Hello community,
here is the log from the commit of package libmms.2762 for openSUSE:12.3:Update checked in at 2014-05-02 13:54:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/libmms.2762 (Old)
and /work/SRC/openSUSE:12.3:Update/.libmms.2762.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libmms.2762"
Changes:
--------
New Changes file:
--- /dev/null 2014-04-28 00:21:37.460033756 +0200
+++ /work/SRC/openSUSE:12.3:Update/.libmms.2762.new/libmms.changes 2014-05-02 13:54:15.000000000 +0200
@@ -0,0 +1,41 @@
+-------------------------------------------------------------------
+Wed Apr 23 19:15:17 CEST 2014 - sbrabec@suse.cz
+
+- Fix a possible heap memory overrun
+ (CVE-2014-2892.patch, CVE-2014-2892, bnc#874723).
+
+-------------------------------------------------------------------
+Thu Nov 22 18:40:37 UTC 2012 - crrodriguez@opensuse.org
+
+- libmms-pkgconfig.patch: DO not inject bogus build
+ dependencies via pkgconfig files, in this case glib2 which
+ will pull pcre and so on...
+
+-------------------------------------------------------------------
+Mon Mar 5 14:00:05 UTC 2012 - toddrme2178@gmail.com
+
+- Added 32bit-compatibility package, needed by
+ gstreamer-0_10-plugins-bad-32bit
+
+-------------------------------------------------------------------
+Tue Sep 20 10:02:16 UTC 2011 - toddrme2178@gmail.com
+
+- Changed one remaining case of %{name}0 to %{name}%{soname}
+- Removed some extraneous spaces
+
+-------------------------------------------------------------------
+Fri Sep 16 10:01:18 UTC 2011 - toddrme2178@gmail.com
+
+- Added xine mailing list discussions about LGPL relicensing of
+ xine code
+- Added note in spec file about LGPL relicensing of xine code
+
+-------------------------------------------------------------------
+Thu Aug 4 15:21:22 UTC 2011 - toddrme2178@gmail.com
+
+- Switch to stored tarball rather that using the download service
+
+-------------------------------------------------------------------
+Sun Jan 23 13:43:16 UTC 2011 - reddwarf@opensuse.org
+
+- Update to 0.6.2
New:
----
CVE-2014-2892.patch
baselibs.conf
libmms-0.6.2.tar.bz2
libmms-pkgconfig.patch
libmms-relicensing-1.txt
libmms-relicensing-2.txt
libmms.changes
libmms.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libmms.spec ++++++
#
# spec file for package libmms
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define soname 0
Name: libmms
Version: 0.6.2
Release: 0
# NOTE: there are files from the xine project with GPL headers in the source,
# but these were re-licensed to LGPLv2+ with the explicit permission of all
# contributors.
# Please see the README.LICENSE file and the xine mailing list discussions in
# libmms-relicensing-1.txt and libmms-relicensing-2.txt
Summary: MMS stream protocol library
License: LGPL-2.1+
Group: System/Libraries
Url: http://www.sf.net/projects/%{name}
Source0: %{name}-%{version}.tar.bz2
Source1: libmms-relicensing-1.txt
Source2: libmms-relicensing-2.txt
Source3: baselibs.conf
BuildRequires: pkg-config
BuildRequires: pkgconfig(glib-2.0)
Patch0: libmms-pkgconfig.patch
# PATCH-FIX-SECURITY CVE-2014-2892.patch sbrabec@suse.cz bnc874723 -- Fix a possible heap memory overrun (CVE-2014-2892).
Patch1: CVE-2014-2892.patch
%description
LibMMS is a common library for parsing mms:// and mmsh:// type network streams.
These are commonly used to stream Windows Media Video content over the web.
LibMMS itself is only for receiving MMS stream, it doesn't handle sending at
all.
%package -n %{name}%{soname}
Summary: MMS stream protocol library
Group: System/Libraries
%description -n %{name}%{soname}
LibMMS is a common library for parsing mms:// and mmsh:// type network streams.
These are commonly used to stream Windows Media Video content over the web.
LibMMS itself is only for receiving MMS stream, it doesn't handle sending at
all.
%package -n %{name}-devel
Summary: Libmms development files
Group: Development/Libraries/C and C++
Requires: %{name}%{soname} = %{version}
Requires: glibc-devel
%description -n %{name}-devel
Headers and libraries to program against %{name}
%prep
%setup -q
%patch0
%patch1 -p1
%build
%configure --disable-static
%{__make} %{?_smp_mflags}
%install
%make_install
%{__rm} -f '%{buildroot}%{_libdir}/%{name}.la'
install -d -m 755 %{buildroot}%{_docdir}/%{name}%{soname}
install -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}%{soname}
install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}%{soname}
%post -n %{name}%{soname} -p /sbin/ldconfig
%postun -n %{name}%{soname} -p /sbin/ldconfig
%files -n %{name}%{soname}
%defattr(0644, root, root, 0755)
%doc AUTHORS ChangeLog COPYING.LIB README README.LICENSE
%{_libdir}/%{name}.so.%{soname}*
%files -n %{name}-devel
%defattr(0644, root, root, 0755)
%{_libdir}/%{name}.so
%{_includedir}/%{name}
%{_libdir}/pkgconfig/%{name}.pc
%changelog
++++++ CVE-2014-2892.patch ++++++
commit 03bcfccc22919c72742b7338d02859962861e0e8
Author: blutomat
Hi guys, I want to propose development of library for mms protocol support. Right now, each and every project that wants to support mms is required to implement all of SDP specs itself, due to lack of common library for that. To remedy that, I'd like to start project aimed at providing such a library. The benefits are as usual from using lib:
- no code duplication - larger userbase, more extensive testing - possible larger developer base - better feature parity between projects - single fix benefits all users etc.
Availability of such library would also benefit other projects, that may want to support mms, but cannot currently afford developing yet another proprietary implementation, like GStreamer or GnomeVFS, and possibly others.
Sounds like a good idea to me.
Technically, such a lib would be required to have been LGPL'd, because both GStreamer and Gnome projects are LGPL. It would be the coolest to turn existing xine implementation into library, as it is pretty good one, and also largely independent from xine itself, but I'm aware of your code being GPL, and that you may not want or be able to relicense it as LGPL. Thus, just your cooperation and support will be of great value.
I guess you would have to write all people who committed changes to
input_mms.c and ask for their permission. Fortunately, these are not
too many.
Michael
--
Zero Administration: There is nothing you can do to fix it.
Re: [xine-devel] Library for mms protocol support
From: Mathrick
Availability of such library would also benefit other projects, that may want to support mms, but cannot currently afford developing yet another proprietary implementation, like GStreamer or GnomeVFS, and possibly others.
Sounds like a good idea to me.
Nice to hear :)
Technically, such a lib would be required to have been LGPL'd, because both GStreamer and Gnome projects are LGPL. It would be the coolest to turn existing xine implementation into library, as it is pretty good one, and also largely independent from xine itself, but I'm aware of your code being GPL, and that you may not want or be able to relicense it as LGPL. Thus, just your cooperation and support will be of great value.
I guess you would have to write all people who committed changes to input_mms.c and ask for their permission. Fortunately, these are not too many.
OK, but copyright info contains "xine project" only. Will webcvs be
enough to get all the contributors?
Maciej
--
"Tautologizm to coś tautologicznego"
Maciej Katafiasz
OK, but copyright info contains "xine project" only. Will webcvs be enough to get all the contributors?
you might need to ask "Major MMS" too ;-)
regards,
Miguel
Re: [xine-devel] Library for mms protocol support
From: Mathrick
On Sat, 2003-12-27 at 14:17, Mathrick wrote:
OK, but copyright info contains "xine project" only. Will webcvs be enough to get all the contributors?
you might need to ask "Major MMS" too ;-)
Heh, is there any way to contact him? He seems to be some sort of
nameless hero, and that may complicate matters.
I will send mails asking about relicensing to everyone found on CVS log,
and also to the list, in case they don't read their sf mail accounts :).
--
"Tautologizm to coś tautologicznego"
Maciej Katafiasz
W liście z nie, 28-12-2003, godz. 04:49, Miguel Freitas pisze:
On Sat, 2003-12-27 at 14:17, Mathrick wrote:
OK, but copyright info contains "xine project" only. Will webcvs be enough to get all the contributors?
you might need to ask "Major MMS" too ;-)
Heh, is there any way to contact him? He seems to be some sort of nameless hero, and that may complicate matters.
I will send mails asking about relicensing to everyone found on CVS log, and also to the list, in case they don't read their sf mail accounts :).
Sent mail asking for relicensing to the following people:
Bastien Nocera
Daniel Caujolle-Bert
Ewald Snel
Guenter Bartsch
James Courtier-Dutton
Michael Roitzsch
Miguel Freitas
Siggi Langauf
Stephen Torri
Thibaut Mattern
In case I missed anybody, or it wasn't delivered properly, please inform
me of that.
Maciej
--
"Tautologizm to coś tautologicznego"
Maciej Katafiasz