rpms/xmms/devel xmms-1.2.10-ubuntu-CVE-2007-0653.patch, NONE, 1.1 xmms.spec, 1.30, 1.31

Paul F. Johnson (pfj) fedora-extras-commits at redhat.com
Sun Apr 1 11:17:03 UTC 2007 

Author: pfj

Update of /cvs/extras/rpms/xmms/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2927/devel

Modified Files:
	xmms.spec 
Added Files:
	xmms-1.2.10-ubuntu-CVE-2007-0653.patch 
Log Message:
auto-import xmms-1.2.10-35 on branch devel from xmms-1.2.10-35.src.rpm

xmms-1.2.10-ubuntu-CVE-2007-0653.patch:

--- NEW FILE xmms-1.2.10-ubuntu-CVE-2007-0653.patch ---
--- xmms-1.2.10+cvs20060429.orig/xmms/bmp.c
+++ xmms-1.2.10+cvs20060429/xmms/bmp.c
@@ -19,6 +19,12 @@
  */
 #include "xmms.h"
 
+#if HAVE_STDINT_H
+#include <stdint.h>
+#elif !defined(UINT32_MAX)
+#define UINT32_MAX 0xffffffffU
+#endif
+
 typedef struct tagRGBQUAD
 {
 	guchar rgbBlue;
@@ -184,7 +190,7 @@
 	}
 	else if (bitcount != 24 && bitcount != 16 && bitcount != 32)
 	{
-		gint ncols, i;
+		guint32 ncols, i;
 
 		ncols = offset - headSize - 14;
 		if (headSize == 12)
@@ -200,10 +206,18 @@
 		}
 	}
 	fseek(file, offset, SEEK_SET);
+	/* verify buffer size */
+	if (!h || !w ||
+	    w > (((UINT32_MAX - 3) / 3) / h) ||
+	    h > (((UINT32_MAX - 3) / 3) / w)) {
+		g_warning("read_bmp(): width(%u)*height(%u) too large", w, h);
+		fclose(file);
+		return NULL;
+	}
+	data = g_malloc0((w * 3 * h) + 3);	/* +3 is just for safety */
 	buffer = g_malloc(imgsize);
 	fread(buffer, imgsize, 1, file);
 	fclose(file);
-	data = g_malloc0((w * 3 * h) + 3);	/* +3 is just for safety */
 
 	if (bitcount == 1)
 		read_1b_rgb(buffer, imgsize, data, w, h, rgb_quads);


Index: xmms.spec
===================================================================
RCS file: /cvs/extras/rpms/xmms/devel/xmms.spec,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- xmms.spec	19 Jan 2007 18:50:45 -0000	1.30
+++ xmms.spec	1 Apr 2007 11:16:30 -0000	1.31
@@ -1,6 +1,6 @@
 Name:           xmms
 Version:        1.2.10
-Release:        32%{?dist}
+Release:        35%{?dist}
 Epoch:          1
 Summary:        The X MultiMedia System, a media player
 
@@ -33,6 +33,7 @@
 Patch13:        %{name}-1.2.10-pls-188603.patch
 Patch14:	%{name}-1.2.10-configfile-safe-write.patch
 Patch15:	%{name}-1.2.10-reposition.patch
+Patch16:	%{name}-1.2.10-ubuntu-CVE-2007-0653.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  gtk+-devel
@@ -86,7 +87,7 @@
 
 
 %prep
-%setup -q
+%setup -q 
 # Fix joystick plugin crashes
 %patch0 -p1 -b .joycrash
 # Set default output plugin to ALSA
@@ -117,6 +118,7 @@
 %patch13 -p1 -b .pls
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
 # Avoid standard rpaths on lib64 archs, --disable-rpath doesn't do it
 sed -i -e 's|"/lib /usr/lib"|"/%{_lib} %{_libdir}"|' configure
 
@@ -133,45 +135,46 @@
     --with-pic \
     --disable-static
 find . -name Makefile | xargs sed -i -e s/-lpthread//g # old libtool, x86_64
-make %{?_smp_mflags}
+make
+# smp_flags removed due to build issues
 
 %{__cc} $RPM_OPT_FLAGS -fPIC -shared -Wl,-soname -Wl,librh_mp3.so \
     -o librh_mp3.so -I. $(gtk-config --cflags gtk) %{SOURCE3}
 
 
 %install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-install -pm 755 librh_mp3.so $RPM_BUILD_ROOT%{_libdir}/xmms/Input
-install -dm 755 $RPM_BUILD_ROOT%{_datadir}/xmms/Skins
-find $RPM_BUILD_ROOT -name "*.la" | xargs rm -f
+rm -rf %{buildroot}
+make install DESTDIR=%{buildroot}
+install -pm 755 librh_mp3.so %{buildroot}%{_libdir}/xmms/Input
+install -dm 755 %{buildroot}%{_datadir}/xmms/Skins
+find %{buildroot} -name "*.la" | xargs rm -f
 
 # On FC5 x86_64, some get created even though we pass --disable-static
-rm -f $RPM_BUILD_ROOT%{_libdir}/xmms/*/*.a
+rm -f %{buildroot}%{_libdir}/xmms/*/*.a
 
 # https://bugzilla.redhat.com/213172
 for bin in xmms wmxmms ; do
-    install -Dpm 755 $RPM_BUILD_ROOT%{_bindir}/$bin \
-        $RPM_BUILD_ROOT%{_libexecdir}/$bin
+    install -Dpm 755 %{buildroot}%{_bindir}/$bin \
+        %{buildroot}%{_libexecdir}/$bin
     sed -e "s|/usr/libexec/xmms|%{_libexecdir}/$bin|" %{SOURCE1} > \
-        $RPM_BUILD_ROOT%{_bindir}/$bin
-    chmod 755 $RPM_BUILD_ROOT%{_bindir}/$bin
+        %{buildroot}%{_bindir}/$bin
+    chmod 755 %{buildroot}%{_bindir}/$bin
 done
 
 # Link to the desktop menu entry included in redhat-menus
-install -dm 755 $RPM_BUILD_ROOT%{_datadir}/applications
+install -dm 755 %{buildroot}%{_datadir}/applications
 ln -s ../desktop-menu-patches/redhat-audio-player.desktop \
-    $RPM_BUILD_ROOT%{_datadir}/applications
+    %{buildroot}%{_datadir}/applications
 install -Dpm 644 %{SOURCE2} \
-    $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/48x48/apps/xmms.xpm
+    %{buildroot}%{_datadir}/icons/hicolor/48x48/apps/xmms.xpm
 
-install -Dpm 644 xmms.pc $RPM_BUILD_ROOT%{_libdir}/pkgconfig/xmms.pc
+#install -Dpm 644 xmms.pc %{buildroot}%{_libdir}/pkgconfig/xmms.pc
 
 %find_lang %{name}
 
 
 %clean
-rm -rf $RPM_BUILD_ROOT
+rm -rf %{buildroot}
 
 
 %post
@@ -222,11 +225,16 @@
 %{_bindir}/xmms-config
 %{_includedir}/xmms/
 %{_libdir}/libxmms.so
-%{_libdir}/pkgconfig/xmms.pc
 %{_datadir}/aclocal/xmms.m4
 
 
 %changelog
+* Sun Apr 01 2007 Paul F. Johnson <paul at all-the-johnsons.co.uk> 1:1.2.10-35
+- added CVE fix for buffer problem
+
+* Sat Mar 10 2007 Paul F. Johnson <paul at all-the-johnsons.co.uk> 1:1.2.10-34
+- built from cvs tarball (amended to remove mp3)
+
 * Fri Jan 19 2007 Paul F. Johnson <paul at all-the-johnsons.co.uk> 1:1.2.10-32
 - removed R xmms in libs

More information about the scm-commits mailing list