rpms/grip/F-9 grip.834724.patch,NONE,1.1 grip.spec,1.23,1.24

Adrian Reber adrian at fedoraproject.org
Sun Nov 9 14:51:09 UTC 2008 

Author: adrian

Update of /cvs/extras/rpms/grip/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13201

Modified Files:
	grip.spec 
Added Files:
	grip.834724.patch 
Log Message:
* Sun Nov 09 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24
- fixed "buffer overflow caused by large amount of CDDB replies" (#470552)
  (CVE-2005-0706)


grip.834724.patch:

--- NEW FILE grip.834724.patch ---
diff --git a/src/discdb.c b/src/discdb.c
index c21a608..9ad279b 100644
--- a/src/discdb.c
+++ b/src/discdb.c
@@ -311,7 +311,7 @@ gboolean DiscDBDoQuery(DiscInfo *disc,DiscDBServer *server,
     query->query_match=MATCH_EXACT;
     query->query_matches=0;
 
-    while((inbuffer=DiscDBReadLine(&dataptr))) {
+    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
       query->query_list[query->query_matches].list_genre=
 	DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
       
@@ -331,7 +331,7 @@ gboolean DiscDBDoQuery(DiscInfo *disc,DiscDBServer *server,
     query->query_match=MATCH_INEXACT;
     query->query_matches=0;
 
-    while((inbuffer=DiscDBReadLine(&dataptr))) {
+    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
       query->query_list[query->query_matches].list_genre=
 	DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
       


Index: grip.spec
===================================================================
RCS file: /cvs/extras/rpms/grip/F-9/grip.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- grip.spec	23 Aug 2008 22:44:50 -0000	1.23
+++ grip.spec	9 Nov 2008 14:50:38 -0000	1.24
@@ -1,7 +1,7 @@
 Summary: Front-end for CD rippers and Ogg Vorbis encoders
 Name: grip
 Version: 3.2.0
-Release: 22%{?dist}
+Release: 24%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: Applications/Multimedia
@@ -13,6 +13,7 @@
 Patch4: grip-64bit-fix.patch
 Patch5: grip-3.2.0-lookup.patch
 Patch6: grip-3.2.0-executionpatch.patch
+Patch7: grip.834724.patch
 URL: http://www.nostatic.org/grip/
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: vorbis-tools
@@ -35,6 +36,7 @@
 %patch4
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 
@@ -48,7 +50,7 @@
 # convert non utf8 .po files to utf8
 # to fix #456721 (Grip silently crahses on F8)
 pushd po
-for i in de.po es.po fr.po pt_BR.po ru.po; do
+for i in es.po pt_BR.po ru.po; do
 	iconv -f iso-8859-1 -t utf-8 $i > $i.tmp
 	mv $i.tmp $i
 done
@@ -96,6 +98,14 @@
 %{_mandir}/man1/*
 
 %changelog
+* Sun Nov 09 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24
+- fixed "buffer overflow caused by large amount of CDDB replies" (#470552)
+  (CVE-2005-0706)
+
+* Thu Oct 02 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-23
+- fixed "German Umlauts are shown incorrectly" (#459394)
+  (not converting de.po and fr.po to UTF-8 anymore)
+
 * Sat Aug 23 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-22
 - updated to better "execute command after encode" patch from Stefan Becker

More information about the fedora-extras-commits mailing list