--- liboggplay-0.2.1~git20091227.orig/debian/README.source +++ liboggplay-0.2.1~git20091227/debian/README.source @@ -0,0 +1,2 @@ +This package uses quilt for any modifications to the upstream source. +Please refer to /usr/share/doc/quilt/README.source for more information. --- liboggplay-0.2.1~git20091227.orig/debian/changelog +++ liboggplay-0.2.1~git20091227/debian/changelog @@ -0,0 +1,58 @@ +liboggplay (0.2.1~git20091227-1.2ubuntu1) trusty; urgency=medium + + * Use dh-autoreconf instead of autotools-dev to also fix FTBFS on ppc64el by + getting new libtool macros (still updates config.{sub,guess}). + * Add AC_CONFIG_MACRO_DIR([m4]) to configure.ac to fix FTBFS while + autoreconfing. + + -- Logan Rosen Wed, 08 Jan 2014 02:46:24 -0500 + +liboggplay (0.2.1~git20091227-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Don't ship .la files (Closes: #622415). + + -- Luk Claes Sat, 25 Jun 2011 14:42:31 +0200 + +liboggplay (0.2.1~git20091227-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix CVE-2009-3388 with patch from Matthew Gregan in + http://hg.mozilla.org/releases/mozilla-1.9.1/rev/14dd26404792 + (Closes: #575743) + * Urgency set to high for security related RC bug fix + * Add version (>= 0.46-7~) to build-depen on quilt to avoid ftp-master + auto-reject + + -- Alexander Reichle-Schmehl Thu, 15 Apr 2010 04:11:22 +0200 + +liboggplay (0.2.1~git20091227-1) unstable; urgency=low + + * Compiling on GNU/kFreeBSD fixed upstream (Closes: #560798). + + -- John Francesco Ferlito Sun, 27 Dec 2009 00:10:42 +1100 + +liboggplay (0.2.1~git20091120-1) unstable; urgency=low + + * Use latest git version. + * Move to debhelper dh. + * Add ${misc:Depends}. + * Patch for CVE-2009-3378 (Closes: #552743). + * Fix missing files in -dev package (Closes: #557774). + * Add README.source as we are now using quilt. + + -- John Francesco Ferlito Sat, 12 Dec 2009 13:45:51 +1100 + +liboggplay (0.2.1~git20090930-2) unstable; urgency=low + + * Build against liboggz2. + * Rename liboggplay-dev package to liboggplay1-dev. + * Bump the standards version to 3.8.3. + + -- John Francesco Ferlito Sat, 10 Oct 2009 00:09:23 +1100 + +liboggplay (0.2.1~git20090930-1) unstable; urgency=low + + * Initial release (Closes: #511981) + + -- John Francesco Ferlito Sat, 30 May 2009 13:22:55 +1000 --- liboggplay-0.2.1~git20091227.orig/debian/compat +++ liboggplay-0.2.1~git20091227/debian/compat @@ -0,0 +1 @@ +7 --- liboggplay-0.2.1~git20091227.orig/debian/control +++ liboggplay-0.2.1~git20091227/debian/control @@ -0,0 +1,46 @@ +Source: liboggplay +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: John Francesco Ferlito +Build-Depends: debhelper (>= 7.0.50~), quilt (>= 0.46-7~), dh-autoreconf, pkg-config, liboggz-dev, libfishsound-dev, libtheora-dev, libkate-dev, libsndfile-dev +Standards-Version: 3.8.3 +Section: libs + +Package: liboggplay1 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: A library for playing OGG multimedia + A library designed to allow drop-in playback of Xiph.Org media in an + application. liboggplay handles demuxing and decoding, generates timestamps for + raw data, maintains synchronisation across multiple streams, and provides a + lock-free buffer implementation for easy multithreading. + +Package: liboggplay1-dev +Section: libdevel +Architecture: any +Depends: liboggplay1 (= ${binary:Version}), ${misc:Depends} +Provides: liboggplay-dev +Conflicts: liboggplay-dev +Description: A library for playing OGG multimedia (development files) + A library designed to allow drop-in playback of Xiph.Org media in an + application. liboggplay handles demuxing and decoding, generates timestamps for + raw data, maintains synchronisation across multiple streams, and provides a + lock-free buffer implementation for easy multithreading. + . + This package contains the header files and static libraries required for + developing applications that use liboggplay. + + +Package: liboggplay1-dbg +Section: debug +Architecture: any +Depends: liboggplay1 (= ${binary:Version}), ${misc:Depends} +Description: A library for playing OGG multimedia (debugging symbols) + A library designed to allow drop-in playback of Xiph.Org media in an + application. liboggplay handles demuxing and decoding, generates timestamps for + raw data, maintains synchronisation across multiple streams, and provides a + lock-free buffer implementation for easy multithreading. + . + This package contains debugging symbols useful for tracing bugs in the + liboggplay1 package. + --- liboggplay-0.2.1~git20091227.orig/debian/copyright +++ liboggplay-0.2.1~git20091227/debian/copyright @@ -0,0 +1,81 @@ +This package was debianized by John Ferlito on +Sat, 16 Feb 2008 22:04:01 +1100. + +It was downloaded from http://annodex.net/software/liboggplay/download/ + +Upstream Authors: + + Shane Stephens (shans) + - Design, general implementation + + Conrad Parker (kfish) + - Design, bug fixes + + Marcin Lubonski + - Port to windows + + Michael Martin (tahn) + - Port to Max OS X + + Jan Gerber (j^) + Ralph Giles + - Bug fixes + + Silvia Pfeiffer (ginger) + - First release, minor bug fixes + + John Ferlito (johnf) + - Bug fixes, Debian packaging + + Viktor Gal (wiking) + - Bug fixes + + +Copyright: + + Copyright © 2003 CSIRO Australia + +License: + + Copyright © 2003 CSIRO Australia + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + - Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + - Neither the name of the CSIRO nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ORGANISATION OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cpu.c: + + THIS FILE IS PART OF THE OggTheora SOFTWARE CODEC SOURCE CODE. + USE, DISTRIBUTION AND REPRODUCTION OF THIS LIBRARY SOURCE IS + GOVERNED BY A BSD-STYLE SOURCE LICENSE, + see `/usr/share/common-licenses/BSD'. + + THE Theora SOURCE CODE IS COPYRIGHT © 2002-2007 + by the Xiph.Org Foundation and contributors http://www.xiph.org/ + + +The Debian packaging is © 2009, John Ferlito and +is licensed under the GPL, see `/usr/share/common-licenses/GPL-2'. --- liboggplay-0.2.1~git20091227.orig/debian/liboggplay1-dev.dirs +++ liboggplay-0.2.1~git20091227/debian/liboggplay1-dev.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/include --- liboggplay-0.2.1~git20091227.orig/debian/liboggplay1-dev.install +++ liboggplay-0.2.1~git20091227/debian/liboggplay1-dev.install @@ -0,0 +1,4 @@ +usr/include/* +usr/lib/lib*.a +usr/lib/lib*.so +usr/lib/pkgconfig/* --- liboggplay-0.2.1~git20091227.orig/debian/liboggplay1.dirs +++ liboggplay-0.2.1~git20091227/debian/liboggplay1.dirs @@ -0,0 +1 @@ +usr/lib --- liboggplay-0.2.1~git20091227.orig/debian/liboggplay1.install +++ liboggplay-0.2.1~git20091227/debian/liboggplay1.install @@ -0,0 +1 @@ +usr/lib/lib*.so.* --- liboggplay-0.2.1~git20091227.orig/debian/patches/CVE-2009-3378 +++ liboggplay-0.2.1~git20091227/debian/patches/CVE-2009-3378 @@ -0,0 +1,30 @@ +# Patch for CVE-2009-3378 while waiting for upstream to apply +# Patch from https://bugzilla.mozilla.org/show_bug.cgi?id=500311 +--- a/src/liboggplay/oggplay.c ++++ b/src/liboggplay/oggplay.c +@@ -169,6 +169,7 @@ + for (i = 0; i < me->num_tracks; i++) { + me->decode_data[i]->active = 0; + } ++ me->active_tracks = 0; + + /* + * if the buffer was set up before initialisation, prepare it now +--- a/src/liboggplay/oggplay_callback.c ++++ b/src/liboggplay/oggplay_callback.c +@@ -65,6 +65,7 @@ + decoder->convert_to_rgb = 0; + decoder->swap_rgb = 0; + decoder->decoder.decoded_type = OGGPLAY_YUV_VIDEO; ++ decoder->decoder.player->active_tracks++; + } + + void +@@ -507,6 +508,7 @@ + (void *)decoder); + + decoder->decoder.decoded_type = OGGPLAY_FLOATS_AUDIO; ++ decoder->decoder.player->active_tracks++; + } + + void --- liboggplay-0.2.1~git20091227.orig/debian/patches/CVE-2009-3388 +++ liboggplay-0.2.1~git20091227/debian/patches/CVE-2009-3388 @@ -0,0 +1,18 @@ +--- a/src/liboggplay/oggplay_data.c ++++ b/src/liboggplay/oggplay_data.c +@@ -358,12 +358,9 @@ oggplay_data_handle_cmml_data(OggPlayDec + OggPlayTextRecord * record = NULL; + size_t record_size = sizeof(OggPlayTextRecord); + +- /* check that the size we want to allocate doesn't overflow */ +- if ((size < 0) || (size+1 < 0)) { +- return E_OGGPLAY_TYPE_OVERFLOW; +- } +- size += 1; +- ++ /* Include extra byte for null terminating record data buffer */ ++ record_size += 1; ++ + if + ( + oggplay_check_add_overflow (record_size, size, &record_size) --- liboggplay-0.2.1~git20091227.orig/debian/patches/macro-directory +++ liboggplay-0.2.1~git20091227/debian/patches/macro-directory @@ -0,0 +1,11 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -12,6 +12,8 @@ + SHARED_VERSION_INFO="2:0:1" + SHLIB_VERSION_ARG="" + ++AC_CONFIG_MACRO_DIR([m4]) ++ + # Checks for programs + AC_PROG_CC + AC_PROG_LIBTOOL --- liboggplay-0.2.1~git20091227.orig/debian/patches/series +++ liboggplay-0.2.1~git20091227/debian/patches/series @@ -0,0 +1,3 @@ +macro-directory +CVE-2009-3388 +CVE-2009-3378 --- liboggplay-0.2.1~git20091227.orig/debian/rules +++ liboggplay-0.2.1~git20091227/debian/rules @@ -0,0 +1,7 @@ +#!/usr/bin/make -f + +%: + dh --with quilt,autoreconf $@ + +override_dh_strip: + dh_strip --dbg-package=liboggplay1-dbg --- liboggplay-0.2.1~git20091227.orig/debian/symbols +++ liboggplay-0.2.1~git20091227/debian/symbols @@ -0,0 +1,55 @@ +liboggplay.so.1 liboggplay1 #MINVER# + liboggplay.so@liboggplay.so 0.0.2 + oggplay_buffer_release@liboggplay.so 0.0.2 + oggplay_buffer_retrieve_next@liboggplay.so 0.0.2 + oggplay_callback_info_get_audio_data@liboggplay.so 0.0.2 + oggplay_callback_info_get_available@liboggplay.so 0.0.2 + oggplay_callback_info_get_headers@liboggplay.so 0.0.2 + oggplay_callback_info_get_overlay_data@liboggplay.so 0.0.2 + oggplay_callback_info_get_presentation_time@liboggplay.so 0.0.2 + oggplay_callback_info_get_record_size@liboggplay.so 0.0.2 + oggplay_callback_info_get_required@liboggplay.so 0.0.2 + oggplay_callback_info_get_stream_info@liboggplay.so 0.0.2 + oggplay_callback_info_get_text_data@liboggplay.so 0.0.2 + oggplay_callback_info_get_type@liboggplay.so 0.0.2 + oggplay_callback_info_get_video_data@liboggplay.so 0.0.2 + oggplay_callback_info_lock_item@liboggplay.so 0.0.2 + oggplay_callback_info_unlock_item@liboggplay.so 0.0.2 + oggplay_close@liboggplay.so 0.0.2 + oggplay_convert_video_to_rgb@liboggplay.so 0.0.2 + oggplay_file_reader_new@liboggplay.so 0.0.2 + oggplay_get_audio_channels@liboggplay.so 0.0.2 + oggplay_get_audio_samplerate@liboggplay.so 0.0.2 + oggplay_get_available@liboggplay.so 0.0.2 + oggplay_get_duration@liboggplay.so 0.0.2 + oggplay_get_kate_category@liboggplay.so 0.0.2 + oggplay_get_kate_language@liboggplay.so 0.0.2 + oggplay_get_num_tracks@liboggplay.so 0.0.2 + oggplay_get_track_type@liboggplay.so 0.0.2 + oggplay_get_track_typename@liboggplay.so 0.0.2 + oggplay_get_video_fps@liboggplay.so 0.0.2 + oggplay_get_video_uv_size@liboggplay.so 0.0.2 + oggplay_get_video_y_size@liboggplay.so 0.0.2 + oggplay_initialise@liboggplay.so 0.0.2 + oggplay_media_finished_retrieving@liboggplay.so 0.0.2 + oggplay_millisleep@liboggplay.so 0.0.2 + oggplay_new_with_reader@liboggplay.so 0.0.2 + oggplay_open_with_reader@liboggplay.so 0.0.2 + oggplay_overlay_kate_track_on_video@liboggplay.so 0.0.2 + oggplay_prepare_for_close@liboggplay.so 0.0.2 + oggplay_seek@liboggplay.so 0.0.2 + oggplay_set_callback_num_frames@liboggplay.so 0.0.2 + oggplay_set_callback_period@liboggplay.so 0.0.2 + oggplay_set_data_callback@liboggplay.so 0.0.2 + oggplay_set_kate_tiger_rendering@liboggplay.so 0.0.2 + oggplay_set_offset@liboggplay.so 0.0.2 + oggplay_set_track_active@liboggplay.so 0.0.2 + oggplay_set_track_inactive@liboggplay.so 0.0.2 + oggplay_start_decoding@liboggplay.so 0.0.2 + oggplay_step_decoding@liboggplay.so 0.0.2 + oggplay_sys_time_in_ms@liboggplay.so 0.0.2 + oggplay_tcp_reader_new@liboggplay.so 0.0.2 + oggplay_use_buffer@liboggplay.so 0.0.2 + oggplay_yuv2argb@liboggplay.so 0.0.2 + oggplay_yuv2bgra@liboggplay.so 0.0.2 + oggplay_yuv2rgba@liboggplay.so 0.0.2 --- liboggplay-0.2.1~git20091227.orig/debian/watch +++ liboggplay-0.2.1~git20091227/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://annodex.net/software/liboggplay/download/ liboggplay-([\d\.]+)\.tar\.gz debian uupdate