Accepting request 615946 from home:kbabioch:branches:multimedia:libs

- Update to version 2.0.0 - Fixed several memory leaks - Applied spec-cleaner - Update to 2.0.0 - Removed patches (included upstream): - CVE-2017-18201.patch - 0001-Savannah-Bug-49907.patch - Fixed heap-based buffer over-read in iso-info.c (CVE-2017-18198 bsc#1082819) - Fixed NULL pointer dereference in rock.c (CVE-2017-18199 bsc#1082821) - Fixed several (non-critical) memory leaks - Bumped sonames - Applied spec-cleaner OBS-URL: https://build.opensuse.org/request/show/615946 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libcdio?expand=0&rev=56
2018-06-11 11:01:53 +00:00 · 2018-06-11 11:01:53 +00:00 · eb25b269a5
commit eb25b269a5
parent ac09be8cf5
11 changed files with 52 additions and 167 deletions
--- a/0001-Savannah-Bug-49907.patch
+++ b/0001-Savannah-Bug-49907.patch
@ -1,103 +0,0 @@
-From ddd984854b09c1a8203867534c087c0d83ff8622 Mon Sep 17 00:00:00 2001
-From: "R. Bernstein" <rocky@gnu.org>
-Date: Mon, 9 Oct 2017 12:35:54 -0400
-Subject: [PATCH] Savannah Bug #49907
-
-subdir-objects breaks symbol versioning. See https://savannah.gnu.org/bugs/?49907
---
- lib/driver/Makefile.am  | 11 +++++------
- lib/iso9660/Makefile.am | 11 +++++------
- 2 files changed, 10 insertions(+), 12 deletions(-)
-
-Index: libcdio-0.94/lib/driver/Makefile.am
-===================================================================
--- libcdio-0.94.orig/lib/driver/Makefile.am
-+++ libcdio-0.94/lib/driver/Makefile.am
-@@ -176,13 +176,12 @@ if BUILD_VERSIONED_LIBS
- libcdio_la_LDFLAGS = $(libcdio_la_ldflags) -Wl,--version-script=libcdio.la.ver
- libcdio_la_DEPENDENCIES = libcdio.la.ver
- 
-libcdio.la.ver: $(libcdio_la_OBJECTS) $(srcdir)/libcdio.sym
-+libcdio.la.ver: $(srcdir)/libcdio.sym
- 	@echo 'CDIO_$(libcdio_la_MAJOR) { ' > $@
-	@objs=`for obj in $(libcdio_la_OBJECTS); do sed -ne "s/^pic_object='\(.*\)'$$/\1/p" $$obj; done`; \
-	if test -n "$${objs}" ; then \
-	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libcdio.sym; then if test $$first = true; then echo "  global:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libcdio.sym; then :; else if test $$first = true; then echo "  local:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-	fi
-+	@echo '  global:' >> $@
-+	@sed 's/^/    /;s/$$/;/' $< >> $@
-+	@echo '  local:' >> $@
-+	@echo '    *;' >> $@
- 	@echo '};' >> $@
- else
- libcdio_la_LDFLAGS = $(libcdio_la_ldflags)
-Index: libcdio-0.94/lib/driver/Makefile.in
-===================================================================
--- libcdio-0.94.orig/lib/driver/Makefile.in
-+++ libcdio-0.94/lib/driver/Makefile.in
-@@ -981,13 +981,12 @@ uninstall-am: uninstall-libLTLIBRARIES
- .PRECIOUS: Makefile
- 
- 
-@BUILD_VERSIONED_LIBS_TRUE@libcdio.la.ver: $(libcdio_la_OBJECTS) $(srcdir)/libcdio.sym
-+@BUILD_VERSIONED_LIBS_TRUE@libcdio.la.ver: $(srcdir)/libcdio.sym
- @BUILD_VERSIONED_LIBS_TRUE@	@echo 'CDIO_$(libcdio_la_MAJOR) { ' > $@
-@BUILD_VERSIONED_LIBS_TRUE@	@objs=`for obj in $(libcdio_la_OBJECTS); do sed -ne "s/^pic_object='\(.*\)'$$/\1/p" $$obj; done`; \
-@BUILD_VERSIONED_LIBS_TRUE@	if test -n "$${objs}" ; then \
-@BUILD_VERSIONED_LIBS_TRUE@	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libcdio.sym; then if test $$first = true; then echo "  global:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-@BUILD_VERSIONED_LIBS_TRUE@	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libcdio.sym; then :; else if test $$first = true; then echo "  local:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-@BUILD_VERSIONED_LIBS_TRUE@	fi
-+@BUILD_VERSIONED_LIBS_TRUE@	@echo '  global:' >> $@
-+@BUILD_VERSIONED_LIBS_TRUE@	@sed 's/^/    /;s/$$/;/' $< >> $@
-+@BUILD_VERSIONED_LIBS_TRUE@	@echo '  local:' >> $@
-+@BUILD_VERSIONED_LIBS_TRUE@	@echo '    *;' >> $@
- @BUILD_VERSIONED_LIBS_TRUE@	@echo '};' >> $@
- 
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
-Index: libcdio-0.94/lib/iso9660/Makefile.am
-===================================================================
--- libcdio-0.94.orig/lib/iso9660/Makefile.am
-+++ libcdio-0.94/lib/iso9660/Makefile.am
-@@ -132,13 +132,12 @@ if BUILD_VERSIONED_LIBS
- libiso9660_la_LDFLAGS = $(libiso9660_la_ldflags) -Wl,--version-script=libiso9660.la.ver
- libiso9660_la_DEPENDENCIES = $(libcdio9660_la_dependencies) libiso9660.la.ver
- 
-libiso9660.la.ver: $(libiso9660_la_OBJECTS) $(srcdir)/libiso9660.sym
-+libiso9660.la.ver: $(srcdir)/libiso9660.sym
- 	@echo 'ISO9660_$(libiso9660_la_MAJOR) {' > $@
-	@objs=`for obj in $(libiso9660_la_OBJECTS); do sed -ne "s/^pic_object='\(.*\)'$$/\1/p" $$obj; done`; \
-	if test -n "$$objs" ; then \
-	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libiso9660.sym; then if test $$first = true; then echo "  global:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libiso9660.sym; then :; else if test $$first = true; then echo "  local:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-	fi
-+	@echo '  global:' >> $@
-+	@sed 's/^/    /;s/$$/;/' $< >> $@
-+	@echo '  local:' >> $@
-+	@echo '    *;' >> $@
- 	@echo '};' >> $@
- 
- MOSTLYCLEANFILES = libiso9660.la.ver
-Index: libcdio-0.94/lib/iso9660/Makefile.in
-===================================================================
--- libcdio-0.94.orig/lib/iso9660/Makefile.in
-+++ libcdio-0.94/lib/iso9660/Makefile.in
-@@ -824,13 +824,12 @@ uninstall-am: uninstall-libLTLIBRARIES
- .PRECIOUS: Makefile
- 
- 
-@BUILD_VERSIONED_LIBS_TRUE@libiso9660.la.ver: $(libiso9660_la_OBJECTS) $(srcdir)/libiso9660.sym
-+@BUILD_VERSIONED_LIBS_TRUE@libiso9660.la.ver: $(srcdir)/libiso9660.sym
- @BUILD_VERSIONED_LIBS_TRUE@	@echo 'ISO9660_$(libiso9660_la_MAJOR) {' > $@
-@BUILD_VERSIONED_LIBS_TRUE@	@objs=`for obj in $(libiso9660_la_OBJECTS); do sed -ne "s/^pic_object='\(.*\)'$$/\1/p" $$obj; done`; \
-@BUILD_VERSIONED_LIBS_TRUE@	if test -n "$$objs" ; then \
-@BUILD_VERSIONED_LIBS_TRUE@	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libiso9660.sym; then if test $$first = true; then echo "  global:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-@BUILD_VERSIONED_LIBS_TRUE@	  nm $${objs} | sed -n -e 's/^.*[ 	][ABCDGIRSTW][ABCDGIRSTW]*[ 	][ 	]*\([_A-Za-z][_A-Za-z0-9]*\)$$/\1/p' | sort -u | { first=true; while read symbol; do if grep -q "^$${symbol}\$$" $(srcdir)/libiso9660.sym; then :; else if test $$first = true; then echo "  local:"; first=false; fi; echo "    $${symbol};"; fi; done; } >> $@; \
-@BUILD_VERSIONED_LIBS_TRUE@	fi
-+@BUILD_VERSIONED_LIBS_TRUE@	@echo '  global:' >> $@
-+@BUILD_VERSIONED_LIBS_TRUE@	@sed 's/^/    /;s/$$/;/' $< >> $@
-+@BUILD_VERSIONED_LIBS_TRUE@	@echo '  local:' >> $@
-+@BUILD_VERSIONED_LIBS_TRUE@	@echo '    *;' >> $@
- @BUILD_VERSIONED_LIBS_TRUE@	@echo '};' >> $@
- 
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
--- a/CVE-2017-18201.patch
+++ b/CVE-2017-18201.patch
@ -1,24 +0,0 @@
-From f6f9c48fb40b8a1e8218799724b0b61a7161eb1d Mon Sep 17 00:00:00 2001
-From: "R. Bernstein" <rocky@gnu.org>
-Date: Fri, 22 Dec 2017 16:06:57 -0500
-Subject: [PATCH] Fix double free courtesy of Chris Clayton
-
---
- lib/driver/_cdio_generic.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c
-index d40ac0d9..ae820d25 100644
--- a/lib/driver/_cdio_generic.c
-+++ b/lib/driver/_cdio_generic.c
-@@ -296,7 +296,6 @@ get_cdtext_generic (void *p_user_data)
- 
-       if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) {
-         p_env->b_cdtext_error = true;
-        cdtext_destroy (p_env->cdtext);
-         free(p_env->cdtext);
-         p_env->cdtext = NULL;
-       }
-- 
-2.16.2
-
--- a/baselibs.conf
+++ b/baselibs.conf
@ -1,7 +1,7 @@
-libcdio16
+libcdio18
  obsoletes "libcdio-<targettype> <= <version>"
  provides "libcdio-<targettype> = <version>"
-libiso9660-10
+libiso9660-11
 libcdio++0
 libudf0
 #libcdio_cdda1
--- a/cdio-utils.changes
+++ b/cdio-utils.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jun 11 09:28:44 UTC 2018 - kbabioch@suse.com
+
+- Update to version 2.0.0
+  - Fixed several memory leaks
+- Applied spec-cleaner 
+
 -------------------------------------------------------------------
 Tue Sep  5 12:02:14 UTC 2017 - jengelh@inai.de

--- a/cdio-utils.spec
+++ b/cdio-utils.spec
@ -18,12 +18,12 @@

 %define cdioutils 1
 Name:           cdio-utils
-Version:        0.94
+Version:        2.0.0
 Release:        0
 Summary:        Utility programs making use of libcdio, a CD-ROM access library
-License:        GPL-3.0+
+License:        GPL-3.0-or-later
 Group:          Productivity/Multimedia/Other
-Url:            https://savannah.gnu.org/projects/libcdio
+URL:            https://savannah.gnu.org/projects/libcdio
 Source0:        https://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.gz
 Source1:        https://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.gz.sig
 Source2:        libcdio.keyring
@ -74,7 +74,8 @@ rm -rf %{buildroot}%{_libdir} %{buildroot}%{_includedir} %{buildroot}%{_infodir}
 %fdupes -s %{buildroot}%{_mandir}

 %files -n cdio-utils
-%doc AUTHORS COPYING NEWS README README.libcdio THANKS TODO
+%doc AUTHORS NEWS README README.libcdio THANKS TODO
+%license COPYING*
 %{_bindir}/cd-*
 %{_bindir}/cdda-*
 %{_bindir}/iso-*
--- a/libcdio-0.94.tar.gz
+++ b/libcdio-0.94.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:96e2c903f866ae96f9f5b9048fa32db0921464a2286f5b586c0f02699710025a
-size 2355452
--- a/libcdio-0.94.tar.gz.sig
+++ b/libcdio-0.94.tar.gz.sig
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlgMKrQACgkQGo3lAIJ17CHSTgCgjV97eveGqKzb03fgIILvRTM+
-TL4AniC1eKTg/bIPIek0rrl4kC/hNiVk
-=vwnY
-----END PGP SIGNATURE-----
--- a/libcdio-2.0.0.tar.gz
+++ b/libcdio-2.0.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1b481b5da009bea31db875805665974e2fc568e2b2afa516f4036733657cf958
+size 2354813
--- a/libcdio-2.0.0.tar.gz.sig
+++ b/libcdio-2.0.0.tar.gz.sig
@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAlpJdAsACgkQGo3lAIJ17CEXdgCdEZXiRK7QgIz2cT0J7ck9URTK
+xh8AnjmWzo2mrHFaROhv+upvO/XKv8gg
+=gzNu
+-----END PGP SIGNATURE-----
--- a/libcdio.changes
+++ b/libcdio.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Jun 11 09:31:42 UTC 2018 - kbabioch@suse.com
+
+- Update to 2.0.0
+  - Removed patches (included upstream):
+    - CVE-2017-18201.patch
+    - 0001-Savannah-Bug-49907.patch
+  - Fixed heap-based buffer over-read in iso-info.c (CVE-2017-18198 bsc#1082819)
+  - Fixed NULL pointer dereference in rock.c (CVE-2017-18199 bsc#1082821)
+  - Fixed several (non-critical) memory leaks
+  - Bumped sonames
+- Applied spec-cleaner 
+
 -------------------------------------------------------------------
 Tue Feb 27 17:09:35 CET 2018 - sbrabec@suse.com

--- a/libcdio.spec
+++ b/libcdio.spec
@ -16,36 +16,30 @@
 #


-%define cdioutils 0
-%define cdio_soname 16
+%define cdio_soname 18
+%define libiso9660_soname 11
 Name:           libcdio
-Version:        0.94
+Version:        2.0.0
 Release:        0
 Summary:        CD-ROM Access Library
-License:        GPL-3.0+
+License:        GPL-3.0-or-later
 Group:          Productivity/Multimedia/Other
-Url:            https://savannah.gnu.org/projects/libcdio
+URL:            https://savannah.gnu.org/projects/libcdio
 Source0:        https://ftp.gnu.org/gnu/libcdio/%{name}-%{version}.tar.gz
 Source1:        https://ftp.gnu.org/gnu/libcdio/%{name}-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
-# PATCH-FIX-UPSTREAM 0001-Savannah-Bug-49907.patch https://savannah.gnu.org/bugs/index.php?49907
-Patch0:         0001-Savannah-Bug-49907.patch
-# PATCH-FIX-SECURITY CVE-2017-18201.patch bsc1082877 CVE-2017-18201 sbrabec@suse.com -- Fix double free vulnerability.
-Patch1:         CVE-2017-18201.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  help2man
 BuildRequires:  libtool
+BuildRequires:  makeinfo
 BuildRequires:  ncurses-devel
 BuildRequires:  pkgconfig
 BuildRequires:  popt-devel
 BuildRequires:  pkgconfig(libcddb)
 Requires(post): %{install_info_prereq}
 Requires(preun): %{install_info_prereq}
-%if 0%{?suse_version} > 1220
-BuildRequires:  makeinfo
-%endif

 %description
 The libcdio package contains libraries for CD-ROM and CD image
@ -75,19 +69,20 @@ access.

 This subpackage contains the C++ API library for cdio.

-%package -n libiso9660-10
+%package -n libiso9660-%{libiso9660_soname}
 Summary:        Library for working with ISO 9660 filesystems
 Group:          System/Libraries

-%description -n libiso9660-10
-A library for working with ISO 9660 filesystems.
+%description -n libiso9660-%{libiso9660_soname}
+A library for working with ISO 9660 filesystems, which are mainly used on CDs.

 %package -n libudf0
 Summary:        Library for working with Universal Disk Format filesystems
 Group:          System/Libraries

 %description -n libudf0
-A library for working with UDF filesystems.
+This library is made to read and write UDF filesystems, which are mainly
+used on DVDs.

 %package devel
 Summary:        CD-ROM access library
@ -95,7 +90,7 @@ Group:          Development/Languages/C and C++
 Requires:       glibc-devel
 Requires:       libcdio%{cdio_soname} = %{version}
 Requires:       libcdio++0 = %{version}
-Requires:       libiso9660-10 = %{version}
+Requires:       libiso9660-%{libiso9660_soname} = %{version}
 Requires:       libudf0 = %{version}
 Requires(post): %{install_info_prereq}
 Requires(preun): %{install_info_prereq}
@ -111,8 +106,6 @@ applications that want to make use of the cdio libraries.

 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1

 %define buildir ${PWD}

@ -128,7 +121,6 @@ applications that want to make use of the cdio libraries.
 	--without-iso-info \
 	--without-iso-read
 VERBOSE=1 make -e %{?_smp_mflags}
-#-lcdioutils

 %install
 %make_install
@ -141,11 +133,11 @@ find %{buildroot} -type f -name "*.la" -delete -print

 %post -n libcdio%{cdio_soname} -p /sbin/ldconfig
 %post -n libcdio++0 -p /sbin/ldconfig
-%post -n libiso9660-10 -p /sbin/ldconfig
+%post -n libiso9660-%{libiso9660_soname} -p /sbin/ldconfig
 %post -n libudf0 -p /sbin/ldconfig
 %postun -n libcdio%{cdio_soname} -p /sbin/ldconfig
 %postun -n libcdio++0 -p /sbin/ldconfig
-%postun -n libiso9660-10 -p /sbin/ldconfig
+%postun -n libiso9660-%{libiso9660_soname} -p /sbin/ldconfig
 %postun -n libudf0 -p /sbin/ldconfig
 %post devel
 %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz
@ -160,14 +152,14 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/libcdio++.so.*
 %{_libdir}/libiso9660++.so.*

-%files -n libiso9660-10
+%files -n libiso9660-%{libiso9660_soname}
 %{_libdir}/libiso9660.so.*

 %files -n libudf0
 %{_libdir}/libudf.so.*

 %files devel
-%{_infodir}/*.info*
+%{_infodir}/*.info%{?ext_info}
 %{_includedir}/cdio
 %{_includedir}/cdio++
 %{_libdir}/libcdio*.so