rpms/id3lib/devel id3lib-vbr_buffer_overflow.diff, NONE, 1.1 id3lib.spec, 1.21, 1.22

Adrian Reber adrian at fedoraproject.org
Thu Nov 12 14:35:14 UTC 2009


Author: adrian

Update of /cvs/extras/rpms/id3lib/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28328

Modified Files:
	id3lib.spec 
Added Files:
	id3lib-vbr_buffer_overflow.diff 
Log Message:
* Thu Nov 12 2009 Adrian Reber <adrian at lisas.de> - 3.8.3-24
- Fix "Stack smashing with vbr mp3 files" (bz #533706)
  also see https://bugs.launchpad.net/ubuntu/+source/id3lib3.8.3/+bug/444466


id3lib-vbr_buffer_overflow.diff:
 mp3_parse.cpp |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE id3lib-vbr_buffer_overflow.diff ---
diff -ru id3lib3.8.3-3.8.3.orig/src/mp3_parse.cpp id3lib3.8.3-3.8.3/src/mp3_parse.cpp
--- id3lib3.8.3-3.8.3.orig/src/mp3_parse.cpp	2003-03-02 01:23:00.000000000 +0100
+++ id3lib3.8.3-3.8.3/src/mp3_parse.cpp	2009-10-06 11:45:37.897681290 +0200
@@ -465,7 +465,7 @@
   // from http://www.xingtech.com/developer/mp3/
 
   const size_t VBR_HEADER_MIN_SIZE = 8;     // "xing" + flags are fixed
-  const size_t VBR_HEADER_MAX_SIZE = 116;   // frames, bytes, toc and scale are optional
+  const size_t VBR_HEADER_MAX_SIZE = 120;   // frames, bytes, toc and scale are optional
 
   if (mp3size >= vbr_header_offest + VBR_HEADER_MIN_SIZE) 
   {


Index: id3lib.spec
===================================================================
RCS file: /cvs/extras/rpms/id3lib/devel/id3lib.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -p -r1.21 -r1.22
--- id3lib.spec	25 Jul 2009 03:08:50 -0000	1.21
+++ id3lib.spec	12 Nov 2009 14:35:14 -0000	1.22
@@ -1,7 +1,7 @@
 Summary:        Library for manipulating ID3v1 and ID3v2 tags
 Name:           id3lib
 Version:        3.8.3
-Release:        23%{?dist}
+Release:        24%{?dist}
 License:        LGPLv2+
 Group:          System Environment/Libraries
 URL:            http://id3lib.sourceforge.net/
@@ -12,6 +12,7 @@ Patch1:         id3lib-3.8.3-libtool-aut
 Patch2:         id3lib-3.8.3-io_helpers-163101.patch
 Patch3:         id3lib-3.8.3-mkstemp.patch
 Patch4:         id3lib-3.8.3-includes.patch
+Patch5:         http://launchpadlibrarian.net/33114077/id3lib-vbr_buffer_overflow.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:  zlib-devel doxygen
 
@@ -42,6 +43,7 @@ This package provides files needed to de
 %patch2 -p1 -b .io_helpers-163101
 %patch3 -p1 -b .mkstemp
 %patch4 -p1 -b .gcc43
+%patch5 -p1
 chmod -x src/*.h src/*.cpp include/id3/*.h
 sed -i -e 's/\r//' doc/id3v2.3.0.*
 sed -i -e 's|@DOX_DIR_HTML@|%{_docdir}/%{name}-devel-%{version}/api|' \
@@ -95,6 +97,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Nov 12 2009 Adrian Reber <adrian at lisas.de> - 3.8.3-24
+- Fix "Stack smashing with vbr mp3 files" (bz #533706)
+  also see https://bugs.launchpad.net/ubuntu/+source/id3lib3.8.3/+bug/444466
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.8.3-23
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 




More information about the fedora-extras-commits mailing list