diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..304a3cc
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/libcdio-0.92.tar.gz
diff --git a/.libcdio.metadata b/.libcdio.metadata
new file mode 100644
index 0000000..a03ef30
--- /dev/null
+++ b/.libcdio.metadata
@@ -0,0 +1 @@
+530031897955729ddb7c850c183f234f7a6516b7 SOURCES/libcdio-0.92.tar.gz
diff --git a/SOURCES/CVE-2017-18198-part1.patch b/SOURCES/CVE-2017-18198-part1.patch
new file mode 100644
index 0000000..fd8269b
--- /dev/null
+++ b/SOURCES/CVE-2017-18198-part1.patch
@@ -0,0 +1,24 @@
+From f6f9c48fb40b8a1e8218799724b0b61a7161eb1d Mon Sep 17 00:00:00 2001
+From: "R. Bernstein" <rocky@gnu.org>
+Date: Fri, 22 Dec 2017 16:06:57 -0500
+Subject: [PATCH] Fix double free courtesy of Chris Clayton
+
+---
+ lib/driver/_cdio_generic.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c
+index d40ac0d9..ae820d25 100644
+--- a/lib/driver/_cdio_generic.c
++++ b/lib/driver/_cdio_generic.c
+@@ -296,7 +296,6 @@ get_cdtext_generic (void *p_user_data)
+
+ if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) {
+ p_env->b_cdtext_error = true;
+- cdtext_destroy (p_env->cdtext);
+ free(p_env->cdtext);
+ p_env->cdtext = NULL;
+ }
+--
+2.14.3
+
diff --git a/SOURCES/CVE-2017-18198-part2.patch b/SOURCES/CVE-2017-18198-part2.patch
new file mode 100644
index 0000000..aa455df
--- /dev/null
+++ b/SOURCES/CVE-2017-18198-part2.patch
@@ -0,0 +1,26 @@
+From dec2f876c2d7162da213429bce1a7140cdbdd734 Mon Sep 17 00:00:00 2001
+From: "R. Bernstein" <rocky@gnu.org>
+Date: Sat, 23 Dec 2017 12:19:29 -0500
+Subject: [PATCH] Removed wrong line
+
+---
+ configure.ac | 2 +-
+ lib/driver/_cdio_generic.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c
+index ae820d25..4a7fcadf 100644
+--- a/lib/driver/_cdio_generic.c
++++ b/lib/driver/_cdio_generic.c
+@@ -296,7 +296,7 @@ get_cdtext_generic (void *p_user_data)
+
+ if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) {
+ p_env->b_cdtext_error = true;
+- free(p_env->cdtext);
++ cdtext_destroy (p_env->cdtext);
+ p_env->cdtext = NULL;
+ }
+
+--
+2.14.3
+
diff --git a/SOURCES/CVE-2017-18198-part3.patch b/SOURCES/CVE-2017-18198-part3.patch
new file mode 100644
index 0000000..9429d2b
--- /dev/null
+++ b/SOURCES/CVE-2017-18198-part3.patch
@@ -0,0 +1,37 @@
+--- ./libcdio-0.92/include/cdio/bytesex.h 2018-06-05 18:05:16.183586450 +0200
++++ ../libcdio-fedora/libcdio-0.94/include/cdio/bytesex.h 2015-05-09 00:27:50.000000000 +0200
+@@ -197,19 +197,31 @@
+ }
+
+ /** Convert from ISO 9660 7.3.3 format to uint32_t */
+-static CDIO_INLINE uint32_t
++static CDIO_INLINE uint32_t
+ from_733 (uint64_t p)
+ {
+ if (uint64_swap_le_be (p) != p)
+ cdio_warn ("from_733: broken byte order");
+-
++
++ return (UINT32_C(0xFFFFFFFF) & p);
++}
++
++static CDIO_INLINE uint32_t
++from_733_with_err (uint64_t p, bool *err)
++{
++ if (uint64_swap_le_be (p) != p) {
++ cdio_warn ("from_733: broken byte order");
++ *err = true;
++ } else {
++ *err = false;
++ }
+ return (UINT32_C(0xFFFFFFFF) & p);
+ }
+
+ #endif /* CDIO_BYTESEX_H_ */
+
+ �
+-/*
++/*
+ * Local variables:
+ * c-file-style: "gnu"
+ * tab-width: 8
diff --git a/SOURCES/CVE-2017-18198-part4.patch b/SOURCES/CVE-2017-18198-part4.patch
new file mode 100644
index 0000000..fddbef2
--- /dev/null
+++ b/SOURCES/CVE-2017-18198-part4.patch
@@ -0,0 +1,116 @@
+--- ./libcdio-0.92/lib/iso9660/iso9660_fs.c 2018-06-06 11:52:23.464809984 +0200
++++ ../libcdio-fedora/libcdio-0.94/lib/iso9660/iso9660_fs.c 2018-06-05 18:18:31.235215219 +0200
+@@ -714,6 +714,7 @@
+ iso711_t i_fname;
+ unsigned int stat_len;
+ iso9660_stat_t *p_stat;
++ bool err;
+
+ if (!dir_len) return NULL;
+
+@@ -730,8 +731,16 @@
+ }
+ p_stat->type = (p_iso9660_dir->file_flags & ISO_DIRECTORY)
+ ? _STAT_DIR : _STAT_FILE;
+- p_stat->lsn = from_733 (p_iso9660_dir->extent);
+- p_stat->size = from_733 (p_iso9660_dir->size);
++ p_stat->lsn = from_733_with_err (p_iso9660_dir->extent, &err);
++ if (err) {
++ free(p_stat);
++ return NULL;
++ }
++ p_stat->size = from_733_with_err (p_iso9660_dir->size, &err);
++ if (err) {
++ free(p_stat);
++ return NULL;
++ }
+ p_stat->secsize = _cdio_len2blocks (p_stat->size, ISO_BLOCKSIZE);
+ p_stat->rr.b3_rock = dunno; /*FIXME should do based on mask */
+ p_stat->b_xa = false;
+@@ -754,6 +763,7 @@
+ if (!p_stat_new)
+ {
+ cdio_warn("Couldn't calloc(1, %d)", (int)(sizeof(iso9660_stat_t)+i_rr_fname+2));
++ free(p_stat);
+ return NULL;
+ }
+ memcpy(p_stat_new, p_stat, stat_len);
+@@ -1098,6 +1108,12 @@
+ p_stat = _iso9660_dir_to_statbuf (p_iso9660_dir, p_iso->b_xa,
+ p_iso->u_joliet_level);
+
++ if (!p_stat) {
++ cdio_warn("Bad directory information for %s", splitpath[0]);
++ free(_dirbuf);
++ return NULL;
++ }
++
+ cmp = strcmp(splitpath[0], p_stat->filename);
+
+ if ( 0 != cmp && 0 == p_iso->u_joliet_level
+@@ -1283,12 +1299,15 @@
+ if (!_dirbuf)
+ {
+ cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE);
++ _cdio_list_free (retval, true);
+ return NULL;
+ }
+
+ if (cdio_read_data_sectors (p_cdio, _dirbuf, p_stat->lsn,
+- ISO_BLOCKSIZE, p_stat->secsize))
+- return NULL;
++ ISO_BLOCKSIZE, p_stat->secsize)) {
++ _cdio_list_free (retval, true);
++ return NULL;
++ }
+
+ while (offset < (p_stat->secsize * ISO_BLOCKSIZE))
+ {
+@@ -1401,14 +1417,14 @@
+ }
+
+ free (_dirbuf);
++ free(p_stat->rr.psz_symlink);
+
+- if (offset != (p_stat->secsize * ISO_BLOCKSIZE)) {
+- free (p_stat);
++ if (offset != (p_stat->secsize * ISO_BLOCKSIZE)) {
++ free (p_stat);
+ _cdio_list_free (retval, true);
+ return NULL;
+ }
+
+- free (p_stat->rr.psz_symlink);
+ free (p_stat);
+ return retval;
+ }
+@@ -1528,6 +1563,16 @@
+ }
+
+ /*!
++ Free the passed iso9660_stat_t structure.
++ */
++void
++iso9660_stat_free(iso9660_stat_t *p_stat)
++{
++ if (p_stat != NULL)
++ free(p_stat);
++}
++
++/*!
+ Return true if ISO 9660 image has extended attrributes (XA).
+ */
+ bool
+@@ -1580,11 +1625,11 @@
+ if ( have_rr != yep) {
+ have_rr = iso_have_rr_traverse (p_iso, p_stat, &splitpath[1], pu_file_limit);
+ }
++ free(p_stat);
+ if (have_rr != nope) {
+ free (_dirbuf);
+ return have_rr;
+ }
+- free(p_stat);
+
+ offset += iso9660_get_dir_len(p_iso9660_dir);
+ *pu_file_limit = (*pu_file_limit)-1;
diff --git a/SOURCES/CVE-2017-18201.patch b/SOURCES/CVE-2017-18201.patch
new file mode 100644
index 0000000..6aea772
--- /dev/null
+++ b/SOURCES/CVE-2017-18201.patch
@@ -0,0 +1,286 @@
+From e73a8bb23a4405b32cc7708771833f6c4e6b2426 Mon Sep 17 00:00:00 2001
+From: "R. Bernstein" <rocky@gnu.org>
+Date: Tue, 26 Sep 2017 16:29:15 -0400
+Subject: [PATCH] handle bad iso 9660 better. Fixes bug #52091
+
+src/iso-info.c: reflect errors in getting information back in exit code
+lib/iso9660_fs.c: bail when we there is bad stat info for a directory
+ change interface to report failure
+src/util.h: bump copyright
+test/data/bad-dir.iso: bad ISO 9660
+test/check_bad_iso.sh: test program
+test/check_iso.sh.in: expect nonzero RC on failures
+---
+ lib/iso9660/iso9660_fs.c | 6 +++++-
+ src/iso-info.c | 27 +++++++++++++++++----------
+ src/util.c | 4 ++--
+ test/Makefile.am | 3 ++-
+ test/check_bad_iso.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++
+ test/check_iso.sh.in | 19 ++++++++++++-------
+ test/data/Makefile.am | 1 +
+ test/data/bad-dir.iso | Bin 0 -> 49152 bytes
+ 8 files changed, 85 insertions(+), 21 deletions(-)
+ create mode 100755 test/check_bad_iso.sh
+ create mode 100644 test/data/bad-dir.iso
+
+diff --git a/lib/iso9660/iso9660_fs.c b/lib/iso9660/iso9660_fs.c
+index 8758a234..d3fb4069 100644
+--- a/lib/iso9660/iso9660_fs.c
++++ b/lib/iso9660/iso9660_fs.c
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (C) 2003-2008, 2011-2013 Rocky Bernstein <rocky@gnu.org>
++ Copyright (C) 2003-2008, 2011-2015, 2017 Rocky Bernstein <rocky@gnu.org>
+ Copyright (C) 2001 Herbert Valerio Riedel <hvr@gnu.org>
+
+ This program is free software: you can redistribute it and/or modify
+@@ -1394,6 +1394,10 @@ iso9660_ifs_readdir (iso9660_t *p_iso, const char psz_path[])
+
+ if (p_iso9660_stat)
+ _cdio_list_append (retval, p_iso9660_stat);
++ else {
++ cdio_warn("Invalid directory stat at offset %lu", (unsigned long)offset);
++ break;
++ }
+
+ offset += iso9660_get_dir_len(p_iso9660_dir);
+ }
+diff --git a/src/iso-info.c b/src/iso-info.c
+index 212ab335..b8a360e0 100644
+--- a/src/iso-info.c
++++ b/src/iso-info.c
+@@ -1,5 +1,6 @@
+ /*
+- Copyright (C) 2004-2006, 2008, 2012-2013 Rocky Bernstein <rocky@gnu.org>
++ Copyright (C) 2004-2006, 2008, 2012-2014, 2017 Rocky Bernstein
++ <rocky@gnu.org>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -212,7 +213,7 @@ _log_handler (cdio_log_level_t level, const char message[])
+ gl_default_cdio_log_handler (level, message);
+ }
+
+-static void
++static int
+ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+ {
+ CdioList_t *entlist;
+@@ -222,6 +223,7 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+ char *translated_name = (char *) malloc(4096);
+ size_t translated_name_size = 4096;
+ entlist = iso9660_ifs_readdir (p_iso, psz_path);
++ int rc = 0;
+
+ if (opts.print_iso9660) {
+ printf ("%s:\n", psz_path);
+@@ -231,7 +233,7 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+ free(translated_name);
+ free(dirlist);
+ report( stderr, "Error getting above directory information\n" );
+- return;
++ return 1;
+ }
+
+ /* Iterate over files in this directory */
+@@ -241,13 +243,16 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+ iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+ char *psz_iso_name = p_statbuf->filename;
+ char _fullname[4096] = { 0, };
+- if (strlen(psz_iso_name) >= translated_name_size) {
++ if (strlen(psz_iso_name) == 0)
++ continue;
++
++ if (strlen(psz_iso_name) >= translated_name_size) {
+ translated_name_size = strlen(psz_iso_name)+1;
+ free(translated_name);
+ translated_name = (char *) malloc(translated_name_size);
+ if (!translated_name) {
+ report( stderr, "Error allocating memory\n" );
+- return;
++ return 2;
+ }
+ }
+
+@@ -297,16 +302,17 @@ print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+ {
+ char *_fullname = _cdio_list_node_data (entnode);
+
+- print_iso9660_recurse (p_iso, _fullname);
++ rc += print_iso9660_recurse (p_iso, _fullname);
+ }
+
+ _cdio_list_free (dirlist, true);
++ return rc;
+ }
+
+-static void
++static int
+ print_iso9660_fs (iso9660_t *iso)
+ {
+- print_iso9660_recurse (iso, "/");
++ return print_iso9660_recurse (iso, "/");
+ }
+
+ static void
+@@ -429,6 +435,7 @@ main(int argc, char *argv[])
+
+ iso9660_t *p_iso=NULL;
+ iso_extension_mask_t iso_extension_mask = ISO_EXTENSION_ALL;
++ int rc = EXIT_SUCCESS;
+
+ init();
+
+@@ -498,7 +505,7 @@ main(int argc, char *argv[])
+ printf("Note: both -f and -l options given -- "
+ "-l (long listing) takes precidence\n");
+ }
+- print_iso9660_fs(p_iso);
++ rc = print_iso9660_fs(p_iso);
+ } else if (opts.print_udf) {
+ print_udf_fs();
+ }
+@@ -508,5 +515,5 @@ main(int argc, char *argv[])
+ iso9660_close(p_iso);
+ /* Not reached:*/
+ free(program_name);
+- return(EXIT_SUCCESS);
++ return(rc);
+ }
+diff --git a/src/util.c b/src/util.c
+index 4062ee2a..ad44a97c 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (C) 2003-2010, 2012-2013 Rocky Bernstein <rocky@gnu.org>
++ Copyright (C) 2003-2010, 2012-2014, 2017 Rocky Bernstein <rocky@gnu.org>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -56,7 +56,7 @@ print_version (char *program_name, const char *version,
+ if (no_header == 0) {
+ report( stdout,
+ "%s version %s\n"
+- "Copyright (c) 2003-2005, 2007-2008, 2011-2013 "
++ "Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 "
+ "R. Bernstein\n",
+ program_name, version);
+ report( stdout,
+diff --git a/test/Makefile.am b/test/Makefile.am
+index a2c57de2..cd370745 100644
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -47,7 +47,8 @@ test_lib_driver_util_CFLAGS = -DDATA_DIR=\"$(DATA_DIR)\"
+ testpregap_CFLAGS = -DDATA_DIR=\"$(DATA_DIR)\"
+
+ check_SCRIPTS = check_nrg.sh check_cue.sh check_cd_read.sh check_udf.sh \
+- check_iso.sh check_fuzzyiso.sh check_opts.sh \
++ check_iso.sh check_bad_iso.sh \
++ check_fuzzyiso.sh check_opts.sh \
+ check_iso_read.sh
+
+ check_udf.sh: @abs_top_builddir@/example/extract$(EXEEXT)
+diff --git a/test/check_bad_iso.sh b/test/check_bad_iso.sh
+new file mode 100755
+index 00000000..1ca3b6ca
+--- /dev/null
++++ b/test/check_bad_iso.sh
+@@ -0,0 +1,46 @@
++#!/bin/sh
++
++if test "X$abs_top_srcdir" = "X" ; then
++ abs_top_srcdir=/src/external-vcs/savannah/libcdio
++fi
++
++if test -z $srcdir ; then
++ srcdir=$(pwd)
++fi
++
++if test "X$top_builddir" = "X" ; then
++ top_builddir=$(pwd)/..
++fi
++
++. ${top_builddir}/test/check_common_fn
++
++if test ! -x ../src/iso-info ; then
++ exit 77
++fi
++
++BASE=$(basename $0 .sh)
++fname=bad-dir
++
++RC=0
++
++opts="--quiet ${abs_top_srcdir}/test/data/${fname}.iso"
++cmdname=iso-info
++cmd=../src/iso-info
++if ! "${cmd}" --no-header ${opts} 2>&1 ; then
++ echo "$0: unexpected failure"
++ RC=1
++fi
++
++opts="--quiet ${abs_top_srcdir}/test/data/${fname}.iso --iso9660"
++if "${cmd}" --no-header ${opts} 2>&1 ; then
++ ((RC+=1))
++else
++ echo "$0: expected failure"
++fi
++
++exit $RC
++
++#;;; Local Variables: ***
++#;;; mode:shell-script ***
++#;;; eval: (sh-set-shell "bash") ***
++#;;; End: ***
+diff --git a/test/check_iso.sh.in b/test/check_iso.sh.in
+index c3e219b8..7ccf82cf 100755
+--- a/test/check_iso.sh.in
++++ b/test/check_iso.sh.in
+@@ -1,11 +1,11 @@
+-#!/bin/sh
++#!@SHELL@
+
+ if test -z $srcdir ; then
+- srcdir=`pwd`
++ srcdir=$(pwd)
+ fi
+
+ if test "X$top_builddir" = "X" ; then
+- top_builddir=`pwd`/..
++ top_builddir=$(pwd)/..
+ fi
+
+ . ${top_builddir}/test/check_common_fn
+@@ -14,7 +14,7 @@ if test ! -x ../src/iso-info@EXEEXT@ ; then
+ exit 77
+ fi
+
+-BASE=`basename $0 .sh`
++BASE=$(basename $0 .sh)
+ fname=copying
+
+ opts="--quiet ${srcdir}/data/${fname}.iso --iso9660 "
+@@ -46,7 +46,7 @@ if test -n "@HAVE_ROCK@"; then
+ fi
+
+ if test -n "@HAVE_JOLIET@" ; then
+- BASE=`basename $0 .sh`
++ BASE=$(basename $0 .sh)
+ fname=joliet
+ opts="--quiet ${srcdir}/data/${fname}.iso --iso9660 "
+ test_iso_info "$opts" ${fname}-nojoliet.dump ${srcdir}/${fname}.right
+
+
+diff --git a/test/data/Makefile.am b/test/data/Makefile.am
+index 5e913cf9..1b8a5655 100644
+--- a/test/data/Makefile.am
++++ b/test/data/Makefile.am
+@@ -5,6 +5,7 @@ check_DATA = \
+ bad-cat2.toc \
+ bad-cat3.cue \
+ bad-cat3.toc \
++ bad-dir.iso \
+ bad-file.toc \
+ bad-mode1.cue \
+ bad-mode1.toc \
diff --git a/SOURCES/cdio_config.h b/SOURCES/cdio_config.h
new file mode 100644
index 0000000..9b01c00
--- /dev/null
+++ b/SOURCES/cdio_config.h
@@ -0,0 +1,29 @@
+/*
+ * Kluge to support multilib installation of both 32- and 64-bit RPMS:
+ * we need to arrange that header files that appear in both RPMs are
+ * identical. Hence, this file is architecture-independent and calls
+ * in an arch-dependent file that will appear in just one RPM.
+ *
+ * To avoid breaking arches not explicitly supported by Red Hat, we
+ * use this indirection file *only* on known multilib arches.
+ *
+ * Note: this may well fail if user tries to use gcc's -I- option.
+ * But that option is deprecated anyway.
+ */
+#if defined(__x86_64__)
+#include "cdio_config_x86_64.h"
+#elif defined(__i386__)
+#include "cdio_config_i386.h"
+#elif defined(__ppc64__) || defined(__powerpc64__)
+#include "cdio_config_ppc64.h"
+#elif defined(__ppc__) || defined(__powerpc__)
+#include "cdio_config_ppc.h"
+#elif defined(__s390x__)
+#include "cdio_config_s390x.h"
+#elif defined(__s390__)
+#include "cdio_config_s390.h"
+#elif defined(__sparc__) && defined(__arch64__)
+#include "cdio_config_sparc64.h"
+#elif defined(__sparc__)
+#include "cdio_config_sparc.h"
+#endif
diff --git a/SOURCES/libcdio-0.92.tar.gz.sig b/SOURCES/libcdio-0.92.tar.gz.sig
new file mode 100644
index 0000000..8dee12b
--- /dev/null
+++ b/SOURCES/libcdio-0.92.tar.gz.sig
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAlKuNQwACgkQGo3lAIJ17CHugQCdEFSgnCZv2OmFhJWIU6136alu
+rhoAoIjRLKRjma4ypjXlWdmPuuGMLW3V
+=ylRQ
+-----END PGP SIGNATURE-----
diff --git a/SOURCES/libcdio-no_date_footer.hml b/SOURCES/libcdio-no_date_footer.hml
new file mode 100644
index 0000000..4886c65
--- /dev/null
+++ b/SOURCES/libcdio-no_date_footer.hml
@@ -0,0 +1,4 @@
+<hr size="1"><address style="text-align: right;"><small>
+Generated for $projectname by <a href="http://www.doxygen.org/
+index.html"><img src="doxygen.png" alt="doxygen" align="middle" border="0"></a>
+$doxygenversion</small></address></body></html>
diff --git a/SPECS/libcdio.spec b/SPECS/libcdio.spec
new file mode 100644
index 0000000..1f35779
--- /dev/null
+++ b/SPECS/libcdio.spec
@@ -0,0 +1,319 @@
+Name: libcdio
+Version: 0.92
+Release: 3%{?dist}
+Summary: CD-ROM input and control library
+Group: System Environment/Libraries
+License: GPLv3+
+URL: http://www.gnu.org/software/libcdio/
+Source0: http://ftp.gnu.org/gnu/libcdio/libcdio-0.92.tar.gz
+Source1: http://ftp.gnu.org/gnu/libcdio/libcdio-0.92.tar.gz.sig
+Source2: libcdio-no_date_footer.hml
+Source3: cdio_config.h
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: pkgconfig doxygen
+BuildRequires: ncurses-devel
+BuildRequires: help2man
+Requires(post): /sbin/ldconfig
+Requires(post): /sbin/install-info
+Requires(preun): /sbin/install-info
+BuildRequires: gettext-devel
+BuildRequires: chrpath
+
+
+Patch0: CVE-2017-18201.patch
+#Following patches (1-4) also fix CVE-2017-18199
+Patch1: CVE-2017-18198-part1.patch
+Patch2: CVE-2017-18198-part2.patch
+Patch3: CVE-2017-18198-part3.patch
+Patch4: CVE-2017-18198-part4.patch
+
+%description
+This library provides an interface for CD-ROM access. It can be used
+by applications that need OS- and device-independent access to CD-ROM
+devices.
+
+%package devel
+Summary: Header files and libraries for %{name}
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+This package contains header files and libraries for %{name}.
+
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p3
+%patch4 -p3
+
+f=src/cd-paranoia/doc/ja/cd-paranoia.1.in
+iconv -f euc-jp -t utf-8 -o $f.utf8 $f && mv $f.utf8 $f
+iconv -f ISO88591 -t utf-8 -o THANKS.utf8 THANKS && mv THANKS.utf8 THANKS
+
+%build
+%configure \
+ --disable-vcd-info \
+ --disable-dependency-tracking \
+ --disable-cddb \
+ --disable-static \
+ --disable-rpath
+make %{?_smp_mflags}
+
+# another multilib fix; remove the architecture information from version.h
+sed -i -e "s,%{version}.*$,%{version}\\\",g" include/cdio/version.h
+
+cd doc/doxygen
+sed -i -e "s,HTML_FOOTER.*$,HTML_FOOTER = libcdio-no_date_footer.hml,g; \
+ s,EXCLUDE .*$,EXCLUDE = ../../include/cdio/cdio_config.h,g;" Doxyfile
+cp %{SOURCE2} .
+./run_doxygen
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+
+# multilib header hack; taken from postgresql.spec
+case `uname -i` in
+ i386 | x86_64 | ppc | ppc64 | s390 | s390x | sparc | sparc64 )
+ mv $RPM_BUILD_ROOT%{_includedir}/cdio/cdio_config.h $RPM_BUILD_ROOT%{_includedir}/cdio/cdio_config_`uname -i`.h
+ install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/cdio
+ ;;
+ *)
+ ;;
+esac
+
+rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
+
+rm -rf examples
+mkdir -p examples/C++
+cp -a example/{*.c,README} examples
+cp -a example/C++/{*.cpp,README} examples/C++
+
+# fix timestamps of generated man-pages
+for i in cd-info iso-read iso-info cd-read cd-drive; do
+ # remove build architecture information from man pages
+ sed -i -e 's, version.*linux-gnu,,g' $RPM_BUILD_ROOT%{_mandir}/man1/$i.1
+ # remove libtool leftover from man pages
+ sed -i -e 's,lt-,,g;s,LT-,,g' $RPM_BUILD_ROOT%{_mandir}/man1/$i.1
+ # fix timestamps to be the same in all packages
+ touch -r src/$i.help2man $RPM_BUILD_ROOT%{_mandir}/man1/$i.1
+done
+
+# remove rpath
+chrpath --delete $RPM_BUILD_ROOT%{_bindir}/*
+chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so.*
+
+%check
+# disable test using local CDROM
+%{__sed} -i -e "s,testiso9660\$(EXEEXT),,g" \
+ -e "s,testisocd\$(EXEEXT),,g" \
+ -e "s,check_paranoia.sh check_opts.sh, check_opts.sh,g" \
+ test/Makefile
+make check
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%post
+/sbin/ldconfig
+/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir 2>/dev/null || :
+
+%preun
+if [ $1 = 0 ]; then
+ /sbin/install-info --delete %{_infodir}/%{name}.info \
+ %{_infodir}/dir 2>/dev/null || :
+fi
+
+%postun -p /sbin/ldconfig
+
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS COPYING NEWS README README.libcdio THANKS TODO
+%{_bindir}/*
+%{_libdir}/*.so.*
+%{_infodir}/*
+%{_mandir}/man1/*
+
+
+%files devel
+%defattr(-,root,root,-)
+%doc doc/doxygen/html examples
+%{_includedir}/cdio
+%{_includedir}/cdio++
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+
+
+%changelog
+* Mon Jun 18 2018 Jakub Martisko <jamartis@redhat.com> - 0.92-3
+- fix CVE-2017-18198 and CVE-2017-18199
+- Resolves: rhbz#1553769
+- Resolves: rhbz#1553604
+
+* Mon Jun 18 2018 Jakub Martisko <jamartis@redhat.com> - 0.92-2
+- fix CVE-2017-18201
+- Resolves: rhbz#1553621
+
+* Mon Dec 16 2013 Adrian Reber <adrian@lisas.de> - 0.92-1
+- updated to 0.92
+- Resolves: rhbz#1065642
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.90-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.90-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Nov 22 2012 Adrian Reber <adrian@lisas.de> - 0.90-1
+- updated to 0.90
+
+* Tue Jul 24 2012 Adrian Reber <adrian@lisas.de> - 0.83-5
+- fixed #477288 (libcdio-devel multilib conflict) again
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.83-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Mar 23 2012 Adrian Reber <adrian@lisas.de> - 0.83-3
+- fixed #804484 (/usr/bin/cd-info was killed by signal 11)
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.83-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Sun Nov 13 2011 Adrian Reber <adrian@lisas.de> - 0.83-1
+- updated to 0.83
+
+* Mon May 30 2011 Honza Horak <hhorak@redhat.com> - 0.82-5
+- applied patch to fix issues found by static analyses
+
+* Thu May 19 2011 Honza Horak <hhorak@redhat.com> - 0.82-4
+- fixed #705673 buffer overflow and other unprotected sprintf calls
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.82-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Thu Jan 28 2010 Adrian Reber <adrian@lisas.de> - 0.82-2
+- disabled building of static libraries (#556064)
+- removed "Requires: pkgconfig" (rpm adds it automatically)
+
+* Wed Jan 20 2010 Roman Rakus rrakus@redhat.com 0.82-1
+- Update to 0.82
+- removed rpath
+- converted THANKS to utf8
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.81-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.81-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Oct 07 2008 Adrian Reber <adrian@lisas.de> - 0.81-1
+- updated to 0.81
+- license changed to GPLv3+
+- fixed #477288 (libcdio-devel multilib conflict)
+- applied patch to fix endless loop in mock
+
+* Tue Oct 07 2008 Adrian Reber <adrian@lisas.de> - 0.80-5
+- fixed #462125 (Multilib conflict) - really, really, really
+ (also remove architecture information from man pages)
+
+* Thu Oct 02 2008 Adrian Reber <adrian@lisas.de> - 0.80-4
+- fixed #462125 (Multilib conflict) - this time for real
+
+* Fri Sep 12 2008 Adrian Reber <adrian@lisas.de> - 0.80-3
+- fixed #462125 (Multilib conflict)
+
+* Wed Jun 4 2008 Tomas Bzatek <tbzatek@redhat.com> - 0.80-2
+- added patch enabling libcdio_paranoia.pc
+
+* Thu May 29 2008 Adrian Reber <adrian@lisas.de> - 0.80-1
+- updated to 0.80
+- removed upstreamed patches
+- last GPLv2+ release
+
+* Thu Feb 14 2008 Adrian Reber <adrian@lisas.de> - 0.79-3
+- added patch to compile with gcc43
+
+* Fri Jan 04 2008 Adrian Reber <adrian@lisas.de> - 0.79-2
+- fixed security fix (was off by two)
+
+* Wed Jan 02 2008 Adrian Reber <adrian@lisas.de> - 0.79-1
+- updated to 0.79
+- fixes #427197 (Long Joliet file name overflows cdio's buffer)
+- fixes #341981 (multiarch conflicts in libcdio)
+
+* Fri Aug 24 2007 Adrian Reber <adrian@lisas.de> - 0.78.2-3
+- rebuilt
+
+* Mon Jul 23 2007 Adrian Reber <adrian@lisas.de> - 0.78.2-2
+- updated to 0.78.2 (#221359) (this time for real)
+
+* Thu Jan 04 2007 Adrian Reber <adrian@lisas.de> - 0.78.2-1
+- updated to 0.78.2 (#221359)
+
+* Thu Oct 05 2006 Adrian Reber <adrian@lisas.de> - 0.77-3
+- disabled iso9660 test case (fails for some reason with date problems)
+ this seems to be a known problem according to the ChangeLog
+
+* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.77-2
+ - rebuilt for unwind info generation, broken in gcc-4.1.1-21
+
+* Fri Sep 22 2006 Adrian Reber <adrian@lisas.de> - 0.77-1
+- Updated to 0.77
+
+* Mon Sep 18 2006 Adrian Reber <adrian@lisas.de> - 0.76-3
+- Rebuilt
+
+* Mon Sep 26 2005 Adrian Reber <adrian@lisas.de> - 0.76-2
+- Rebuilt
+
+* Mon Sep 26 2005 Adrian Reber <adrian@lisas.de> - 0.76-1
+- Updated to 0.76.
+- Included doxygen generated documentation into -devel
+- Included examples into -devel
+
+* Mon Aug 01 2005 Adrian Reber <adrian@lisas.de> - 0.75-4
+- disable test accessing local CDROM drive (#164266)
+
+* Wed Jul 27 2005 Adrian Reber <adrian@lisas.de> - 0.75-3
+- Rebuilt without libcddb dependency (#164270)
+
+* Tue Jul 26 2005 Adrian Reber <adrian@lisas.de> - 0.75-2
+- Rebuilt
+
+* Thu Jul 14 2005 Adrian Reber <adrian@lisas.de> - 0.75-1
+- Updated to 0.75.
+
+* Fri Jun 03 2005 Adrian Reber <adrian@lisas.de> - 0.74-2
+- Updated to 0.74.
+
+* Sun Apr 24 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.73-2
+- BuildRequire ncurses-devel (for cdda-player and cd-paranoia).
+- Run test suite during build.
+- Install Japanese man pages.
+
+* Sun Apr 24 2005 Adrian Reber <adrian@lisas.de> - 0.73-1
+- Updated to 0.73.
+
+* Fri Mar 18 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.70-2
+- Fix FC4 build (#151468).
+- Build with dependency tracking disabled.
+
+* Sun Sep 5 2004 Marius L. Jøhndal <mariuslj at ifi.uio.no> - 0:0.70-0.fdr.1
+- Updated to 0.70.
+
+* Sat Jul 17 2004 Marius L. Jøhndal <mariuslj at ifi.uio.no> - 0:0.69-0.fdr.1
+- Updated to 0.69.
+- Removed broken iso-read.
+- Split Requires(pre,post).
+- Added BuildReq pkgconfig.
+
+* Mon Mar 29 2004 Marius L. Jøhndal <mariuslj at ifi.uio.no> - 0:0.68-0.fdr.1
+- Initial RPM release.
+