Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mpd for openSUSE:Factory checked in at 2023-01-18 17:11:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mpd (Old) and /work/SRC/openSUSE:Factory/.mpd.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mpd" Wed Jan 18 17:11:25 2023 rev:46 rq:1059359 version:0.23.12 Changes: -------- --- /work/SRC/openSUSE:Factory/mpd/mpd.changes 2022-12-04 14:59:25.520640476 +0100 +++ /work/SRC/openSUSE:Factory/.mpd.new.32243/mpd.changes 2023-01-18 17:11:29.527922936 +0100 @@ -1,0 +2,11 @@ +Wed Jan 18 12:20:43 UTC 2023 - ÐлÑÑ Ðндиго <i...@ilya.cf> + +- Updated to 0.23.12 + * https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.23.12/NEWS + * input: curl: require CURL 7.55.0 or later + * decoder: mad: fixed integer underflow with very small files + * tags: fixed crash bug due to race condition + * output: pipewire: adjust to PipeWire 0.3.64 API change + * fixed build failures with GCC 13 + +------------------------------------------------------------------- @@ -6,0 +18 @@ + - windows: fixed DoS via a crafted input (bsc#1207028), CVE-2022-46449 Old: ---- mpd-0.23.11.tar.xz mpd-0.23.11.tar.xz.sig New: ---- mpd-0.23.12.tar.xz mpd-0.23.12.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mpd.spec ++++++ --- /var/tmp/diff_new_pack.iXPVmX/_old 2023-01-18 17:11:30.207926777 +0100 +++ /var/tmp/diff_new_pack.iXPVmX/_new 2023-01-18 17:11:30.211926799 +0100 @@ -1,7 +1,7 @@ # # spec file for package mpd # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %bcond_with faad %bcond_without mpd_iso9660 Name: mpd -Version: 0.23.11 +Version: 0.23.12 Release: 0 Summary: Music Player Daemon License: GPL-2.0-or-later ++++++ mpd-0.23.11.tar.xz -> mpd-0.23.12.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/NEWS new/mpd-0.23.12/NEWS --- old/mpd-0.23.11/NEWS 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/NEWS 2023-01-17 18:54:47.000000000 +0100 @@ -1,3 +1,14 @@ +ver 0.23.12 (2023/01/17) +* input + - curl: require CURL 7.55.0 or later +* decoder + - mad: fix integer underflow with very small files +* tags + - fix crash bug due to race condition +* output + - pipewire: adjust to PipeWire 0.3.64 API change +* fix build failures with GCC 13 + ver 0.23.11 (2022/11/28) * database - simple: move default database to ~/.cache/mpd/db from ~/.cache/mpd.db diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/android/AndroidManifest.xml new/mpd-0.23.12/android/AndroidManifest.xml --- old/mpd-0.23.11/android/AndroidManifest.xml 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/android/AndroidManifest.xml 2023-01-17 18:54:47.000000000 +0100 @@ -2,8 +2,8 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="org.musicpd" android:installLocation="auto" - android:versionCode="70" - android:versionName="0.23.11"> + android:versionCode="71" + android:versionName="0.23.12"> <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="30"/> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/meson.build new/mpd-0.23.12/meson.build --- old/mpd-0.23.11/meson.build 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/meson.build 2023-01-17 18:54:47.000000000 +0100 @@ -1,7 +1,7 @@ project( 'mpd', ['c', 'cpp'], - version: '0.23.11', + version: '0.23.12', meson_version: '>= 0.56.0', default_options: [ 'c_std=c11', @@ -205,7 +205,6 @@ conf.set('ENABLE_DAEMON', enable_daemon) conf.set('HAVE_GETPWNAM_R', compiler.has_function('getpwnam_r')) -conf.set('HAVE_GETPWUID_R', compiler.has_function('getpwuid_r')) conf.set('HAVE_INITGROUPS', compiler.has_function('initgroups')) conf.set('HAVE_FNMATCH', compiler.has_function('fnmatch')) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/python/build/libs.py new/mpd-0.23.12/python/build/libs.py --- old/mpd-0.23.11/python/build/libs.py 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/python/build/libs.py 2023-01-17 18:54:47.000000000 +0100 @@ -393,8 +393,8 @@ ) curl = CmakeProject( - 'https://curl.se/download/curl-7.86.0.tar.xz', - '2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b', + 'https://curl.se/download/curl-7.87.0.tar.xz', + 'ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff', 'lib/libcurl.a', [ '-DBUILD_CURL_EXE=OFF', @@ -450,7 +450,7 @@ ) boost = BoostProject( - 'https://boostorg.jfrog.io/artifactory/main/release/1.80.0/source/boost_1_80_0.tar.bz2', - '1e19565d82e43bc59209a168f5ac899d3ba471d55c7610c677d4ccf2c9c500c0', + 'https://boostorg.jfrog.io/artifactory/main/release/1.81.0/source/boost_1_81_0.tar.bz2', + '71feeed900fbccca04a3b4f2f84a7c217186f28a940ed8b7ed4725986baf99fa', 'include/boost/version.hpp', ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/RemoteTagCache.hxx new/mpd-0.23.12/src/RemoteTagCache.hxx --- old/mpd-0.23.11/src/RemoteTagCache.hxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/RemoteTagCache.hxx 2023-01-17 18:54:47.000000000 +0100 @@ -28,7 +28,11 @@ #include <boost/intrusive/list.hpp> #include <boost/intrusive/unordered_set.hpp> +#include <array> +#include <functional> +#include <memory> #include <string> +#include <utility> class RemoteTagCacheHandler; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/decoder/plugins/MadDecoderPlugin.cxx new/mpd-0.23.12/src/decoder/plugins/MadDecoderPlugin.cxx --- old/mpd-0.23.11/src/decoder/plugins/MadDecoderPlugin.cxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/decoder/plugins/MadDecoderPlugin.cxx 2023-01-17 18:54:47.000000000 +0100 @@ -798,6 +798,8 @@ DecoderCommand MadDecoder::SubmitPCM(size_t i, size_t pcm_length) noexcept { + assert(i <= pcm_length); + size_t num_samples = pcm_length - i; mad_fixed_to_24_buffer(output_buffer, synth.pcm, @@ -843,7 +845,7 @@ size_t pcm_length = synth.pcm.length; if (drop_end_samples && current_frame == max_frames - drop_end_frames - 1) { - if (drop_end_samples >= pcm_length) + if (i + drop_end_samples >= pcm_length) return DecoderCommand::STOP; pcm_length -= drop_end_samples; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/fs/StandardDirectory.cxx new/mpd-0.23.12/src/fs/StandardDirectory.cxx --- old/mpd-0.23.11/src/fs/StandardDirectory.cxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/fs/StandardDirectory.cxx 2023-01-17 18:54:47.000000000 +0100 @@ -34,7 +34,6 @@ #include <shlobj.h> #else #include <stdlib.h> -#include <unistd.h> #include <pwd.h> #endif @@ -80,15 +79,6 @@ return result != nullptr; } - bool ReadByUid(uid_t uid) { -#ifdef HAVE_GETPWUID_R - getpwuid_r(uid, &pw, buf.data(), buf.size(), &result); -#else - result = getpwuid(uid); -#endif - return result != nullptr; - } - const passwd *operator->() { assert(result != nullptr); return result; @@ -375,10 +365,8 @@ if (const auto home = getenv("HOME"); IsValidPathString(home) && IsValidDir(home)) return AllocatedPath::FromFS(home); - - if (PasswdEntry pw; pw.ReadByUid(getuid())) - return SafePathFromFS(pw->pw_dir); #endif + return nullptr; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/io/FileReader.hxx new/mpd-0.23.12/src/io/FileReader.hxx --- old/mpd-0.23.11/src/io/FileReader.hxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/io/FileReader.hxx 2023-01-17 18:54:47.000000000 +0100 @@ -42,6 +42,8 @@ #include "io/UniqueFileDescriptor.hxx" #endif +#include <cstdint> + class Path; class FileInfo; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/lib/curl/Easy.hxx new/mpd-0.23.12/src/lib/curl/Easy.hxx --- old/mpd-0.23.11/src/lib/curl/Easy.hxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/lib/curl/Easy.hxx 2023-01-17 18:54:47.000000000 +0100 @@ -186,10 +186,6 @@ SetOption(CURLOPT_POSTFIELDSIZE, (long)size); } - void SetHttpPost(const struct curl_httppost *post) { - SetOption(CURLOPT_HTTPPOST, post); - } - template<typename T> bool GetInfo(CURLINFO info, T value_r) const noexcept { return ::curl_easy_getinfo(handle, info, value_r) == CURLE_OK; @@ -199,10 +195,10 @@ * Returns the response body's size, or -1 if that is unknown. */ [[gnu::pure]] - int64_t GetContentLength() const noexcept { - double value; - return GetInfo(CURLINFO_CONTENT_LENGTH_DOWNLOAD, &value) - ? (int64_t)value + curl_off_t GetContentLength() const noexcept { + curl_off_t value; + return GetInfo(CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &value) + ? value : -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/lib/curl/meson.build new/mpd-0.23.12/src/lib/curl/meson.build --- old/mpd-0.23.11/src/lib/curl/meson.build 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/lib/curl/meson.build 2023-01-17 18:54:47.000000000 +0100 @@ -1,4 +1,4 @@ -curl_dep = dependency('libcurl', version: '>= 7.33', required: get_option('curl')) +curl_dep = dependency('libcurl', version: '>= 7.55', required: get_option('curl')) conf.set('ENABLE_CURL', curl_dep.found()) if not curl_dep.found() subdir_done() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/output/plugins/PipeWireOutputPlugin.cxx new/mpd-0.23.12/src/output/plugins/PipeWireOutputPlugin.cxx --- old/mpd-0.23.11/src/output/plugins/PipeWireOutputPlugin.cxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/output/plugins/PipeWireOutputPlugin.cxx 2023-01-17 18:54:47.000000000 +0100 @@ -523,7 +523,13 @@ pw_properties_setf(props, PW_KEY_REMOTE_NAME, "%s", remote); if (target != nullptr && target_id == PW_ID_ANY) - pw_properties_setf(props, PW_KEY_NODE_TARGET, "%s", target); + pw_properties_setf(props, +#if PW_CHECK_VERSION(0, 3, 64) + PW_KEY_TARGET_OBJECT, +#else + PW_KEY_NODE_TARGET, +#endif + "%s", target); #ifdef PW_KEY_NODE_RATE /* ask PipeWire to change the graph sample rate to ours diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mpd-0.23.11/src/tag/Builder.cxx new/mpd-0.23.12/src/tag/Builder.cxx --- old/mpd-0.23.11/src/tag/Builder.cxx 2022-11-28 16:55:46.000000000 +0100 +++ new/mpd-0.23.12/src/tag/Builder.cxx 2023-01-17 18:54:47.000000000 +0100 @@ -263,8 +263,14 @@ void TagBuilder::RemoveType(TagType type) noexcept { + if (items.empty()) + /* don't acquire the tag_pool_lock if we're not going + to call tag_pool_put_item() anyway */ + return; + const auto begin = items.begin(), end = items.end(); + const std::scoped_lock<Mutex> protect(tag_pool_lock); items.erase(std::remove_if(begin, end, [type](TagItem *item) { if (item->type != type)