diff options
| author | Jakub Bogusz | 2003-02-03 21:01:23 (GMT) |
|---|---|---|
| committer | cvs2git | 2012-06-24 12:13:13 (GMT) |
| commit | 63c68106b811795a1f02cd8b095334f81d9b4f38 (patch) | |
| tree | cd27541fb07c32642460d0842016bb23fcabddcd | |
| parent | 19968813cedff542533f36c38db0fe6cf029a146 (diff) | |
| download | bladeenc-63c68106b811795a1f02cd8b095334f81d9b4f38.zip bladeenc-63c68106b811795a1f02cd8b095334f81d9b4f38.tar.gz | |
- added fseek-sec patch (arbitrary code execution through wave file)bladeenc-0_94_2-4STABLE
- release 4, STBR to ra/updates/security
Changed files:
bladeenc-fseek-sec.patch -> 1.1
bladeenc.spec -> 1.37
| -rw-r--r-- | bladeenc-fseek-sec.patch | 29 | ||||
| -rw-r--r-- | bladeenc.spec | 6 |
2 files changed, 33 insertions, 2 deletions
diff --git a/bladeenc-fseek-sec.patch b/bladeenc-fseek-sec.patch new file mode 100644 index 0000000..e04e4c2 --- /dev/null +++ b/bladeenc-fseek-sec.patch @@ -0,0 +1,29 @@ +--- bladeenc-0.94.2/bladeenc/samplein.c.orig Tue May 8 14:11:53 2001 ++++ bladeenc-0.94.2/bladeenc/samplein.c Mon Feb 3 20:47:55 2003 +@@ -75,7 +75,7 @@ + static int initAIFF (SI_Stream *psInfo); + static uint readAIFFSamples (SI_Stream *psInfo, int nSamples, short *wpSamples); + +-static int myFseek (FILE *fp, int offset); ++static int myFseek (FILE *fp, unsigned int offset); + + + +@@ -332,6 +332,8 @@ + { + if (fread (aTemp, sizeof(sFmtChunk), 1, psInfo->fp) != 1) + goto unexpEndOfFile; ++ if (intlLong(&header[4]) < sizeof(sFmtChunk)) ++ goto unexpEndOfFile; /* I can't find "corrupted file" error code */ + myFseek (psInfo->fp, intlLong(&header[4]) - sizeof(sFmtChunk)); + fFmtChunkFound = TRUE; + } +@@ -613,7 +615,7 @@ + + /* We can't use the real fseek() since you can't seek in a stream (stdin) */ + +-static int myFseek (FILE *fp, int offset) ++static int myFseek (FILE *fp, unsigned int offset) + { + char dummy[256]; + diff --git a/bladeenc.spec b/bladeenc.spec index 14d7aef..e5bb537 100644 --- a/bladeenc.spec +++ b/bladeenc.spec @@ -1,13 +1,14 @@ Summary: Blade's MP3 Encoder -Summary(pl): Encoder MP3 Blade'a +Summary(pl): Koder MP3 Blade'a Name: bladeenc Version: 0.94.2 -Release: 3 +Release: 4 Epoch: 1 License: GPL Vendor: Tord Jansson <tord.jansson@swipnet.se> Group: Applications/Sound Source0: http://bladeenc.mp3.no/source/%{name}-%{version}-src-stable.tar.gz +Patch0: %{name}-fseek-sec.patch URL: http://bladeenc.mp3.no/ BuildRequires: autoconf BuildRequires: automake @@ -24,6 +25,7 @@ dĽwiękowych w formacie WAV lub AIFF. %prep %setup -q +%patch -p1 %build %{__aclocal} |