[xmp] fix CVE-2013-1890

Dominik Mierzejewski rathann at fedoraproject.org
Sun Apr 28 13:36:31 UTC 2013 

commit a253019009771803b002f1822f216847fefddb81
Author: Dominik Mierzejewski <rpm at greysector.net>
Date:   Sun Apr 28 15:35:46 2013 +0200

    fix CVE-2013-1890
    
    - fix build against audacious 3.4 (empty pkg-config --cflags is not an error)
    - backport fix for CVE-2013-1890 (rhbz #954658)

 xmp-3.5.0-audacious-3.4.patch |   16 ++++++++++++++++
 xmp-3.5.0-cve-2013-1980.patch |   20 ++++++++++++++++++++
 xmp.spec                      |   12 +++++++++++-
 3 files changed, 47 insertions(+), 1 deletions(-)
---
diff --git a/xmp-3.5.0-audacious-3.4.patch b/xmp-3.5.0-audacious-3.4.patch
new file mode 100644
index 0000000..7e79739
--- /dev/null
+++ b/xmp-3.5.0-audacious-3.4.patch
@@ -0,0 +1,16 @@
+diff -up xmp-3.5.0/configure.aud-3.4 xmp-3.5.0/configure
+--- xmp-3.5.0/configure.aud-3.4	2012-01-27 18:05:33.000000000 +0100
++++ xmp-3.5.0/configure	2013-04-28 15:09:51.840868312 +0200
+@@ -3847,10 +3847,9 @@ fi
+ 
+ if test "${enable_audacious_plugin}" = "yes"; then
+     $as_echo_n "checking for Audacious flags... "
+-    audacious_cflags="`pkg-config --cflags audacious 2>/dev/null`"
+-    if test ! -z "${audacious_cflags}"; then
++    audacious_version="`pkg-config --modversion audacious 2>/dev/null`"
++    if test ! -z "${audacious_version}"; then
+         $as_echo "found"
+-        audacious_version="`pkg-config --modversion audacious 2>/dev/null`"
+         audacious_version_maj="`echo ${audacious_version}|cut -f1 -d.`"
+         audacious_version_min="`echo ${audacious_version}|cut -f2 -d.`"
+         $as_echo "checking for Audacious version... ${audacious_version_maj}.${audacious_version_min}"
diff --git a/xmp-3.5.0-cve-2013-1980.patch b/xmp-3.5.0-cve-2013-1980.patch
new file mode 100644
index 0000000..3a98c22
--- /dev/null
+++ b/xmp-3.5.0-cve-2013-1980.patch
@@ -0,0 +1,20 @@
+diff -U0 xmp-3.5.0/docs/ChangeLog.cve-2013-1980 xmp-3.5.0/docs/ChangeLog
+--- xmp-3.5.0/docs/ChangeLog.cve-2013-1980	2012-01-27 17:40:58.000000000 +0100
++++ xmp-3.5.0/docs/ChangeLog	2013-04-28 13:05:05.559593911 +0200
+@@ -26,0 +27 @@
++	- fix buffer overflow in MASI loader (reported by Douglas Carmichael)
+diff -up xmp-3.5.0/src/loaders/masi_load.c.cve-2013-1980 xmp-3.5.0/src/loaders/masi_load.c
+--- xmp-3.5.0/src/loaders/masi_load.c.cve-2013-1980	2012-01-21 13:35:14.000000000 +0100
++++ xmp-3.5.0/src/loaders/masi_load.c	2013-04-28 13:04:15.398503982 +0200
+@@ -144,9 +144,9 @@ static void get_dsmp(struct xmp_context
+ 	i = cur_ins;
+ 	m->xxi[i] = calloc(sizeof(struct xxm_instrument), 1);
+ 
+-	fread(&m->xxih[i].name, 1, 34, f);
++	fread(&m->xxih[i].name, 1, 31, f);
+ 	str_adj((char *)m->xxih[i].name);
+-	fseek(f, 5, SEEK_CUR);
++	fseek(f, 8, SEEK_CUR);
+ 	read8(f);		/* insno */
+ 	read8(f);
+ 	m->xxs[i].len = read32l(f);
diff --git a/xmp.spec b/xmp.spec
index 2c1afeb..ea15a13 100644
--- a/xmp.spec
+++ b/xmp.spec
@@ -8,7 +8,7 @@
 
 Name: xmp
 Version: 3.5.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: A multi-format module player
 Group: Applications/Multimedia
 #Source: http://downloads.sourceforge.net/sourceforge/xmp/xmp-%{version}.tar.gz
@@ -33,6 +33,10 @@ Patch1: xmp-3.4.0-audacious-3.2.patch
 Patch2: xmp-3.4.0-audacious-probe_for_tuple.patch
 #
 Patch3: xmp-3.5.0-audacious-3.3.patch
+# empty cflags don't mean audacious-devel isn't installed
+Patch4: xmp-3.5.0-audacious-3.4.patch
+# backport fix for CVE-2013-1980
+Patch5: xmp-3.5.0-cve-2013-1980.patch
 
 %description
 The Extended Module Player is a modplayer for Unix-like systems that plays
@@ -82,6 +86,8 @@ This package contains the xmp plugin for XMMS.
 %patch1 -p1 -b .aud-api-3.2
 %patch2 -p1 -b .aud-probe_for_tuple
 %patch3 -p1 -b .aud-api-3.3
+%patch4 -p1 -b .aud-3.4
+%patch5 -p1 -b .cve-2013-1980
 pushd docs
 for file in ChangeLog CREDITS ; do
 	iconv -f iso8859-1 -t utf8 -o $file.utf $file && touch -r $file $file.utf && mv $file.utf $file
@@ -118,6 +124,10 @@ rm -rf %{buildroot}
 %{xmms_input_plugin_dir}/*
 
 %changelog
+* Sun Apr 28 2013 Dominik Mierzejewski <rpm at greysector.net> - 3.5.0-3
+- fix build against audacious 3.4 (empty pkg-config --cflags is not an error)
+- backport fix for CVE-2013-1890 (rhbz #954658)
+
 * Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.5.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

More information about the scm-commits mailing list