Despite having BuildRequires: libmodplug-devel, audacious-plugins does not use the system modplug library, it uses a bundled copy. This is unfortunate, as this library can be affected by security issues, and we have issued security updates for it in the past (Bug 1150, Bug 5257). Fedora has issued an advisory on September 9: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065720.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html They patched it to remove the bundled copy and really use the system modplug. Only Mageia 1 is affected. Mageia 2's version is linked to the system library, and I think it was fixed upstream in 3.0.3. Here is the patch against 2.4.5 that Fedora used in Fedora 14 to fix this: http://pkgs.fedoraproject.org/cgit/audacious-plugins.git/plain/audacious-plugins-2.4.5-libmodplug-system.patch?h=f14&id=6b579b02ee1a97566cd5cdc4a20ebeef424e6489 They also added "autoreconf -I m4" to the SPEC after applying patches.
CC: (none) => jani.valimaa
Assignee: bugsquad => jani.valimaa
Updated audacious and audacious-plugins to version 2.4.5 which is a bugfix release for 2.4 branch. Added patches from Fedora to audacious-plugins to fix several issues and this modplug one (see the %changelog). Please test the new releases [1] [2] from core/updates_testing. Had to update audacious-plugins twice to make sure the modplug issue is fixed for sure, thus the %mkrel 1.1. [1] audacious-2.4.5-1.mga1 [2] audacious-plugins-2.4.5-1.1.mga1
Assignee: jani.valimaa => qa-bugs
Thanks Jani! Here's the salient entry from the audacious-plugins package changelog: - new bugfix release 2.4.5 - add patches from Fedora - fix missing newline NULL-ptr crash in m3u loader (rhbz#699107) - fix Ogg metadata save for i686 (rhbz#711796) - use system's libmodplug (mga#7181) Full package list: audacious-2.4.5-1.mga1 libaudacious1-2.4.5-1.mga1 libaudacious2-2.4.5-1.mga1 libaudacious-devel-2.4.5-1.mga1 audacious-plugins-2.4.5-1.1.mga1 audacious-wavpack-2.4.5-1.1.mga1 audacious-jack-2.4.5-1.1.mga1 audacious-pulse-2.4.5-1.1.mga1 audacious-adplug-2.4.5-1.1.mga1 audacious-fluidsynth-2.4.5-1.1.mga1 audacious-sid-2.4.5-1.1.mga1 audacious-projectm-2.4.5-1.1.mga1
Testing complete on Mageia 1 i586 for the srpms audacious-2.4.5-1.mga1.src.rpm audacious-plugins-2.4.5-1.1.mga1.src.rpm Just testing that it can play music and plugins like the status icon work.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA1-32-OK
Testing complete on Mageia 1 x86-64. Could someone from the sysadmin team push the srpms audacious-2.4.5-1.mga1.src.rpm audacious-plugins-2.4.5-1.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Bugfix update for audacious and audacious-plugins - new bugfix release 2.4.5 - add patches from Fedora - fix missing newline NULL-ptr crash in m3u loader (rhbz#699107) - fix Ogg metadata save for i686 (rhbz#711796) - use system's libmodplug (mga#7181) https://bugs.mageia.org/show_bug.cgi?id=7181
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1-32-OK => MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0175
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED