Hello community, here is the log from the commit of package flac.3255 for openSUSE:12.3:Update checked in at 2014-12-08 16:37:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/flac.3255 (Old) and /work/SRC/openSUSE:12.3:Update/.flac.3255.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flac.3255" Changes: -------- New Changes file: --- /dev/null 2014-11-17 01:44:14.624034255 +0100 +++ /work/SRC/openSUSE:12.3:Update/.flac.3255.new/flac.changes 2014-12-08 16:37:22.000000000 +0100 @@ -0,0 +1,334 @@ +------------------------------------------------------------------- +Wed Nov 26 09:56:05 CET 2014 - ti...@suse.de + +- A couple of security fixes: + * flac-fix-CVE-2014-8962.patch: + arbitrary code execution by a stack overflow (CVE-2014-8962, + bnc#906831) + * flac-fix-CVE-2014-9028.patch: + Heap overflow via specially crafted .flac files (CVE-2014-9028, + bnc#907016) + +------------------------------------------------------------------- +Tue Dec 18 11:24:17 UTC 2012 - idon...@suse.com + +- Add flac-fix-pkgconfig.patch to fix includedir in the pkgconfig + files. + +------------------------------------------------------------------- +Sat Dec 8 23:48:01 UTC 2012 - crrodrig...@opensuse.org + +- add xz buildrequires for old distros. + +------------------------------------------------------------------- +Sat Dec 8 21:46:21 UTC 2012 - crrodrig...@opensuse.org + +- Update to current git +* patches deleted: + - flac-1.2.1-asm.patch + - flac-1.2.1-bitreader.patch + - flac-gcc43-fixes.diff + - flac-gcc47.patch + - flac-leaks.patch + - flac-no-xmms.diff + - flac-visibility.patch + - flac-printf-format-fix.diff +All Upstreamed either by us or other distros. + +- Add flac-openssl.patch, do crypto with openssl (not wanted upstream) + +- Restore make check + +------------------------------------------------------------------- +Tue Sep 4 10:00:35 UTC 2012 - sch...@linux-m68k.org + +- Don't ignore $(AM_CFLAGS). +- Remove ppc patch. + +------------------------------------------------------------------- +Tue Mar 13 20:45:17 UTC 2012 - dims...@opensuse.org + +- Add flac-gcc47.patch: Replacing strcpy without 'lenght + limitation' with strncpy, limited to 4 chars. This is safe, as we + check the length already to be sure it is 4 chars, yet do not + suffer from the problem that strcpy wants to add a '\0' char in + plus to the target string. + +------------------------------------------------------------------- +Thu Mar 8 12:55:29 UTC 2012 - dval...@suse.com + +- don't use fvisibility=hidden on ppc. As it can't find symbols + afterwards + +------------------------------------------------------------------- +Fri Jan 27 18:06:28 UTC 2012 - crrodrig...@opensuse.org + +- Fix some memory and resources leak. +- Link shared libraries with -Bsymbolic-functions +- annotate relevant functions with proper attributes to + allow the compiler generate better code (attribute hot. alloc_size) + +------------------------------------------------------------------- +Tue Jan 24 16:01:40 UTC 2012 - crrodrig...@opensuse.org + +- Support symbol visibility features +- Disable test suite, nothing wrong with it, it just + takes too long to run and uses private/hidden symbols to + test flac's internals. + +------------------------------------------------------------------- +Sun Nov 20 03:45:44 UTC 2011 - crrodrig...@opensuse.org + +- Use O_CLOEXEC in all library code. + +------------------------------------------------------------------- +Sat Oct 1 05:39:06 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Wed Sep 28 03:27:46 UTC 2011 - crrodrig...@opensuse.org + +- Build with --enable-sse, this only disables runtime + checking if the *OS* supports SSE, which registers a + SIGILL signal handler then tries to execute SSE code... + it still tests the running *CPU* though. + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - jeng...@medozas.de + +- Apply packaging guidelines (remove redundant/obsolete + tags/sections from specfile, etc.) +- Add flac-devel to baselibs + +------------------------------------------------------------------- +Sat Aug 6 04:00:28 UTC 2011 - crrodrig...@opensuse.org + +- Do not build with -fno-strict-aliasing since is no longer + required. +- Impoer two patches from redhat, one speeds up decoding and + the other enables the working ASM optimizations. + +------------------------------------------------------------------- +Wed Dec 8 13:19:48 UTC 2010 - cristian.rodrig...@opensuse.org + +- run make check, but only the basic test suite, complete + one takes hours. + +------------------------------------------------------------------- +Wed Dec 16 10:22:22 CET 2009 - jeng...@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Tue Nov 3 19:09:16 UTC 2009 - co...@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - o...@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - o...@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Wed May 21 19:11:47 CEST 2008 - cth...@suse.de + +- fix baselibs.conf + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - r...@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Thu Dec 13 01:33:43 CET 2007 - crrodrig...@suse.de + +- disable static libraries +- remove uneeded dependency on libogg-devel in the -devel package +- remove "la" files + +------------------------------------------------------------------- +Mon Oct 22 15:22:16 CEST 2007 - ti...@suse.de + +- fix build with gcc 4.3. + +------------------------------------------------------------------- +Fri Oct 12 14:24:16 CEST 2007 - ti...@suse.de + +- updated to version 1.2.1: + * VUL-0: flac integer overflows (#333278) + * new --keep-foreign-metadata, --no-utf8-convert options + * changed default extension for Ogg FLAC to .oga + * many other fixes, see changelog + +------------------------------------------------------------------- +Wed Jul 25 13:05:50 CEST 2007 - ti...@suse.de + +- updated to version 1.2.0: + * small encoding speedups + * runtime SSE OS support + * fixed bug with invalid seek tables + * added FLAC__format_sample_rate_is_subset(), + FLAC::Decoder::Stream::get_decoder_position() +- clean up spec file + +------------------------------------------------------------------- +Fri Jun 8 14:12:16 CEST 2007 - ti...@suse.de + +- add provides and obsolets for libflac. + +------------------------------------------------------------------- +Tue Jun 5 16:40:03 CEST 2007 - ti...@suse.de + +- split to packages libFLAC8 and libFLAC++6 to follow more the + library packaging policy. + +------------------------------------------------------------------- +Tue Apr 10 19:09:37 CEST 2007 - ti...@suse.de + +- fix post and postun for libflac. +- fix compile warnings ++++ 137 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.flac.3255.new/flac.changes New: ---- baselibs.conf flac-1.2.1_git201212051942.tar.xz flac-fix-CVE-2014-8962.patch flac-fix-CVE-2014-9028.patch flac-fix-pkgconfig.patch flac-ocloexec.patch flac-openssl.patch flac.changes flac.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flac.spec ++++++ # # spec file for package flac # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: flac BuildRequires: gcc-c++ BuildRequires: libogg-devel BuildRequires: libtool BuildRequires: openssl-devel BuildRequires: pkg-config BuildRequires: xz %ifarch %{ix86} BuildRequires: nasm %endif # bug437293 %ifarch ppc64 Obsoletes: flac-64bit %endif Version: 1.2.1_git201212051942 Release: 0 # Summary: Free Lossless Audio Codec License: BSD-3-Clause Group: Productivity/Multimedia/Sound/Utilities Url: http://flac.sourceforge.net/ Source: %{name}-%{version}.tar.xz Source2: baselibs.conf Patch1: flac-ocloexec.patch Patch2: flac-openssl.patch Patch3: flac-fix-pkgconfig.patch Patch4: flac-fix-CVE-2014-8962.patch Patch5: flac-fix-CVE-2014-9028.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description FLAC is an open source lossless audio codec developed by Josh Coalson. %package -n libFLAC8 Summary: Free Lossless Audio Codec Library Group: System/Libraries Obsoletes: libflac < %{version} Provides: libflac = %{version} %description -n libFLAC8 This package contains the library for FLAC (Free Lossless Audio Codec) developed by Josh Coalson. %package -n libFLAC++6 Summary: Free Lossless Audio Codec Library Group: System/Libraries %description -n libFLAC++6 This package contains the C++ library for FLAC (Free Lossless Audio Codec) developed by Josh Coalson. %package devel Summary: FLAC Library Development Package Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libFLAC++6 = %{version} Requires: libFLAC8 = %{version} Requires: libstdc++-devel %description devel This package contains the files needed to compile programs that use the FLAC library. %prep %setup -q %patch1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build touch config.rpath autoreconf --force --install %define warn_flags -O3 -W -Wall -Wstrict-prototypes -Wformat-security export CFLAGS="%{optflags} %{warn_flags}" export CXXFLAGS="$CFLAGS" %configure --disable-thorough-tests \ --disable-xmms-plugin \ --disable-static \ --disable-rpath \ --with-pic \ --enable-sse make %{?_smp_mflags} V=1 %install %make_install # documents mkdir -p %{buildroot}%{_docdir} mv %{buildroot}%{_datadir}/doc/%{name}-1.2.1 %{buildroot}%{_docdir}/%{name} cp -a AUTHORS README COPYING.* %{buildroot}%{_docdir}/%{name} %check make check %post -n libFLAC8 -p /sbin/ldconfig %postun -n libFLAC8 -p /sbin/ldconfig %post -n libFLAC++6 -p /sbin/ldconfig %postun -n libFLAC++6 -p /sbin/ldconfig %files %defattr(-, root, root) %doc %{_docdir}/%{name} %{_bindir}/* %{_mandir}/man*/* %files -n libFLAC8 %defattr(-, root, root) %{_libdir}/libFLAC.so.8* %files -n libFLAC++6 %defattr(-, root, root) %{_libdir}/libFLAC++.so.6* %files devel %defattr(-, root, root) %{_libdir}/lib*.so %{_includedir}/* %{_libdir}/pkgconfig/*.pc %{_datadir}/aclocal/*.m4 %exclude %{_libdir}/lib*.la %changelog ++++++ baselibs.conf ++++++ libFLAC8 obsoletes "flac-<targettype> <= <version>" obsoletes "libflac-<targettype> <= <version>" libFLAC++6 flac-devel requires -flac-<targettype> requires "libFLAC8-<targettype> = <version>" requires "libFLAC++6-<targettype> = <version>" ++++++ flac-fix-CVE-2014-8962.patch ++++++ >From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo <er...@mega-nerd.com> Date: Tue, 18 Nov 2014 07:20:25 -0800 Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow. This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team <mikis...@google.com> --- src/libFLAC/stream_decoder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -94,7 +94,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC * ***********************************************************************/ -static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; +static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; /*********************************************************************** * @@ -1386,6 +1386,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe id = 0; continue; } + + if(id >= 3) + return false; + if(x == ID3V2_TAG_[id]) { id++; i = 0; ++++++ flac-fix-CVE-2014-9028.patch ++++++ >From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo <er...@mega-nerd.com> Date: Wed, 19 Nov 2014 19:35:59 -0800 Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow. A file provided by the reporters caused the stream decoder to write to un-allocated heap space resulting in a segfault. The solution is to error out (by returning false from read_residual_partitioned_rice_()) instead of trying to continue to decode. Fixes: CVE-2014-9028 Reported-by: Michele Spagnuolo, Google Security Team <mikis...@google.com> --- src/libFLAC/stream_decoder.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -2730,7 +2730,8 @@ FLAC__bool read_residual_partitioned_ric if(decoder->private_->frame.header.blocksize < predictor_order) { send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; - return true; + /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */ + return false; } } else { ++++++ flac-fix-pkgconfig.patch ++++++ Index: flac-1.2.1_git201212051942/src/libFLAC/flac.pc.in =================================================================== --- flac-1.2.1_git201212051942.orig/src/libFLAC/flac.pc.in +++ flac-1.2.1_git201212051942/src/libFLAC/flac.pc.in @@ -1,7 +1,7 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ -includedir=@includedir@ +includedir=@includedir@/FLAC Name: FLAC Description: Free Lossless Audio Codec Library Index: flac-1.2.1_git201212051942/src/libFLAC++/flac++.pc.in =================================================================== --- flac-1.2.1_git201212051942.orig/src/libFLAC++/flac++.pc.in +++ flac-1.2.1_git201212051942/src/libFLAC++/flac++.pc.in @@ -1,7 +1,7 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ -includedir=@includedir@ +includedir=@includedir@/FLAC++ Name: FLAC++ Description: Free Lossless Audio Codec Library (C++ API) ++++++ flac-ocloexec.patch ++++++ --- src/libFLAC/metadata_iterators.c.orig +++ src/libFLAC/metadata_iterators.c @@ -438,10 +438,10 @@ static FLAC__bool simple_iterator_prime_ FLAC__ASSERT(0 != iterator); - if(read_only || 0 == (iterator->file = fopen(iterator->filename, "r+b"))) { + if(read_only || 0 == (iterator->file = fopen(iterator->filename, "r+be"))) { iterator->is_writable = false; if(read_only || errno == EACCES) { - if(0 == (iterator->file = fopen(iterator->filename, "rb"))) { + if(0 == (iterator->file = fopen(iterator->filename, "rbe"))) { iterator->status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_ERROR_OPENING_FILE; return false; } @@ -1380,7 +1380,7 @@ static FLAC__bool chain_rewrite_metadata FLAC__ASSERT(0 != chain->filename); - if(0 == (file = fopen(chain->filename, "r+b"))) { + if(0 == (file = fopen(chain->filename, "r+be"))) { chain->status = FLAC__METADATA_CHAIN_STATUS_ERROR_OPENING_FILE; return false; } @@ -1405,7 +1405,7 @@ static FLAC__bool chain_rewrite_file_(FL FLAC__ASSERT(0 != chain->head); /* copy the file prefix (data up to first metadata block */ - if(0 == (f = fopen(chain->filename, "rb"))) { + if(0 == (f = fopen(chain->filename, "rbe"))) { chain->status = FLAC__METADATA_CHAIN_STATUS_ERROR_OPENING_FILE; return false; } @@ -1542,7 +1542,7 @@ static FLAC__bool chain_read_(FLAC__Meta chain->is_ogg = is_ogg; - if(0 == (file = fopen(filename, "rb"))) { + if(0 == (file = fopen(filename, "rbe"))) { chain->status = FLAC__METADATA_CHAIN_STATUS_ERROR_OPENING_FILE; return false; } @@ -3240,7 +3240,7 @@ FLAC__bool open_tempfile_(const char *fi strcat(*tempfilename, tempfile_suffix); } - if(0 == (*tempfile = fopen(*tempfilename, "w+b"))) { + if(0 == (*tempfile = fopen(*tempfilename, "w+be"))) { *status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_ERROR_OPENING_FILE; return false; } --- src/libFLAC/stream_decoder.c.orig +++ src/libFLAC/stream_decoder.c @@ -628,7 +628,7 @@ static FLAC__StreamDecoderInitStatus ini if(0 == write_callback || 0 == error_callback) return decoder->protected_->state = FLAC__STREAM_DECODER_INIT_STATUS_INVALID_CALLBACKS; - file = filename? fopen(filename, "rb") : stdin; + file = filename? fopen(filename, "rbe") : stdin; if(0 == file) return FLAC__STREAM_DECODER_INIT_STATUS_ERROR_OPENING_FILE; --- src/libFLAC/stream_encoder.c.orig +++ src/libFLAC/stream_encoder.c @@ -1283,7 +1283,7 @@ static FLAC__StreamEncoderInitStatus ini if(encoder->protected_->state != FLAC__STREAM_ENCODER_UNINITIALIZED) return FLAC__STREAM_ENCODER_INIT_STATUS_ALREADY_INITIALIZED; - file = filename? fopen(filename, "w+b") : stdout; + file = filename? fopen(filename, "w+be") : stdout; if(file == 0) { encoder->protected_->state = FLAC__STREAM_ENCODER_IO_ERROR; ++++++ flac-openssl.patch ++++++ Return-Path: <c...@cristianrodriguez.net> Received: from localhost.localdomain ([190.162.79.17]) by mx.google.com with ESMTPS id u20sm58699689yhi.10.2012.05.05.14.35.00 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 05 May 2012 14:35:02 -0700 (PDT) Sender: =?UTF-8?Q?Cristian_Rodr=C3=ADguez?= <c...@cristianrodriguez.net> From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodrig...@opensuse.org> To: flac-...@xiph.org Cc: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodrig...@opensuse.org> Subject: =?UTF-8?q?=5BPATCH=5D=20Optionally=2C=20allow=20distros=20to=20use=20openssl=20for=20MD5=20verification?= Date: Sat, 5 May 2012 17:34:31 -0400 Message-Id: <1336253671-7262-1-git-send-email-crrodrig...@opensuse.org> X-Mailer: git-send-email 1.7.7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This has the advantage of being more efficient than the included routines and allows distros to centralize crypto mainteniance on a few libraries. --- configure.ac | 4 +- m4/ax_check_openssl.m4 | 124 +++++++++++++++++++++++++++++++++++++ src/libFLAC/Makefile.am | 2 +- src/libFLAC/include/private/md5.h | 8 ++- src/libFLAC/md5.c | 38 +++++++++++ src/libFLAC/stream_decoder.c | 30 +++++++-- src/libFLAC/stream_encoder.c | 30 +++++++-- 7 files changed, 220 insertions(+), 16 deletions(-) create mode 100644 m4/ax_check_openssl.m4 --- flac-1.2.1_git201212051942.orig/configure.ac +++ flac-1.2.1_git201212051942/configure.ac @@ -58,7 +58,7 @@ AM_PROG_CC_C_O AC_C_INLINE AC_C_VARARRAYS AC_C_TYPEOF - +AC_FUNC_ALLOCA AC_CHECK_HEADERS(stdint.h) AC_SUBST(HAVE_STDINT_H) AC_CHECK_HEADERS(inttypes.h) @@ -85,6 +85,8 @@ dnl check for getopt in standard library dnl AC_CHECK_FUNCS(getopt_long , , [LIBOBJS="$LIBOBJS getopt.o getopt1.o"] ) AC_CHECK_FUNCS(getopt_long, [], []) +AX_CHECK_OPENSSL([AC_DEFINE([HAVE_OPENSSL], [1], [We have openSSL])]) + case "$host_cpu" in i*86) cpu_ia32=true --- /dev/null +++ flac-1.2.1_git201212051942/m4/ax_check_openssl.m4 @@ -0,0 +1,124 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]]) +# +# DESCRIPTION +# +# Look for OpenSSL in a number of default spots, or in a user-selected +# spot (via --with-openssl). Sets +# +# OPENSSL_INCLUDES to the include directives required +# OPENSSL_LIBS to the -l directives required +# OPENSSL_LDFLAGS to the -L or -R flags required +# +# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately +# +# This macro sets OPENSSL_INCLUDES such that source files should use the +# openssl/ directory in include directives: +# +# #include <openssl/hmac.h> +# +# LICENSE +# +# Copyright (c) 2009,2010 Zmanda Inc. <http://www.zmanda.com/> +# Copyright (c) 2009,2010 Dustin J. Mitchell <dus...@zmanda.com> +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 8 + +AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL]) +AC_DEFUN([AX_CHECK_OPENSSL], [ + found=false + AC_ARG_WITH([openssl], + [AS_HELP_STRING([--with-openssl=DIR], + [root of the OpenSSL directory])], + [ + case "$withval" in + "" | y | ye | yes | n | no) + AC_MSG_ERROR([Invalid --with-openssl value]) + ;; + *) ssldirs="$withval" + ;; + esac + ], [ + # if pkg-config is installed and openssl has installed a .pc file, + # then use that information and don't search ssldirs + AC_PATH_PROG([PKG_CONFIG], [pkg-config]) + if test x"$PKG_CONFIG" != x""; then + OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` + if test $? = 0; then + OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` + OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` + found=true + fi + fi + + # no such luck; use some default ssldirs + if ! $found; then + ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" + fi + ] + ) + + + # note that we #include <openssl/foo.h>, so the OpenSSL headers have to be in + # an 'openssl' subdirectory + + if ! $found; then + OPENSSL_INCLUDES= + for ssldir in $ssldirs; do + AC_MSG_CHECKING([for openssl/ssl.h in $ssldir]) + if test -f "$ssldir/include/openssl/ssl.h"; then + OPENSSL_INCLUDES="-I$ssldir/include" + OPENSSL_LDFLAGS="-L$ssldir/lib" + OPENSSL_LIBS="-lssl -lcrypto" + found=true + AC_MSG_RESULT([yes]) + break + else + AC_MSG_RESULT([no]) + fi + done + + # if the file wasn't found, well, go ahead and try the link anyway -- maybe + # it will just work! + fi + + # try the preprocessor and linker with our new flags, + # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS + + AC_MSG_CHECKING([whether compiling and linking against OpenSSL works]) + echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \ + "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD + + save_LIBS="$LIBS" + save_LDFLAGS="$LDFLAGS" + save_CPPFLAGS="$CPPFLAGS" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" + LIBS="$OPENSSL_LIBS $LIBS" + CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([#include <openssl/ssl.h>], [SSL_new(NULL)])], + [ + AC_MSG_RESULT([yes]) + $1 + ], [ + AC_MSG_RESULT([no]) + $2 + ]) + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + + AC_SUBST([OPENSSL_INCLUDES]) + AC_SUBST([OPENSSL_LIBS]) + AC_SUBST([OPENSSL_LDFLAGS]) +]) --- flac-1.2.1_git201212051942.orig/src/libFLAC/Makefile.am +++ flac-1.2.1_git201212051942/src/libFLAC/Makefile.am @@ -79,7 +79,7 @@ endif endif endif -libFLAC_la_LIBADD = $(LOCAL_EXTRA_LIBADD) @OGG_LIBS@ -lm +libFLAC_la_LIBADD = $(LOCAL_EXTRA_LIBADD) @OPENSSL_LIBS@ @OGG_LIBS@ -lm SUBDIRS = $(ARCH_SUBDIRS) include . @@ -131,5 +131,5 @@ libFLAC_sources = \ libFLAC_la_SOURCES = $(libFLAC_sources) # needed for test_libFLAC -libFLAC_static_la_LIBADD = $(LOCAL_EXTRA_LIBADD) +libFLAC_static_la_LIBADD = $(LOCAL_EXTRA_LIBADD) $(OPENSSL_LIBS) libFLAC_static_la_SOURCES = $(libFLAC_sources) --- flac-1.2.1_git201212051942.orig/src/libFLAC/include/private/md5.h +++ flac-1.2.1_git201212051942/src/libFLAC/include/private/md5.h @@ -28,6 +28,11 @@ #include "FLAC/ordinals.h" +#if defined(HAVE_OPENSSL) +#include <openssl/evp.h> +#define FLAC__MD5Context EVP_MD_CTX +#else +#define EVP_MAX_MD_SIZE 16 typedef struct { FLAC__uint32 in[16]; FLAC__uint32 buf[4]; @@ -37,7 +42,8 @@ typedef struct { } FLAC__MD5Context; void FLAC__MD5Init(FLAC__MD5Context *context); -void FLAC__MD5Final(FLAC__byte digest[16], FLAC__MD5Context *context); +void FLAC__MD5Final(FLAC__byte digest[EVP_MAX_MD_SIZE], FLAC__MD5Context *context); +#endif FLAC__bool FLAC__MD5Accumulate(FLAC__MD5Context *ctx, const FLAC__int32 * const signal[], unsigned channels, unsigned samples, unsigned bytes_per_sample); --- flac-1.2.1_git201212051942.orig/src/libFLAC/md5.c +++ flac-1.2.1_git201212051942/src/libFLAC/md5.c @@ -5,6 +5,19 @@ #include <stdlib.h> /* for malloc() */ #include <string.h> /* for memcpy() */ +#ifdef HAVE_ALLOCA_H +# include <alloca.h> +#elif !defined alloca +# ifdef __GNUC__ +# define alloca __builtin_alloca +# elif defined _AIX +# define alloca __alloca +# elif defined _MSC_VER +# include <malloc.h> +# define alloca _alloca +# endif +#endif + #include "private/md5.h" #include "share/alloc.h" @@ -35,6 +48,7 @@ /* The four core functions - F1 is optimized somewhat */ +#if !defined(HAVE_OPENSSL) /* #define F1(x, y, z) (x & y | ~x & z) */ #define F1(x, y, z) (z ^ (x & (y ^ z))) #define F2(x, y, z) F1(z, x, y) @@ -267,6 +281,8 @@ void FLAC__MD5Final(FLAC__byte digest[16 memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ } +#endif /* !defined(HAVE_OPENSSL) */ + /* * Convert the incoming audio signal to a byte stream */ @@ -401,6 +417,26 @@ FLAC__bool FLAC__MD5Accumulate(FLAC__MD5 if((size_t)channels * (size_t)bytes_per_sample > SIZE_MAX / (size_t)samples) return false; +#if defined(HAVE_OPENSSL) + /* Use stack for the most common cases, heap when bytes_needed is larger than 4032 (unlikely) + * Note that this is a _very_ conservative estimation. + */ +#if defined(_MSC_VER) +/* see http://msdn.microsoft.com/en-us/library/5471dc8s(v=vs.80).aspx for the rationale */ + FLAC__byte *tmp = _malloca(bytes_needed); +#else + const FLAC__bool usealloca = (bytes_needed < 4032); + FLAC__byte *tmp = usealloca ? alloca(bytes_needed) : safe_malloc_(bytes_needed); +#endif + format_input_(tmp, signal, channels, samples, bytes_per_sample); + const FLAC__bool retval = (EVP_DigestUpdate(ctx, tmp , bytes_needed) == 1); +#if defined(_MSC_VER) + _freea(tmp) +#else + if(!usealloca) free(tmp); +#endif + return retval; +#else if(ctx->capacity < bytes_needed) { FLAC__byte *tmp = realloc(ctx->internal_buf, bytes_needed); if(0 == tmp) { @@ -418,4 +454,6 @@ FLAC__bool FLAC__MD5Accumulate(FLAC__MD5 FLAC__MD5Update(ctx, ctx->internal_buf, bytes_needed); return true; +#endif + } --- flac-1.2.1_git201212051942.orig/src/libFLAC/stream_decoder.c +++ flac-1.2.1_git201212051942/src/libFLAC/stream_decoder.c @@ -164,7 +164,7 @@ typedef struct FLAC__StreamDecoderPrivat FLAC__bool internal_reset_hack; /* used only during init() so we can call reset to set up the decoder without rewinding the input */ FLAC__bool is_seeking; FLAC__MD5Context md5context; - FLAC__byte computed_md5sum[16]; /* this is the sum we computed from the decoded data */ + FLAC__byte computed_md5sum[EVP_MAX_MD_SIZE]; /* this is the sum we computed from the decoded data */ /* (the rest of these are only used for seeking) */ FLAC__Frame last_frame; /* holds the info of the last frame we seeked to */ FLAC__uint64 first_frame_offset; /* hint to the seek routine of where in the stream the first audio frame starts */ @@ -301,7 +301,9 @@ FLAC_API FLAC__StreamDecoder *FLAC__stre decoder->private_->file = 0; set_defaults_(decoder); - +#if defined(HAVE_OPENSSL) + EVP_MD_CTX_init(&decoder->private_->md5context); +#endif decoder->protected_->state = FLAC__STREAM_DECODER_UNINITIALIZED; return decoder; @@ -327,7 +329,9 @@ FLAC_API void FLAC__stream_decoder_delet for(i = 0; i < FLAC__MAX_CHANNELS; i++) FLAC__format_entropy_coding_method_partitioned_rice_contents_clear(&decoder->private_->partitioned_rice_contents[i]); - +#if defined(HAVE_OPENSSL) + EVP_MD_CTX_cleanup(&decoder->private_->md5context); +#endif free(decoder->private_); free(decoder->protected_); free(decoder); @@ -647,8 +651,16 @@ FLAC_API FLAC__bool FLAC__stream_decoder /* see the comment in FLAC__seekable_stream_decoder_reset() as to why we * always call FLAC__MD5Final() */ +#if defined(HAVE_OPENSSL) + /* decoder->private_->computed_md5sum is NULL when decoder->private_->do_md5_checking == false + * that causes assertion failure crash in openSSL. + */ + if(decoder->private_->do_md5_checking) { + md5_failed = (EVP_DigestFinal_ex(&decoder->private_->md5context, decoder->private_->computed_md5sum, NULL) == 0); + } +#else FLAC__MD5Final(decoder->private_->computed_md5sum, &decoder->private_->md5context); - +#endif if(decoder->private_->has_seek_table && 0 != decoder->private_->seek_table.data.seek_table.points) { free(decoder->private_->seek_table.data.seek_table.points); decoder->private_->seek_table.data.seek_table.points = 0; @@ -999,11 +1011,15 @@ FLAC_API FLAC__bool FLAC__stream_decoder * FLAC__stream_decoder_finish() to make sure things are always cleaned up * properly. */ - FLAC__MD5Init(&decoder->private_->md5context); + decoder->private_->first_frame_offset = 0; - decoder->private_->first_frame_offset = 0; - decoder->private_->unparseable_frame_count = 0; + decoder->private_->unparseable_frame_count = 0; +#if defined(HAVE_OPENSSL) + return (EVP_DigestInit_ex(&decoder->private_->md5context, EVP_md5(), NULL) == 1); +#else +▷⋅⋅⋅FLAC__MD5Init(&decoder->private_->md5context); +#endif return true; } --- flac-1.2.1_git201212051942.orig/src/libFLAC/stream_encoder.c +++ flac-1.2.1_git201212051942/src/libFLAC/stream_encoder.c @@ -562,7 +562,9 @@ FLAC_API FLAC__StreamEncoder *FLAC__stre FLAC__format_entropy_coding_method_partitioned_rice_contents_init(&encoder->private_->partitioned_rice_contents_extra[i]); encoder->protected_->state = FLAC__STREAM_ENCODER_UNINITIALIZED; - +#if defined(HAVE_OPENSSL) + if(encoder->protected_->do_md5) EVP_MD_CTX_init(&encoder->private_->md5context); +#endif return encoder; } @@ -596,6 +598,11 @@ FLAC_API void FLAC__stream_encoder_delet FLAC__format_entropy_coding_method_partitioned_rice_contents_clear(&encoder->private_->partitioned_rice_contents_extra[i]); FLAC__bitwriter_delete(encoder->private_->frame); +#if defined(HAVE_OPENSSL) + if(encoder->protected_->do_md5) { + EVP_MD_CTX_cleanup(&encoder->private_->md5context); + } +#endif free(encoder->private_); free(encoder->protected_); free(encoder); @@ -1029,8 +1036,15 @@ static FLAC__StreamEncoderInitStatus ini encoder->private_->streaminfo.data.stream_info.bits_per_sample = encoder->protected_->bits_per_sample; encoder->private_->streaminfo.data.stream_info.total_samples = encoder->protected_->total_samples_estimate; /* we will replace this later with the real total */ memset(encoder->private_->streaminfo.data.stream_info.md5sum, 0, 16); /* we don't know this yet; have to fill it in later */ - if(encoder->protected_->do_md5) - FLAC__MD5Init(&encoder->private_->md5context); + if(encoder->protected_->do_md5) { +#if defined(HAVE_OPENSSL) + if(EVP_DigestInit_ex(&encoder->private_->md5context, EVP_md5(), NULL) == 0) { + return FLAC__STREAM_ENCODER_INIT_STATUS_ENCODER_ERROR; + } +#else + FLAC__MD5Init(&encoder->private_->md5context); +#endif + } if(!FLAC__add_metadata_block(&encoder->private_->streaminfo, encoder->private_->frame)) { encoder->protected_->state = FLAC__STREAM_ENCODER_FRAMING_ERROR; return FLAC__STREAM_ENCODER_INIT_STATUS_ENCODER_ERROR; @@ -1299,9 +1313,13 @@ FLAC_API FLAC__bool FLAC__stream_encoder } } - if(encoder->protected_->do_md5) - FLAC__MD5Final(encoder->private_->streaminfo.data.stream_info.md5sum, &encoder->private_->md5context); - + if(encoder->protected_->do_md5) { +#if defined(HAVE_OPENSSL) + error = (EVP_DigestFinal_ex(&encoder->private_->md5context, encoder->private_->streaminfo.data.stream_info.md5sum, NULL) == 0); +#else + FLAC__MD5Final(encoder->private_->streaminfo.data.stream_info.md5sum, &encoder->private_->md5context); +#endif + } if(!encoder->private_->is_being_deleted) { if(encoder->protected_->state == FLAC__STREAM_ENCODER_OK) { if(encoder->private_->seek_callback) { -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org