* Thu Apr 24 2008 Rex Dieter <rdieter@fedoraproject.org> - 1.1.12-2
- CVE-2008-1878 (#443056)
This commit is contained in:
parent
7374e73b47
commit
ff61002dd7
16
xine-lib-1.1.12-CVE-2008-1878.patch
Normal file
16
xine-lib-1.1.12-CVE-2008-1878.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up xine-lib-1.1.12/src/demuxers/demux_nsf.c.CVE-2008-1878 xine-lib-1.1.12/src/demuxers/demux_nsf.c
|
||||
--- xine-lib-1.1.12/src/demuxers/demux_nsf.c.CVE-2008-1878 2008-03-28 09:24:50.000000000 -0500
|
||||
+++ xine-lib-1.1.12/src/demuxers/demux_nsf.c 2008-04-24 06:52:45.000000000 -0500
|
||||
@@ -106,9 +106,9 @@ static int open_nsf_file(demux_nsf_t *th
|
||||
|
||||
this->total_songs = header[6];
|
||||
this->current_song = header[7];
|
||||
- this->title = strdup(&header[0x0E]);
|
||||
- this->artist = strdup(&header[0x2E]);
|
||||
- this->copyright = strdup(&header[0x4E]);
|
||||
+ this->title = strndup((char*)&header[0x0E], 0x20);
|
||||
+ this->artist = strndup((char*)&header[0x2E], 0x20);
|
||||
+ this->copyright = strndup((char*)&header[0x4E], 0x20);
|
||||
|
||||
this->filesize = this->input->get_length(this->input);
|
||||
|
@ -32,7 +32,7 @@
|
||||
Summary: Xine library
|
||||
Name: xine-lib
|
||||
Version: 1.1.12
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Libraries
|
||||
URL: http://xinehq.de/
|
||||
@ -46,6 +46,7 @@ Source2: %{name}-mk-autotools-patch.sh
|
||||
Patch0: %{name}-%{version}-autotools.patch.bz2
|
||||
Patch1: %{name}-1.1.4-optflags.patch
|
||||
Patch6: %{name}-1.1.1-deepbind-939.patch
|
||||
Patch7: %{name}-1.1.12-CVE-2008-1878.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
Provides: xine-lib(plugin-abi) = %{abiver}
|
||||
@ -176,6 +177,7 @@ touch -r m4/optimizations.m4 m4/optimizations.m4.stamp
|
||||
touch -r m4/optimizations.m4.stamp m4/optimizations.m4
|
||||
# Patch6 needed at least when compiling with external ffmpeg, #939.
|
||||
%patch6 -p1 -b .deepbind
|
||||
%patch7 -p1 -b .CVE-2008-1878
|
||||
|
||||
# Avoid standard rpaths on lib64 archs:
|
||||
sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure
|
||||
@ -400,6 +402,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 24 2008 Rex Dieter <rdieter@fedoraproject.org> - 1.1.12-2
|
||||
- CVE-2008-1878 (#443056)
|
||||
|
||||
* Wed Apr 16 2008 Ville Skyttä <ville.skytta at iki.fi> - 1.1.12-1
|
||||
- 1.1.12 (plugin ABI 1.21); qt, mkv, and pulseaudio patches applied upstream.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user