Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mpd for openSUSE:Factory checked in 
at 2023-01-18 17:11:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mpd (Old)
 and      /work/SRC/openSUSE:Factory/.mpd.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mpd"

Wed Jan 18 17:11:25 2023 rev:46 rq:1059359 version:0.23.12

Changes:
--------
--- /work/SRC/openSUSE:Factory/mpd/mpd.changes  2022-12-04 14:59:25.520640476 
+0100
+++ /work/SRC/openSUSE:Factory/.mpd.new.32243/mpd.changes       2023-01-18 
17:11:29.527922936 +0100
@@ -1,0 +2,11 @@
+Wed Jan 18 12:20:43 UTC 2023 - Илья Индиго <i...@ilya.cf>
+
+- Updated to 0.23.12
+  * https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.23.12/NEWS
+  * input: curl: require CURL 7.55.0 or later
+  * decoder: mad: fixed integer underflow with very small files
+  * tags: fixed crash bug due to race condition
+  * output: pipewire: adjust to PipeWire 0.3.64 API change
+  * fixed build failures with GCC 13
+
+-------------------------------------------------------------------
@@ -6,0 +18 @@
+  - windows: fixed  DoS via a crafted input (bsc#1207028), CVE-2022-46449

Old:
----
  mpd-0.23.11.tar.xz
  mpd-0.23.11.tar.xz.sig

New:
----
  mpd-0.23.12.tar.xz
  mpd-0.23.12.tar.xz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mpd.spec ++++++
--- /var/tmp/diff_new_pack.iXPVmX/_old  2023-01-18 17:11:30.207926777 +0100
+++ /var/tmp/diff_new_pack.iXPVmX/_new  2023-01-18 17:11:30.211926799 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package mpd
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 %bcond_with    faad
 %bcond_without mpd_iso9660
 Name:           mpd
-Version:        0.23.11
+Version:        0.23.12
 Release:        0
 Summary:        Music Player Daemon
 License:        GPL-2.0-or-later

++++++ mpd-0.23.11.tar.xz -> mpd-0.23.12.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/NEWS new/mpd-0.23.12/NEWS
--- old/mpd-0.23.11/NEWS        2022-11-28 16:55:46.000000000 +0100
+++ new/mpd-0.23.12/NEWS        2023-01-17 18:54:47.000000000 +0100
@@ -1,3 +1,14 @@
+ver 0.23.12 (2023/01/17)
+* input
+  - curl: require CURL 7.55.0 or later
+* decoder
+  - mad: fix integer underflow with very small files
+* tags
+  - fix crash bug due to race condition
+* output
+  - pipewire: adjust to PipeWire 0.3.64 API change
+* fix build failures with GCC 13
+
 ver 0.23.11 (2022/11/28)
 * database
   - simple: move default database to ~/.cache/mpd/db from ~/.cache/mpd.db
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/android/AndroidManifest.xml 
new/mpd-0.23.12/android/AndroidManifest.xml
--- old/mpd-0.23.11/android/AndroidManifest.xml 2022-11-28 16:55:46.000000000 
+0100
+++ new/mpd-0.23.12/android/AndroidManifest.xml 2023-01-17 18:54:47.000000000 
+0100
@@ -2,8 +2,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android";
           package="org.musicpd"
           android:installLocation="auto"
-          android:versionCode="70"
-          android:versionName="0.23.11">
+          android:versionCode="71"
+          android:versionName="0.23.12">
 
   <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="30"/>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/meson.build new/mpd-0.23.12/meson.build
--- old/mpd-0.23.11/meson.build 2022-11-28 16:55:46.000000000 +0100
+++ new/mpd-0.23.12/meson.build 2023-01-17 18:54:47.000000000 +0100
@@ -1,7 +1,7 @@
 project(
   'mpd',
   ['c', 'cpp'],
-  version: '0.23.11',
+  version: '0.23.12',
   meson_version: '>= 0.56.0',
   default_options: [
     'c_std=c11',
@@ -205,7 +205,6 @@
 conf.set('ENABLE_DAEMON', enable_daemon)
 
 conf.set('HAVE_GETPWNAM_R', compiler.has_function('getpwnam_r'))
-conf.set('HAVE_GETPWUID_R', compiler.has_function('getpwuid_r'))
 conf.set('HAVE_INITGROUPS', compiler.has_function('initgroups'))
 conf.set('HAVE_FNMATCH', compiler.has_function('fnmatch'))
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/python/build/libs.py 
new/mpd-0.23.12/python/build/libs.py
--- old/mpd-0.23.11/python/build/libs.py        2022-11-28 16:55:46.000000000 
+0100
+++ new/mpd-0.23.12/python/build/libs.py        2023-01-17 18:54:47.000000000 
+0100
@@ -393,8 +393,8 @@
 )
 
 curl = CmakeProject(
-    'https://curl.se/download/curl-7.86.0.tar.xz',
-    '2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b',
+    'https://curl.se/download/curl-7.87.0.tar.xz',
+    'ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff',
     'lib/libcurl.a',
     [
         '-DBUILD_CURL_EXE=OFF',
@@ -450,7 +450,7 @@
 )
 
 boost = BoostProject(
-    
'https://boostorg.jfrog.io/artifactory/main/release/1.80.0/source/boost_1_80_0.tar.bz2',
-    '1e19565d82e43bc59209a168f5ac899d3ba471d55c7610c677d4ccf2c9c500c0',
+    
'https://boostorg.jfrog.io/artifactory/main/release/1.81.0/source/boost_1_81_0.tar.bz2',
+    '71feeed900fbccca04a3b4f2f84a7c217186f28a940ed8b7ed4725986baf99fa',
     'include/boost/version.hpp',
 )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/RemoteTagCache.hxx 
new/mpd-0.23.12/src/RemoteTagCache.hxx
--- old/mpd-0.23.11/src/RemoteTagCache.hxx      2022-11-28 16:55:46.000000000 
+0100
+++ new/mpd-0.23.12/src/RemoteTagCache.hxx      2023-01-17 18:54:47.000000000 
+0100
@@ -28,7 +28,11 @@
 #include <boost/intrusive/list.hpp>
 #include <boost/intrusive/unordered_set.hpp>
 
+#include <array>
+#include <functional>
+#include <memory>
 #include <string>
+#include <utility>
 
 class RemoteTagCacheHandler;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/decoder/plugins/MadDecoderPlugin.cxx 
new/mpd-0.23.12/src/decoder/plugins/MadDecoderPlugin.cxx
--- old/mpd-0.23.11/src/decoder/plugins/MadDecoderPlugin.cxx    2022-11-28 
16:55:46.000000000 +0100
+++ new/mpd-0.23.12/src/decoder/plugins/MadDecoderPlugin.cxx    2023-01-17 
18:54:47.000000000 +0100
@@ -798,6 +798,8 @@
 DecoderCommand
 MadDecoder::SubmitPCM(size_t i, size_t pcm_length) noexcept
 {
+       assert(i <= pcm_length);
+
        size_t num_samples = pcm_length - i;
 
        mad_fixed_to_24_buffer(output_buffer, synth.pcm,
@@ -843,7 +845,7 @@
        size_t pcm_length = synth.pcm.length;
        if (drop_end_samples &&
            current_frame == max_frames - drop_end_frames - 1) {
-               if (drop_end_samples >= pcm_length)
+               if (i + drop_end_samples >= pcm_length)
                        return DecoderCommand::STOP;
 
                pcm_length -= drop_end_samples;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/fs/StandardDirectory.cxx 
new/mpd-0.23.12/src/fs/StandardDirectory.cxx
--- old/mpd-0.23.11/src/fs/StandardDirectory.cxx        2022-11-28 
16:55:46.000000000 +0100
+++ new/mpd-0.23.12/src/fs/StandardDirectory.cxx        2023-01-17 
18:54:47.000000000 +0100
@@ -34,7 +34,6 @@
 #include <shlobj.h>
 #else
 #include <stdlib.h>
-#include <unistd.h>
 #include <pwd.h>
 #endif
 
@@ -80,15 +79,6 @@
                return result != nullptr;
        }
 
-       bool ReadByUid(uid_t uid) {
-#ifdef HAVE_GETPWUID_R
-               getpwuid_r(uid, &pw, buf.data(), buf.size(), &result);
-#else
-               result = getpwuid(uid);
-#endif
-               return result != nullptr;
-       }
-
        const passwd *operator->() {
                assert(result != nullptr);
                return result;
@@ -375,10 +365,8 @@
        if (const auto home = getenv("HOME");
            IsValidPathString(home) && IsValidDir(home))
                return AllocatedPath::FromFS(home);
-
-       if (PasswdEntry pw; pw.ReadByUid(getuid()))
-               return SafePathFromFS(pw->pw_dir);
 #endif
+
        return nullptr;
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/io/FileReader.hxx 
new/mpd-0.23.12/src/io/FileReader.hxx
--- old/mpd-0.23.11/src/io/FileReader.hxx       2022-11-28 16:55:46.000000000 
+0100
+++ new/mpd-0.23.12/src/io/FileReader.hxx       2023-01-17 18:54:47.000000000 
+0100
@@ -42,6 +42,8 @@
 #include "io/UniqueFileDescriptor.hxx"
 #endif
 
+#include <cstdint>
+
 class Path;
 class FileInfo;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/lib/curl/Easy.hxx 
new/mpd-0.23.12/src/lib/curl/Easy.hxx
--- old/mpd-0.23.11/src/lib/curl/Easy.hxx       2022-11-28 16:55:46.000000000 
+0100
+++ new/mpd-0.23.12/src/lib/curl/Easy.hxx       2023-01-17 18:54:47.000000000 
+0100
@@ -186,10 +186,6 @@
                SetOption(CURLOPT_POSTFIELDSIZE, (long)size);
        }
 
-       void SetHttpPost(const struct curl_httppost *post) {
-               SetOption(CURLOPT_HTTPPOST, post);
-       }
-
        template<typename T>
        bool GetInfo(CURLINFO info, T value_r) const noexcept {
                return ::curl_easy_getinfo(handle, info, value_r) == CURLE_OK;
@@ -199,10 +195,10 @@
         * Returns the response body's size, or -1 if that is unknown.
         */
        [[gnu::pure]]
-       int64_t GetContentLength() const noexcept {
-               double value;
-               return GetInfo(CURLINFO_CONTENT_LENGTH_DOWNLOAD, &value)
-                       ? (int64_t)value
+       curl_off_t GetContentLength() const noexcept {
+               curl_off_t value;
+               return GetInfo(CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &value)
+                       ? value
                        : -1;
        }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/lib/curl/meson.build 
new/mpd-0.23.12/src/lib/curl/meson.build
--- old/mpd-0.23.11/src/lib/curl/meson.build    2022-11-28 16:55:46.000000000 
+0100
+++ new/mpd-0.23.12/src/lib/curl/meson.build    2023-01-17 18:54:47.000000000 
+0100
@@ -1,4 +1,4 @@
-curl_dep = dependency('libcurl', version: '>= 7.33', required: 
get_option('curl'))
+curl_dep = dependency('libcurl', version: '>= 7.55', required: 
get_option('curl'))
 conf.set('ENABLE_CURL', curl_dep.found())
 if not curl_dep.found()
   subdir_done()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/mpd-0.23.11/src/output/plugins/PipeWireOutputPlugin.cxx 
new/mpd-0.23.12/src/output/plugins/PipeWireOutputPlugin.cxx
--- old/mpd-0.23.11/src/output/plugins/PipeWireOutputPlugin.cxx 2022-11-28 
16:55:46.000000000 +0100
+++ new/mpd-0.23.12/src/output/plugins/PipeWireOutputPlugin.cxx 2023-01-17 
18:54:47.000000000 +0100
@@ -523,7 +523,13 @@
                pw_properties_setf(props, PW_KEY_REMOTE_NAME, "%s", remote);
 
        if (target != nullptr && target_id == PW_ID_ANY)
-               pw_properties_setf(props, PW_KEY_NODE_TARGET, "%s", target);
+               pw_properties_setf(props,
+#if PW_CHECK_VERSION(0, 3, 64)
+                                  PW_KEY_TARGET_OBJECT,
+#else
+                                  PW_KEY_NODE_TARGET,
+#endif
+                                  "%s", target);
 
 #ifdef PW_KEY_NODE_RATE
        /* ask PipeWire to change the graph sample rate to ours
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mpd-0.23.11/src/tag/Builder.cxx 
new/mpd-0.23.12/src/tag/Builder.cxx
--- old/mpd-0.23.11/src/tag/Builder.cxx 2022-11-28 16:55:46.000000000 +0100
+++ new/mpd-0.23.12/src/tag/Builder.cxx 2023-01-17 18:54:47.000000000 +0100
@@ -263,8 +263,14 @@
 void
 TagBuilder::RemoveType(TagType type) noexcept
 {
+       if (items.empty())
+               /* don't acquire the tag_pool_lock if we're not going
+                  to call tag_pool_put_item() anyway */
+               return;
+
        const auto begin = items.begin(), end = items.end();
 
+       const std::scoped_lock<Mutex> protect(tag_pool_lock);
        items.erase(std::remove_if(begin, end,
                                   [type](TagItem *item) {
                                           if (item->type != type)

Reply via email to