Accepting request 140370 from home:tiwai:branches:multimedia:apps

- updated to version 5.18.02, including previous security fixes: this fixes the build failure on FACTORY with new bison, too; see ChangeLog for detailed updates and fixes OBS-URL: https://build.opensuse.org/request/show/140370 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/csound?expand=0&rev=15
2012-11-06 18:16:03 +00:00 · 2012-11-06 18:16:03 +00:00 · 46da5fa302
commit 46da5fa302
parent f030dd866d
5 changed files with 12 additions and 64 deletions
--- a/Csound5.16.6.tar.gz
+++ b/Csound5.16.6.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0ba912850152aeddb7eb757a33c185e3d50b4807548db6d7ba6cf85de15e7ffb
-size 8735038
--- a/Csound5.18.02.tar.gz
+++ b/Csound5.18.02.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4c461cf3bf60b83671224949dd33805379b7121bf2c0ad6af5e191e7f6f8adc8
+size 9211491
--- a/csound-fix-CVE-2012-2107.patch
+++ b/csound-fix-CVE-2012-2107.patch
@ -1,57 +0,0 @@
-From 61d1df45ca9a52bab62892a3c3a13c41e6384505 Mon Sep 17 00:00:00 2001
-From: John ffitch <jpff@codemist.co.uk>
-Date: Tue, 6 Mar 2012 17:12:43 +0000
-Subject: [PATCH] security in utilities
-
---
- util/lpci_main.c |   17 ++++++++++++++---
- util/pv_import.c |    4 ++++
- 2 files changed, 18 insertions(+), 3 deletions(-)
-
--- a/util/lpci_main.c
-+++ b/util/lpci_main.c
-@@ -73,17 +73,28 @@ int main(int argc, char **argv)
-             hdr.headersize, hdr.lpmagic, hdr.npoles, hdr.nvals,
-             hdr.framrate, hdr.srate, hdr.duration);
-     str = (char *)malloc(hdr.headersize-sizeof(LPHEADER)+4);
-    fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf);
-+    if (str==NULL) {
-+      printf("memory allocation failure\n");
-+      exit(1);
-+    }
-+    if (hdr.headersize-sizeof(LPHEADER)+4 !=
-+        fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf)) {
-+      printf("Ill formed data\n");
-+      exit(1);
-+    }
-     for (i=0; i<hdr.headersize-sizeof(LPHEADER)+4; i++)
-       putc(str[i],outf);
-     putc('\n', outf);
-    coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT));
-+    coef = (MYFLT *)malloc(hdr.npoles*sizeof(MYFLT));
-     if (coef==NULL) {
-       printf("memory allocation failure\n");
-       exit(1);
-     }
-     for (i = 0; i<hdr.nvals; i++) {
-      fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf);
-+      if (hdr.npoles != fread(coef, sizeof(MYFLT), hdr.npoles, inf)) {
-+        printf("Ill formed data\n");
-+        exit(1);
-+      }
-       for (j=0; j<hdr.npoles; j++)
-         fprintf(outf, "%f%c", coef[j], (j==hdr.npoles-1 ? '\n' : ','));
-     }
--- a/util/pv_import.c
-+++ b/util/pv_import.c
-@@ -115,6 +115,10 @@ static int pv_import(CSOUND *csound, int
-       float *frame =
-         (float*) csound->Malloc(csound, data.nAnalysisBins*2*sizeof(float));
-       int i;
-+      if (frame==NULL) {
-+        csound->Message(csound, Str("Memory failure\n"));
-+        exit(1);
-+      }
-       for (i=1;;i++) {
-         int j;
-         for (j=0; j<data.nAnalysisBins*2; j++) {
--- a/csound.changes
+++ b/csound.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Nov  6 16:03:11 CET 2012 - tiwai@suse.de
+
+- updated to version 5.18.02, including previous security fixes:
+  this fixes the build failure on FACTORY with new bison, too;
+  see ChangeLog for detailed updates and fixes
+
 -------------------------------------------------------------------
 Wed Apr 18 11:21:46 CEST 2012 - tiwai@suse.de

--- a/csound.spec
+++ b/csound.spec
@ -38,16 +38,15 @@ BuildRequires:  libjpeg-devel
 BuildRequires:  libpng-devel
 BuildRequires:  xorg-x11-devel
 %endif
-Version:        5.16.6
+Version:        5.18.02
 Release:        0
 Summary:        Computer Sound Synthesis and Composition Program
-License:        GFDL-1.2 ; LGPL-2.1+ ; MIT
+License:        GFDL-1.2 and LGPL-2.1+ and MIT
 Group:          Productivity/Multimedia/Sound/Utilities
 Url:            http://www.csounds.com
 Source:         Csound%{version}.tar.gz
 Source1:        README.SuSE
 Patch3:         %{name}-strncat-fix.patch
-Patch4:         csound-fix-CVE-2012-2107.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -68,7 +67,6 @@ Development files for Csound.
 %prep
 %setup -q -n Csound%{version}
 %patch3
-%patch4 -p1
 # remove __DATE__ from source files, causes unnecessary rebuilds
 sed -i 's:__DATE__:"":' Engine/musmon.c frontends/CsoundVST/CsoundVstFltk.cpp Top/main.c
 # copy readme