diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..7b9c435250b6944e546d4acd48a5fd0ae2f686eb --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.xz filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..d1cd97bf5a21e7f6f263be123907e3afe5daadbf --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/vorbis-tools diff --git a/CVE-2023-43361.patch b/CVE-2023-43361.patch deleted file mode 100644 index bf3a98919610ebee8a66abd131dc9fc458fe1083..0000000000000000000000000000000000000000 --- a/CVE-2023-43361.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 69dfbe06ce02e6199444245397acf79fb6857b4c Mon Sep 17 00:00:00 2001 -From: Ralph Giles -Date: Sun, 17 Sep 2023 11:49:12 -0700 -Subject: [PATCH] oggenc: Don't assume the output path ends in a file name. - -Origin: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 - -oggenc attempts to create any specified directories in the output -file path if they don't exist. The parser was assuming there was -a final filename after the last directory separator, and so would -try to read off the end of the argument if it was a bare directory -such as `./` or `outdir/`. This adds a check to make sure the -scan isn't starting off the end of the path string. - -Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science -and Technology (cse.hust.edu.cn) for the report. ---- - oggenc/platform.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/oggenc/platform.c b/oggenc/platform.c -index 6d9f4ef..ee0b7ce 100644 ---- a/oggenc/platform.c -+++ b/oggenc/platform.c -@@ -136,18 +136,23 @@ int create_directories(char *fn, int isutf8) - { - char *end, *start; - struct stat statbuf; -- char *segment = malloc(strlen(fn)+1); -+ const size_t fn_len = strlen(fn); -+ char *segment = malloc(fn_len+1); - #ifdef _WIN32 - wchar_t seg[MAX_PATH+1]; - #endif - - start = fn; - #ifdef _WIN32 -- if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':') -+ // Strip drive prefix -+ if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') { - start = start+2; -+ } - #endif - -- while((end = strpbrk(start+1, PATH_SEPS)) != NULL) -+ // Loop through path segments, creating directories if necessary -+ while((start+1 - fn < fn_len) && -+ (end = strpbrk(start+1, PATH_SEPS)) != NULL) - { - int rv; - memcpy(segment, fn, end-fn); -@@ -159,7 +164,7 @@ int create_directories(char *fn, int isutf8) - rv = _wstat(seg,&statbuf); - } else - #endif -- rv = stat(segment,&statbuf); -+ rv = stat(segment, &statbuf); - if(rv) { - if(errno == ENOENT) { - #ifdef _WIN32 --- -GitLab - diff --git a/vorbis-tools-1.4.2.tar.gz b/vorbis-tools-1.4.2.tar.gz deleted file mode 100644 index 86b03038dbdc1bfdd4e027076e66185b9ef00fe1..0000000000000000000000000000000000000000 Binary files a/vorbis-tools-1.4.2.tar.gz and /dev/null differ diff --git a/vorbis-tools-1.4.3.tar.gz b/vorbis-tools-1.4.3.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..287ce6836e6bac8a8214fb113140d4ea2247cfe5 --- /dev/null +++ b/vorbis-tools-1.4.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a1fe3ddc6777bdcebf6b797e7edfe0437954b24756ffcc8c6b816b63e0460dde +size 1804238 diff --git a/vorbis-tools.spec b/vorbis-tools.spec index d075618ec70f836fb0114cd7b5c582ab0503c162..88c5bc42b827d1cf37bb5427243e5ab094175332 100644 --- a/vorbis-tools.spec +++ b/vorbis-tools.spec @@ -1,13 +1,12 @@ Name: vorbis-tools Summary: Several Ogg Vorbis Tools -Version: 1.4.2 -Release: 4 +Version: 1.4.3 +Release: 1 Epoch: 1 -License: GPLv2 -URL: http://www.xiph.org/ -Source: http://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz +License: GPL-2.0-only +URL: https://www.xiph.org/ +Source: https://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz Patch1: vorbis-tools-1.4.2-man-page.patch -Patch2: CVE-2023-43361.patch BuildRequires: flac-devel gettext gcc libao-devel libcurl-devel libvorbis-devel speex-devel chrpath @@ -35,20 +34,24 @@ export CFLAGS="$RPM_OPT_FLAGS -Wno-error=format-security" %install %make_install -chrpath -d %{buildroot}%{_bindir}/* %find_lang %{name} +rm -fr %{buildroot}%{_docdir} + %files -f %{name}.lang +%license COPYING %{_bindir}/* %files help -%doc AUTHORS COPYING README +%doc AUTHORS README %doc ogg123/ogg123rc-example %{_mandir}/man1/* -%exclude %{_docdir}/%{name}* %changelog +* Wed Apr 23 2025 Funda Wang - 1:1.4.3-1 +- update to 1.4.3 + * Thu Oct 24 2024 wangkai <13474090681@163.com> - 1:1.4.2-4 - Fix CVE-2023-43361