rpms
/
vorbis-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources 

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/vorbis-tools.git#1512411febab9151c82cb34a5823b60caf0e59cd
This commit is contained in:
DistroBaker 2021-01-22 10:17:41 +00:00
parent 97264a42f7
commit ca490a388d
13 changed files with 43 additions and 72669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
vorbis-tools-1.4.0.tar.gz
/vorbis-tools-*.tar.gz

2
sources
View File

@ -1 +1 @@
567e0fb8d321b2cd7124f8208b8b90e6 vorbis-tools-1.4.0.tar.gz
SHA512 (vorbis-tools-1.4.2.tar.gz) = 31681560434054706981aef64406975295eb405a9d2d7c0468af789d6c23edb7cfc1c19d26a28fa7061835524289cdc6d217a4669c43a2eb828189370cc6fcaf

84
vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
View File

@ -1,84 +0,0 @@
From 32c4958c4d113562f879ce76664fe785f93bba7c Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 19 Feb 2015 15:32:24 +0100
Subject: [PATCH] oggenc: validate count of channels in the header
... in order to prevent a division by zero (CVE-2014-9638) and integer
overflow (CVE-2014-9639).
Bug: https://trac.xiph.org/ticket/2136
Bug: https://trac.xiph.org/ticket/2137
---
oggenc/audio.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/oggenc/audio.c b/oggenc/audio.c
index 22bbed4..1cbb214 100644
--- a/oggenc/audio.c
+++ b/oggenc/audio.c
@@ -13,6 +13,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
@@ -251,6 +252,7 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
aiff_fmt format;
aifffile *aiff = malloc(sizeof(aifffile));
int i;
+ long channels;
if(buf[11]=='C')
aifc=1;
@@ -277,11 +279,17 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
return 0;
}
- format.channels = READ_U16_BE(buffer);
+ format.channels = channels = READ_U16_BE(buffer);
format.totalframes = READ_U32_BE(buffer+2);
format.samplesize = READ_U16_BE(buffer+6);
format.rate = (int)read_IEEE80(buffer+8);
+ if(channels <= 0L || SHRT_MAX < channels)
+ {
+ fprintf(stderr, _("Warning: Unsupported count of channels in AIFF header\n"));
+ return 0;
+ }
+
aiff->bigendian = 1;
if(aifc)
@@ -412,6 +420,7 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen)
wav_fmt format;
wavfile *wav = malloc(sizeof(wavfile));
int i;
+ long channels;
/* Ok. At this point, we know we have a WAV file. Now we have to detect
* whether we support the subtype, and we have to find the actual data
@@ -449,12 +458,18 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen)
}
format.format = READ_U16_LE(buf);
- format.channels = READ_U16_LE(buf+2);
+ format.channels = channels = READ_U16_LE(buf+2);
format.samplerate = READ_U32_LE(buf+4);
format.bytespersec = READ_U32_LE(buf+8);
format.align = READ_U16_LE(buf+12);
format.samplesize = READ_U16_LE(buf+14);
+ if(channels <= 0L || SHRT_MAX < channels)
+ {
+ fprintf(stderr, _("Warning: Unsupported count of channels in WAV header\n"));
+ return 0;
+ }
+
if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */
{
if(len<40)
--
2.1.0

43
vorbis-tools-1.4.0-CVE-2015-6749.patch
View File

@ -1,43 +0,0 @@
From 16d10a1c957425a49cf74332b99cf3d39e80cc09 Mon Sep 17 00:00:00 2001
From: Mark Harris <mark.hsj@gmail.com>
Date: Sun, 30 Aug 2015 05:54:46 -0700
Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input
Fixes #2212
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
oggenc/audio.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/oggenc/audio.c b/oggenc/audio.c
index 1cbb214..547e826 100644
--- a/oggenc/audio.c
+++ b/oggenc/audio.c
@@ -246,8 +246,8 @@ static int aiff_permute_matrix[6][6] =
int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
{
int aifc; /* AIFC or AIFF? */
- unsigned int len;
- unsigned char *buffer;
+ unsigned int len, readlen;
+ unsigned char buffer[22];
unsigned char buf2[8];
aiff_fmt format;
aifffile *aiff = malloc(sizeof(aifffile));
@@ -271,9 +271,9 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
return 0; /* Weird common chunk */
}
- buffer = alloca(len);
-
- if(fread(buffer,1,len,in) < len)
+ readlen = len < sizeof(buffer) ? len : sizeof(buffer);
+ if(fread(buffer,1,readlen,in) < readlen ||
+ (len > readlen && !seek_forward(in, len-readlen)))
{
fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
return 0;
--
2.4.6

26
vorbis-tools-1.4.0-bz1003607.patch
View File

@ -1,26 +0,0 @@
From 1fbd20941836aa4df17d0f6b44fef4d655ff5fc2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 3 Sep 2013 12:28:32 +0200
Subject: [PATCH] vcut: fix an off-by-one error in submit_headers_to_stream()
Bug: https://bugzilla.redhat.com/1003607
---
vcut/vcut.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/vcut/vcut.c b/vcut/vcut.c
index d7ba699..17426b9 100644
--- a/vcut/vcut.c
+++ b/vcut/vcut.c
@@ -178,7 +178,7 @@ static int submit_headers_to_stream(vcut_state *s)
for(i=0;i<4;i++)
{
ogg_packet p;
- if(i < 4) /* a header packet */
+ if(i < 3) /* a header packet */
{
p.bytes = vs->headers[i].length;
p.packet = vs->headers[i].packet;
--
1.7.1

72207
vorbis-tools-1.4.0-bz1116650.patch
View File

File diff suppressed because it is too large Load Diff

31
vorbis-tools-1.4.0-bz1185558.patch
View File

@ -1,31 +0,0 @@
From c0a0dbfa58bf13cbd2a637288bf93619a7007673 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 26 Jan 2015 12:33:19 +0100
Subject: [PATCH] oggenc: do not use stack variable out of its scope of
validity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reported-by: Thomas Köller
Bug: https://bugzilla.redhat.com/1185558
---
oggenc/oggenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c
index ea105b2..759a3ee 100644
--- a/oggenc/oggenc.c
+++ b/oggenc/oggenc.c
@@ -239,7 +239,7 @@ int main(int argc, char **argv)
if(opt.rawmode)
{
- input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+ static input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
N_("RAW file reader")};
enc_opts.rate=opt.raw_samplerate;
--
2.1.0

27
vorbis-tools-1.4.0-bz887540.patch
View File

@ -1,27 +0,0 @@
From 43120cc36c08dcfba0c9ff22354da2f3029c3f70 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 17 Dec 2012 12:50:36 +0100
Subject: [PATCH] vorbiscomment.1: fix URL to format documentation
Reported By: Samuel Sieb
Bug: https://bugzilla.redhat.com/887540
---
vorbiscomment/vorbiscomment.1 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/vorbiscomment/vorbiscomment.1 b/vorbiscomment/vorbiscomment.1
index a47bb12..0108e78 100644
--- a/vorbiscomment/vorbiscomment.1
+++ b/vorbiscomment/vorbiscomment.1
@@ -87,7 +87,7 @@ To add a set of comments from the standard input:
.SH TAG FORMAT
-See http://xiph.org/ogg/vorbis/doc/v-comment.html for documentation on the Ogg Vorbis tag format, including a suggested list of canonical tag names.
+See http://xiph.org/vorbis/doc/v-comment.html for documentation on the Ogg Vorbis tag format, including a suggested list of canonical tag names.
.SH AUTHORS
--
1.7.1

217
vorbis-tools-1.4.0-man-page.patch
View File

@ -1,217 +0,0 @@
From b3a6187e1843e55c47b6e55d11e01399ab3894a0 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 13:44:02 +0200
Subject: [PATCH 1/6] Remove the --quiet (-q) option from vorbiscomment.1 man page.
---
vorbiscomment/vorbiscomment.1 | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/vorbiscomment/vorbiscomment.1 b/vorbiscomment/vorbiscomment.1
index 0108e78..2bceb83 100644
--- a/vorbiscomment/vorbiscomment.1
+++ b/vorbiscomment/vorbiscomment.1
@@ -39,13 +39,11 @@ Reads, modifies, and appends Ogg Vorbis audio file metadata tags.
.IP "-a, --append"
Append comments.
.IP "-c file, --commentfile file"
-Take comments from a file. The file is the same format as is output by the the -l option or given to the -t option: one element per line in 'tag=value' format. If the file is /dev/null and -w was passed, the existing comments will be removed.
+Take comments from a file. The file is the same format as is output by the -l option or given to the -t option: one element per line in 'tag=value' format. If the file is /dev/null and -w was passed, the existing comments will be removed.
.IP "-h, --help"
Show command help.
.IP "-l, --list"
List the comments in the Ogg Vorbis file.
-.IP "-q, --quiet"
-Quiet mode. No messages are displayed.
.IP "-t 'name=value', --tag 'name=value'"
Specify a new tag on the command line. Each tag is given as a single string. The part before the '=' is treated as the tag name and the part after as the value.
.IP "-w, --write"
--
1.7.1
From 78ade241f35c6e4119e40ad879748a6d6a1a1821 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 13:46:31 +0200
Subject: [PATCH 2/6] Mention the -V option in ogginfo.1 man page.
---
ogginfo/ogginfo.1 | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/ogginfo/ogginfo.1 b/ogginfo/ogginfo.1
index 126da20..bde5490 100644
--- a/ogginfo/ogginfo.1
+++ b/ogginfo/ogginfo.1
@@ -49,6 +49,8 @@ Quiet mode. This may be specified multiple times. Doing so once will remove
the detailed informative messages, twice will remove warnings as well.
.IP -v
Verbose mode. At the current time, this does not do anything.
+.IP -V
+Output version information and exit.
.SH AUTHORS
.br
--
1.7.1
From fa810af21f475cf073891088d40bbaf952fd1e28 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 13:48:06 +0200
Subject: [PATCH 3/6] Fix typos in oggdec.1 man page.
---
oggdec/oggdec.1 | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/oggdec/oggdec.1 b/oggdec/oggdec.1
index fb12b18..1035cb6 100644
--- a/oggdec/oggdec.1
+++ b/oggdec/oggdec.1
@@ -6,7 +6,7 @@ oggdec - simple decoder, Ogg Vorbis file to PCM audio file (Wave or RAW).
.SH "SYNOPSIS"
.B oggdec
[
-.B -Qhv
+.B -QhV
] [
.B -b bits_per_sample
] [
@@ -48,7 +48,7 @@ Print help message.
Display version information.
.IP "-b n, --bits=n"
Bits per sample. Valid values are 8 or 16.
-.IP "-e n, --endian=n"
+.IP "-e n, --endianness=n"
Set endianness for 16-bit output. 0 (default) is little-endian (Intel byte order). 1 is big-endian (sane byte order).
.IP "-R, --raw"
Output in raw format. If not specified, writes Wave file (RIFF headers).
--
1.7.1
From 8c8d416cc17cb07dac72ad71d3ef0cc5e09c3bd3 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 14:00:07 +0200
Subject: [PATCH 4/6] Document the --scale option of oggenc.
---
oggenc/man/oggenc.1 | 5 +++++
oggenc/oggenc.c | 1 +
2 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/oggenc/man/oggenc.1 b/oggenc/man/oggenc.1
index 411e2a9..633e5ec 100755
--- a/oggenc/man/oggenc.1
+++ b/oggenc/man/oggenc.1
@@ -47,6 +47,9 @@ oggenc \- encode audio into the Ogg Vorbis format
.B --downmix
]
[
+.B --scale
+]
+[
.B -s
.I serial
]
@@ -164,6 +167,8 @@ useful for downsampling for lower-bitrate encoding.
.IP "--downmix"
Downmix input from stereo to mono (has no effect on non-stereo streams). Useful
for lower-bitrate encoding.
+.IP "--scale"
+Input scaling factor (helps with clipping inputs).
.IP "--advanced-encode-option optionname=value"
Sets an advanced option. See the Advanced Options section for details.
.IP "-s, --serial"
diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c
index 9c3e9cd..ea105b2 100644
--- a/oggenc/oggenc.c
+++ b/oggenc/oggenc.c
@@ -513,6 +513,7 @@ static void usage(void)
" --resample n Resample input data to sampling rate n (Hz)\n"
" --downmix Downmix stereo to mono. Only allowed on stereo\n"
" input.\n"
+ " --scale Input scaling factor (helps with clipping inputs).\n"
" -s, --serial Specify a serial number for the stream. If encoding\n"
" multiple files, this will be incremented for each\n"
" stream after the first.\n"));
--
1.7.1
From 3dcdecdcb520150b53a7e3e7d346e23a49f4018a Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 14:05:22 +0200
Subject: [PATCH 5/6] Document --remote and -delay in ogg123.1 man page.
---
ogg123/ogg123.1 | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/ogg123/ogg123.1 b/ogg123/ogg123.1
index 160a876..935cab6 100644
--- a/ogg123/ogg123.1
+++ b/ogg123/ogg123.1
@@ -73,6 +73,10 @@ Specify output file for file devices. The filename "-" writes to standard
out. If the file already exists,
.B ogg123
will overwrite it.
+.IP "-l s, --delay s"
+Set termination timeout in milliseconds. ogg123 will skip to the next song on
+SIGINT (Ctrl-C), and will terminate if two SIGINTs are received within the
+specified timeout 's'. (default 500)
.IP "-h, --help"
Show command help.
.IP "-k n, --skip n"
@@ -106,6 +110,8 @@ times slower than normal speed. May be with -x for interesting fractional
speeds.
.IP "-r, --repeat"
Repeat playlist indefinitely.
+.IP "-R, --remote"
+Use remote control interface.
.IP "-z, --shuffle"
Play files in pseudo-random order.
.IP "-Z, --random"
--
1.7.1
From ecd9cd8d881fadbb24bc948980bb6125f7b2c710 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 14:14:32 +0200
Subject: [PATCH 6/6] Document the --config (-c) option of ogg123.
---
ogg123/cmdline_options.c | 1 +
ogg123/ogg123.1 | 2 ++
2 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/ogg123/cmdline_options.c b/ogg123/cmdline_options.c
index d663cc6..8abf4c5 100644
--- a/ogg123/cmdline_options.c
+++ b/ogg123/cmdline_options.c
@@ -373,6 +373,7 @@ void cmdline_usage (void)
printf ("\n");
printf (_("Miscellaneous options\n"));
+ printf (_(" -c c, --config c Config options from command-line.\n"));
printf (_(" -l s, --delay s Set termination timeout in milliseconds. ogg123\n"
" will skip to the next song on SIGINT (Ctrl-C),\n"
" and will terminate if two SIGINTs are received\n"
diff --git a/ogg123/ogg123.1 b/ogg123/ogg123.1
index 935cab6..1b419f7 100644
--- a/ogg123/ogg123.1
+++ b/ogg123/ogg123.1
@@ -73,6 +73,8 @@ Specify output file for file devices. The filename "-" writes to standard
out. If the file already exists,
.B ogg123
will overwrite it.
+.IP "-c c, --config c"
+Config options from command-line.
.IP "-l s, --delay s"
Set termination timeout in milliseconds. ogg123 will skip to the next song on
SIGINT (Ctrl-C), and will terminate if two SIGINTs are received within the
--
1.7.1

1
vorbis-tools-1.4.0.tar.gz.md5
View File

@ -1 +0,0 @@
567e0fb8d321b2cd7124f8208b8b90e6 vorbis-tools-1.4.0.tar.gz

1
vorbis-tools-1.4.0.tar.gz.sha1
View File

@ -1 +0,0 @@
fc6a820bdb5ad6fcac074721fab5c3f96eaf6562 vorbis-tools-1.4.0.tar.gz

31
vorbis-tools-1.4.2-man-page.patch Normal file
View File

@ -0,0 +1,31 @@
From af639948fc037f837eeadaf496c43480f71aa3fb Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 28 May 2013 13:44:02 +0200
Subject: [PATCH] Remove the --quiet (-q) option from vorbiscomment.1 man page.
---
vorbiscomment/vorbiscomment.1 | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/vorbiscomment/vorbiscomment.1 b/vorbiscomment/vorbiscomment.1
index 0211b46..3cc1736 100644
--- a/vorbiscomment/vorbiscomment.1
+++ b/vorbiscomment/vorbiscomment.1
@@ -39,13 +39,11 @@ Reads, modifies, and appends Ogg Vorbis audio file metadata tags.
.IP "-a, --append"
Updates comments.
.IP "-c file, --commentfile file"
-Take comments from a file. The file is the same format as is output by the the -l option or given to the -t option: one element per line in 'tag=value' format. If the file is /dev/null and -w was passed, the existing comments will be removed.
+Take comments from a file. The file is the same format as is output by the -l option or given to the -t option: one element per line in 'tag=value' format. If the file is /dev/null and -w was passed, the existing comments will be removed.
.IP "-h, --help"
Show command help.
.IP "-l, --list"
List the comments in the Ogg Vorbis file.
-.IP "-q, --quiet"
-Quiet mode. No messages are displayed.
.IP "-t 'name=value', --tag 'name=value'"
Specify a new tag on the command line. Each tag is given as a single string. The part before the '=' is treated as the tag name and the part after as the value.
.IP "-d 'name[=value]', --rm 'name[=value]'"
--
2.26.2

40
vorbis-tools.spec
View File

@ -1,30 +1,14 @@
Summary: The Vorbis General Audio Compression Codec tools
Name: vorbis-tools
Version: 1.4.0
Release: 35%{?dist}
Version: 1.4.2
Release: 1%{?dist}
Epoch: 1
License: GPLv2
URL: http://www.xiph.org/
Source: http://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz
Patch0: vorbis-tools-1.4.0-bz887540.patch
URL: https://www.xiph.org/
Source: https://ftp.osuosl.org/pub/xiph/releases/vorbis/%{name}-%{version}.tar.gz
# http://thread.gmane.org/gmane.comp.multimedia.ogg.vorbis.devel/5729
Patch1: vorbis-tools-1.4.0-man-page.patch
# http://thread.gmane.org/gmane.comp.multimedia.ogg.vorbis.devel/5738
Patch2: vorbis-tools-1.4.0-bz1003607.patch
# update po files from translationproject.org (#1116650)
Patch3: vorbis-tools-1.4.0-bz1116650.patch
# do not use stack variable out of its scope of validity (#1185558)
Patch4: vorbis-tools-1.4.0-bz1185558.patch
# validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639)
Patch5: vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
# oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
Patch6: vorbis-tools-1.4.0-CVE-2015-6749.patch
Patch1: vorbis-tools-1.4.2-man-page.patch
BuildRequires: flac-devel
BuildRequires: gettext
@ -32,6 +16,7 @@ BuildRequires: gcc
BuildRequires: libao-devel
BuildRequires: libcurl-devel
BuildRequires: libvorbis-devel
BuildRequires: make
BuildRequires: speex-devel
Obsoletes: vorbis < %{epoch}:%{version}-%{release}
Provides: vorbis = %{epoch}:%{version}-%{release}
@ -49,14 +34,7 @@ comment editor.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%autosetup -p1
%build
@ -68,7 +46,6 @@ export CFLAGS="$RPM_OPT_FLAGS -Wno-error=format-security"
%configure
%make_build
%make_build update-gmo -C po
%install
@ -84,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}*
%changelog
* Fri Jan 22 2021 Kamil Dudka <kdudka@redhat.com> - 1:1.4.1-2
- new upstream release
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.4.0-35
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild