NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mpg123: security bump to version 1.25.1

Browse Source 
>From the release notes:

- Avoid memset(NULL, 0, 0) to calm down the paranoid.

- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
  offset from the frame flag bytes (unnoticed in practice for a long time).
  Fuzzers are in the house again.  This one got CVE-2017-10683.

  https://sourceforge.net/p/mpg123/bugs/252/

- Avoid a mostly harmless conditional jump depending on uninitialised
  fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.

- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
  never right in theory).  Code might be a bit faster now, even.  Thanks to
  Agostino Sarubbo for reporting.

dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3a0afd47f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2017-07-03 14:43:37 +02:00
parent 22fbee2912
commit 71f4f03536
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/mpg123/mpg123.hash
View File

@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 de2303c8ecb65593e39815c0a2f2f2d91f708c43b85a55fdd1934c82e677cf8e mpg123-1.23.8.tar.bz2
sha256 0fe7270a4071367f97a7c1fb45fb2ef3cfef73509c205124e080ea569217b05f mpg123-1.25.1.tar.bz2

11
package/mpg123/mpg123.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
MPG123_VERSION = 1.23.8
MPG123_VERSION = 1.25.1
MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2
MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION)
MPG123_CONF_OPTS = --disable-lfs-alias
@ -74,10 +74,11 @@ endif
MPG123_CONF_OPTS += --with-audio=$(subst $(space),$(comma),$(MPG123_AUDIO))
ifeq ($(BR2_PACKAGE_LIBTOOL),y)
MPG123_DEPENDENCIES += libtool
# .la files gets stripped , so directly load .so files rather than .la
MPG123_CONF_OPTS += --with-modules --with-module-suffix=.so
# output modules are loaded with dlopen()
ifeq ($(BR2_STATIC_LIBS),y)
MPG123_CONF_OPTS += --disable-modules
else
MPG123_CONF_OPTS += --enable-modules
endif
$(eval $(autotools-package))