commit opus for openSUSE:Factory

1 Mar 2017

Hello community,

here is the log from the commit of package opus for openSUSE:Factory checked in at 2017-03-01 23:41:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/opus (Old)
 and      /work/SRC/openSUSE:Factory/.opus.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "opus"

Wed Mar  1 23:41:28 2017 rev:15 rq:460731 version:1.1.4

Changes:
--------

--- /work/SRC/openSUSE:Factory/opus/opus.changes	2017-01-24 10:27:37.399561795 +0100
+++ /work/SRC/openSUSE:Factory/.opus.new/opus.changes	2017-03-01 23:41:29.743395452 +0100
@@ -1,0 +2,9 @@
+Sun Feb 26 23:08:38 UTC 2017 - zaitor@opensuse.org
+
+- Update to version 1.1.4 (CVE-2017-0381):
+  + A specially-crafted Opus packet could cause an integer
+    wrap-around in the SILK LSF stabilization code. This would
+    cause an out-of-bounds read 256 bytes before a constant table.
+- Drop opus-NLSF-not-negative.patch: Fixed upstream.
+
+-------------------------------------------------------------------

Old:
----
  opus-1.1.3.tar.gz
  opus-NLSF-not-negative.patch

New:
----
  opus-1.1.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ opus.spec ++++++
--- /var/tmp/diff_new_pack.WAQ2u1/_old	2017-03-01 23:41:30.435297876 +0100
+++ /var/tmp/diff_new_pack.WAQ2u1/_new	2017-03-01 23:41:30.443296748 +0100
@@ -19,7 +19,7 @@
 
 %define soname      0
 Name:           opus
-Version:        1.1.3
+Version:        1.1.4
 Release:        0
 Summary:        Opus Audio Codec Library
 License:        BSD-3-Clause
@@ -27,8 +27,6 @@
 Url:            http://opus-codec.org/
 Source:         http://downloads.xiph.org/releases/opus/%{name}-%{version}.tar.gz
 Source99:       baselibs.conf
-# PATCH-FIX-UPSTREAM opus-NLSF-not-negative.patch CVE-2017-0381 boo#1020102 zaitor@opensuse.org -- Ensure that NLSF cannot be negative when computing a min distance between them.
-Patch0:         opus-NLSF-not-negative.patch
 BuildRequires:  pkg-config
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -68,7 +66,6 @@
 
 %prep
 %setup -q
-%patch0 -p1
 
 %build
 %configure \

++++++ opus-1.1.3.tar.gz -> opus-1.1.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opus-1.1.3/configure new/opus-1.1.4/configure
--- old/opus-1.1.3/configure	2016-07-15 17:28:08.000000000 +0200
+++ new/opus-1.1.4/configure	2017-01-20 22:08:46.000000000 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for opus 1.1.3.
+# Generated by GNU Autoconf 2.69 for opus 1.1.4.
 #
 # Report bugs to .
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='opus'
 PACKAGE_TARNAME='opus'
-PACKAGE_VERSION='1.1.3'
-PACKAGE_STRING='opus 1.1.3'
+PACKAGE_VERSION='1.1.4'
+PACKAGE_STRING='opus 1.1.4'
 PACKAGE_BUGREPORT='opus@xiph.org'
 PACKAGE_URL=''
 
@@ -1398,7 +1398,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures opus 1.1.3 to adapt to many kinds of systems.
+\`configure' configures opus 1.1.4 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1468,7 +1468,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of opus 1.1.3:";;
+     short | recursive ) echo "Configuration of opus 1.1.4:";;
    esac
   cat <<\_ACEOF
 
@@ -1619,7 +1619,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-opus configure 1.1.3
+opus configure 1.1.4
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1988,7 +1988,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by opus $as_me 1.1.3, which was
+It was created by opus $as_me 1.1.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2382,7 +2382,7 @@
 
 # For libtool.
 OPUS_LT_CURRENT=5
-OPUS_LT_REVISION=3
+OPUS_LT_REVISION=4
 OPUS_LT_AGE=5
 
 
@@ -2865,7 +2865,7 @@
 
 # Define the identity of the package.
  PACKAGE='opus'
- VERSION='1.1.3'
+ VERSION='1.1.4'
 
 
 # Some tools Automake needs.
@@ -15265,7 +15265,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by opus $as_me 1.1.3, which was
+This file was extended by opus $as_me 1.1.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -15331,7 +15331,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-opus config.status 1.1.3
+opus config.status 1.1.4
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opus-1.1.3/configure.ac new/opus-1.1.4/configure.ac
--- old/opus-1.1.3/configure.ac	2016-07-15 17:28:06.000000000 +0200
+++ new/opus-1.1.4/configure.ac	2017-01-20 22:08:44.000000000 +0100
@@ -23,7 +23,7 @@
 # For libtool.
 dnl Please update these for releases.
 OPUS_LT_CURRENT=5
-OPUS_LT_REVISION=3
+OPUS_LT_REVISION=4
 OPUS_LT_AGE=5
 
 AC_SUBST(OPUS_LT_CURRENT)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opus-1.1.3/doc/Makefile.in new/opus-1.1.4/doc/Makefile.in
--- old/opus-1.1.3/doc/Makefile.in	2016-07-15 17:28:08.000000000 +0200
+++ new/opus-1.1.4/doc/Makefile.in	2017-01-20 22:08:45.000000000 +0100
@@ -391,8 +391,8 @@
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
-@HAVE_DOXYGEN_FALSE@install-data-local:
 @HAVE_DOXYGEN_FALSE@clean-local:
+@HAVE_DOXYGEN_FALSE@install-data-local:
 @HAVE_DOXYGEN_FALSE@uninstall-local:
 clean: clean-am
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opus-1.1.3/package_version new/opus-1.1.4/package_version
--- old/opus-1.1.3/package_version	2016-07-15 21:05:13.000000000 +0200
+++ new/opus-1.1.4/package_version	2017-01-20 22:08:49.000000000 +0100
@@ -1 +1 @@
-PACKAGE_VERSION="1.1.3"
+PACKAGE_VERSION="1.1.4"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opus-1.1.3/silk/NLSF_stabilize.c new/opus-1.1.4/silk/NLSF_stabilize.c
--- old/opus-1.1.3/silk/NLSF_stabilize.c	2016-07-06 15:42:05.000000000 +0200
+++ new/opus-1.1.4/silk/NLSF_stabilize.c	2017-01-20 21:44:14.000000000 +0100
@@ -130,7 +130,7 @@
 
         /* Keep delta_min distance between the NLSFs */
         for( i = 1; i < L; i++ )
-            NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], NLSF_Q15[i-1] + NDeltaMin_Q15[i] );
+            NLSF_Q15[i] = silk_max_int( NLSF_Q15[i], silk_ADD_SAT16( NLSF_Q15[i-1], NDeltaMin_Q15[i] ) );
 
         /* Last NLSF should be no higher than 1 - NDeltaMin[L] */
         NLSF_Q15[L-1] = silk_min_int( NLSF_Q15[L-1], (1<<15) - NDeltaMin_Q15[L] );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opus-1.1.3/version.mk new/opus-1.1.4/version.mk
--- old/opus-1.1.3/version.mk	2016-07-08 20:21:01.000000000 +0200
+++ new/opus-1.1.4/version.mk	2017-01-20 21:46:21.000000000 +0100
@@ -1,2 +1,2 @@
 # static version string; update manually every release.
-PACKAGE_VERSION = "1.1.3"
+PACKAGE_VERSION = "1.1.4"

    

commit opus for openSUSE:Factory

root＠hilbertn.suse.de