From patchwork Sun Aug 25 06:47:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Korsgaard X-Patchwork-Id: 1152744 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=korsgaard.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="nZw81ylm"; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46GQgc0Jpwz9sNC for ; Sun, 25 Aug 2019 16:47:55 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 6CE89204DB; Sun, 25 Aug 2019 06:47:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-GKB8e7mqQv; Sun, 25 Aug 2019 06:47:48 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 9AC4C20377; Sun, 25 Aug 2019 06:47:48 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 06A341BF5A3 for ; Sun, 25 Aug 2019 06:47:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id F3FFB20377 for ; Sun, 25 Aug 2019 06:47:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wzccbum6ujzH for ; Sun, 25 Aug 2019 06:47:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) by silver.osuosl.org (Postfix) with ESMTPS id D24D820370 for ; Sun, 25 Aug 2019 06:47:45 +0000 (UTC) Received: by mail-ed1-f66.google.com with SMTP id s49so21217958edb.1 for ; Sat, 24 Aug 2019 23:47:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id; bh=Pow13zNMEXoY90voTtQYPMTw3pK5b7DbF8eYy6POe0w=; b=nZw81ylm2kp1PQmL30UNMnY/olImAJtg2BjlqMFMjn+VTwHjrM1Jhlx0T2dtvGM1n4 FZEASW2Gt589X4jW3qY3iNlUX52Rq1q9dOuM8B3ZmYgpi+VJpDDfRG8UGUXg+nlTJVjJ 5osdhfe2sMPQACnhq2uCkLDGBOe2btQ//4GHUzY+9m3UhY1au7UQJHVsCGVDLGDxyvAl qNompIMI7jc71xBlywlndnqvH73I1grdMpndEdNTOSvo3lhwmrlPqEj7HL3iZGZrk9oV P2P72XFqc1yF0UyPuR3ZtO484pr250gg96PJbwCSN8EnNUScV6PijQYU/mufvSdfeDLU XK0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=Pow13zNMEXoY90voTtQYPMTw3pK5b7DbF8eYy6POe0w=; b=bvPLHDoxSfwT+C0YTGxKvlv1KlXZkTdSSej3ThCh8AN6WMhm/k0cuFfly2rCsOEtdb gu8FTKjRyG6ZaVhCSPMWJVXJNUwErTi0YQdB/dzad/9UrozvFKzuLNt5CcoM47dvKT/P 2OnXXAsiHpig0sesaWHc62WGd42D5IDDqv5AxTFZjxvzecgNpt3SRlO5x8Z806Eo9yBV c9KRSZl+rYHv+Y/oVjuyjtDkn2aFnbpZ1Kl9YPAfONZyIA58DRPtXM4HVYQ8Zi8aR5UG p7R3+oDNlVo0/Tzmh9IDu5xLe1fS672FuWHZ66+lxzm3g0iram4CLxAg6LXCmd4bQ7iR BOLg== X-Gm-Message-State: APjAAAUYSakztojMbS2/1vrvDCOmm46Qc6Nu4USljxzOSQG7wpQngiEq M7szoPiBqwf6CGPiJLkkpcXSJqx7 X-Google-Smtp-Source: APXvYqwFfJySxPgjlKU9LuNoIl7Nz1Pypwq48gLIuKbU7EfSlfHaiztF+uvjtZ/tgmIbmswN8IAaWg== X-Received: by 2002:a17:906:f289:: with SMTP id gu9mr11328256ejb.257.1566715663627; Sat, 24 Aug 2019 23:47:43 -0700 (PDT) Received: from dell.be.48ers.dk (d51a5bc31.access.telenet.be. [81.165.188.49]) by smtp.gmail.com with ESMTPSA id oq26sm1814951ejb.66.2019.08.24.23.47.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 24 Aug 2019 23:47:42 -0700 (PDT) Received: from peko by dell.be.48ers.dk with local (Exim 4.89) (envelope-from ) id 1i1mJR-00025A-LH; Sun, 25 Aug 2019 08:47:41 +0200 From: Peter Korsgaard To: buildroot@buildroot.org Date: Sun, 25 Aug 2019 08:47:37 +0200 Message-Id: <20190825064738.7957-1-peter@korsgaard.com> X-Mailer: git-send-email 2.11.0 Subject: [Buildroot] [PATCH] package/mpg123: security bump to version 1.25.12 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Korsgaard MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From the release notes: - Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames (oss-fuzz-bug 15975). The earlier fix around the same location needed one thought more. Actually, another though was needed, oss-fuzz-bug 16009 documents the incomplete fix. - Fix an invalid write of one zero byte for empty ID3v2 frames that demand de-unsyncing (oss-fuzz-bug 16050). - Fix dynamic build with gcc -fsanitize=address (check for all dl functions before deciding that separate -ldl is not needed). Signed-off-by: Peter Korsgaard --- package/mpg123/mpg123.hash | 8 ++++---- package/mpg123/mpg123.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/mpg123/mpg123.hash b/package/mpg123/mpg123.hash index edb916ee73..e5a549b577 100644 --- a/package/mpg123/mpg123.hash +++ b/package/mpg123/mpg123.hash @@ -1,7 +1,7 @@ -# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.11/ -sha1 25f3e8f8599d3ffc480858799ea6f8620f48543d mpg123-1.25.11.tar.bz2 -md5 64749512a6fdc117227abe13fee4cc36 mpg123-1.25.11.tar.bz2 +# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.12/ +sha1 4ece1ec124a6ca085e1d68f7ede6d5619fc587ff mpg123-1.25.12.tar.bz2 +md5 ddb38254966eb38c77f220d456a1839d mpg123-1.25.12.tar.bz2 # Locally calculated -sha256 df063307faa27c7d9efe63d2139b1564cfc7cdbb7c6f449c89ef8faabfa0eab2 mpg123-1.25.11.tar.bz2 +sha256 1ffec7c9683dfb86ea9040d6a53d6ea819ecdda215df347f79def08f1fe731d1 mpg123-1.25.12.tar.bz2 # License file sha256 f40e0dd86b27b52e429b693a87b3ca63ae0a98a4d142e77207aa6bdf1db7a295 COPYING diff --git a/package/mpg123/mpg123.mk b/package/mpg123/mpg123.mk index 9cac5fe722..6247e54a0a 100644 --- a/package/mpg123/mpg123.mk +++ b/package/mpg123/mpg123.mk @@ -4,7 +4,7 @@ # ################################################################################ -MPG123_VERSION = 1.25.11 +MPG123_VERSION = 1.25.12 MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2 MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION) MPG123_CONF_OPTS = --disable-lfs-alias