Hello community, here is the log from the commit of package tcd for openSUSE:Factory checked in at 2013-03-27 19:33:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tcd (Old) and /work/SRC/openSUSE:Factory/.tcd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tcd", Maintainer is "k...@suse.com" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:Factory/.tcd.new/tcd.changes 2013-03-27 19:33:32.000000000 +0100 @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Sun Mar 17 16:07:52 UTC 2013 - jeng...@inai.de + +- Initial package (version 2.2.0) for build.opensuse.org New: ---- tcd-2.2.0.tar.bz2 tcd-2.2.0.tar.bz2.sig tcd-discid.diff tcd-linkorder.diff tcd.changes tcd.keyring tcd.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tcd.spec ++++++ # # spec file for package tcd # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: tcd Summary: Ncurses-based CD-DA player License: GPL-2.0+ Group: Productivity/Multimedia/Sound/Players Version: 2.2.0 Release: 0 Url: http://nongnu.org/tcd/ #DL-URL: http://download.savannah.gnu.org/releases/tcd/ Source: http://download.savannah.gnu.org/releases/tcd/%name-%version.tar.bz2 Source2: http://download.savannah.gnu.org/releases/tcd/%name-%version.tar.bz2.sig Patch1: tcd-linkorder.diff Patch2: tcd-discid.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf >= 2.67 BuildRequires: automake BuildRequires: libSDL-devel >= 1.2.0 BuildRequires: ncurses-devel %if 0%{?suse_version} >= 1230 BuildRequires: gpg-offline %endif %description tcd is a tiny cd player for a text terminal. It uses ncurses for drawing and SDL for playing audio CDs. %prep %{?gpg_verify: %gpg_verify %{S:2}} %setup -q %patch -P 1 -P 2 -p1 %build autoreconf -fi %configure make %{?_smp_mflags} %install make install DESTDIR="%buildroot" %files %defattr(-,root,root) %_bindir/tcd %_mandir/man1/tcd* %doc COPYING %changelog ++++++ tcd-discid.diff ++++++ From: Jan Engelhardt <jeng...@inai.de> Date: 2013-03-17 16:46:40.000000000 +0100 tcd: resolve crash The discid is a 32-bit unsigned quantity, but the cddb_discid function uses it as signed. If it is negative, the conversion to unsigned long can produce a value larger than 0xFFFFFFFF, which would cause a stack smash when sprintf was used. --- src/cd-utils.c | 3 ++- src/cddb.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) Index: tcd-2.2.0/src/cd-utils.c =================================================================== --- tcd-2.2.0.orig/src/cd-utils.c +++ tcd-2.2.0/src/cd-utils.c @@ -21,7 +21,8 @@ static int cddb_sum(unsigned int n) extern unsigned long cddb_discid(const SDL_CD * cdrom) { - int i, t = 0, n = 0; + int i, t = 0; + uint32_t n = 0; for (i = 0; i < cdrom->numtracks; i++) { n += cddb_sum(cdrom->track[i].offset / CD_FPS); } Index: tcd-2.2.0/src/cddb.c =================================================================== --- tcd-2.2.0.orig/src/cddb.c +++ tcd-2.2.0/src/cddb.c @@ -225,7 +225,10 @@ static const char *get_home_dir(void) static char *cddb_filename(unsigned long discid) { char cd_id[9]; - sprintf(cd_id, "%08lx", discid); + int ret; + ret = snprintf(cd_id, sizeof(cd_id), "%08lx", discid); + if (ret >= sizeof(cd_id)) + abort(); return concat_strings(get_home_dir(), "/.tcd/", cd_id, NULL); } ++++++ tcd-linkorder.diff ++++++ From: Jan Engelhardt <jeng...@inai.de> Date: 2013-03-17 14:43:46.875421301 +0100 build: resolve order of link arguments Libraries do not belong into flags! User variables should not be overriden! Resolve the mess by using pkg-config to determine SDL's location. --- configure.ac | 4 +--- src/Makefile.am | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) Index: tcd-2.2.0/configure.ac =================================================================== --- tcd-2.2.0.orig/configure.ac +++ tcd-2.2.0/configure.ac @@ -13,9 +13,7 @@ AC_ARG_ENABLE([debug], AC_PROG_CC # Checks for libraries -ri_CONFIG_SCRIPT(sdl, 1.2.0, SDL_CPPFLAGS, SDL_LDFLAGS) -CPPFLAGS="$CPPFLAGS $SDL_CPPFLAGS" -LDFLAGS="$LDFLAGS $SDL_LDFLAGS" +PKG_CHECK_MODULES([SDL], [sdl >= 1.2]) AC_CHECK_LIB(ncurses, initscr, , AC_MSG_ERROR([No ncurses library found.])) Index: tcd-2.2.0/src/Makefile.am =================================================================== --- tcd-2.2.0.orig/src/Makefile.am +++ tcd-2.2.0/src/Makefile.am @@ -1,4 +1,6 @@ +AM_CPPFLAGS = ${SDL_CFLAGS} bin_PROGRAMS = tcd man_MANS = tcd.1 tcd_SOURCES = cd-utils.c cd-utils.h cddb.c concat-strings.c tcd.c tracked.c user-interface.c cddb.h concat-strings.h tcd.h tracked.h user-interface.h ui-layout.c ui-layout.h +tcd_LDADD = ${SDL_LIBS} ++++++ tcd.keyring ++++++ pub 1024D/BACCF5EE 2002-07-06 uid Roland Illig <roland.il...@gmx.de> uid Roland Illig <ril...@netbsd.org> uid Roland Illig <roland.il...@gmx.net> uid Roland Illig <ril...@users.sourceforge.net> uid Roland Illig <1il...@informatik.uni-hamburg.de> sub 2048g/1F446D11 2002-07-06 [utgikk: 2005-11-19] sub 2048g/F4515AA6 2005-09-27 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBD0nLgURBACrAq8iAobp86KRSgEr6jU3yXdtWO+5tP6zxvGX12jJILe+TW/v BEhP60p7hpvZvYIQEzDCa6M1ctFVHoAAsvuhs3+vmsXig4Yz227TKMoquMIHG+Pd BDy5TFZTlsR25vXAPjIOCSWYg5IYehbSuQDUbB8ryvu++n0D7QHj8m1mywCg195o 2PmkQTMkq7W8sdjoem2+gCUD/0t68FPOv1a0zaW+iiNq9iKhTr2OMQ/zkNvok7LS 03L42XoHYX345GGi7cOxUs5t4p967jHJ8D8yy0ymwCehwCMwYn92qRqkS3jUUvOv ywRbpT+ilSYzK1Zlc39g5JkCjSvPaJPnb3FRMfpKghWEGgeTf3Blx7SmPPT86S9h VVvMA/49Mdi2PtBETNBxQ+zz4SIDcC1UmGUg2FFRh9KhJntZ1CLVHtiYDXswrY2w XXjveb44jRxBBfBuQuSi7E43Xd0+JxyK2MeaBUo+tOm0RrnWjWOnjMKmiNDW0REF avQCuzgB/2055a0IGABxHwmIiubrIsxykhVIWMlSDwTQtH49ObQgUm9sYW5kIEls bGlnIDxyaWxsaWdATmV0QlNELm9yZz6IXgQTEQIAHgUCQgYMvAIbAwYLCQgHAwID FQIDAxYCAQIeAQIXgAAKCRDGu80jusz17o8TAKCiu8DmBSZv0fflkDjM34+WFzW1 XACeKB2JQgPU4Qmy3AIxXy/CsCVff0u0IlJvbGFuZCBJbGxpZyA8cm9sYW5kLmls bGlnQGdteC5kZT6IWgQTEQIAGgULBwoDBAMVAwIDFgIBAheABQJDxts0AhkBAAoJ EMa7zSO6zPXu2xEAnRNzz3Wr8ThVPmVM5TN2gEsdwFeFAKCmNOwPYIao/Aqc5azi cT07xaDVd7QjUm9sYW5kIElsbGlnIDxyb2xhbmQuaWxsaWdAZ214Lm5ldD6IXgQT EQIAHgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAUCP5vidAAKCRDGu80jusz17heN AJ9I7tLTPamrKlZOCqOFd+OYyVS1hgCbBEWz8gRZDsmaDHIM6slBXwQQjti0K1Jv bGFuZCBJbGxpZyA8cmlsbGlnQHVzZXJzLnNvdXJjZWZvcmdlLm5ldD6IXgQTEQIA HgUCQgYM1gIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRDGu80jusz17oD8AJ9N OrB111pkZ3L8NMTuHhJhWnO/dwCgtPkFSZUU74N3+5GdY2qlY/6BQe+0L1JvbGFu ZCBJbGxpZyA8MWlsbGlnQGluZm9ybWF0aWsudW5pLWhhbWJ1cmcuZGU+iF4EExEC AB4CGwMGCwkIBwMCAxUCAwMWAgECHgECF4AFAj+b4nQACgkQxrvNI7rM9e76XQCg oSdSqlLyRiIREJs3J39VUSxDdmoAniMytX+3NpBGmVivYeU4/NEYmYjHuQINBD0n LgwQCADIF0NzekDtDJQ8iIVHblP62kIRV5kT5MstoOQDAY0kpxmPE1XHxwtGz2wT LNKljjgtvYI8cqXeRu7uN73CbfBkQ/6TNPOnMUzaWvEWaYzjqorKZkZ9W6zX4kKo Hppcy2h2UR2x8/ArgqN9GYX/0ahIGvIiUDe5+ZOWz369hbt+fLQNB8zK5L84AnLk 0qjbbUYhyFjS3zTrp4c4qhmE6mZ2slC5OYvk5jrjGCnO5KVWvKzCGQIZ6DR46ZvB QtlVBIIZLd+uPWINJu+niyCi33cw0eJT0BtXPmgcNKVMLlJi5JQ4zyN/w2hiJkCN xToIpxF/tlqhrhUYexIxZ9WZCyZ/AAMFCACzJopUaFA3nv1xLR8gxVJLcJMvhx9R GaqujKTI7GApbWW3eYf5UCqdZKFOcDEDTEYRRSG9HQSIjfHxLQeDHDdWGY3bT5Oy n5ouQNaBuQF65C/pSmxd3Z+5VqVBlHtogLS6gbrt2obbRESiv5B+0thlMO72zkEX AZD223C/DjZPRm7HiNeZkDAHeU1Oh3Vrn4NL0UH9Bh73mzXW85JrF1p40ABZFqP5 h+Y1+e6MGD1c7pDoZAy/XRW4NpqBs/d90SXcSewmztsronMr9l/sCKLstzZIu9Q+ u9BanODhWBIoRf2feBykwt32P3sP32WbWP090CyTg5dmkhd3quN0DmXLiEwEGBEC AAwFAkMJDK0FCQZYhaEACgkQxrvNI7rM9e7MSACgtwn7zEOcwqs+Do/rpDzpcv8W tOIAoJF+mCyB7Wv6oDS/FVzZwrRGnIKiuQINBEM5jiUQCADzIDxSa4n+00inJjeV jFnWUFcdoYHQwdMOhO8ARphJJ5gKyNyyXbsA0e/8PNMUh1bo/QTtXse5c8C3PEbV p0teSYV/xJ0ErDUcsTaWQYD8bjIQT07at+vDtlQWDl8P+o1PGDt058CQiGg/PwjI ulYn8DeoeEfbLpRKoVLPT2FkPDLG7hJ9FPsjQ7k4nc+xC0X5Ij+q/I+T6MzeGpkG MRHcd9RdkF1vWZs5/oXLtVwnVL7NQdF6MXg/P0vtlRvP3DcHZq18m93rcUVLyMDz HvUsHaS9jbgr1fbIutaF5wS1gDciNCXO2ocz2rLbKBPlbldMH2f29C9qMG8f7O9x P1yzAAMFCACJb0q+CJ9k5b7hvZvloIBz/4nTs19ummVoCai/lN9SPIDzV3yQGDz/ dOgSNAbR14Hb3IZd+Jy98n8z9vbP+vqo96SUCh/LqEi/NY68B8lynT0QmhT9OPVf ZAUweCIOTunepog1Z3xc9lir66oV1S24fvwgrk1GsYyoaQ1CYYtq0wg8mdsA4kJW qBaL3Rzlgg4KhFNAPWoT9VUcmY6BvtEdpRF0uUBpw85MJ9wSrHNqQ8TIyIAs4y0R m8nBAbLHVVUda+F1PxtExTrhA1hHZxuxSmegkSzOE3NiPDJwWSquu4r5Ux4JPk1E Lk0AGKuTzj6Cbh/jhGptIDVlg2lefJHviEkEGBECAAkFAkM5jiUCGwwACgkQxrvN I7rM9e52EQCgjuoLdMm2Wvp981QyAxeZotQQ+F4AnR2kVyjy04WIP2k47J610dq7 Ktj/ =LCvG -----END PGP PUBLIC KEY BLOCK----- -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org