Hello community, here is the log from the commit of package xine-lib checked in at Mon Feb 18 12:07:52 CET 2008. -------- --- xine-lib/xine-lib.changes 2008-01-29 16:10:39.000000000 +0100 +++ /mounts/work_src_done/STABLE/xine-lib/xine-lib.changes 2008-02-15 10:36:32.000000000 +0100 @@ -1,0 +2,11 @@ +Fri Feb 15 10:34:49 CET 2008 - lnussel@suse.de + +- Update to 1.1.10.1: + * Security fix: Array index vulnerability which may allow remote + attackers to execute arbitrary code via a crafted FLAC tag, + causing a stack buffer overflow. (CVE-2008-0486) + * Fix a RealPlayer codec detection bug. + * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag + size. + +------------------------------------------------------------------- Old: ---- xine-lib-1.1.10-crippled.tar.bz2 xine-lib-1.1.10.tar.bz2 New: ---- xine-lib-1.1.10.1-crippled.tar.bz2 xine-lib-1.1.10.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xine-lib.spec ++++++ --- /var/tmp/diff_new_pack.hc7464/_old 2008-02-18 12:06:44.000000000 +0100 +++ /var/tmp/diff_new_pack.hc7464/_new 2008-02-18 12:06:44.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package xine-lib (Version 1.1.10) +# spec file for package xine-lib (Version 1.1.10.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -10,6 +10,7 @@ # norootforbuild + Name: xine-lib # --with-internal -> build xine+xine-internal # --without-internal -> don't build xine-internal @@ -32,8 +33,9 @@ BuildRequires: mad-devel %endif Recommends: opensuse-codecs-installer -Version: 1.1.10 +Version: 1.1.10.1 Release: 1 +%define abiversion 1.1.10 Summary: Video Player with Plug-Ins Group: Productivity/Multimedia/Video/Players License: GPL v2 or later; Public Domain, Freeware @@ -139,7 +141,7 @@ %package -n xine-internal # these libs are possibly illegal and may not work without libdvdcss anyway Summary: xine plugins for watching DVDs, DivX and more -Group: SuSE internal +Group: SUSE internal Requires: xine-lib = %version Provides: xine-lib:%_libdir/xine/plugins/1.0.0/xineplug_decode_mad.so xine-mad Obsoletes: xine-mad @@ -211,7 +213,7 @@ %install cd xine-lib-%version make install DESTDIR=%buildroot -LIB="%buildroot%_libdir/xine/plugins/%version" +LIB="%buildroot%_libdir/xine/plugins/%abiversion" # install documentation mkdir -p %buildroot%_defaultdocdir install -m 0644 %SOURCE10 COPYING AUTHORS %buildroot%_defaultdocdir/xine/ @@ -353,7 +355,7 @@ OUT_FILE="" grep -v ^# plugins | while read i; do [ "${i:0:1}" = "." ] && OUT_FILE=$i && continue - echo %_libdir/xine/plugins/%version/$i.so >> files$OUT_FILE + echo %_libdir/xine/plugins/%abiversion/$i.so >> files$OUT_FILE done %find_lang libxine1 cat libxine1.lang >>files @@ -366,7 +368,7 @@ rm -rf %buildroot/usr/share %buildroot/usr/bin rm -rf %buildroot%_defaultdocdir/xine %buildroot/usr/include rm -rf %buildroot/usr/lib/win32 %buildroot/%_libdir/pkgconfig -rm -rf %buildroot%_libdir/xine/plugins/%version/{post,vidix,mime.types} +rm -rf %buildroot%_libdir/xine/plugins/%abiversion/{post,vidix,mime.types} rm -f %buildroot%_libdir/libxine* %endif %if %BUILD_XINE > 0 @@ -393,14 +395,14 @@ %endif %dir /%_libdir/xine %dir /%_libdir/xine/plugins -%dir /%_libdir/xine/plugins/%version +%dir /%_libdir/xine/plugins/%abiversion %dir /usr/share/xine %dir /usr/share/xine/libxine1 %_libdir/libxine.so.* %_defaultdocdir/xine -%_libdir/xine/plugins/%version/post -%_libdir/xine/plugins/%version/vidix -%_libdir/xine/plugins/%version/mime.types +%_libdir/xine/plugins/%abiversion/post +%_libdir/xine/plugins/%abiversion/vidix +%_libdir/xine/plugins/%abiversion/mime.types # # xine fonts # cetus is a freeware font from http://www.fontfreak.com/authors/gregfonts.htm @@ -432,11 +434,19 @@ %defattr(-,root,root) %dir %_libdir/xine %dir %_libdir/xine/plugins -%dir %_libdir/xine/plugins/%version +%dir %_libdir/xine/plugins/%abiversion %dir /usr/share/xine %endif %changelog +* Fri Feb 15 2008 lnussel@suse.de +- Update to 1.1.10.1: + * Security fix: Array index vulnerability which may allow remote + attackers to execute arbitrary code via a crafted FLAC tag, + causing a stack buffer overflow. (CVE-2008-0486) + * Fix a RealPlayer codec detection bug. + * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag + size. * Tue Jan 29 2008 lnussel@suse.de - Update to 1.1.10: Maintenance release with security fix * Security fixes: ++++++ xine-lib-1.1.10-crippled.tar.bz2 -> xine-lib-1.1.10.1-crippled.tar.bz2 ++++++ ++++ 8245 lines of diff (skipped) ++++++ xine-lib-1.1.10-crippled.tar.bz2 -> xine-lib-1.1.10.1.tar.bz2 ++++++ xine-lib/xine-lib-1.1.10-crippled.tar.bz2 /mounts/work_src_done/STABLE/xine-lib/xine-lib-1.1.10.1.tar.bz2 differ: byte 11, line 1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org