fix CVE-2024-10573

(cherry picked from commit c486c2082dbaa50520e317f4032dd14db9d430ca)
2024-11-01 14:46:31 +08:00 · 2024-11-01 14:46:31 +08:00 · cc99b5dd95
commit cc99b5dd95
parent d8b9cd71ea
2 changed files with 1016 additions and 2 deletions
--- a/0001-libmpg123-separate-header-data-into-a-struct.patch
+++ b/0001-libmpg123-separate-header-data-into-a-struct.patch
--- a/mpg123.spec
+++ b/mpg123.spec
@ -7,7 +7,7 @@ libraries.

 Name:           mpg123
 Version:        1.29.3
-Release:        3
+Release:        4
 Summary:        Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3
 License:        LGPL-2.1-or-later and GPL-2.0-or-later
 URL:            http://mpg123.org
@ -15,6 +15,8 @@ Source0:        http://mpg123.org/download/%{name}-%{version}.tar.bz2
 BuildRequires:  autoconf automake gcc libtool make pkgconfig(alsa)
 Requires:       %{name}-libs = %{version}-%{release}

+Patch0001: 0001-libmpg123-separate-header-data-into-a-struct.patch
+
 %description %{_description}

 %package plugins-pulseaudio  
@ -123,7 +125,10 @@ popd
 %doc NEWS NEWS.lib%{name} doc/*
 %doc %{_mandir}/man1/*

-%changelog  
+%changelog
+* Fri Nov 1 2024 Deyuan Fan <fandeyuan@kylinos.cn> - 1.29.3-4
+- fix CVE-2024-10573
+
 * Sat Jul 30 2022 wangkai <wangkai385@h-partners.com> - 1.29.3-3
 - Add portaudio and jack audio plugin to fix mpg123 xxx.mp3 error