[xmp/f17] fix CVE-2013-1890
Dominik Mierzejewski
rathann at fedoraproject.org
Sun Apr 28 16:11:21 UTC 2013
commit e6bb0b2641b2bbe12fb2c6dc3909d644571d850d
Author: Dominik Mierzejewski <rpm at greysector.net>
Date: Sun Apr 28 18:10:52 2013 +0200
fix CVE-2013-1890
xmp-3.5.0-cve-2013-1980.patch | 20 ++++++++++++++++++++
xmp.spec | 8 +++++++-
2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/xmp-3.5.0-cve-2013-1980.patch b/xmp-3.5.0-cve-2013-1980.patch
new file mode 100644
index 0000000..3a98c22
--- /dev/null
+++ b/xmp-3.5.0-cve-2013-1980.patch
@@ -0,0 +1,20 @@
+diff -U0 xmp-3.5.0/docs/ChangeLog.cve-2013-1980 xmp-3.5.0/docs/ChangeLog
+--- xmp-3.5.0/docs/ChangeLog.cve-2013-1980 2012-01-27 17:40:58.000000000 +0100
++++ xmp-3.5.0/docs/ChangeLog 2013-04-28 13:05:05.559593911 +0200
+@@ -26,0 +27 @@
++ - fix buffer overflow in MASI loader (reported by Douglas Carmichael)
+diff -up xmp-3.5.0/src/loaders/masi_load.c.cve-2013-1980 xmp-3.5.0/src/loaders/masi_load.c
+--- xmp-3.5.0/src/loaders/masi_load.c.cve-2013-1980 2012-01-21 13:35:14.000000000 +0100
++++ xmp-3.5.0/src/loaders/masi_load.c 2013-04-28 13:04:15.398503982 +0200
+@@ -144,9 +144,9 @@ static void get_dsmp(struct xmp_context
+ i = cur_ins;
+ m->xxi[i] = calloc(sizeof(struct xxm_instrument), 1);
+
+- fread(&m->xxih[i].name, 1, 34, f);
++ fread(&m->xxih[i].name, 1, 31, f);
+ str_adj((char *)m->xxih[i].name);
+- fseek(f, 5, SEEK_CUR);
++ fseek(f, 8, SEEK_CUR);
+ read8(f); /* insno */
+ read8(f);
+ m->xxs[i].len = read32l(f);
diff --git a/xmp.spec b/xmp.spec
index eab0049..3c8535a 100644
--- a/xmp.spec
+++ b/xmp.spec
@@ -8,7 +8,7 @@
Name: xmp
Version: 3.4.0
-Release: 10%{?dist}
+Release: 11%{?dist}
Summary: A multi-format module player
Group: Applications/Multimedia
#Source: http://downloads.sourceforge.net/sourceforge/xmp/xmp-%{version}.tar.gz
@@ -31,6 +31,8 @@ Patch1: xmp-3.4.0-audacious-3.2.patch
# fix untimely g_free calls and make probe_for_tuple thread-safe
# (reported to xmp devel list)
Patch2: xmp-3.4.0-audacious-probe_for_tuple.patch
+# backport fix for CVE-2013-1980
+Patch5: xmp-3.5.0-cve-2013-1980.patch
%description
The Extended Module Player is a modplayer for Unix-like systems that plays
@@ -79,6 +81,7 @@ This package contains the xmp plugin for XMMS.
%patch0 -p1 -b .aud-api-3.1
%patch1 -p1 -b .aud-api-3.2
%patch2 -p1 -b .aud-probe_for_tuple
+%patch5 -p1 -b .cve-2013-1980
pushd docs
for file in ChangeLog CREDITS ; do
iconv -f iso8859-1 -t utf8 -o $file.utf $file && touch -r $file $file.utf && mv $file.utf $file
@@ -115,6 +118,9 @@ rm -rf %{buildroot}
%{xmms_input_plugin_dir}/*
%changelog
+* Sun Apr 28 2013 Dominik Mierzejewski <rpm at greysector.net> - 3.4.0-11
+- backport fix for CVE-2013-1890 (rhbz #954658)
+
* Fri Jun 15 2012 Michael Schwendt <mschwendt at fedoraproject.org> - 3.4.0-10
- Fix untimely g_free(filename) calls in Audacious 3 plugin and
make module probing thread-safe.
More information about the scm-commits
mailing list