Hello community, here is the log from the commit of package timidity for openSUSE:Factory checked in at Thu Jul 9 11:21:45 CEST 2009. -------- --- timidity/timidity.changes 2008-09-25 16:47:45.000000000 +0200 +++ timidity/timidity.changes 2009-06-30 15:33:54.000000000 +0200 @@ -1,0 +2,5 @@ +Tue Jun 30 15:32:58 CEST 2009 - tiwai@suse.de + +- fix array subscript overflow in server_c.c (bnc#517719) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- timidity-server-warning-fixes.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ timidity.spec ++++++ --- /var/tmp/diff_new_pack.cxawkh/_old 2009-07-09 11:13:41.000000000 +0200 +++ /var/tmp/diff_new_pack.cxawkh/_new 2009-07-09 11:13:41.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package timidity (Version 2.13.2) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: timidity Summary: Software Synthesizer and MIDI Player Version: 2.13.2 -Release: 247 +Release: 248 Group: Productivity/Multimedia/Sound/Midi AutoReqProv: on License: GPL v2 or later @@ -29,7 +29,9 @@ %define package_version 2.13.2 %define _use_internal_dependency_generator 0 %define my_provides /tmp/my-provides -BuildRequires: arts-devel esound-devel gtk2-devel libao-devel ncurses-devel openmotif openmotif-devel slang-devel tk-devel update-desktop-files xaw3d +BuildRequires: alsa-devel arts-devel esound-devel libao-devel libjack-devel +BuildRequires: gtk2-devel ncurses-devel openmotif-devel slang-devel tk-devel +BuildRequires: update-desktop-files xaw3d %if 0%{?suse_version} > 1020 BuildRequires: fdupes xaw3d-devel %endif @@ -46,6 +48,7 @@ Patch4: timidity-alsaseq-poll-fix.diff Patch5: timidity-fonts-fix.diff Patch6: timidity-tcl8.5-fix.diff +Patch7: timidity-server-warning-fixes.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -69,6 +72,7 @@ %patch4 %patch5 %patch6 +%patch7 -p1 # save the original INSTALL file mv INSTALL INSTALL-orig @@ -172,215 +176,3 @@ %{_datadir}/xemacs %changelog -* Thu Sep 25 2008 lrupp@suse.de -- build on older distributions -- disable internal dependency generator -* Wed Apr 16 2008 tiwai@suse.de -- fix build with tcl8.5 -* Tue Jan 15 2008 tiwai@suse.de -- fix app-defaults for UTF-8 japanese locale (#353816) -- fix fonts to work without 100dpi fonts -* Thu Aug 02 2007 tiwai@suse.de -- fix alsaseq polling at idle time -- clean up spec file -* Wed Jun 20 2007 tiwai@suse.de -- fix fdupes usage -- fix encoding of ja_JP documents -* Tue Jun 12 2007 tiwai@suse.de -- add missing libao support -- use fdupes to make rpmlint happy -* Fri Jun 01 2007 dmueller@suse.de -- fix buildrequires -* Wed May 23 2007 tiwai@suse.de -- fixed path in non-executable *.tcl files -* Mon Apr 02 2007 rguenther@suse.de -- add ncurses-devel BuildRequires -* Wed Jan 31 2007 tiwai@suse.de -- fix invalid array access (#240161) -- fix broken gcc4-fix patch -* Wed Aug 30 2006 ro@suse.de -- add a newline to autoconf/arts.m4 for new m4 -* Thu Aug 03 2006 tiwai@suse.de -- fixed app-defaults path to /usr/share/X11. -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Fri Dec 02 2005 tiwai@suse.de -- fixed compile warning (#134737). -* Thu Oct 13 2005 tiwai@suse.de -- removed glib* from neededforbuild. -* Tue May 10 2005 meissner@suse.de -- use RPM_OPT_FLAGS. Fix problems spotted by gcc4. -* Thu Apr 14 2005 sbrabec@suse.cz -- Added audiofile-devel to neededforbuild. -* Fri Apr 08 2005 tiwai@suse.de -- fix compilation with gcc-4.0. -* Fri Jan 21 2005 tiwai@suse.de -- updated to version 2.13.2. -- link with gtk2. -* Thu Aug 05 2004 tiwai@suse.de -- updated to 2.13.0 final. -- enabled server mode again. -* Mon Mar 01 2004 tiwai@suse.de -- updated to 2.13.0-rc2 tarball. -* Fri Feb 27 2004 tiwai@suse.de -- updated to 2.13.0-rc2 (cvs version). -- build interfaces as dynamic objects. -- fixed the path of timidity.el. -* Tue Feb 17 2004 adrian@suse.de -- fix Categories -* Wed Feb 11 2004 tiwai@suse.de -- updated to version 2.13.0-rc1. -- added glib2 and glib2-devel for arts. -* Mon Jan 12 2004 adrian@suse.de -- build as user -* Fri Jan 09 2004 tiwai@suse.de -- updated to cvs 2004.01.09 version. -* Mon Nov 17 2003 tiwai@suse.de -- updated to cvs 2003.11.17 version. - all patches have been merged. -- use /etc/timidity.cfg as the config file (bug #32486). -* Thu Sep 18 2003 tiwai@suse.de -- fixed a segfault when a non-existing drum is played. -- fixed the fallback device detection. -* Mon Sep 15 2003 tiwai@suse.de -- added desktop icon. -* Fri Sep 12 2003 tiwai@suse.de -- security fix for realtime-priority mode. -- added RT-priority and sequencer ports options. -- fixed the effect table. -- fixed the option parser. -* Mon Sep 08 2003 tiwai@suse.de -- use the absolute path in desktop file to avoid the name - confliction. -* Thu Sep 04 2003 adrian@suse.de -- it is installed by default -> hide menu entry by default -* Wed Sep 03 2003 tiwai@suse.de -- fixed the generation of tclIndex on build system. -- clean up make install stuffs. -* Tue Sep 02 2003 tiwai@suse.de -- fixed the xaw interface bug. -- exit timidity properly when the interface is killed. -- install japanese X resource files. -* Wed Aug 27 2003 tiwai@suse.de -- improved the rendering resolution on ALSA sequencer interface. - supporting non-stream type output devices like WAV. -- set the proper client name on ALSA sequener interface. -* Mon Aug 25 2003 tiwai@suse.de -- updated to cvs 2003.08.25. - supporting JACK output. -- fixed neededforbuild for JACK support. -* Tue Aug 19 2003 tiwai@suse.de -- updated to cvs version 2003.08.19. - supported long options. -- use xaw interface for desktop command. -* Fri Aug 15 2003 adrian@suse.de -- add desktop file -* Thu Jul 24 2003 tiwai@suse.de -- added tk-devel to neededforbuild. -* Wed Jul 23 2003 uli@suse.de -- no ALSA on s390* -* Tue Jul 22 2003 tiwai@suse.de -- updated to cvs 2003.07.22. - fixed the fallback output-device. -- added aRts output support. -* Mon Jul 14 2003 sbrabec@suse.cz -- GNOME prefix change to /opt/gnome. -* Mon Jul 07 2003 tiwai@suse.de -- updated to cvs 2003.07.07. -- removed obsolete documents. -* Thu Jul 03 2003 tiwai@suse.de -- fixed the build on x86-64. -* Wed Jul 02 2003 tiwai@suse.de -- use the nightly tarball 2003.07.02 including many fixes. -* Thu Jun 05 2003 ro@suse.de -- remove unpackaged files from buildroot -* Thu Aug 29 2002 tiwai@suse.de -- fixed alsaseq interface to initialize effects (bug #18558). -* Tue Aug 20 2002 tiwai@suse.de -- fixed the declarations of variables on 64bit architectures. -* Mon Aug 12 2002 tiwai@suse.de -- updated to the patch to 20020804 version. -* Mon Aug 12 2002 schwab@suse.de -- Fix makefile. -* Mon Jul 15 2002 tiwai@suse.de -- added detection of tcl/tk 8.4. -* Wed Jul 03 2002 tiwai@suse.de -- fixed seg-fault on alsa seq interface mode. -* Mon Jul 01 2002 tiwai@suse.de -- updated to version 2.12.0-pre1b. - alsa 0.9 patch is already included. -- added unofficial enhancement patches. -* Fri May 31 2002 ro@suse.de -- changed neededforbuild <slang> to <slang slang-devel> -* Mon May 06 2002 tiwai@suse.de -- fixed __libdir. -* Mon Apr 08 2002 ro@suse.de -- build with current automake/autoconf -* Thu Mar 07 2002 tiwai@suse.de -- open the device with non-block mode on alsa output. -* Mon Feb 18 2002 tiwai@suse.de -- fixed the path in default config file (Bug #13392). -* Fri Feb 01 2002 ro@suse.de -- changed neededforbuild <libpng> to <libpng-devel-packages> -* Tue Jan 22 2002 ttiwai@suse.de -- updated to version 2.11.3 (bug fixed version). -- added %%defattr to filelist. -* Tue Jan 15 2002 tiwai@suse.de -- updated to version 2.11.2. (bug-fixed version) -- regenerated alsa9 patch. -* Wed Jan 02 2002 tiwai@suse.de -- updated to version 2.11.1. -- removed (already integrated) patches for soundfont support. -* Mon Dec 03 2001 tiwai@suse.de -- corrected patch for ALSA 0.9.0. -* Mon Nov 05 2001 tiwai@suse.de -- updated to version 2.11.0-pre2. -- fixed build with the latest automake. -- improved lowpass filter in soundfont emulation. -* Thu Oct 25 2001 tiwai@suse.de -- fixed incorrect tuning on some soundfonts. -- added suse_update_config. -* Mon Oct 08 2001 tiwai@suse.de -- support playback of RMI file (bug #11680). -* Fri Jul 13 2001 tiwai@suse.de -- use _prefix and co. -- fixed filelist. -- fixed compile on ia64. -* Mon Apr 02 2001 uli@suse.de -- small fix for gcc >2.96 -* Fri Mar 23 2001 tiwai@suse.de -- fixed typo of documents location. -* Tue Mar 20 2001 tiwai@suse.de -- updated to ver.2.10.4. -- added slang to neededforbuild. -- updated options.html. -- removed Makefile* from documents. -* Mon Mar 12 2001 tiwai@suse.de -- updated to ver.2.10.3. -- Add README.SuSE and options.html as separate files. -* Mon Dec 11 2000 tiwai@suse.de -- added a sample patchset (out of kmidi). -* Wed Nov 29 2000 tiwai@suse.de -- fixed big-endian support on alsa output device. -* Wed Nov 29 2000 ro@suse.de -- changed neededforbuild <tcld> to <tcl-devel> -* Tue Nov 21 2000 ro@suse.de -- use openmotif -* Tue Nov 14 2000 tiwai@suse.de -- Updated to 2.10.2. -* Tue Sep 26 2000 tiwai@suse.de -- Update of ALSA-0.6.0 support. -* Fri Sep 01 2000 tiwai@suse.de -- Bugfix of ALSA sequencer interface and ALSA audio output. -- Support for ALSA 0.6.0 (not enabled by build though). -* Tue Aug 15 2000 tiwai@suse.de -- update to official version 2.10.0 -- small alsaseq interface bugfix -* Tue Aug 01 2000 tiwai@suse.de -- update to version 2.10.0a3 (with the latest alsaseq patch) -- add ALSA and ESD outputs -- fix tcl/tk check in configure script -* Thu May 25 2000 freitag@suse.de -- update to version 2.9.4 -* Mon Feb 07 2000 freitag@suse.de -- initial version 2.8.1 ++++++ timidity-server-warning-fixes.diff ++++++ https://bugzilla.novell.com/show_bug.cgi?id=517719 --- interface/server_c.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/interface/server_c.c +++ b/interface/server_c.c @@ -468,11 +468,13 @@ } if(n == 0) return 1; - if((params[0] = strtok(buff, " \t\r\n\240")) == NULL) - return 0; *nparams = 0; - while(params[*nparams] && *nparams < MAX_GETCMD_PARAMS) - params[++(*nparams)] = strtok(NULL," \t\r\n\240"); + do { + params[*nparams] = strtok(*nparams ? NULL : buff, " \t\r\n\240"); + if (!params[*nparams]) + break; + (*nparams)++; + } while (*nparams < MAX_GETCMD_PARAMS); return 0; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org