rpms/libtunepimp/devel libtunepimp-0.4.2-198195.patch, NONE, 1.1 libtunepimp.spec, 1.8, 1.9

Rex Dieter (rdieter) fedora-extras-commits at redhat.com
Mon Jul 10 13:59:01 UTC 2006 

Author: rdieter

Update of /cvs/extras/rpms/libtunepimp/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16355

Modified Files:
	libtunepimp.spec 
Added Files:
	libtunepimp-0.4.2-198195.patch 
Log Message:
* Thu Mar 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 0.4.2-1
- 0.4.2


libtunepimp-0.4.2-198195.patch:

--- NEW FILE libtunepimp-0.4.2-198195.patch ---
--- libtunepimp-0.4.2/lib/lookuptools.cpp.198195	2006-01-28 14:35:42.000000000 -0600
+++ libtunepimp-0.4.2/lib/lookuptools.cpp	2006-07-10 08:42:21.000000000 -0500
@@ -51,7 +51,7 @@
     musicbrainz_t  o;
     char          *args[7];
     int            ret, trackNum;
-    char           error[255], data[255], trackURI[256],
+    char           error[256], data[256], trackURI[256],
                    artistURI[256], albumURI[256];
     char           temp[100], duration[100], status[100];
 
@@ -160,7 +160,7 @@
             if (mb_Select1(o, MBS_SelectReleaseDate, j))
             {
                 // Pull back the release date and release country
-                if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 256))
+                if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 100))
                 {
                     int month = 0, day = 0, year = 0;
 


Index: libtunepimp.spec
===================================================================
RCS file: /cvs/extras/rpms/libtunepimp/devel/libtunepimp.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- libtunepimp.spec	16 Mar 2006 18:20:32 -0000	1.8
+++ libtunepimp.spec	10 Jul 2006 13:59:01 -0000	1.9
@@ -2,15 +2,17 @@
 Summary: A library for creating MusicBrainz enabled tagging applications 
 Name:	 libtunepimp 
 Version: 0.4.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 
-# README.LGPL implies that it's not completely lgpl, yet.
-License: GPL
+License: LGPL
 Group: 	 System Environment/Libraries
 URL:	 http://www.musicbrainz.org/products/tunepimp/
 Source:	 http://ftp.musicbrainz.org/pub/musicbrainz/libtunepimp-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+# "libtunepimp: stack smashing (buffer overflow)", http://bugzilla.redhat.com/198195
+Patch198195: libtunepimp-0.4.2-198195.patch
+
 BuildRequires: readline-devel
 BuildRequires: libvorbis-devel
 BuildRequires: flac-devel
@@ -41,11 +43,13 @@
 %prep
 %setup -q
 
+%patch198195 -p1 -b .198195
+
 
 %build
 %configure \
   --disable-static \
-  --disable-dependency-tracking \
+  --disable-dependancy-tracking \
   --enable-lgpl
 
 make %{?_smp_mflags}
@@ -71,8 +75,8 @@
 
 %files
 %defattr(-,root,root,-)
-# README omitted, it's mostly useless
 %doc AUTHORS COPYING ChangeLog TODO 
+# README omitted, it's mostly useless
 %doc README.LGPL
 %{_libdir}/lib*.so.*
 %dir %{_libdir}/tunepimp/
@@ -92,6 +96,11 @@
 
 
 %changelog
+* Mon Jul 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 0.4.2-2
+- fix buffer overflow (bug #198195)
+- drop ancient,deprecated Obsoletes/Provides: trm
+- License: LGPL, we're omitting the non-lgpl bits
+
 * Thu Mar 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 0.4.2-1
 - 0.4.2

More information about the fedora-extras-commits mailing list