OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 05-Feb-2005 14:43:11
Branch: HEAD Handle: 2005020513431000
Modified files:
openpkg-src/mpg123 mpg123.patch mpg123.spec
Log:
apply security fix (CAN-2004-0991)
Summary:
Revision Changes Path
1.4 +36 -0 openpkg-src/mpg123/mpg123.patch
1.32 +1 -1 openpkg-src/mpg123/mpg123.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/mpg123/mpg123.patch
============================================================================
$ cvs diff -u -r1.3 -r1.4 mpg123.patch
--- openpkg-src/mpg123/mpg123.patch 17 Sep 2004 13:24:52 -0000 1.3
+++ openpkg-src/mpg123/mpg123.patch 5 Feb 2005 13:43:10 -0000 1.4
@@ -60,3 +60,39 @@
#else
#include <machine/soundcard.h>
#endif
+
+Security Bugfix
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991
+
+Index: common.c
+--- common.c 2003/01/29 19:22:48 1.4
++++ common.c 2005/01/01 19:21:47 1.5
+@@ -343,9 +343,12 @@
+ fr->mpeg25 = 1;
+ }
+
+- if (!param.tryresync || !oldhead) {
+- /* If "tryresync" is true, assume that certain
+- parameters do not change within the stream! */
++ if (!param.tryresync || !oldhead ||
++ (((oldhead>>19)&0x3) ^ ((newhead>>19)&0x3))) {
++ /* If "tryresync" is false, assume that certain
++ parameters do not change within the stream!
++ Force an update if lsf or mpeg25 settings
++ have changed. */
+ fr->lay = 4-((newhead>>17)&3);
+ if( ((newhead>>10)&0x3) == 0x3) {
+ fprintf(stderr,"Stream error\n");
+Index: layer2.c
+--- layer2.c:1.2 Tue Sep 7 14:32:13 2004
++++ layer2.c Sat Jan 1 20:21:47 2005
+@@ -240,7 +240,7 @@
+ { alloc_0, alloc_1, alloc_2, alloc_3 , alloc_4 };
+ static int sblims[5] = { 27 , 30 , 8, 12 , 30 };
+
+- if(fr->lsf)
++ if(fr->sampling_frequency >= 3) /* Or equivalent: (fr->lsf == 1) */
+ table = 4;
+ else
+ table =
translate[fr->sampling_frequency][2-fr->stereo][fr->bitrate_index];
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/mpg123/mpg123.spec
============================================================================
$ cvs diff -u -r1.31 -r1.32 mpg123.spec
--- openpkg-src/mpg123/mpg123.spec 1 Jan 2005 10:52:36 -0000 1.31
+++ openpkg-src/mpg123/mpg123.spec 5 Feb 2005 13:43:10 -0000 1.32
@@ -34,7 +34,7 @@
Group: Audio
License: GPL
Version: 0.59r
-Release: 20040917
+Release: 20050205
# list of sources
Source0: http://www.mpg123.de/mpg123/mpg123-%{version}-pl1.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
