!29 [sync] PR-28: fix CVE-2024-10573

From: @openeuler-sync-bot Reviewed-by: @peijiankang Signed-off-by: @peijiankang
2025-02-12 06:38:30 +00:00 · 2025-02-12 06:38:30 +00:00 · 577eb14924
commit 577eb14924
parent 3ee8ee2005 4c0c373408
2 changed files with 1015 additions and 1 deletions
--- a/0001-libmpg123-separate-header-data-into-a-struct.patch
+++ b/0001-libmpg123-separate-header-data-into-a-struct.patch
--- a/mpg123.spec
+++ b/mpg123.spec
@ -7,7 +7,7 @@ libraries.

 Name:           mpg123
 Version:        1.29.3
-Release:        3
+Release:        4
 Summary:        Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3
 License:        LGPLv2+
 URL:            http://mpg123.org
@ -15,6 +15,8 @@ Source0:        http://mpg123.org/download/%{name}-%{version}.tar.bz2
 BuildRequires:  autoconf automake gcc libtool make pkgconfig(alsa)
 Requires:       %{name}-libs = %{version}-%{release}

+Patch0001: 0001-libmpg123-separate-header-data-into-a-struct.patch
+
 %description %{_description}

 %package plugins-pulseaudio  
@ -124,6 +126,9 @@ popd
 %doc %{_mandir}/man1/*

 %changelog  
+* Tue Nov 19 2024 Deyuan Fan <fandeyuan@kylinos.cn> - 1.29.3-4
+- fix CVE-2024-10573
+
 * Mon Feb 28 2022 pei-jiankang <peijiankang@kylinos.cn> - 1.29.3-3
 - modify libdir Repeat packaging