3 changed files with 149 additions and 8 deletions
--- a/SOURCES/format-security.patch
+++ b/SOURCES/format-security.patch
@ -0,0 +1,48 @@
+From 2adb43c60afc6e98e94d86dad9f93d3df52862b1 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Mon, 1 Nov 2021 08:00:30 +0000
+Subject: src/cdda-player.c: always use "%s"-style format for printf()-style
+ functions
+
+`ncuses-6.3` added printf-style function attributes and now makes
+it easier to catch cases when user input is used in palce of format
+string when built with CFLAGS=-Werror=format-security:
+
+    cdda-player.c:1032:31:
+      error: format not a string literal and no format arguments [-Werror=format-security]
+     1032 |         mvprintw(i_line++, 0, line);
+          |                               ^~~~
+
+Let's wrap all the missing places with "%s" format.
+---
+ src/cdda-player.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/cdda-player.c b/src/cdda-player.c
+index 69eddee..8834d60 100644
+--- a/src/cdda-player.c
+++ b/src/cdda-player.c
+@@ -298,7 +298,7 @@ action(const char *psz_action)
+              psz_action);
+   else
+     snprintf(psz_action_line, sizeof(psz_action_line), "%s", "" );
+-  mvprintw(LINE_ACTION, 0, psz_action_line);
+  mvprintw(LINE_ACTION, 0, "%s", psz_action_line);
+   clrtoeol();
+   refresh();
+ }
+@@ -1029,10 +1029,10 @@ display_tracks(void)
+       }
+       if (sub.track == i) {
+         attron(A_STANDOUT);
+-        mvprintw(i_line++, 0, line);
+        mvprintw(i_line++, 0, "%s", line);
+         attroff(A_STANDOUT);
+       } else
+-        mvprintw(i_line++, 0, line);
+        mvprintw(i_line++, 0, "%s", line);
+       clrtoeol();
+     }
+   }
+-- 
+cgit v1.1
--- a/SOURCES/realpath-test-fix.patch
+++ b/SOURCES/realpath-test-fix.patch
@ -0,0 +1,52 @@
+From 56335fff0f21d294cd0e478d49542a43e9495ed0 Mon Sep 17 00:00:00 2001
+From: "R. Bernstein" <rocky@gnu.org>
+Date: Wed, 24 Aug 2022 14:34:33 -0400
+Subject: Correct realpath test failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+See https://savannah.gnu.org/bugs/?62948
+Patch courtesy of Martin Liška <marxin>
+---
+ test/driver/realpath.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/test/driver/realpath.c b/test/driver/realpath.c
+index 289253e..cd46d62 100644
+--- a/test/driver/realpath.c
+++ b/test/driver/realpath.c
+@@ -1,5 +1,7 @@
+ /* -*- C -*-
+-  Copyright (C) 2010-2012, 2015, 2017 Rocky Bernstein <rocky@gnu.org>
+
+  Copyright (C) 2010-2012, 2015, 2017, 2022 Rocky Bernstein
+  <rocky@gnu.org>
+ 
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+@@ -175,16 +177,17 @@ main(int argc, const char *argv[])
+         rc = check_rc(symlink(psz_symlink_file, psz_symlink_file),
+                       "symlink", psz_symlink_file);
+         if (0 == rc) {
+-            cdio_realpath(psz_symlink_file, psz_file_check);
+-            if (0 != strncmp(psz_file_check, symlink_file, PATH_MAX)) {
+            char *retvalue = cdio_realpath(psz_symlink_file, psz_file_check);
+            if (0 != retvalue) {
+	      if (0 != strncmp(psz_file_check, symlink_file, PATH_MAX)) {
+                 fprintf(stderr, "direct cdio_realpath cycle test failed. %s vs %s\n",
+                         psz_file_check, symlink_file);
+ 		rc = 5;
+ 		goto err_exit;
+	      }
+	      check_rc(unlink(psz_symlink_file), "unlink", psz_symlink_file);
+             }
+-            check_rc(unlink(psz_symlink_file), "unlink", psz_symlink_file);
+         }
+-
+     }
+ 
+     check_rc(unlink(psz_orig_file), "unlink", psz_orig_file);
+-- 
+cgit v1.1
+
--- a/SPECS/libcdio.spec
+++ b/SPECS/libcdio.spec
@ -1,13 +1,21 @@
 Name: libcdio
 Version: 2.1.0
-Release: 6%{?dist}
+Release: 15%{?dist}
 Summary: CD-ROM input and control library
-License: GPLv3+
+# include/cdio/ecma_167.h and lib/driver/netbsd.c and lib/udf/udf_fs.c are BSD-2-Clause
+# src/getopt* are LGPL-2.1-or-later
+License: GPL-3.0-or-later AND BSD-2-Clause AND LGPL-2.1-or-later
 URL: http://www.gnu.org/software/libcdio/
 Source0: http://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.bz2
 Source1: http://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.bz2.sig
 Source2: libcdio-no_date_footer.hml
 Source3: cdio_config.h
+# Fixed upstream but not in a stable release yet.
+# http://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=2adb43c60afc6e98e94d86dad9f93d3df52862b1
+Patch0: format-security.patch
+# http://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=56335fff0f21d294cd0e478d49542a43e9495ed0
+Patch1: realpath-test-fix.patch
+ 
 BuildRequires: gcc gcc-c++
 BuildRequires: pkgconfig doxygen
 BuildRequires: ncurses-devel
@ -23,6 +31,8 @@ devices.

 %package devel
 Summary: Header files and libraries for %{name}
+# doc/* is GFDL-1.2-or-later
+License: GPL-3.0-or-later AND BSD-2-Clause AND LGPL-2.1-or-later AND GFDL-1.2-or-later
 Requires: %{name} = %{version}-%{release}

 %description devel
@ -30,11 +40,15 @@ This package contains header files and libraries for %{name}.


 %prep
-%setup -q
+%autosetup -p1

 iconv -f ISO88591 -t utf-8 -o THANKS.utf8 THANKS && mv THANKS.utf8 THANKS

 %build
+%ifarch %{ix86}
+# avoid implicit declaration of fseeko64, lseek64
+export CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE"
+%endif
 %configure \
 	--disable-vcd-info \
 	--disable-dependency-tracking \
@ -114,12 +128,39 @@ make check


 %changelog
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.0-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.1.0-15
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018

-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.0-5
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Tue Aug 13 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.1.0-14
+- migrated to SPDX license, originally from Fedora by <msuchy>
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.1.0-13
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Aug 30 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.1.0-8
+- Fix the realpath test failure (upstream patch)
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild