[libmikmod/f14/master] update the CVE-2009-3995, 3996 patch and fix its naming

Jindrich Novy jnovy at fedoraproject.org
Fri Aug 20 14:38:32 UTC 2010 

commit 85b0485862b85a4896657d473b4fa8ca76157ede
Author: Jindrich Novy <jnovy at redhat.com>
Date:   Fri Aug 20 16:37:59 2010 +0200

    update the CVE-2009-3995,3996 patch and fix its naming

 libmikmod-CVE-2009-3995,3996.patch |   66 ++++++++++++++++++++++++++++++++++++
 libmikmod-CVE-2010-3995,3996.patch |   35 -------------------
 libmikmod.spec                     |   11 ++++--
 3 files changed, 73 insertions(+), 39 deletions(-)
---
diff --git a/libmikmod-CVE-2009-3995,3996.patch b/libmikmod-CVE-2009-3995,3996.patch
new file mode 100644
index 0000000..cbcf8de
--- /dev/null
+++ b/libmikmod-CVE-2009-3995,3996.patch
@@ -0,0 +1,66 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2009-3995f.dpatch by  <aw at linux.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch for CVE-2009-3995 and CVE-2009-3996
+
+ at DPATCH@
+
+diff -Ndurp libmikmod-3.1.11/loaders/load_it.c libmikmod-3.1.11-fixed/loaders/load_it.c
+--- libmikmod-3.1.11/loaders/load_it.c	2010-05-31 14:10:34.000000000 +0200
++++ libmikmod-3.1.11-fixed/loaders/load_it.c	2010-05-31 14:10:10.000000000 +0200
+@@ -862,6 +862,10 @@ BOOL IT_Load(BOOL curious)
+ #endif
+ 
+ 				IT_ProcessEnvelope(vol);
++				/* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */
++				if (ih.volpts>= ENVPOINTS)
++					ih.volpts = ENVPOINTS-1;
++
+ 				for(u=0;u<ih.volpts;u++)
+ 					d->volenv[u].val=(ih.volnode[u]<<2);
+ 
+diff -Ndurp libmikmod-3.1.11/loaders/load_ult.c libmikmod-3.1.11-fixed/loaders/load_ult.c
+--- libmikmod-3.1.11/loaders/load_ult.c	2010-05-31 14:10:34.000000000 +0200
++++ libmikmod-3.1.11-fixed/loaders/load_ult.c	2010-05-31 14:10:10.000000000 +0200
+@@ -224,6 +224,9 @@ BOOL ULT_Load(BOOL curious)
+ 	for(u=0;u<of.numchn;u++)
+ 		for(t=0;t<of.numpat;t++)
+ 			of.patterns[(t*of.numchn)+u]=tracks++;
++	/* fix for CVE-2009-3996 - snatched from SuSe's fix -- AW */
++    if (of.numchn>=UF_MAXCHAN)
++		of.numchn=UF_MAXCHAN - 1;
+ 
+ 	/* read pan position table for v1.5 and higher */
+ 	if(mh.id[14]>='3') {
+--- libmikmod-3.2.0-beta2/loaders/load_it.c.orig	2010-07-22 16:02:16.000000000 +0200
++++ libmikmod-3.2.0-beta2/loaders/load_it.c	2010-07-22 16:07:48.000000000 +0200
+@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) 										\
+ 				ih. name##flg   =_mm_read_UBYTE(modreader);				\
+ 				ih. name##pts   =_mm_read_UBYTE(modreader);				\
++				if (ih. name##pts > ITENVCNT)							\
++					ih. name##pts = ITENVCNT;							\
+ 				ih. name##beg   =_mm_read_UBYTE(modreader);				\
+ 				ih. name##end   =_mm_read_UBYTE(modreader);				\
+ 				ih. name##susbeg=_mm_read_UBYTE(modreader);				\
+@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) 										\
+ 				ih. name/**/flg   =_mm_read_UBYTE(modreader);			\
+ 				ih. name/**/pts   =_mm_read_UBYTE(modreader);			\
++				if (ih. name/**/pts > ITENVCNT)							\
++					ih. name/**/pts = ITENVCNT;							\
+ 				ih. name/**/beg   =_mm_read_UBYTE(modreader);			\
+ 				ih. name/**/end   =_mm_read_UBYTE(modreader);			\
+ 				ih. name/**/susbeg=_mm_read_UBYTE(modreader);			\
+@@ -862,10 +866,6 @@ BOOL IT_Load(BOOL curious)
+ #endif
+ 
+ 				IT_ProcessEnvelope(vol);
+-				/* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */
+-				if (ih.volpts>= ENVPOINTS)
+-					ih.volpts = ENVPOINTS-1;
+-
+ 				for(u=0;u<ih.volpts;u++)
+ 					d->volenv[u].val=(ih.volnode[u]<<2);
+ 
diff --git a/libmikmod.spec b/libmikmod.spec
index e72ccae..3907dce 100644
--- a/libmikmod.spec
+++ b/libmikmod.spec
@@ -1,7 +1,7 @@
 Summary: A MOD music file player library
 Name: libmikmod
 Version: 3.2.0
-Release: 10.beta2%{?dist}
+Release: 11.beta2%{?dist}
 License: GPLv2 and LGPLv2+
 Group: Applications/Multimedia
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -16,7 +16,7 @@ Patch4:  libmikmod-autoconf.patch
 Patch5:  libmikmod-info.patch
 Patch6:  libmikmod-CVE-2007-6720.patch
 Patch7:  libmikmod-CVE-2009-0179.patch
-Patch8:  libmikmod-CVE-2010-3995,3996.patch
+Patch8:  libmikmod-CVE-2009-3995,3996.patch
 
 %description
 libmikmod is a library used by the mikmod MOD music file player for
@@ -46,7 +46,7 @@ applications for mikmod.
 %patch5 -p1 -b .info
 %patch6 -p1 -b .CVE-2007-6720
 %patch7 -p1 -b .CVE-2009-0179
-%patch8 -p1 -b .CVE-2010-3995,3996
+%patch8 -p1 -b .CVE-2009-3995,3996
 
 %build
 %configure
@@ -88,8 +88,11 @@ fi
 %{_mandir}/man1/libmikmod-config*
 
 %changelog
+* Fri Aug 20 2010 Jindrich Novy <jnovy at redhat.com> 3.2.0-11.beta2
+- update the CVE-2009-3995,3996 patch and fix its naming
+
 * Thu Jul 15 2010 Jindrich Novy <jnovy at redhat.com> 3.2.0-10.beta2
-- fix CVE-2010-3995,3996 (#614643)
+- fix CVE-2009-3995,3996 (#614643)
 
 * Mon Nov 23 2009 Hans de Goede <hdegoede at redhat.com> 3.2.0-9.beta2
 - Fix CVE-2007-6720 fix, it causes mods to sound wrong, and even causes

More information about the scm-commits mailing list