r4765 - in trunk: BOOK/introduction/welcome BOOK/multimedia/audioutils patches

djensen at linuxfromscratch.org djensen at linuxfromscratch.org
Sat Jul 23 15:58:08 PDT 2005


Author: djensen
Date: 2005-07-23 16:58:07 -0600 (Sat, 23 Jul 2005)
New Revision: 4765

Added:
   trunk/patches/mpg123-0.59r-security-1.patch
Modified:
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/multimedia/audioutils/mpg123.xml
Log:
Added security patch to Mpg123

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-07-23 16:39:43 UTC (rev 4764)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-07-23 22:58:07 UTC (rev 4765)
@@ -25,6 +25,10 @@
   <itemizedlist>
     
     <listitem>
+      <para>July 23rd 2005 [djensen]: Added security patch to Mpg123.</para>
+    </listitem>
+
+    <listitem>
       <para>July 23rd 2005 [randy]: Updated to Shadow-4.0.9 via a patch from
       DJ Lucas.</para>
     </listitem>

Modified: trunk/BOOK/multimedia/audioutils/mpg123.xml
===================================================================
--- trunk/BOOK/multimedia/audioutils/mpg123.xml	2005-07-23 16:39:43 UTC (rev 4764)
+++ trunk/BOOK/multimedia/audioutils/mpg123.xml	2005-07-23 22:58:07 UTC (rev 4765)
@@ -54,6 +54,14 @@
       </listitem>
     </itemizedlist>
 
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing='compact'>
+      <listitem>
+        <para>Required patch: <ulink
+        url="&patch-root;/mpg123-&mpg123-version;-security-1.patch"/></para>
+      </listitem>
+    </itemizedlist>
+
     <bridgehead renderas="sect3">Mpg123 Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Required</bridgehead>
@@ -67,7 +75,8 @@
     <para>Install <application>mpg123</application> by running the following
     commands:</para>
 
-<screen><userinput>make PREFIX=/usr linux</userinput></screen>
+<screen><userinput>patch -Np1 -i ../mpg123-&mpg123-version;-security-1.patch &&
+make PREFIX=/usr linux</userinput></screen>
 
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 

Added: trunk/patches/mpg123-0.59r-security-1.patch
===================================================================
--- trunk/patches/mpg123-0.59r-security-1.patch	2005-07-23 16:39:43 UTC (rev 4764)
+++ trunk/patches/mpg123-0.59r-security-1.patch	2005-07-23 22:58:07 UTC (rev 4765)
@@ -0,0 +1,25 @@
+Submitted By: David Jensen (djensen at linuxfromscratch dot org)
+Date: 2005-07-23
+Initial Package Version: 0.59r
+Origin: Debian
+Upstream Status: not maintained
+Description: Fixes buffer overflow vulnerablity (CAN-2004-0805)
+ 
+$LastChangedBy$
+$Date$
+
+diff -Naur mpg123-0.59r.orig/layer2.c mpg123-0.59r/layer2.c
+--- mpg123-0.59r.orig/layer2.c	1999-02-10 06:13:06.000000000 -0600
++++ mpg123-0.59r/layer2.c	2005-07-23 16:44:07.000000000 -0500
+@@ -265,6 +265,11 @@
+   fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
+      (fr->mode_ext<<2)+4 : fr->II_sblimit;
+ 
++  if (fr->jsbound > fr->II_sblimit) {
++	  fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
++	  fr->jsbound=fr->II_sblimit;
++  }
++  
+   if(stereo == 1 || single == 3)
+     single = 0;
+ 


Property changes on: trunk/patches/mpg123-0.59r-security-1.patch
___________________________________________________________________
Name: svn:keywords
   + LastChangedBy Date




More information about the blfs-book mailing list