fix CVE-2024-10573

(cherry picked from commit 2bbb96d7bf9d313bc811ce29df5965c08d9e812f)
2024-11-19 14:13:10 +08:00 · 2024-11-19 14:13:10 +08:00 · 4c0c373408
commit 4c0c373408
parent 3ee8ee2005
2 changed files with 1015 additions and 1 deletions
--- a/0001-libmpg123-separate-header-data-into-a-struct.patch
+++ b/0001-libmpg123-separate-header-data-into-a-struct.patch
--- a/mpg123.spec
+++ b/mpg123.spec
@ -7,7 +7,7 @@ libraries.

 Name:           mpg123
 Version:        1.29.3
-Release:        3
+Release:        4
 Summary:        Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3
 License:        LGPLv2+
 URL:            http://mpg123.org
@ -15,6 +15,8 @@ Source0:        http://mpg123.org/download/%{name}-%{version}.tar.bz2
 BuildRequires:  autoconf automake gcc libtool make pkgconfig(alsa)
 Requires:       %{name}-libs = %{version}-%{release}

+Patch0001: 0001-libmpg123-separate-header-data-into-a-struct.patch
+
 %description %{_description}

 %package plugins-pulseaudio  
@ -124,6 +126,9 @@ popd
 %doc %{_mandir}/man1/*

 %changelog  
+* Tue Nov 19 2024 Deyuan Fan <fandeyuan@kylinos.cn> - 1.29.3-4
+- fix CVE-2024-10573
+
 * Mon Feb 28 2022 pei-jiankang <peijiankang@kylinos.cn> - 1.29.3-3
 - modify libdir Repeat packaging