz-bug 15852) + * Fix implementation-defined parsing of RVA2 values. + (oss-fuzz-bug 15862) + * Fix undefined parsing of APE header for skipping. Also + prevent endless loop on premature end of supposed APE header. + (oss-fuzz-bug 15864) + * Fix some syntax to make pedantic compiler happy. + +- Spec cleanup + +------------------------------------------------------------------- Old: ---- mpg123-1.25.10.tar.bz2 mpg123-1.25.10.tar.bz2.sig New: ---- mpg123-1.25.11.tar.bz2 mpg123-1.25.11.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mpg123.spec ++++++ --- /var/tmp/diff_new_pack.0fIzjN/_old 2019-07-21 11:30:51.032812715 +0200 +++ /var/tmp/diff_new_pack.0fIzjN/_new 2019-07-21 11:30:51.048812711 +0200 @@ -1,7 +1,7 @@ # # spec file for package mpg123 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,17 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: mpg123 -Version: 1.25.10 +Version: 1.25.11 Release: 0 Summary: Console MPEG audio player and decoder library License: LGPL-2.1-only Group: Productivity/Multimedia/Sound/Players -Url: http://www.mpg123.de/ +URL: http://www.mpg123.de/ Source0: https://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source1: https://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.bz2.sig Source2: mpg123.keyring @@ -32,12 +32,11 @@ BuildRequires: pkgconfig(ao) BuildRequires: pkgconfig(jack) BuildRequires: pkgconfig(libpulse) -%if 0%{?suse_version} >= 1320 +%if 0%{?suse_version} >= 1500 BuildRequires: pkgconfig(openal) %endif BuildRequires: pkgconfig(portaudio-2.0) BuildRequires: pkgconfig(sdl) -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The mpg123 distribution contains an MPEG 1.0/2.0/2.5 audio player/decoder for @@ -73,7 +72,7 @@ layers 1,2 and 3 (most commonly MPEG 1.0 layer 3 aka MP3), as well as re-usable decoding and output libraries. -%if 0%{?suse_version} >= 1320 +%if 0%{?suse_version} >= 1500 %package openal Summary: OpenAL Support for %{name} Group: Productivity/Multimedia/Sound/Players @@ -138,8 +137,7 @@ %build %configure \ - --enable-modules=yes \ - --with-module-suffix=.so + --enable-modules=yes make %{?_smp_mflags} %install @@ -152,30 +150,26 @@ %postun -n libout123-0 -p /sbin/ldconfig %files -%defattr(-,root,root) %doc ChangeLog README %{_bindir}/mpg123 %{_bindir}/mpg123-id3dump %{_bindir}/mpg123-strip %{_bindir}/out123 -%{_mandir}/man1/mpg123.1%{ext_man} -%{_mandir}/man1/out123.1%{ext_man} +%{_mandir}/man1/mpg123.1%{?ext_man} +%{_mandir}/man1/out123.1%{?ext_man} %dir %{_libdir}/%{name} %{_libdir}/%{name}/output_alsa.so %{_libdir}/%{name}/output_dummy.so %{_libdir}/%{name}/output_oss.so %files -n libmpg123-0 -%defattr(-,root,root) -%doc COPYING +%license COPYING %{_libdir}/libmpg123.so.* %files -n libout123-0 -%defattr(-,root,root) %{_libdir}/libout123.so.* %files devel -%defattr(-,root,root) %{_libdir}/libmpg123.so %{_libdir}/libout123.so %{_libdir}/pkgconfig/libmpg123.pc @@ -185,25 +179,20 @@ %{_includedir}/out123.h %files pulse -%defattr(-,root,root) %{_libdir}/%{name}/output_pulse.so -%if 0%{?suse_version} >= 1320 +%if 0%{?suse_version} >= 1500 %files openal -%defattr(-,root,root) %{_libdir}/%{name}/output_openal.so %endif %files jack -%defattr(-,root,root) %{_libdir}/%{name}/output_jack.so %files portaudio -%defattr(-,root,root) %{_libdir}/%{name}/output_portaudio.so %files sdl -%defattr(-,root,root) %{_libdir}/%{name}/output_sdl.so %changelog ++++++ mpg123-1.25.10.tar.bz2 -> mpg123-1.25.11.tar.bz2 ++++++ ++++ 3283 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/NEWS new/mpg123-1.25.11/NEWS --- old/mpg123-1.25.10/NEWS 2018-02-27 11:28:43.000000000 +0100 +++ new/mpg123-1.25.11/NEWS 2019-07-18 06:24:00.000000000 +0200 @@ -1,3 +1,19 @@ +1.25.11 +------- + +So, here is a number of bugs found by OSS-Fuzz. Credit to OSS-Fuzz +for the bunch, then. + +- libmpg123: +-- Fix out-of-bounds reads in ID3 parser for unsynced frames. + (oss-fuzz-bug 15852) +-- Fix out-of-bounds read for RVA2 frames with non-delimited identifier. + (oss-fuzz-bug 15852) +-- Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862) +-- Fix undefined parsing of APE header for skipping. Also prevent + endless loop on premature end of supposed APE header. (oss-fuzz-bug 15864) +-- Fix some syntax to make pedantic compiler happy. + 1.25.10 ------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/build/compile new/mpg123-1.25.11/build/compile --- old/mpg123-1.25.10/build/compile 2018-02-27 11:29:30.000000000 +0100 +++ new/mpg123-1.25.11/build/compile 2019-07-18 06:26:42.000000000 +0200 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2016-01-11.22; # UTC +scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2017 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify @@ -255,8 +255,7 @@ echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ - icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -343,6 +342,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC0" +# time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/build/missing new/mpg123-1.25.11/build/missing --- old/mpg123-1.25.10/build/missing 2018-02-27 11:29:30.000000000 +0100 +++ new/mpg123-1.25.11/build/missing 2019-07-18 06:26:42.000000000 +0200 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2016-01-11.22; # UTC +scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2017 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify @@ -210,6 +210,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC0" +# time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/configure.ac new/mpg123-1.25.11/configure.ac --- old/mpg123-1.25.10/configure.ac 2018-02-27 11:34:27.000000000 +0100 +++ new/mpg123-1.25.11/configure.ac 2019-07-18 07:06:28.000000000 +0200 @@ -8,12 +8,12 @@ AC_PREREQ(2.57) dnl ############# Initialisation -AC_INIT([mpg123], [1.25.10], [[email protected]]) +AC_INIT([mpg123], [1.25.11], [[email protected]]) dnl Increment API_VERSION when the API gets changes (new functions). dnl libmpg123 API_VERSION=44 -LIB_PATCHLEVEL=8 +LIB_PATCHLEVEL=9 dnl libout123 OUTAPI_VERSION=2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/m4/libtool.m4 new/mpg123-1.25.11/m4/libtool.m4 --- old/mpg123-1.25.10/m4/libtool.m4 2018-02-27 11:29:24.000000000 +0100 +++ new/mpg123-1.25.11/m4/libtool.m4 2019-07-18 06:26:35.000000000 +0200 @@ -728,7 +728,6 @@ cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. @@ -2887,6 +2886,18 @@ dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -3546,7 +3557,7 @@ lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -4424,7 +4435,7 @@ ;; esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -4936,6 +4947,9 @@ ;; esac ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -4998,6 +5012,9 @@ openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes @@ -5252,7 +5269,7 @@ fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -5773,6 +5790,7 @@ if test yes = "$lt_cv_irix_exported_symbol"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -5794,7 +5812,7 @@ esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/mpg123.spec new/mpg123-1.25.11/mpg123.spec --- old/mpg123-1.25.10/mpg123.spec 2018-02-27 11:35:05.000000000 +0100 +++ new/mpg123-1.25.11/mpg123.spec 2019-07-18 07:07:20.000000000 +0200 @@ -3,7 +3,7 @@ # - devel packages for alsa, sdl, etc... to build the respective output modules. Summary: The fast console mpeg audio decoder/player. Name: mpg123 -Version: 1.25.10 +Version: 1.25.11 Release: 1 URL: http://www.mpg123.org/ License: GPL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/src/equalizer.c new/mpg123-1.25.11/src/equalizer.c --- old/mpg123-1.25.10/src/equalizer.c 2018-02-27 11:26:38.000000000 +0100 +++ new/mpg123-1.25.11/src/equalizer.c 2019-07-18 06:55:47.000000000 +0200 @@ -1,12 +1,13 @@ /* equalizer: code for loading equalizer settings - copyright 1995-2008 by the mpg123 project - free software under the terms of the LGPL 2.1 + copyright 1995-2019 by the mpg123 project - free software under the terms of the LGPL 2.1 see COPYING and AUTHORS files in distribution or http://mpg123.org initially written by Michael Hipp (exported to this file by Thomas Orgis) */ #include "mpg123app.h" +#include "debug.h" /* Load the settings from the path in the global variable equalfile. If there is no file, restore equalizer defaults. @@ -27,7 +28,11 @@ do /* ignore comments */ { line[0]=0; - fgets(line,255,fe); + if(!fgets(line,255,fe)) + { + error("equalizer file read error"); + return -1; + } } while(line[0]=='#'); /* Hm, why not use fscanf? Comments... */ @@ -40,7 +45,7 @@ } else { - fprintf(stderr,"Can't open equalizer file '%s'\n",equalfile); + error1("Can't open equalizer file '%s'.",equalfile); return -1; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/src/libmpg123/id3.c new/mpg123-1.25.11/src/libmpg123/id3.c --- old/mpg123-1.25.10/src/libmpg123/id3.c 2018-02-27 11:26:38.000000000 +0100 +++ new/mpg123-1.25.11/src/libmpg123/id3.c 2019-07-18 06:21:27.000000000 +0200 @@ -892,7 +892,7 @@ /* de-unsync: FF00 -> FF; real FF00 is simply represented as FF0000 ... */ /* damn, that means I have to delete bytes from withing the data block... thus need temporal storage */ /* standard mandates that de-unsync should always be safe if flag is set */ - realdata = (unsigned char*) malloc(framesize); /* will need <= bytes */ + realdata = (unsigned char*) malloc(framesize+1); /* will need <= bytes, plus a safety zero */ if(realdata == NULL) { if(NOQUIET) error("ID3v2: unable to allocate working buffer for de-unsync"); @@ -909,6 +909,8 @@ } } realsize = opos; + /* Append a zero to keep strlen() safe. */ + realdata[realsize] = 0; debug2("ID3v2: de-unsync made %lu out of %lu bytes", realsize, framesize); } pos = 0; /* now at the beginning again... */ @@ -936,14 +938,22 @@ if(fr->rva.level[rva_mode] <= rva2+1) { pos += strlen((char*) realdata) + 1; - if(realdata[pos] == 1) + if(pos >= realsize) + { + if(NOQUIET) + error("bad RVA2 tag (non-terminated identification)"); + } + else if(realdata[pos] == 1) { ++pos; /* only handle master channel */ debug("ID3v2: it is for the master channel"); /* two bytes adjustment, one byte for bits representing peak - n bytes, eh bits, for peak */ - /* 16 bit signed integer = dB * 512 ... the double cast is needed to preserve the sign of negative values! */ - fr->rva.gain[rva_mode] = (float) ( (((short)((signed char)realdata[pos])) << 8) | realdata[pos+1] ) / 512; + /* 16 bit signed integer = dB * 512. Do not shift signed integers! Multiply instead. + Also no implementation-defined casting. Reinterpret the pointer to signed char, then do + proper casting. */ + fr->rva.gain[rva_mode] = (float) ( + ((short)((signed char*)realdata)[pos]) * 256 + (short)realdata[pos+1] ) / 512; pos += 2; if(VERBOSE3) fprintf(stderr, "Note: RVA value %fdB\n", fr->rva.gain[rva_mode]); /* heh, the peak value is represented by a number of bits - but in what manner? Skipping that part */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/src/libmpg123/parse.c new/mpg123-1.25.11/src/libmpg123/parse.c --- old/mpg123-1.25.10/src/libmpg123/parse.c 2018-02-27 11:26:38.000000000 +0100 +++ new/mpg123-1.25.11/src/libmpg123/parse.c 2019-07-18 06:22:13.000000000 +0200 @@ -1063,18 +1063,29 @@ unsigned char apebuf[28]; unsigned long val; int i, ret; - + /* How many bytes to backpedal to get back to just after the first byte of */ + /* the supposed header. */ + int back_bytes = 3; fr->oldhead = 0; + debug1("trying to read remaining APE header at %"OFF_P, (off_p)fr->rd->tell(fr)); /* Apetag headers are 32 bytes, newhead contains 4, read the rest */ - if((ret=fr->rd->fullread(fr,apebuf,28)) < 0) return ret; - + if((ret=fr->rd->fullread(fr,apebuf,28)) < 0) + return ret; + back_bytes += ret; + if(ret < 28) + goto apetag_bad; + + debug1("trying to parse APE header at %"OFF_P, (off_p)fr->rd->tell(fr)); /* Apetags start with "APETAGEX", "APET" is already tested. */ if(strncmp((char *)apebuf,"AGEX",4) != 0) goto apetag_bad; /* Version must be 2.000 / 2000 */ - val = (apebuf[7]<<24)|(apebuf[6]<<16)|(apebuf[5]<<8)|apebuf[4]; + val = ((unsigned long)apebuf[7]<<24) + | ((unsigned long)apebuf[6]<<16) + | ((unsigned long)apebuf[5]<<8) + | apebuf[4]; if(val != 2000) goto apetag_bad; @@ -1084,14 +1095,22 @@ goto apetag_bad; /* Looks good, skip the rest. */ - val = (apebuf[11]<<24)|(apebuf[10]<<16)|(apebuf[9]<<8)|apebuf[8]; - if((ret=fr->rd->skip_bytes(fr,val)) < 0) return ret; + val = ((unsigned long)apebuf[11]<<24) + | ((unsigned long)apebuf[10]<<16) + | ((unsigned long)apebuf[9]<<8) + | apebuf[8]; + debug2( "skipping %lu bytes of APE data at %"OFF_P + , val, (off_p)fr->rd->tell(fr) ); + /* If encountering EOF here, things are just at an end. */ + if((ret=fr->rd->skip_bytes(fr,val)) < 0) + return ret; return PARSE_AGAIN; apetag_bad: - if(fr->rd->back_bytes(fr,31) < 0 && NOQUIET) - error("Cannot seek 31 bytes back!"); + debug("no proper APE tag found, seeking back"); + if(fr->rd->back_bytes(fr,back_bytes) < 0 && NOQUIET) + error1("Cannot seek %d bytes back!", back_bytes); return PARSE_AGAIN; /* Give the resync code a chance to fix things */ } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/src/libout123/modules/openal.c new/mpg123-1.25.11/src/libout123/modules/openal.c --- old/mpg123-1.25.10/src/libout123/modules/openal.c 2018-02-27 11:26:38.000000000 +0100 +++ new/mpg123-1.25.11/src/libout123/modules/openal.c 2019-07-18 06:05:38.000000000 +0200 @@ -68,7 +68,7 @@ static int get_formats_openal(out123_handle *ao) { - return MPG123_ENC_SIGNED_16|MPG123_ENC_UNSIGNED_8|((alIsExtensionPresent((ALubyte*)"AL_EXT_float32") == AL_TRUE) ? MPG123_ENC_FLOAT_32 : 0); + return MPG123_ENC_SIGNED_16|MPG123_ENC_UNSIGNED_8|((alIsExtensionPresent((ALchar*)"AL_EXT_float32") == AL_TRUE) ? MPG123_ENC_FLOAT_32 : 0); } static int write_openal(out123_handle *ao, unsigned char *buf, int len) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/src/mpg123.c new/mpg123-1.25.11/src/mpg123.c --- old/mpg123-1.25.10/src/mpg123.c 2018-02-27 11:26:38.000000000 +0100 +++ new/mpg123-1.25.11/src/mpg123.c 2019-07-18 06:05:56.000000000 +0200 @@ -1,7 +1,7 @@ /* mpg123: main code of the program (not of the decoder...) - copyright 1995-2013 by the mpg123 project - free software under the terms of the LGPL 2.1 + copyright 1995-2019 by the mpg123 project - free software under the terms of the LGPL 2.1 see COPYING and AUTHORS files in distribution or http://mpg123.org initially written by Michael Hipp */ @@ -168,23 +168,28 @@ { intflag = TRUE; } -static void handle_fatal_msg(const char *msg, size_t n) + +static void handle_fatal(void) { - if(msg && !param.quiet) - write(STDERR_FILENO, msg, n); intflag = TRUE; deathflag = TRUE; } + +static void handle_fatal_msg(const char *msg) +{ + if(msg && !param.quiet) + fprintf(stderr, "%s", msg); + handle_fatal(); +} static void catch_fatal_term(void) { - const char msg[] = "\nmpg123: death by SIGTERM\n"; - handle_fatal_msg(msg, sizeof(msg)); + handle_fatal_msg("\nmpg123: death by SIGTERM\n"); } static void catch_fatal_pipe(void) { /* If the SIGPIPE is because of piped stderr, trying to write in the signal handler hangs the program. */ - handle_fatal_msg(NULL, 0); + handle_fatal(); } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/mpg123-1.25.10/src/streamdump.c new/mpg123-1.25.11/src/streamdump.c --- old/mpg123-1.25.10/src/streamdump.c 2018-02-27 11:26:38.000000000 +0100 +++ new/mpg123-1.25.11/src/streamdump.c 2019-07-18 06:06:00.000000000 +0200 @@ -1,7 +1,7 @@ /* streamdump: Dumping a copy of the input data. - copyright 2010 by the mpg123 project - free software under the terms of the LGPL 2.1 + copyright 2010-2019 by the mpg123 project - free software under the terms of the LGPL 2.1 see COPYING and AUTHORS files in distribution or http://mpg123.org initially written by Michael Hipp */ @@ -20,7 +20,7 @@ ssize_t ret = read(fd, buf, count); if(ret > 0 && dump_fd > -1) { - write(dump_fd, buf, ret); + ret = write(dump_fd, buf, ret); } return ret; } @@ -31,7 +31,7 @@ off_t ret = lseek(fd, pos, whence); if(ret >= 0 && dump_fd > -1) { - lseek(dump_fd, pos, whence); + ret = lseek(dump_fd, pos, whence); } return ret; }
