rpms/libtunepimp/devel libtunepimp-0.4.2-198195.patch, NONE, 1.1 libtunepimp.spec, 1.8, 1.9
Rex Dieter (rdieter)
fedora-extras-commits at redhat.com
Mon Jul 10 13:59:01 UTC 2006
Author: rdieter
Update of /cvs/extras/rpms/libtunepimp/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16355
Modified Files:
libtunepimp.spec
Added Files:
libtunepimp-0.4.2-198195.patch
Log Message:
* Thu Mar 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 0.4.2-1
- 0.4.2
libtunepimp-0.4.2-198195.patch:
--- NEW FILE libtunepimp-0.4.2-198195.patch ---
--- libtunepimp-0.4.2/lib/lookuptools.cpp.198195 2006-01-28 14:35:42.000000000 -0600
+++ libtunepimp-0.4.2/lib/lookuptools.cpp 2006-07-10 08:42:21.000000000 -0500
@@ -51,7 +51,7 @@
musicbrainz_t o;
char *args[7];
int ret, trackNum;
- char error[255], data[255], trackURI[256],
+ char error[256], data[256], trackURI[256],
artistURI[256], albumURI[256];
char temp[100], duration[100], status[100];
@@ -160,7 +160,7 @@
if (mb_Select1(o, MBS_SelectReleaseDate, j))
{
// Pull back the release date and release country
- if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 256))
+ if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 100))
{
int month = 0, day = 0, year = 0;
Index: libtunepimp.spec
===================================================================
RCS file: /cvs/extras/rpms/libtunepimp/devel/libtunepimp.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- libtunepimp.spec 16 Mar 2006 18:20:32 -0000 1.8
+++ libtunepimp.spec 10 Jul 2006 13:59:01 -0000 1.9
@@ -2,15 +2,17 @@
Summary: A library for creating MusicBrainz enabled tagging applications
Name: libtunepimp
Version: 0.4.2
-Release: 1%{?dist}
+Release: 2%{?dist}
-# README.LGPL implies that it's not completely lgpl, yet.
-License: GPL
+License: LGPL
Group: System Environment/Libraries
URL: http://www.musicbrainz.org/products/tunepimp/
Source: http://ftp.musicbrainz.org/pub/musicbrainz/libtunepimp-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# "libtunepimp: stack smashing (buffer overflow)", http://bugzilla.redhat.com/198195
+Patch198195: libtunepimp-0.4.2-198195.patch
+
BuildRequires: readline-devel
BuildRequires: libvorbis-devel
BuildRequires: flac-devel
@@ -41,11 +43,13 @@
%prep
%setup -q
+%patch198195 -p1 -b .198195
+
%build
%configure \
--disable-static \
- --disable-dependency-tracking \
+ --disable-dependancy-tracking \
--enable-lgpl
make %{?_smp_mflags}
@@ -71,8 +75,8 @@
%files
%defattr(-,root,root,-)
-# README omitted, it's mostly useless
%doc AUTHORS COPYING ChangeLog TODO
+# README omitted, it's mostly useless
%doc README.LGPL
%{_libdir}/lib*.so.*
%dir %{_libdir}/tunepimp/
@@ -92,6 +96,11 @@
%changelog
+* Mon Jul 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 0.4.2-2
+- fix buffer overflow (bug #198195)
+- drop ancient,deprecated Obsoletes/Provides: trm
+- License: LGPL, we're omitting the non-lgpl bits
+
* Thu Mar 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 0.4.2-1
- 0.4.2
More information about the fedora-extras-commits
mailing list