rpms/libmikmod/F-11 libmikmod-CVE-2007-6720.patch, 1.1, 1.2 libmikmod.spec, 1.9, 1.10

Hans de Goede jwrdegoede at fedoraproject.org
Mon Nov 23 11:09:44 UTC 2009 

Author: jwrdegoede

Update of /cvs/extras/rpms/libmikmod/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9637

Modified Files:
	libmikmod-CVE-2007-6720.patch libmikmod.spec 
Log Message:
* Mon Nov 23 2009 Hans de Goede <hdegoede at redhat.com> 3.2.0-9.beta2
- Fix CVE-2007-6720 fix, it causes mods to sound wrong, and even causes
  crashes under certain circumstances (#540234), see:
  http://bugzilla.libsdl.org/show_bug.cgi?id=506


libmikmod-CVE-2007-6720.patch:
 mplayer.c |   27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

Index: libmikmod-CVE-2007-6720.patch
===================================================================
RCS file: /cvs/extras/rpms/libmikmod/F-11/libmikmod-CVE-2007-6720.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libmikmod-CVE-2007-6720.patch	28 Aug 2009 06:30:56 -0000	1.1
+++ libmikmod-CVE-2007-6720.patch	23 Nov 2009 11:09:44 -0000	1.2
@@ -1,39 +1,112 @@
-diff -up libmikmod-3.2.0-beta2/playercode/mplayer.c.CVE-2007-6720 libmikmod-3.2.0-beta2/playercode/mplayer.c
---- libmikmod-3.2.0-beta2/playercode/mplayer.c.CVE-2007-6720	2004-01-31 23:40:22.000000000 +0100
-+++ libmikmod-3.2.0-beta2/playercode/mplayer.c	2009-08-28 05:06:07.000000000 +0200
-@@ -2318,7 +2318,7 @@ void pt_UpdateVoices(MODULE *mod, int ma
+This patch fixes "buffer overflow due to md_numchn - ID: 1630158"
+
+diff -ru libmikmod-3.1.12.orig/playercode/mplayer.c libmikmod-3.1.12/playercode/mplayer.c
+--- libmikmod-3.1.12.orig/playercode/mplayer.c	2007-12-15 01:26:28.000000000 -0800
++++ libmikmod-3.1.12/playercode/mplayer.c	2009-10-04 23:48:36.000000000 -0700
+@@ -52,6 +52,8 @@
+    will wait */
+ /*static*/ MODULE *pf = NULL;
+ 
++#define NUMVOICES(mod)	(md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices)
++
+ #define	HIGH_OCTAVE		2	/* number of above-range octaves */
+ 
+ static	UWORD oldperiods[OCTAVE*2]={
+@@ -248,14 +250,14 @@
+ 	MP_VOICE *a;
+ 	ULONG t,k,tvol,pp;
+ 
+-	for (t=0;t<md_sngchn;t++)
++	for (t=0;t<NUMVOICES(mod);t++)
+ 		if (((mod->voice[t].main.kick==KICK_ABSENT)||
+ 			 (mod->voice[t].main.kick==KICK_ENV))&&
+ 		   Voice_Stopped_internal(t))
+ 			return t;
+ 
+ 	tvol=0xffffffUL;t=-1;a=mod->voice;
+-	for (k=0;k<md_sngchn;k++,a++) {
++	for (k=0;k<NUMVOICES(mod);k++,a++) {
+ 		/* allow us to take over a nonexisting sample */
+ 		if (!a->main.s)
+ 			return k;
+@@ -2249,12 +2251,12 @@
+ 
+ 	switch (dat) {
+ 	case 0x0: /* past note cut */
+-		for (t=0;t<md_sngchn;t++)
++		for (t=0;t<NUMVOICES(mod);t++)
+ 			if (mod->voice[t].master==a)
+ 				mod->voice[t].main.fadevol=0;
+ 		break;
+ 	case 0x1: /* past note off */
+-		for (t=0;t<md_sngchn;t++)
++		for (t=0;t<NUMVOICES(mod);t++)
+ 			if (mod->voice[t].master==a) {
+ 				mod->voice[t].main.keyoff|=KEY_OFF;
+ 				if ((!(mod->voice[t].venv.flg & EF_ON))||
+@@ -2263,7 +2265,7 @@
+ 			}
+ 		break;
+ 	case 0x2: /* past note fade */
+-		for (t=0;t<md_sngchn;t++)
++		for (t=0;t<NUMVOICES(mod);t++)
+ 			if (mod->voice[t].master==a)
+ 				mod->voice[t].main.keyoff|=KEY_FADE;
+ 		break;
+@@ -2318,7 +2320,7 @@
  	SAMPLE *s;
  
  	mod->totalchn=mod->realchn=0;
 -	for (channel=0;channel<md_sngchn;channel++) {
-+	for (channel=0;channel<pf->numchn;channel++) {
++	for (channel=0;channel<NUMVOICES(mod);channel++) {
  		aout=&mod->voice[channel];
  		i=aout->main.i;
  		s=aout->main.s;
-@@ -3089,7 +3089,7 @@ MIKMODAPI void Player_NextPosition(void)
+@@ -2736,7 +2738,7 @@
+ 			if (a->dct!=DCT_OFF) {
+ 				int t;
+ 
+-				for (t=0;t<md_sngchn;t++)
++				for (t=0;t<NUMVOICES(mod);t++)
+ 					if ((!Voice_Stopped_internal(t))&&
+ 					   (mod->voice[t].masterchn==channel)&&
+ 					   (a->main.sample==mod->voice[t].main.sample)) {
+@@ -2978,6 +2980,11 @@
+ 	if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE))))
+ 		return 1;
+ 
++	/* mod->numvoices was used during loading to clamp md_sngchn.
++	   After loading it's used to remember how big mod->voice is.
++	*/
++	mod->numvoices = md_sngchn;
++
+ 	Player_Init_internal(mod);
+ 	return 0;
+ }
+@@ -3086,7 +3093,7 @@
  		pf->patbrk=0;
  		pf->vbtick=pf->sngspd;
  
 -		for (t=0;t<md_sngchn;t++) {
-+		for (t=0;t<pf->numchn;t++) {
++		for (t=0;t<NUMVOICES(pf);t++) {
  			Voice_Stop_internal(t);
  			pf->voice[t].main.i=NULL;
  			pf->voice[t].main.s=NULL;
-@@ -3114,7 +3114,7 @@ MIKMODAPI void Player_PrevPosition(void)
+@@ -3111,7 +3118,7 @@
  		pf->patbrk=0;
  		pf->vbtick=pf->sngspd;
  
 -		for (t=0;t<md_sngchn;t++) {
-+		for (t=0;t<pf->numchn;t++) {
++		for (t=0;t<NUMVOICES(pf);t++) {
  			Voice_Stop_internal(t);
  			pf->voice[t].main.i=NULL;
  			pf->voice[t].main.s=NULL;
-@@ -3141,7 +3141,7 @@ MIKMODAPI void Player_SetPosition(UWORD 
+@@ -3138,7 +3145,7 @@
  		pf->sngpos=pos;
  		pf->vbtick=pf->sngspd;
  
 -		for (t=0;t<md_sngchn;t++) {
-+		for (t=0;t<pf->numchn;t++) {
++		for (t=0;t<NUMVOICES(pf);t++) {
  			Voice_Stop_internal(t);
  			pf->voice[t].main.i=NULL;
  			pf->voice[t].main.s=NULL;


Index: libmikmod.spec
===================================================================
RCS file: /cvs/extras/rpms/libmikmod/F-11/libmikmod.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- libmikmod.spec	28 Aug 2009 06:30:56 -0000	1.9
+++ libmikmod.spec	23 Nov 2009 11:09:44 -0000	1.10
@@ -1,7 +1,7 @@
 Summary: A MOD music file player library
 Name: libmikmod
 Version: 3.2.0
-Release: 5.beta2%{?dist}
+Release: 9.beta2%{?dist}
 License: GPLv2 and LGPLv2+
 Group: Applications/Multimedia
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -26,6 +26,8 @@ XM, ULT and IT.
 Group: Development/Libraries
 Summary: Header files and documentation for compiling mikmod applications
 Requires: %{name} = %{version}-%{release}
+Requires(post): /sbin/install-info
+Requires(postun): /sbin/install-info
 Provides: mikmod-devel = 3.2.2-4
 Obsoletes: mikmod-devel < 3.2.2-4
 
@@ -60,13 +62,13 @@ rm -rf $RPM_BUILD_ROOT
 %post -p /sbin/ldconfig
 
 %post devel
-[ -x /sbin/install-info ] && /sbin/install-info %{_infodir}/mikmod.info %{_infodir}/dir || :
+[ -x /sbin/install-info ] && /sbin/install-info %{_infodir}/mikmod.info %{_infodir}/dir > /dev/null 2>&1 || :
 
 %postun -p /sbin/ldconfig
 
 %postun devel
 if [ $1 = 0 ] ; then
-	[ -x /sbin/install-info ] && /sbin/install-info  --delete %{_infodir}/mikmod.info %{_infodir}/dir || :
+	[ -x /sbin/install-info ] && /sbin/install-info  --delete %{_infodir}/mikmod.info %{_infodir}/dir > /dev/null 2>&1 || :
 fi
 
 %files
@@ -84,9 +86,23 @@ fi
 %{_mandir}/man1/libmikmod-config*
 
 %changelog
-* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-5.beta2
-- fix CVE-2007-6720 (#479829)
-- fix CVE-2009-0179 (#479833)
+* Mon Nov 23 2009 Hans de Goede <hdegoede at redhat.com> 3.2.0-9.beta2
+- Fix CVE-2007-6720 fix, it causes mods to sound wrong, and even causes
+  crashes under certain circumstances (#540234), see:
+  http://bugzilla.libsdl.org/show_bug.cgi?id=506
+
+* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-8.beta2
+- fix CVE-2009-0179 (#519992)
+
+* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-7.beta2
+- fix CVE-2007-6720 (#519990)
+
+* Tue Aug 11 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-6.beta2
+- don't complain if installing with --excludedocs (#515953)
+- add missing requires
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.0-5.beta2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.0-4.beta2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

More information about the scm-commits mailing list