Re: [mpg123-users] Do mpg123_distversion and mpg123_libversion really not exist?
Brought to you by:
sobukus
Menu
▾
▴
Re: [mpg123-users] Do mpg123_distversion and mpg123_libversion really not exist?
|
From: Thomas O. <tho...@or...> - 2024-11-01 08:03:25
|
Am Wed, 30 Oct 2024 05:13:55 +0100
schrieb Martin Guy <mar...@gm...>:
> Instead, both 1.32.7 and 1.32.8 have
>
>
> #define MPG123_API_VERSION 48
> /** library patch level at client build time */
> #define MPG123_PATCHLEVEL 2
Yes, you noticed correclty. I've also seen that just after doing the
release and am _really_ annoyed by this mistake. I'll have to push a
1.32.9, I guess. People then can check for API 48 patchlevel 3. But
this does not yet really matter for running more conservative Linux
distros, as those don't yet have picked up 1.32 at all and there is no
mpg123_libversion().
> so maybe the PATCHLEVEL could be bumped in the next micro release so
> that there will be something to check against to have everything smooth
> out at some point in the future.
Well, what you can do is check the distversion. If it is present and
indicates ≥ 1.32.8, you got the fix. The MPG123_PATCHLEVEL only helps
you at build-time, anyway.
#include <mpg123.h>
#include <stdio.h>
int main()
{
unsigned maj=0, min=0, patch=0;
mpg123_distversion(&maj, &min, &patch);
if((maj == 1 && min < 32) || (maj == 1 && min == 32 && patch < 8))
{
printf("vulnerable\n");
return 1;
}
return 0;
}
Once the new release is out, this simplifies to
int main()
{
unsigned api=0, patch=0;
api = mpg123_libversion(&patch);
if(api < 48 || (api == 48 && patch < 3))
{
printf("vulnerable\n");
return 1;
}
return 0;
}
Sorry for the messup.
Alrighty then,
Thomas
|
