Rebase to 1.32.9, includes patch for CVE-2024-10573

Resolves: RHEL-65445
2024-12-02 17:33:48 +01:00 · 2024-12-02 17:33:48 +01:00 · 0ee2520213
commit 0ee2520213
parent 678ac980c6
4 changed files with 7 additions and 1036 deletions
--- a/0001-libmpg123-first-hot-fix-for-bug-322.patch
+++ b/0001-libmpg123-first-hot-fix-for-bug-322.patch
@ -1,30 +0,0 @@
-From 27ae9722b26c472838b7d3c078a3701363fce951 Mon Sep 17 00:00:00 2001
-From: thor <thor@35dc7657-300d-0410-a2e5-dc2837fedb53>
-Date: Sun, 20 Oct 2024 14:59:10 +0000
-Subject: [PATCH 1/2] libmpg123: first hot fix for bug 322
-
-git-svn-id: svn://scm.orgis.org/mpg123/trunk@5432 35dc7657-300d-0410-a2e5-dc2837fedb53
---
- src/libmpg123/parse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/libmpg123/parse.c b/src/libmpg123/parse.c
-index c2efd3dc..86c98255 100644
--- a/src/libmpg123/parse.c
-+++ b/src/libmpg123/parse.c
-@@ -588,6 +588,12 @@ init_resync:
- 		debug2("read frame body of %i at %"OFF_P, fr->framesize, framepos+4);
- 		if((ret=fr->rd->read_frame_body(fr,newbuf,fr->framesize))<0)
- 		{
-+			freeformat_count = 0;
-+			// Re-decoding the old header again _must_ work.
-+			// Need to ensure that we do not prepare for actual frame data when there is none
-+			// (messing with header change info and decoder state).
-+			if(ret != MPG123_NEED_MORE && fr->oldhead)
-+				decode_header(fr, fr->oldhead, &freeformat_count);
- 			/* if failed: flip back */
- 			debug1("%s", ret == MPG123_NEED_MORE ? "need more" : "read error");
- 			goto read_frame_bad;
-- 
-2.47.0
-
--- a/0002-libmpg123-separate-header-data-into-a-struct-ensure-.patch
+++ b/0002-libmpg123-separate-header-data-into-a-struct-ensure-.patch
--- a/mpg123.spec
+++ b/mpg123.spec
@ -3,17 +3,14 @@
 %global syn syn123

 Name:           mpg123
-Version:        1.26.2
-Release:        6%{?dist}
+Version:        1.32.9
+Release:        1%{?dist}
 Summary:        Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3

 License:        LGPLv2+
 URL:            http://mpg123.org
 Source0:        %{url}/download/%{name}-%{version}.tar.bz2

-Patch1:		0001-libmpg123-first-hot-fix-for-bug-322.patch
-Patch2:		0002-libmpg123-separate-header-data-into-a-struct-ensure-.patch
-
 BuildRequires: make
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -165,6 +162,10 @@ rm %{buildroot}%{_libdir}/*.la
 %{_libdir}/pkgconfig/lib%{syn}.pc

 %changelog
+* Mon Dec 02 2024 Wim Taymans <wtaymans@redhat.com> - 1.32.9-1
+- Rebase to 1.32.9, includes patch for CVE-2024-10573
+  Resolves: RHEL-65445
+
 * Mon Dec 02 2024 Wim Taymans <wtaymans@redhat.com> - 1.26.2-6
 - Add patch for CVE-2024-10573
  Resolves: RHEL-65445
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (mpg123-1.26.2.tar.bz2) = aa63fcb08b243a1e09f7701b3d84a19d7412a87253d54d49f014fdb9e75bbc81d152a41ed750fccde901453929b2a001585a7645351b41845ad205c17a73dcc9
+SHA512 (mpg123-1.32.9.tar.bz2) = dccb640b0845061811cb41bf145587e7093556d686d49a748232b079659b46284b6cc40db42d14febceac11277c58edf2b69d1b4c46c223829a3d15478e2e26c