[libmikmod/f14/master] update the CVE-2009-3995, 3996 patch and fix its naming
Jindrich Novy
jnovy at fedoraproject.org
Fri Aug 20 14:38:32 UTC 2010
commit 85b0485862b85a4896657d473b4fa8ca76157ede
Author: Jindrich Novy <jnovy at redhat.com>
Date: Fri Aug 20 16:37:59 2010 +0200
update the CVE-2009-3995,3996 patch and fix its naming
libmikmod-CVE-2009-3995,3996.patch | 66 ++++++++++++++++++++++++++++++++++++
libmikmod-CVE-2010-3995,3996.patch | 35 -------------------
libmikmod.spec | 11 ++++--
3 files changed, 73 insertions(+), 39 deletions(-)
---
diff --git a/libmikmod-CVE-2009-3995,3996.patch b/libmikmod-CVE-2009-3995,3996.patch
new file mode 100644
index 0000000..cbcf8de
--- /dev/null
+++ b/libmikmod-CVE-2009-3995,3996.patch
@@ -0,0 +1,66 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2009-3995f.dpatch by <aw at linux.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch for CVE-2009-3995 and CVE-2009-3996
+
+ at DPATCH@
+
+diff -Ndurp libmikmod-3.1.11/loaders/load_it.c libmikmod-3.1.11-fixed/loaders/load_it.c
+--- libmikmod-3.1.11/loaders/load_it.c 2010-05-31 14:10:34.000000000 +0200
++++ libmikmod-3.1.11-fixed/loaders/load_it.c 2010-05-31 14:10:10.000000000 +0200
+@@ -862,6 +862,10 @@ BOOL IT_Load(BOOL curious)
+ #endif
+
+ IT_ProcessEnvelope(vol);
++ /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */
++ if (ih.volpts>= ENVPOINTS)
++ ih.volpts = ENVPOINTS-1;
++
+ for(u=0;u<ih.volpts;u++)
+ d->volenv[u].val=(ih.volnode[u]<<2);
+
+diff -Ndurp libmikmod-3.1.11/loaders/load_ult.c libmikmod-3.1.11-fixed/loaders/load_ult.c
+--- libmikmod-3.1.11/loaders/load_ult.c 2010-05-31 14:10:34.000000000 +0200
++++ libmikmod-3.1.11-fixed/loaders/load_ult.c 2010-05-31 14:10:10.000000000 +0200
+@@ -224,6 +224,9 @@ BOOL ULT_Load(BOOL curious)
+ for(u=0;u<of.numchn;u++)
+ for(t=0;t<of.numpat;t++)
+ of.patterns[(t*of.numchn)+u]=tracks++;
++ /* fix for CVE-2009-3996 - snatched from SuSe's fix -- AW */
++ if (of.numchn>=UF_MAXCHAN)
++ of.numchn=UF_MAXCHAN - 1;
+
+ /* read pan position table for v1.5 and higher */
+ if(mh.id[14]>='3') {
+--- libmikmod-3.2.0-beta2/loaders/load_it.c.orig 2010-07-22 16:02:16.000000000 +0200
++++ libmikmod-3.2.0-beta2/loaders/load_it.c 2010-07-22 16:07:48.000000000 +0200
+@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) \
+ ih. name##flg =_mm_read_UBYTE(modreader); \
+ ih. name##pts =_mm_read_UBYTE(modreader); \
++ if (ih. name##pts > ITENVCNT) \
++ ih. name##pts = ITENVCNT; \
+ ih. name##beg =_mm_read_UBYTE(modreader); \
+ ih. name##end =_mm_read_UBYTE(modreader); \
+ ih. name##susbeg=_mm_read_UBYTE(modreader); \
+@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) \
+ ih. name/**/flg =_mm_read_UBYTE(modreader); \
+ ih. name/**/pts =_mm_read_UBYTE(modreader); \
++ if (ih. name/**/pts > ITENVCNT) \
++ ih. name/**/pts = ITENVCNT; \
+ ih. name/**/beg =_mm_read_UBYTE(modreader); \
+ ih. name/**/end =_mm_read_UBYTE(modreader); \
+ ih. name/**/susbeg=_mm_read_UBYTE(modreader); \
+@@ -862,10 +866,6 @@ BOOL IT_Load(BOOL curious)
+ #endif
+
+ IT_ProcessEnvelope(vol);
+- /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */
+- if (ih.volpts>= ENVPOINTS)
+- ih.volpts = ENVPOINTS-1;
+-
+ for(u=0;u<ih.volpts;u++)
+ d->volenv[u].val=(ih.volnode[u]<<2);
+
diff --git a/libmikmod.spec b/libmikmod.spec
index e72ccae..3907dce 100644
--- a/libmikmod.spec
+++ b/libmikmod.spec
@@ -1,7 +1,7 @@
Summary: A MOD music file player library
Name: libmikmod
Version: 3.2.0
-Release: 10.beta2%{?dist}
+Release: 11.beta2%{?dist}
License: GPLv2 and LGPLv2+
Group: Applications/Multimedia
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -16,7 +16,7 @@ Patch4: libmikmod-autoconf.patch
Patch5: libmikmod-info.patch
Patch6: libmikmod-CVE-2007-6720.patch
Patch7: libmikmod-CVE-2009-0179.patch
-Patch8: libmikmod-CVE-2010-3995,3996.patch
+Patch8: libmikmod-CVE-2009-3995,3996.patch
%description
libmikmod is a library used by the mikmod MOD music file player for
@@ -46,7 +46,7 @@ applications for mikmod.
%patch5 -p1 -b .info
%patch6 -p1 -b .CVE-2007-6720
%patch7 -p1 -b .CVE-2009-0179
-%patch8 -p1 -b .CVE-2010-3995,3996
+%patch8 -p1 -b .CVE-2009-3995,3996
%build
%configure
@@ -88,8 +88,11 @@ fi
%{_mandir}/man1/libmikmod-config*
%changelog
+* Fri Aug 20 2010 Jindrich Novy <jnovy at redhat.com> 3.2.0-11.beta2
+- update the CVE-2009-3995,3996 patch and fix its naming
+
* Thu Jul 15 2010 Jindrich Novy <jnovy at redhat.com> 3.2.0-10.beta2
-- fix CVE-2010-3995,3996 (#614643)
+- fix CVE-2009-3995,3996 (#614643)
* Mon Nov 23 2009 Hans de Goede <hdegoede at redhat.com> 3.2.0-9.beta2
- Fix CVE-2007-6720 fix, it causes mods to sound wrong, and even causes
More information about the scm-commits
mailing list