rpms/mpg123
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to 1.32.9, includes patch for CVE-2024-10573

Browse Source 
Resolves: RHEL-65445
This commit is contained in:
Wim Taymans 2024-12-02 17:33:48 +01:00
parent 678ac980c6
commit 0ee2520213
4 changed files with 7 additions and 1036 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-libmpg123-first-hot-fix-for-bug-322.patch
View File

@ -1,30 +0,0 @@
From 27ae9722b26c472838b7d3c078a3701363fce951 Mon Sep 17 00:00:00 2001
From: thor <thor@35dc7657-300d-0410-a2e5-dc2837fedb53>
Date: Sun, 20 Oct 2024 14:59:10 +0000
Subject: [PATCH 1/2] libmpg123: first hot fix for bug 322
git-svn-id: svn://scm.orgis.org/mpg123/trunk@5432 35dc7657-300d-0410-a2e5-dc2837fedb53
---
src/libmpg123/parse.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/libmpg123/parse.c b/src/libmpg123/parse.c
index c2efd3dc..86c98255 100644
--- a/src/libmpg123/parse.c
+++ b/src/libmpg123/parse.c
@@ -588,6 +588,12 @@ init_resync:
debug2("read frame body of %i at %"OFF_P, fr->framesize, framepos+4);
if((ret=fr->rd->read_frame_body(fr,newbuf,fr->framesize))<0)
{
+ freeformat_count = 0;
+ // Re-decoding the old header again _must_ work.
+ // Need to ensure that we do not prepare for actual frame data when there is none
+ // (messing with header change info and decoder state).
+ if(ret != MPG123_NEED_MORE && fr->oldhead)
+ decode_header(fr, fr->oldhead, &freeformat_count);
/* if failed: flip back */
debug1("%s", ret == MPG123_NEED_MORE ? "need more" : "read error");
goto read_frame_bad;
--
2.47.0

1000
0002-libmpg123-separate-header-data-into-a-struct-ensure-.patch
View File

File diff suppressed because it is too large Load Diff

11
mpg123.spec
View File

@ -3,17 +3,14 @@
%global syn syn123 %global syn syn123
Name: mpg123 Name: mpg123
Version: 1.26.2 Version: 1.32.9
Release: 6%{?dist} Release: 1%{?dist}
Summary: Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3 Summary: Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3
License: LGPLv2+ License: LGPLv2+
URL: http://mpg123.org URL: http://mpg123.org
Source0: %{url}/download/%{name}-%{version}.tar.bz2 Source0: %{url}/download/%{name}-%{version}.tar.bz2
Patch1: 0001-libmpg123-first-hot-fix-for-bug-322.patch
Patch2: 0002-libmpg123-separate-header-data-into-a-struct-ensure-.patch
BuildRequires: make BuildRequires: make
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -165,6 +162,10 @@ rm %{buildroot}%{_libdir}/*.la
%{_libdir}/pkgconfig/lib%{syn}.pc %{_libdir}/pkgconfig/lib%{syn}.pc
%changelog %changelog
* Mon Dec 02 2024 Wim Taymans <wtaymans@redhat.com> - 1.32.9-1
- Rebase to 1.32.9, includes patch for CVE-2024-10573
Resolves: RHEL-65445
* Mon Dec 02 2024 Wim Taymans <wtaymans@redhat.com> - 1.26.2-6 * Mon Dec 02 2024 Wim Taymans <wtaymans@redhat.com> - 1.26.2-6
- Add patch for CVE-2024-10573 - Add patch for CVE-2024-10573
Resolves: RHEL-65445 Resolves: RHEL-65445

2
sources
View File

@ -1 +1 @@
SHA512 (mpg123-1.26.2.tar.bz2) = aa63fcb08b243a1e09f7701b3d84a19d7412a87253d54d49f014fdb9e75bbc81d152a41ed750fccde901453929b2a001585a7645351b41845ad205c17a73dcc9 SHA512 (mpg123-1.32.9.tar.bz2) = dccb640b0845061811cb41bf145587e7093556d686d49a748232b079659b46284b6cc40db42d14febceac11277c58edf2b69d1b4c46c223829a3d15478e2e26c