diff --git a/SOURCES/CVE-2017-18198-part1.patch b/SOURCES/CVE-2017-18198-part1.patch new file mode 100644 index 0000000..fd8269b --- /dev/null +++ b/SOURCES/CVE-2017-18198-part1.patch @@ -0,0 +1,24 @@ +From f6f9c48fb40b8a1e8218799724b0b61a7161eb1d Mon Sep 17 00:00:00 2001 +From: "R. Bernstein" +Date: Fri, 22 Dec 2017 16:06:57 -0500 +Subject: [PATCH] Fix double free courtesy of Chris Clayton + +--- + lib/driver/_cdio_generic.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c +index d40ac0d9..ae820d25 100644 +--- a/lib/driver/_cdio_generic.c ++++ b/lib/driver/_cdio_generic.c +@@ -296,7 +296,6 @@ get_cdtext_generic (void *p_user_data) + + if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) { + p_env->b_cdtext_error = true; +- cdtext_destroy (p_env->cdtext); + free(p_env->cdtext); + p_env->cdtext = NULL; + } +-- +2.14.3 + diff --git a/SOURCES/CVE-2017-18198-part2.patch b/SOURCES/CVE-2017-18198-part2.patch new file mode 100644 index 0000000..aa455df --- /dev/null +++ b/SOURCES/CVE-2017-18198-part2.patch @@ -0,0 +1,26 @@ +From dec2f876c2d7162da213429bce1a7140cdbdd734 Mon Sep 17 00:00:00 2001 +From: "R. Bernstein" +Date: Sat, 23 Dec 2017 12:19:29 -0500 +Subject: [PATCH] Removed wrong line + +--- + configure.ac | 2 +- + lib/driver/_cdio_generic.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c +index ae820d25..4a7fcadf 100644 +--- a/lib/driver/_cdio_generic.c ++++ b/lib/driver/_cdio_generic.c +@@ -296,7 +296,7 @@ get_cdtext_generic (void *p_user_data) + + if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) { + p_env->b_cdtext_error = true; +- free(p_env->cdtext); ++ cdtext_destroy (p_env->cdtext); + p_env->cdtext = NULL; + } + +-- +2.14.3 + diff --git a/SOURCES/CVE-2017-18198-part3.patch b/SOURCES/CVE-2017-18198-part3.patch new file mode 100644 index 0000000..9429d2b --- /dev/null +++ b/SOURCES/CVE-2017-18198-part3.patch @@ -0,0 +1,37 @@ +--- ./libcdio-0.92/include/cdio/bytesex.h 2018-06-05 18:05:16.183586450 +0200 ++++ ../libcdio-fedora/libcdio-0.94/include/cdio/bytesex.h 2015-05-09 00:27:50.000000000 +0200 +@@ -197,19 +197,31 @@ + } + + /** Convert from ISO 9660 7.3.3 format to uint32_t */ +-static CDIO_INLINE uint32_t ++static CDIO_INLINE uint32_t + from_733 (uint64_t p) + { + if (uint64_swap_le_be (p) != p) + cdio_warn ("from_733: broken byte order"); +- ++ ++ return (UINT32_C(0xFFFFFFFF) & p); ++} ++ ++static CDIO_INLINE uint32_t ++from_733_with_err (uint64_t p, bool *err) ++{ ++ if (uint64_swap_le_be (p) != p) { ++ cdio_warn ("from_733: broken byte order"); ++ *err = true; ++ } else { ++ *err = false; ++ } + return (UINT32_C(0xFFFFFFFF) & p); + } + + #endif /* CDIO_BYTESEX_H_ */ + + +-/* ++/* + * Local variables: + * c-file-style: "gnu" + * tab-width: 8 diff --git a/SOURCES/CVE-2017-18198-part4.patch b/SOURCES/CVE-2017-18198-part4.patch new file mode 100644 index 0000000..fddbef2 --- /dev/null +++ b/SOURCES/CVE-2017-18198-part4.patch @@ -0,0 +1,116 @@ +--- ./libcdio-0.92/lib/iso9660/iso9660_fs.c 2018-06-06 11:52:23.464809984 +0200 ++++ ../libcdio-fedora/libcdio-0.94/lib/iso9660/iso9660_fs.c 2018-06-05 18:18:31.235215219 +0200 +@@ -714,6 +714,7 @@ + iso711_t i_fname; + unsigned int stat_len; + iso9660_stat_t *p_stat; ++ bool err; + + if (!dir_len) return NULL; + +@@ -730,8 +731,16 @@ + } + p_stat->type = (p_iso9660_dir->file_flags & ISO_DIRECTORY) + ? _STAT_DIR : _STAT_FILE; +- p_stat->lsn = from_733 (p_iso9660_dir->extent); +- p_stat->size = from_733 (p_iso9660_dir->size); ++ p_stat->lsn = from_733_with_err (p_iso9660_dir->extent, &err); ++ if (err) { ++ free(p_stat); ++ return NULL; ++ } ++ p_stat->size = from_733_with_err (p_iso9660_dir->size, &err); ++ if (err) { ++ free(p_stat); ++ return NULL; ++ } + p_stat->secsize = _cdio_len2blocks (p_stat->size, ISO_BLOCKSIZE); + p_stat->rr.b3_rock = dunno; /*FIXME should do based on mask */ + p_stat->b_xa = false; +@@ -754,6 +763,7 @@ + if (!p_stat_new) + { + cdio_warn("Couldn't calloc(1, %d)", (int)(sizeof(iso9660_stat_t)+i_rr_fname+2)); ++ free(p_stat); + return NULL; + } + memcpy(p_stat_new, p_stat, stat_len); +@@ -1098,6 +1108,12 @@ + p_stat = _iso9660_dir_to_statbuf (p_iso9660_dir, p_iso->b_xa, + p_iso->u_joliet_level); + ++ if (!p_stat) { ++ cdio_warn("Bad directory information for %s", splitpath[0]); ++ free(_dirbuf); ++ return NULL; ++ } ++ + cmp = strcmp(splitpath[0], p_stat->filename); + + if ( 0 != cmp && 0 == p_iso->u_joliet_level +@@ -1283,12 +1299,15 @@ + if (!_dirbuf) + { + cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE); ++ _cdio_list_free (retval, true); + return NULL; + } + + if (cdio_read_data_sectors (p_cdio, _dirbuf, p_stat->lsn, +- ISO_BLOCKSIZE, p_stat->secsize)) +- return NULL; ++ ISO_BLOCKSIZE, p_stat->secsize)) { ++ _cdio_list_free (retval, true); ++ return NULL; ++ } + + while (offset < (p_stat->secsize * ISO_BLOCKSIZE)) + { +@@ -1401,14 +1417,14 @@ + } + + free (_dirbuf); ++ free(p_stat->rr.psz_symlink); + +- if (offset != (p_stat->secsize * ISO_BLOCKSIZE)) { +- free (p_stat); ++ if (offset != (p_stat->secsize * ISO_BLOCKSIZE)) { ++ free (p_stat); + _cdio_list_free (retval, true); + return NULL; + } + +- free (p_stat->rr.psz_symlink); + free (p_stat); + return retval; + } +@@ -1528,6 +1563,16 @@ + } + + /*! ++ Free the passed iso9660_stat_t structure. ++ */ ++void ++iso9660_stat_free(iso9660_stat_t *p_stat) ++{ ++ if (p_stat != NULL) ++ free(p_stat); ++} ++ ++/*! + Return true if ISO 9660 image has extended attrributes (XA). + */ + bool +@@ -1580,11 +1625,11 @@ + if ( have_rr != yep) { + have_rr = iso_have_rr_traverse (p_iso, p_stat, &splitpath[1], pu_file_limit); + } ++ free(p_stat); + if (have_rr != nope) { + free (_dirbuf); + return have_rr; + } +- free(p_stat); + + offset += iso9660_get_dir_len(p_iso9660_dir); + *pu_file_limit = (*pu_file_limit)-1; diff --git a/SOURCES/CVE-2017-18201.patch b/SOURCES/CVE-2017-18201.patch new file mode 100644 index 0000000..6aea772 --- /dev/null +++ b/SOURCES/CVE-2017-18201.patch @@ -0,0 +1,286 @@ +From e73a8bb23a4405b32cc7708771833f6c4e6b2426 Mon Sep 17 00:00:00 2001 +From: "R. Bernstein" +Date: Tue, 26 Sep 2017 16:29:15 -0400 +Subject: [PATCH] handle bad iso 9660 better. Fixes bug #52091 + +src/iso-info.c: reflect errors in getting information back in exit code +lib/iso9660_fs.c: bail when we there is bad stat info for a directory + change interface to report failure +src/util.h: bump copyright +test/data/bad-dir.iso: bad ISO 9660 +test/check_bad_iso.sh: test program +test/check_iso.sh.in: expect nonzero RC on failures +--- + lib/iso9660/iso9660_fs.c | 6 +++++- + src/iso-info.c | 27 +++++++++++++++++---------- + src/util.c | 4 ++-- + test/Makefile.am | 3 ++- + test/check_bad_iso.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + test/check_iso.sh.in | 19 ++++++++++++------- + test/data/Makefile.am | 1 + + test/data/bad-dir.iso | Bin 0 -> 49152 bytes + 8 files changed, 85 insertions(+), 21 deletions(-) + create mode 100755 test/check_bad_iso.sh + create mode 100644 test/data/bad-dir.iso + +diff --git a/lib/iso9660/iso9660_fs.c b/lib/iso9660/iso9660_fs.c +index 8758a234..d3fb4069 100644 +--- a/lib/iso9660/iso9660_fs.c ++++ b/lib/iso9660/iso9660_fs.c +@@ -1,5 +1,5 @@ + /* +- Copyright (C) 2003-2008, 2011-2013 Rocky Bernstein ++ Copyright (C) 2003-2008, 2011-2015, 2017 Rocky Bernstein + Copyright (C) 2001 Herbert Valerio Riedel + + This program is free software: you can redistribute it and/or modify +@@ -1394,6 +1394,10 @@ iso9660_ifs_readdir (iso9660_t *p_iso, const char psz_path[]) + + if (p_iso9660_stat) + _cdio_list_append (retval, p_iso9660_stat); ++ else { ++ cdio_warn("Invalid directory stat at offset %lu", (unsigned long)offset); ++ break; ++ } + + offset += iso9660_get_dir_len(p_iso9660_dir); + } +diff --git a/src/iso-info.c b/src/iso-info.c +index 212ab335..b8a360e0 100644 +--- a/src/iso-info.c ++++ b/src/iso-info.c +@@ -1,5 +1,6 @@ + /* +- Copyright (C) 2004-2006, 2008, 2012-2013 Rocky Bernstein ++ Copyright (C) 2004-2006, 2008, 2012-2014, 2017 Rocky Bernstein ++ + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -212,7 +213,7 @@ _log_handler (cdio_log_level_t level, const char message[]) + gl_default_cdio_log_handler (level, message); + } + +-static void ++static int + print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[]) + { + CdioList_t *entlist; +@@ -222,6 +223,7 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[]) + char *translated_name = (char *) malloc(4096); + size_t translated_name_size = 4096; + entlist = iso9660_ifs_readdir (p_iso, psz_path); ++ int rc = 0; + + if (opts.print_iso9660) { + printf ("%s:\n", psz_path); +@@ -231,7 +233,7 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[]) + free(translated_name); + free(dirlist); + report( stderr, "Error getting above directory information\n" ); +- return; ++ return 1; + } + + /* Iterate over files in this directory */ +@@ -241,13 +243,16 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[]) + iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode); + char *psz_iso_name = p_statbuf->filename; + char _fullname[4096] = { 0, }; +- if (strlen(psz_iso_name) >= translated_name_size) { ++ if (strlen(psz_iso_name) == 0) ++ continue; ++ ++ if (strlen(psz_iso_name) >= translated_name_size) { + translated_name_size = strlen(psz_iso_name)+1; + free(translated_name); + translated_name = (char *) malloc(translated_name_size); + if (!translated_name) { + report( stderr, "Error allocating memory\n" ); +- return; ++ return 2; + } + } + +@@ -297,16 +302,17 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[]) + { + char *_fullname = _cdio_list_node_data (entnode); + +- print_iso9660_recurse (p_iso, _fullname); ++ rc += print_iso9660_recurse (p_iso, _fullname); + } + + _cdio_list_free (dirlist, true); ++ return rc; + } + +-static void ++static int + print_iso9660_fs (iso9660_t *iso) + { +- print_iso9660_recurse (iso, "/"); ++ return print_iso9660_recurse (iso, "/"); + } + + static void +@@ -429,6 +435,7 @@ main(int argc, char *argv[]) + + iso9660_t *p_iso=NULL; + iso_extension_mask_t iso_extension_mask = ISO_EXTENSION_ALL; ++ int rc = EXIT_SUCCESS; + + init(); + +@@ -498,7 +505,7 @@ main(int argc, char *argv[]) + printf("Note: both -f and -l options given -- " + "-l (long listing) takes precidence\n"); + } +- print_iso9660_fs(p_iso); ++ rc = print_iso9660_fs(p_iso); + } else if (opts.print_udf) { + print_udf_fs(); + } +@@ -508,5 +515,5 @@ main(int argc, char *argv[]) + iso9660_close(p_iso); + /* Not reached:*/ + free(program_name); +- return(EXIT_SUCCESS); ++ return(rc); + } +diff --git a/src/util.c b/src/util.c +index 4062ee2a..ad44a97c 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1,5 +1,5 @@ + /* +- Copyright (C) 2003-2010, 2012-2013 Rocky Bernstein ++ Copyright (C) 2003-2010, 2012-2014, 2017 Rocky Bernstein + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -56,7 +56,7 @@ print_version (char *program_name, const char *version, + if (no_header == 0) { + report( stdout, + "%s version %s\n" +- "Copyright (c) 2003-2005, 2007-2008, 2011-2013 " ++ "Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 " + "R. Bernstein\n", + program_name, version); + report( stdout, +diff --git a/test/Makefile.am b/test/Makefile.am +index a2c57de2..cd370745 100644 +--- a/test/Makefile.am ++++ b/test/Makefile.am +@@ -47,7 +47,8 @@ test_lib_driver_util_CFLAGS = -DDATA_DIR=\"$(DATA_DIR)\" + testpregap_CFLAGS = -DDATA_DIR=\"$(DATA_DIR)\" + + check_SCRIPTS = check_nrg.sh check_cue.sh check_cd_read.sh check_udf.sh \ +- check_iso.sh check_fuzzyiso.sh check_opts.sh \ ++ check_iso.sh check_bad_iso.sh \ ++ check_fuzzyiso.sh check_opts.sh \ + check_iso_read.sh + + check_udf.sh: @abs_top_builddir@/example/extract$(EXEEXT) +diff --git a/test/check_bad_iso.sh b/test/check_bad_iso.sh +new file mode 100755 +index 00000000..1ca3b6ca +--- /dev/null ++++ b/test/check_bad_iso.sh +@@ -0,0 +1,46 @@ ++#!/bin/sh ++ ++if test "X$abs_top_srcdir" = "X" ; then ++ abs_top_srcdir=/src/external-vcs/savannah/libcdio ++fi ++ ++if test -z $srcdir ; then ++ srcdir=$(pwd) ++fi ++ ++if test "X$top_builddir" = "X" ; then ++ top_builddir=$(pwd)/.. ++fi ++ ++. ${top_builddir}/test/check_common_fn ++ ++if test ! -x ../src/iso-info ; then ++ exit 77 ++fi ++ ++BASE=$(basename $0 .sh) ++fname=bad-dir ++ ++RC=0 ++ ++opts="--quiet ${abs_top_srcdir}/test/data/${fname}.iso" ++cmdname=iso-info ++cmd=../src/iso-info ++if ! "${cmd}" --no-header ${opts} 2>&1 ; then ++ echo "$0: unexpected failure" ++ RC=1 ++fi ++ ++opts="--quiet ${abs_top_srcdir}/test/data/${fname}.iso --iso9660" ++if "${cmd}" --no-header ${opts} 2>&1 ; then ++ ((RC+=1)) ++else ++ echo "$0: expected failure" ++fi ++ ++exit $RC ++ ++#;;; Local Variables: *** ++#;;; mode:shell-script *** ++#;;; eval: (sh-set-shell "bash") *** ++#;;; End: *** +diff --git a/test/check_iso.sh.in b/test/check_iso.sh.in +index c3e219b8..7ccf82cf 100755 +--- a/test/check_iso.sh.in ++++ b/test/check_iso.sh.in +@@ -1,11 +1,11 @@ +-#!/bin/sh ++#!@SHELL@ + + if test -z $srcdir ; then +- srcdir=`pwd` ++ srcdir=$(pwd) + fi + + if test "X$top_builddir" = "X" ; then +- top_builddir=`pwd`/.. ++ top_builddir=$(pwd)/.. + fi + + . ${top_builddir}/test/check_common_fn +@@ -14,7 +14,7 @@ if test ! -x ../src/iso-info@EXEEXT@ ; then + exit 77 + fi + +-BASE=`basename $0 .sh` ++BASE=$(basename $0 .sh) + fname=copying + + opts="--quiet ${srcdir}/data/${fname}.iso --iso9660 " +@@ -46,7 +46,7 @@ if test -n "@HAVE_ROCK@"; then + fi + + if test -n "@HAVE_JOLIET@" ; then +- BASE=`basename $0 .sh` ++ BASE=$(basename $0 .sh) + fname=joliet + opts="--quiet ${srcdir}/data/${fname}.iso --iso9660 " + test_iso_info "$opts" ${fname}-nojoliet.dump ${srcdir}/${fname}.right + + +diff --git a/test/data/Makefile.am b/test/data/Makefile.am +index 5e913cf9..1b8a5655 100644 +--- a/test/data/Makefile.am ++++ b/test/data/Makefile.am +@@ -5,6 +5,7 @@ check_DATA = \ + bad-cat2.toc \ + bad-cat3.cue \ + bad-cat3.toc \ ++ bad-dir.iso \ + bad-file.toc \ + bad-mode1.cue \ + bad-mode1.toc \ diff --git a/SOURCES/cdio_config.h b/SOURCES/cdio_config.h new file mode 100644 index 0000000..9b01c00 --- /dev/null +++ b/SOURCES/cdio_config.h @@ -0,0 +1,29 @@ +/* + * Kluge to support multilib installation of both 32- and 64-bit RPMS: + * we need to arrange that header files that appear in both RPMs are + * identical. Hence, this file is architecture-independent and calls + * in an arch-dependent file that will appear in just one RPM. + * + * To avoid breaking arches not explicitly supported by Red Hat, we + * use this indirection file *only* on known multilib arches. + * + * Note: this may well fail if user tries to use gcc's -I- option. + * But that option is deprecated anyway. + */ +#if defined(__x86_64__) +#include "cdio_config_x86_64.h" +#elif defined(__i386__) +#include "cdio_config_i386.h" +#elif defined(__ppc64__) || defined(__powerpc64__) +#include "cdio_config_ppc64.h" +#elif defined(__ppc__) || defined(__powerpc__) +#include "cdio_config_ppc.h" +#elif defined(__s390x__) +#include "cdio_config_s390x.h" +#elif defined(__s390__) +#include "cdio_config_s390.h" +#elif defined(__sparc__) && defined(__arch64__) +#include "cdio_config_sparc64.h" +#elif defined(__sparc__) +#include "cdio_config_sparc.h" +#endif diff --git a/SOURCES/libcdio-no_date_footer.hml b/SOURCES/libcdio-no_date_footer.hml new file mode 100644 index 0000000..4886c65 --- /dev/null +++ b/SOURCES/libcdio-no_date_footer.hml @@ -0,0 +1,4 @@ +
+Generated for $projectname by doxygen +$doxygenversion
diff --git a/SPECS/libcdio.spec b/SPECS/libcdio.spec new file mode 100644 index 0000000..1f35779 --- /dev/null +++ b/SPECS/libcdio.spec @@ -0,0 +1,319 @@ +Name: libcdio +Version: 0.92 +Release: 3%{?dist} +Summary: CD-ROM input and control library +Group: System Environment/Libraries +License: GPLv3+ +URL: http://www.gnu.org/software/libcdio/ +Source0: http://ftp.gnu.org/gnu/libcdio/libcdio-0.92.tar.gz +Source1: http://ftp.gnu.org/gnu/libcdio/libcdio-0.92.tar.gz.sig +Source2: libcdio-no_date_footer.hml +Source3: cdio_config.h +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: pkgconfig doxygen +BuildRequires: ncurses-devel +BuildRequires: help2man +Requires(post): /sbin/ldconfig +Requires(post): /sbin/install-info +Requires(preun): /sbin/install-info +BuildRequires: gettext-devel +BuildRequires: chrpath + + +Patch0: CVE-2017-18201.patch +#Following patches (1-4) also fix CVE-2017-18199 +Patch1: CVE-2017-18198-part1.patch +Patch2: CVE-2017-18198-part2.patch +Patch3: CVE-2017-18198-part3.patch +Patch4: CVE-2017-18198-part4.patch + +%description +This library provides an interface for CD-ROM access. It can be used +by applications that need OS- and device-independent access to CD-ROM +devices. + +%package devel +Summary: Header files and libraries for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +This package contains header files and libraries for %{name}. + + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p3 +%patch4 -p3 + +f=src/cd-paranoia/doc/ja/cd-paranoia.1.in +iconv -f euc-jp -t utf-8 -o $f.utf8 $f && mv $f.utf8 $f +iconv -f ISO88591 -t utf-8 -o THANKS.utf8 THANKS && mv THANKS.utf8 THANKS + +%build +%configure \ + --disable-vcd-info \ + --disable-dependency-tracking \ + --disable-cddb \ + --disable-static \ + --disable-rpath +make %{?_smp_mflags} + +# another multilib fix; remove the architecture information from version.h +sed -i -e "s,%{version}.*$,%{version}\\\",g" include/cdio/version.h + +cd doc/doxygen +sed -i -e "s,HTML_FOOTER.*$,HTML_FOOTER = libcdio-no_date_footer.hml,g; \ + s,EXCLUDE .*$,EXCLUDE = ../../include/cdio/cdio_config.h,g;" Doxyfile +cp %{SOURCE2} . +./run_doxygen + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT + +# multilib header hack; taken from postgresql.spec +case `uname -i` in + i386 | x86_64 | ppc | ppc64 | s390 | s390x | sparc | sparc64 ) + mv $RPM_BUILD_ROOT%{_includedir}/cdio/cdio_config.h $RPM_BUILD_ROOT%{_includedir}/cdio/cdio_config_`uname -i`.h + install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/cdio + ;; + *) + ;; +esac + +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';' + +rm -rf examples +mkdir -p examples/C++ +cp -a example/{*.c,README} examples +cp -a example/C++/{*.cpp,README} examples/C++ + +# fix timestamps of generated man-pages +for i in cd-info iso-read iso-info cd-read cd-drive; do + # remove build architecture information from man pages + sed -i -e 's, version.*linux-gnu,,g' $RPM_BUILD_ROOT%{_mandir}/man1/$i.1 + # remove libtool leftover from man pages + sed -i -e 's,lt-,,g;s,LT-,,g' $RPM_BUILD_ROOT%{_mandir}/man1/$i.1 + # fix timestamps to be the same in all packages + touch -r src/$i.help2man $RPM_BUILD_ROOT%{_mandir}/man1/$i.1 +done + +# remove rpath +chrpath --delete $RPM_BUILD_ROOT%{_bindir}/* +chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so.* + +%check +# disable test using local CDROM +%{__sed} -i -e "s,testiso9660\$(EXEEXT),,g" \ + -e "s,testisocd\$(EXEEXT),,g" \ + -e "s,check_paranoia.sh check_opts.sh, check_opts.sh,g" \ + test/Makefile +make check + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%post +/sbin/ldconfig +/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir 2>/dev/null || : + +%preun +if [ $1 = 0 ]; then + /sbin/install-info --delete %{_infodir}/%{name}.info \ + %{_infodir}/dir 2>/dev/null || : +fi + +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING NEWS README README.libcdio THANKS TODO +%{_bindir}/* +%{_libdir}/*.so.* +%{_infodir}/* +%{_mandir}/man1/* + + +%files devel +%defattr(-,root,root,-) +%doc doc/doxygen/html examples +%{_includedir}/cdio +%{_includedir}/cdio++ +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + + +%changelog +* Mon Jun 18 2018 Jakub Martisko - 0.92-3 +- fix CVE-2017-18198 and CVE-2017-18199 +- Resolves: rhbz#1553769 +- Resolves: rhbz#1553604 + +* Mon Jun 18 2018 Jakub Martisko - 0.92-2 +- fix CVE-2017-18201 +- Resolves: rhbz#1553621 + +* Mon Dec 16 2013 Adrian Reber - 0.92-1 +- updated to 0.92 +- Resolves: rhbz#1065642 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.90-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 0.90-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Nov 22 2012 Adrian Reber - 0.90-1 +- updated to 0.90 + +* Tue Jul 24 2012 Adrian Reber - 0.83-5 +- fixed #477288 (libcdio-devel multilib conflict) again + +* Thu Jul 19 2012 Fedora Release Engineering - 0.83-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Mar 23 2012 Adrian Reber - 0.83-3 +- fixed #804484 (/usr/bin/cd-info was killed by signal 11) + +* Fri Jan 13 2012 Fedora Release Engineering - 0.83-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sun Nov 13 2011 Adrian Reber - 0.83-1 +- updated to 0.83 + +* Mon May 30 2011 Honza Horak - 0.82-5 +- applied patch to fix issues found by static analyses + +* Thu May 19 2011 Honza Horak - 0.82-4 +- fixed #705673 buffer overflow and other unprotected sprintf calls + +* Mon Feb 07 2011 Fedora Release Engineering - 0.82-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jan 28 2010 Adrian Reber - 0.82-2 +- disabled building of static libraries (#556064) +- removed "Requires: pkgconfig" (rpm adds it automatically) + +* Wed Jan 20 2010 Roman Rakus rrakus@redhat.com 0.82-1 +- Update to 0.82 +- removed rpath +- converted THANKS to utf8 + +* Fri Jul 24 2009 Fedora Release Engineering - 0.81-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 0.81-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Oct 07 2008 Adrian Reber - 0.81-1 +- updated to 0.81 +- license changed to GPLv3+ +- fixed #477288 (libcdio-devel multilib conflict) +- applied patch to fix endless loop in mock + +* Tue Oct 07 2008 Adrian Reber - 0.80-5 +- fixed #462125 (Multilib conflict) - really, really, really + (also remove architecture information from man pages) + +* Thu Oct 02 2008 Adrian Reber - 0.80-4 +- fixed #462125 (Multilib conflict) - this time for real + +* Fri Sep 12 2008 Adrian Reber - 0.80-3 +- fixed #462125 (Multilib conflict) + +* Wed Jun 4 2008 Tomas Bzatek - 0.80-2 +- added patch enabling libcdio_paranoia.pc + +* Thu May 29 2008 Adrian Reber - 0.80-1 +- updated to 0.80 +- removed upstreamed patches +- last GPLv2+ release + +* Thu Feb 14 2008 Adrian Reber - 0.79-3 +- added patch to compile with gcc43 + +* Fri Jan 04 2008 Adrian Reber - 0.79-2 +- fixed security fix (was off by two) + +* Wed Jan 02 2008 Adrian Reber - 0.79-1 +- updated to 0.79 +- fixes #427197 (Long Joliet file name overflows cdio's buffer) +- fixes #341981 (multiarch conflicts in libcdio) + +* Fri Aug 24 2007 Adrian Reber - 0.78.2-3 +- rebuilt + +* Mon Jul 23 2007 Adrian Reber - 0.78.2-2 +- updated to 0.78.2 (#221359) (this time for real) + +* Thu Jan 04 2007 Adrian Reber - 0.78.2-1 +- updated to 0.78.2 (#221359) + +* Thu Oct 05 2006 Adrian Reber - 0.77-3 +- disabled iso9660 test case (fails for some reason with date problems) + this seems to be a known problem according to the ChangeLog + +* Thu Oct 05 2006 Christian Iseli 0.77-2 + - rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Fri Sep 22 2006 Adrian Reber - 0.77-1 +- Updated to 0.77 + +* Mon Sep 18 2006 Adrian Reber - 0.76-3 +- Rebuilt + +* Mon Sep 26 2005 Adrian Reber - 0.76-2 +- Rebuilt + +* Mon Sep 26 2005 Adrian Reber - 0.76-1 +- Updated to 0.76. +- Included doxygen generated documentation into -devel +- Included examples into -devel + +* Mon Aug 01 2005 Adrian Reber - 0.75-4 +- disable test accessing local CDROM drive (#164266) + +* Wed Jul 27 2005 Adrian Reber - 0.75-3 +- Rebuilt without libcddb dependency (#164270) + +* Tue Jul 26 2005 Adrian Reber - 0.75-2 +- Rebuilt + +* Thu Jul 14 2005 Adrian Reber - 0.75-1 +- Updated to 0.75. + +* Fri Jun 03 2005 Adrian Reber - 0.74-2 +- Updated to 0.74. + +* Sun Apr 24 2005 Ville Skyttä - 0.73-2 +- BuildRequire ncurses-devel (for cdda-player and cd-paranoia). +- Run test suite during build. +- Install Japanese man pages. + +* Sun Apr 24 2005 Adrian Reber - 0.73-1 +- Updated to 0.73. + +* Fri Mar 18 2005 Ville Skyttä - 0.70-2 +- Fix FC4 build (#151468). +- Build with dependency tracking disabled. + +* Sun Sep 5 2004 Marius L. Jøhndal - 0:0.70-0.fdr.1 +- Updated to 0.70. + +* Sat Jul 17 2004 Marius L. Jøhndal - 0:0.69-0.fdr.1 +- Updated to 0.69. +- Removed broken iso-read. +- Split Requires(pre,post). +- Added BuildReq pkgconfig. + +* Mon Mar 29 2004 Marius L. Jøhndal - 0:0.68-0.fdr.1 +- Initial RPM release. +